summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/aes/aes_cbc.c2
-rw-r--r--src/lib/libcrypto/asn1/asn1.h2
-rw-r--r--src/lib/libcrypto/asn1/asn1_err.c324
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c78
-rw-r--r--src/lib/libcrypto/asn1/tasn_enc.c9
-rw-r--r--src/lib/libcrypto/bf/bf_skey.c1
-rw-r--r--src/lib/libcrypto/bio/b_print.c8
-rw-r--r--src/lib/libcrypto/bio/bio_err.c130
-rw-r--r--src/lib/libcrypto/bio/bss_conn.c2
-rw-r--r--src/lib/libcrypto/bn/asm/sparcv8plus.S16
-rw-r--r--src/lib/libcrypto/bn/bn.h34
-rw-r--r--src/lib/libcrypto/bn/bn_asm.c2
-rw-r--r--src/lib/libcrypto/bn/bn_err.c92
-rw-r--r--src/lib/libcrypto/bn/bn_exp.c244
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h39
-rw-r--r--src/lib/libcrypto/bn/bn_mont.c20
-rw-r--r--src/lib/libcrypto/bn/bntest.c56
-rw-r--r--src/lib/libcrypto/bn/expspeed.c2
-rw-r--r--src/lib/libcrypto/bn/exptest.c18
-rw-r--r--src/lib/libcrypto/buffer/buf_err.c16
-rw-r--r--src/lib/libcrypto/cast/c_skey.c1
-rw-r--r--src/lib/libcrypto/cast/cast_lcl.h21
-rw-r--r--src/lib/libcrypto/comp/c_zlib.c88
-rw-r--r--src/lib/libcrypto/conf/conf_def.c13
-rw-r--r--src/lib/libcrypto/conf/conf_err.c78
-rw-r--r--src/lib/libcrypto/cpt_err.c30
-rw-r--r--src/lib/libcrypto/cryptlib.c218
-rw-r--r--src/lib/libcrypto/cryptlib.h4
-rw-r--r--src/lib/libcrypto/crypto-lib.com23
-rw-r--r--src/lib/libcrypto/crypto.h5
-rw-r--r--src/lib/libcrypto/des/des_locl.h2
-rw-r--r--src/lib/libcrypto/dh/dh.h9
-rw-r--r--src/lib/libcrypto/dh/dh_err.c28
-rw-r--r--src/lib/libcrypto/dh/dh_key.c65
-rw-r--r--src/lib/libcrypto/dh/dhtest.c4
-rw-r--r--src/lib/libcrypto/doc/EVP_EncryptInit.pod6
-rw-r--r--src/lib/libcrypto/dsa/dsa.h14
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c42
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c16
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c55
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c6
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c3
-rw-r--r--src/lib/libcrypto/dsa/dsatest.c9
-rw-r--r--src/lib/libcrypto/dso/dso_dl.c35
-rw-r--r--src/lib/libcrypto/dso/dso_dlfcn.c36
-rw-r--r--src/lib/libcrypto/dso/dso_err.c96
-rw-r--r--src/lib/libcrypto/dso/dso_win32.c21
-rw-r--r--src/lib/libcrypto/ec/ec_err.c124
-rw-r--r--src/lib/libcrypto/engine/eng_cnf.c2
-rw-r--r--src/lib/libcrypto/engine/eng_err.c158
-rw-r--r--src/lib/libcrypto/engine/hw_aep.c1
-rw-r--r--src/lib/libcrypto/engine/hw_atalla.c1
-rw-r--r--src/lib/libcrypto/engine/hw_cswift.c204
-rw-r--r--src/lib/libcrypto/engine/hw_ubsec.c1
-rw-r--r--src/lib/libcrypto/engine/tb_dsa.c2
-rw-r--r--src/lib/libcrypto/err/err.c6
-rw-r--r--src/lib/libcrypto/err/openssl.ec2
-rw-r--r--src/lib/libcrypto/evp/bio_enc.c2
-rw-r--r--src/lib/libcrypto/evp/c_alld.c10
-rw-r--r--src/lib/libcrypto/evp/e_aes.c6
-rw-r--r--src/lib/libcrypto/evp/encode.c2
-rw-r--r--src/lib/libcrypto/evp/evp.h12
-rw-r--r--src/lib/libcrypto/evp/evp_err.c158
-rw-r--r--src/lib/libcrypto/evp/evp_key.c3
-rw-r--r--src/lib/libcrypto/evp/m_dss1.c9
-rw-r--r--src/lib/libcrypto/evp/m_sha.c3
-rw-r--r--src/lib/libcrypto/evp/m_sha1.c119
-rw-r--r--src/lib/libcrypto/evp/p5_crpt2.c11
-rw-r--r--src/lib/libcrypto/hmac/hmac.c12
-rw-r--r--src/lib/libcrypto/hmac/hmac.h4
-rw-r--r--src/lib/libcrypto/md2/md2_one.c3
-rw-r--r--src/lib/libcrypto/md4/md4_one.c3
-rw-r--r--src/lib/libcrypto/md5/md5_one.c3
-rw-r--r--src/lib/libcrypto/mdc2/Makefile2
-rw-r--r--src/lib/libcrypto/objects/obj_err.c28
-rw-r--r--src/lib/libcrypto/objects/obj_mac.num16
-rw-r--r--src/lib/libcrypto/objects/objects.txt20
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_err.c104
-rw-r--r--src/lib/libcrypto/opensslv.h6
-rw-r--r--src/lib/libcrypto/pem/pem_err.c88
-rw-r--r--src/lib/libcrypto/perlasm/x86asm.pl2
-rw-r--r--src/lib/libcrypto/perlasm/x86nasm.pl10
-rw-r--r--src/lib/libcrypto/pkcs12/p12_add.c11
-rw-r--r--src/lib/libcrypto/pkcs12/p12_crt.c10
-rw-r--r--src/lib/libcrypto/pkcs12/p12_mutl.c6
-rw-r--r--src/lib/libcrypto/pkcs12/pk12err.c107
-rw-r--r--src/lib/libcrypto/pkcs12/pkcs12.h3
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c24
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c6
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7err.c146
-rw-r--r--src/lib/libcrypto/rand/rand_err.c28
-rw-r--r--src/lib/libcrypto/rand/rand_lib.c26
-rw-r--r--src/lib/libcrypto/rand/randfile.c2
-rw-r--r--src/lib/libcrypto/rc2/rc2_skey.c1
-rw-r--r--src/lib/libcrypto/rc2/rc2speed.c6
-rw-r--r--src/lib/libcrypto/rc4/rc4.h4
-rw-r--r--src/lib/libcrypto/rc4/rc4_enc.c4
-rw-r--r--src/lib/libcrypto/rc4/rc4_skey.c5
-rw-r--r--src/lib/libcrypto/ripemd/rmd_one.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa.h67
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c247
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c135
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c32
-rw-r--r--src/lib/libcrypto/rsa/rsa_test.c5
-rw-r--r--src/lib/libcrypto/sha/sha1_one.c5
-rw-r--r--src/lib/libcrypto/sha/sha_one.c3
-rw-r--r--src/lib/libcrypto/stack/safestack.h53
-rw-r--r--src/lib/libcrypto/ui/ui_err.c48
-rw-r--r--src/lib/libcrypto/util/libeay.num42
-rw-r--r--src/lib/libcrypto/util/mk1mf.pl337
-rw-r--r--src/lib/libcrypto/util/mkdef.pl11
-rw-r--r--src/lib/libcrypto/util/mkerr.pl37
-rw-r--r--src/lib/libcrypto/util/mkfiles.pl17
-rw-r--r--src/lib/libcrypto/util/mklink.pl7
-rw-r--r--src/lib/libcrypto/util/pl/BC-32.pl14
-rw-r--r--src/lib/libcrypto/util/pl/OS2-EMX.pl1
-rw-r--r--src/lib/libcrypto/util/pl/VC-32.pl99
-rw-r--r--src/lib/libcrypto/util/pod2man.pl1
-rw-r--r--src/lib/libcrypto/util/selftest.pl26
-rw-r--r--src/lib/libcrypto/x509/by_dir.c15
-rw-r--r--src/lib/libcrypto/x509/x509_err.c138
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_cpols.c9
-rw-r--r--src/lib/libcrypto/x509v3/v3err.c210
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/s23_clnt.c225
-rw-r--r--src/lib/libssl/s23_srvr.c5
-rw-r--r--src/lib/libssl/s3_clnt.c6
-rw-r--r--src/lib/libssl/s3_lib.c12
-rw-r--r--src/lib/libssl/s3_srvr.c4
-rw-r--r--src/lib/libssl/src/CHANGES114
-rw-r--r--src/lib/libssl/src/Configure147
-rw-r--r--src/lib/libssl/src/FAQ6
-rw-r--r--src/lib/libssl/src/LICENSE2
-rw-r--r--src/lib/libssl/src/Makefile.org144
-rw-r--r--src/lib/libssl/src/NEWS14
-rw-r--r--src/lib/libssl/src/README27
-rw-r--r--src/lib/libssl/src/apps/CA.pl.in15
-rw-r--r--src/lib/libssl/src/apps/CA.sh8
-rw-r--r--src/lib/libssl/src/apps/apps.c24
-rw-r--r--src/lib/libssl/src/apps/asn1pars.c2
-rw-r--r--src/lib/libssl/src/apps/ca.c1
-rw-r--r--src/lib/libssl/src/apps/engine.c4
-rw-r--r--src/lib/libssl/src/apps/genrsa.c27
-rw-r--r--src/lib/libssl/src/apps/makeapps.com2
-rw-r--r--src/lib/libssl/src/apps/openssl.c11
-rw-r--r--src/lib/libssl/src/apps/rsautl.c3
-rw-r--r--src/lib/libssl/src/apps/speed.c4
-rw-r--r--src/lib/libssl/src/config22
-rw-r--r--src/lib/libssl/src/crypto/aes/aes_cbc.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1.h2
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn1_err.c324
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c78
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_enc.c9
-rw-r--r--src/lib/libssl/src/crypto/bf/bf_skey.c1
-rw-r--r--src/lib/libssl/src/crypto/bio/b_print.c8
-rw-r--r--src/lib/libssl/src/crypto/bio/bio_err.c130
-rw-r--r--src/lib/libssl/src/crypto/bio/bss_conn.c2
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S16
-rw-r--r--src/lib/libssl/src/crypto/bn/bn.h34
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_asm.c2
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_err.c92
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_exp.c244
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_lcl.h39
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_mont.c20
-rw-r--r--src/lib/libssl/src/crypto/bn/bntest.c56
-rw-r--r--src/lib/libssl/src/crypto/bn/expspeed.c2
-rw-r--r--src/lib/libssl/src/crypto/bn/exptest.c18
-rw-r--r--src/lib/libssl/src/crypto/buffer/buf_err.c16
-rw-r--r--src/lib/libssl/src/crypto/cast/c_skey.c1
-rw-r--r--src/lib/libssl/src/crypto/cast/cast_lcl.h21
-rw-r--r--src/lib/libssl/src/crypto/comp/c_zlib.c88
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_def.c13
-rw-r--r--src/lib/libssl/src/crypto/conf/conf_err.c78
-rw-r--r--src/lib/libssl/src/crypto/cpt_err.c30
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.c218
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.h4
-rw-r--r--src/lib/libssl/src/crypto/crypto-lib.com23
-rw-r--r--src/lib/libssl/src/crypto/crypto.h5
-rw-r--r--src/lib/libssl/src/crypto/des/des_locl.h2
-rw-r--r--src/lib/libssl/src/crypto/dh/dh.h9
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_err.c28
-rw-r--r--src/lib/libssl/src/crypto/dh/dh_key.c65
-rw-r--r--src/lib/libssl/src/crypto/dh/dhtest.c4
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa.h14
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_err.c42
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_key.c16
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_ossl.c55
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_sign.c6
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_vrf.c3
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsatest.c9
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_dl.c35
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_dlfcn.c36
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_err.c96
-rw-r--r--src/lib/libssl/src/crypto/dso/dso_win32.c21
-rw-r--r--src/lib/libssl/src/crypto/ec/ec_err.c124
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_cnf.c2
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_err.c158
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_aep.c1
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_atalla.c1
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_cswift.c204
-rw-r--r--src/lib/libssl/src/crypto/engine/hw_ubsec.c1
-rw-r--r--src/lib/libssl/src/crypto/engine/tb_dsa.c2
-rw-r--r--src/lib/libssl/src/crypto/err/err.c6
-rw-r--r--src/lib/libssl/src/crypto/err/openssl.ec2
-rw-r--r--src/lib/libssl/src/crypto/evp/bio_enc.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/c_alld.c10
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes.c6
-rw-r--r--src/lib/libssl/src/crypto/evp/encode.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/evp.h12
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_err.c158
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_key.c3
-rw-r--r--src/lib/libssl/src/crypto/evp/m_dss1.c9
-rw-r--r--src/lib/libssl/src/crypto/evp/m_sha.c3
-rw-r--r--src/lib/libssl/src/crypto/evp/m_sha1.c119
-rw-r--r--src/lib/libssl/src/crypto/evp/p5_crpt2.c11
-rw-r--r--src/lib/libssl/src/crypto/hmac/hmac.c12
-rw-r--r--src/lib/libssl/src/crypto/hmac/hmac.h4
-rw-r--r--src/lib/libssl/src/crypto/md2/md2_one.c3
-rw-r--r--src/lib/libssl/src/crypto/md4/md4_one.c3
-rw-r--r--src/lib/libssl/src/crypto/md5/md5_one.c3
-rw-r--r--src/lib/libssl/src/crypto/mdc2/Makefile2
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_err.c28
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_mac.num16
-rw-r--r--src/lib/libssl/src/crypto/objects/objects.txt20
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_err.c104
-rw-r--r--src/lib/libssl/src/crypto/opensslv.h6
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_err.c88
-rw-r--r--src/lib/libssl/src/crypto/perlasm/x86asm.pl2
-rw-r--r--src/lib/libssl/src/crypto/perlasm/x86nasm.pl10
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_add.c11
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_crt.c10
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_mutl.c6
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/pk12err.c107
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/pkcs12.h3
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_mime.c24
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_smime.c6
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pkcs7err.c146
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_err.c28
-rw-r--r--src/lib/libssl/src/crypto/rand/rand_lib.c26
-rw-r--r--src/lib/libssl/src/crypto/rand/randfile.c2
-rw-r--r--src/lib/libssl/src/crypto/rc2/rc2_skey.c1
-rw-r--r--src/lib/libssl/src/crypto/rc2/rc2speed.c6
-rw-r--r--src/lib/libssl/src/crypto/rc4/rc4.h4
-rw-r--r--src/lib/libssl/src/crypto/rc4/rc4_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/rc4/rc4_skey.c5
-rw-r--r--src/lib/libssl/src/crypto/ripemd/rmd_one.c3
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa.h67
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_eay.c247
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_err.c135
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_gen.c3
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_oaep.c32
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_test.c5
-rw-r--r--src/lib/libssl/src/crypto/sha/sha1_one.c5
-rw-r--r--src/lib/libssl/src/crypto/sha/sha_one.c3
-rw-r--r--src/lib/libssl/src/crypto/stack/safestack.h53
-rw-r--r--src/lib/libssl/src/crypto/ui/ui_err.c48
-rw-r--r--src/lib/libssl/src/crypto/x509/by_dir.c15
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_err.c138
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.c2
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_cpols.c9
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3err.c210
-rw-r--r--src/lib/libssl/src/doc/apps/CA.pl.pod2
-rw-r--r--src/lib/libssl/src/doc/apps/ca.pod6
-rw-r--r--src/lib/libssl/src/doc/apps/enc.pod16
-rw-r--r--src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod6
-rw-r--r--src/lib/libssl/src/doc/crypto/hmac.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/threads.pod25
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod2
-rw-r--r--src/lib/libssl/src/e_os.h2
-rw-r--r--src/lib/libssl/src/e_os2.h4
-rw-r--r--src/lib/libssl/src/makevms.com16
-rw-r--r--src/lib/libssl/src/ms/do_masm.bat3
-rw-r--r--src/lib/libssl/src/ms/do_ms.bat2
-rw-r--r--src/lib/libssl/src/openssl.spec7
-rw-r--r--src/lib/libssl/src/ssl/kssl.c6
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c225
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c5
-rw-r--r--src/lib/libssl/src/ssl/s2_clnt.c4
-rw-r--r--src/lib/libssl/src/ssl/s2_srvr.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c6
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c12
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c4
-rw-r--r--src/lib/libssl/src/ssl/ssl-lib.com2
-rw-r--r--src/lib/libssl/src/ssl/ssl.h57
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c2
-rw-r--r--src/lib/libssl/src/ssl/ssl_cert.c16
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c64
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c745
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c38
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c4
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c19
-rw-r--r--src/lib/libssl/src/test/maketests.com2
-rw-r--r--src/lib/libssl/src/test/tverify.com14
-rw-r--r--src/lib/libssl/src/util/libeay.num42
-rw-r--r--src/lib/libssl/src/util/mk1mf.pl337
-rw-r--r--src/lib/libssl/src/util/mkdef.pl11
-rw-r--r--src/lib/libssl/src/util/mkerr.pl37
-rw-r--r--src/lib/libssl/src/util/mkfiles.pl17
-rw-r--r--src/lib/libssl/src/util/mklink.pl7
-rw-r--r--src/lib/libssl/src/util/pl/BC-32.pl14
-rw-r--r--src/lib/libssl/src/util/pl/OS2-EMX.pl1
-rw-r--r--src/lib/libssl/src/util/pl/VC-32.pl99
-rw-r--r--src/lib/libssl/src/util/pod2man.pl1
-rw-r--r--src/lib/libssl/src/util/selftest.pl26
-rw-r--r--src/lib/libssl/ssl.h57
-rw-r--r--src/lib/libssl/ssl_asn1.c2
-rw-r--r--src/lib/libssl/ssl_cert.c16
-rw-r--r--src/lib/libssl/ssl_ciph.c64
-rw-r--r--src/lib/libssl/ssl_err.c745
-rw-r--r--src/lib/libssl/ssl_lib.c38
-rw-r--r--src/lib/libssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/ssl_sess.c4
-rw-r--r--src/lib/libssl/test/maketests.com2
-rw-r--r--src/lib/libssl/test/tverify.com14
317 files changed, 8553 insertions, 4778 deletions
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb4..373864cd4b 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
59#include <openssl/aes.h> 59#include <openssl/aes.h>
60#include "aes_locl.h" 60#include "aes_locl.h"
61 61
62#if !defined(OPENSSL_FIPS_AES_ASM)
62void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, 63void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
63 const unsigned long length, const AES_KEY *key, 64 const unsigned long length, const AES_KEY *key,
64 unsigned char *ivec, const int enc) { 65 unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
129 } 130 }
130 } 131 }
131} 132}
133#endif
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index ceaeb4cbe3..0184b475a7 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
962#define ASN1_F_ASN1_DUP 111 962#define ASN1_F_ASN1_DUP 111
963#define ASN1_F_ASN1_ENUMERATED_SET 112 963#define ASN1_F_ASN1_ENUMERATED_SET 112
964#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 964#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
965#define ASN1_F_ASN1_FIND_END 182
965#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178 966#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
966#define ASN1_F_ASN1_GET_OBJECT 114 967#define ASN1_F_ASN1_GET_OBJECT 114
967#define ASN1_F_ASN1_HEADER_NEW 115 968#define ASN1_F_ASN1_HEADER_NEW 115
@@ -1075,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
1075#define ASN1_R_MISSING_SECOND_NUMBER 138 1076#define ASN1_R_MISSING_SECOND_NUMBER 138
1076#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 1077#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
1077#define ASN1_R_MSTRING_WRONG_TAG 140 1078#define ASN1_R_MSTRING_WRONG_TAG 140
1079#define ASN1_R_NESTED_ASN1_STRING 174
1078#define ASN1_R_NON_HEX_CHARACTERS 141 1080#define ASN1_R_NON_HEX_CHARACTERS 141
1079#define ASN1_R_NOT_ENOUGH_DATA 142 1081#define ASN1_R_NOT_ENOUGH_DATA 142
1080#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 1082#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 3b57c8fbae..315d0a0807 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
1/* crypto/asn1/asn1_err.c */ 1/* crypto/asn1/asn1_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,169 +64,175 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
70
67static ERR_STRING_DATA ASN1_str_functs[]= 71static ERR_STRING_DATA ASN1_str_functs[]=
68 { 72 {
69{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, 73{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
70{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, 74{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
71{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, 75{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
72{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, 76{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
73{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"}, 77{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
74{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, 78{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
75{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, 79{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
76{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, 80{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
77{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, 81{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
78{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, 82{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
79{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, 83{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
80{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"}, 84{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
81{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, 85{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
82{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, 86{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
83{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, 87{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
84{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, 88{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
85{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"}, 89{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
86{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, 90{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
87{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, 91{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
88{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, 92{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
89{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, 93{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
90{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, 94{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
91{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, 95{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
92{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"}, 96{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
93{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"}, 97{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
94{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"}, 98{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW), "ASN1_item_new"},
95{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, 99{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY), "ASN1_mbstring_copy"},
96{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, 100{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
97{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, 101{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
98{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, 102{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
99{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, 103{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
100{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, 104{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
101{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"}, 105{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
102{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, 106{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
103{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, 107{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
104{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, 108{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
105{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, 109{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I), "ASN1_TEMPLATE_D2I"},
106{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, 110{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
107{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, 111{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
108{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, 112{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
109{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, 113{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
110{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, 114{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
111{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"}, 115{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
112{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, 116{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
113{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, 117{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
114{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, 118{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
115{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, 119{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
116{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, 120{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
117{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, 121{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
118{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, 122{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
119{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, 123{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
120{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, 124{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
121{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, 125{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
122{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, 126{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
123{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, 127{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
124{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, 128{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
125{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, 129{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
126{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, 130{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
127{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, 131{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
128{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, 132{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
129{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, 133{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
130{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, 134{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
131{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, 135{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
132{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, 136{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
133{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, 137{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
134{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, 138{ERR_FUNC(ASN1_F_D2I_X509_NAME), "D2I_X509_NAME"},
135{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"}, 139{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
136{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, 140{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
137{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, 141{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
138{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, 142{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
139{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, 143{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA), "i2d_Netscape_RSA"},
140{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, 144{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
141{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, 145{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
142{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, 146{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
143{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, 147{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
144{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, 148{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
145{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, 149{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
146{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, 150{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
147{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, 151{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
148{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, 152{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
149{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, 153{ERR_FUNC(ASN1_F_X509_NAME_NEW), "X509_NAME_NEW"},
150{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, 154{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
155{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
151{0,NULL} 156{0,NULL}
152 }; 157 };
153 158
154static ERR_STRING_DATA ASN1_str_reasons[]= 159static ERR_STRING_DATA ASN1_str_reasons[]=
155 { 160 {
156{ASN1_R_ADDING_OBJECT ,"adding object"}, 161{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
157{ASN1_R_AUX_ERROR ,"aux error"}, 162{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
158{ASN1_R_BAD_CLASS ,"bad class"}, 163{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
159{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, 164{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
160{ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, 165{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
161{ASN1_R_BAD_TAG ,"bad tag"}, 166{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
162{ASN1_R_BN_LIB ,"bn lib"}, 167{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
163{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, 168{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
164{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, 169{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
165{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, 170{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
166{ASN1_R_DATA_IS_WRONG ,"data is wrong"}, 171{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
167{ASN1_R_DECODE_ERROR ,"decode error"}, 172{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
168{ASN1_R_DECODING_ERROR ,"decoding error"}, 173{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
169{ASN1_R_ENCODE_ERROR ,"encode error"}, 174{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
170{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, 175{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
171{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, 176{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
172{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, 177{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
173{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, 178{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
174{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, 179{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
175{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, 180{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
176{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, 181{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
177{ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, 182{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
178{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, 183{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
179{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, 184{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
180{ASN1_R_FIELD_MISSING ,"field missing"}, 185{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
181{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, 186{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
182{ASN1_R_HEADER_TOO_LONG ,"header too long"}, 187{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
183{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"}, 188{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
184{ASN1_R_ILLEGAL_NULL ,"illegal null"}, 189{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
185{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"}, 190{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
186{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"}, 191{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
187{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"}, 192{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
188{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"}, 193{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
189{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"}, 194{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
190{ASN1_R_INVALID_DIGIT ,"invalid digit"}, 195{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
191{ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, 196{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
192{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, 197{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
193{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"}, 198{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
194{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"}, 199{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
195{ASN1_R_IV_TOO_LARGE ,"iv too large"}, 200{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
196{ASN1_R_LENGTH_ERROR ,"length error"}, 201{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
197{ASN1_R_MISSING_EOC ,"missing eoc"}, 202{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
198{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, 203{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
199{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"}, 204{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
200{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"}, 205{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
201{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, 206{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
202{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, 207{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
203{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"}, 208{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
204{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"}, 209{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
205{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, 210{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
206{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, 211{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
207{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, 212{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
208{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"}, 213{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
209{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"}, 214{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
210{ASN1_R_SHORT_LINE ,"short line"}, 215{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
211{ASN1_R_STRING_TOO_LONG ,"string too long"}, 216{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
212{ASN1_R_STRING_TOO_SHORT ,"string too short"}, 217{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
213{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, 218{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
214{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 219{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
215{ASN1_R_TOO_LONG ,"too long"}, 220{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
216{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"}, 221{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
217{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, 222{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
218{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, 223{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
219{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, 224{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
220{ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, 225{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
221{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, 226{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
222{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, 227{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
223{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, 228{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
224{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"}, 229{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
225{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 230{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
226{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, 231{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
227{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, 232{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
228{ASN1_R_WRONG_TAG ,"wrong tag"}, 233{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
229{ASN1_R_WRONG_TYPE ,"wrong type"}, 234{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
235{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
230{0,NULL} 236{0,NULL}
231 }; 237 };
232 238
@@ -240,8 +246,8 @@ void ERR_load_ASN1_strings(void)
240 { 246 {
241 init=0; 247 init=0;
242#ifndef OPENSSL_NO_ERR 248#ifndef OPENSSL_NO_ERR
243 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); 249 ERR_load_strings(0,ASN1_str_functs);
244 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); 250 ERR_load_strings(0,ASN1_str_reasons);
245#endif 251#endif
246 252
247 } 253 }
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 2426cb6253..c22501fc63 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -66,6 +66,7 @@
66#include <openssl/err.h> 66#include <openssl/err.h>
67 67
68static int asn1_check_eoc(unsigned char **in, long len); 68static int asn1_check_eoc(unsigned char **in, long len);
69static int asn1_find_end(unsigned char **in, long len, char inf);
69static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass); 70static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
70static int collect_data(BUF_MEM *buf, unsigned char **p, long plen); 71static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
71static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, 72static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
@@ -644,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
644 cont = *in; 645 cont = *in;
645 /* If indefinite length constructed find the real end */ 646 /* If indefinite length constructed find the real end */
646 if(inf) { 647 if(inf) {
647 if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err; 648 if(!asn1_find_end(&p, plen, inf)) goto err;
648 len = p - cont; 649 len = p - cont;
649 } else { 650 } else {
650 len = p - cont + plen; 651 len = p - cont + plen;
@@ -807,12 +808,66 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
807 return ret; 808 return ret;
808} 809}
809 810
811/* This function finds the end of an ASN1 structure when passed its maximum
812 * length, whether it is indefinite length and a pointer to the content.
813 * This is more efficient than calling asn1_collect because it does not
814 * recurse on each indefinite length header.
815 */
816
817static int asn1_find_end(unsigned char **in, long len, char inf)
818 {
819 int expected_eoc;
820 long plen;
821 unsigned char *p = *in, *q;
822 /* If not indefinite length constructed just add length */
823 if (inf == 0)
824 {
825 *in += len;
826 return 1;
827 }
828 expected_eoc = 1;
829 /* Indefinite length constructed form. Find the end when enough EOCs
830 * are found. If more indefinite length constructed headers
831 * are encountered increment the expected eoc count otherwise justi
832 * skip to the end of the data.
833 */
834 while (len > 0)
835 {
836 if(asn1_check_eoc(&p, len))
837 {
838 expected_eoc--;
839 if (expected_eoc == 0)
840 break;
841 len -= 2;
842 continue;
843 }
844 q = p;
845 /* Just read in a header: only care about the length */
846 if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
847 -1, 0, 0, NULL))
848 {
849 ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
850 return 0;
851 }
852 if (inf)
853 expected_eoc++;
854 else
855 p += plen;
856 len -= p - q;
857 }
858 if (expected_eoc)
859 {
860 ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
861 return 0;
862 }
863 *in = p;
864 return 1;
865 }
866
810/* This function collects the asn1 data from a constructred string 867/* This function collects the asn1 data from a constructred string
811 * type into a buffer. The values of 'in' and 'len' should refer 868 * type into a buffer. The values of 'in' and 'len' should refer
812 * to the contents of the constructed type and 'inf' should be set 869 * to the contents of the constructed type and 'inf' should be set
813 * if it is indefinite length. If 'buf' is NULL then we just want 870 * if it is indefinite length.
814 * to find the end of the current structure: useful for indefinite
815 * length constructed stuff.
816 */ 871 */
817 872
818static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass) 873static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
@@ -822,11 +877,6 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
822 char cst, ininf; 877 char cst, ininf;
823 p = *in; 878 p = *in;
824 inf &= 1; 879 inf &= 1;
825 /* If no buffer and not indefinite length constructed just pass over the encoded data */
826 if(!buf && !inf) {
827 *in += len;
828 return 1;
829 }
830 while(len > 0) { 880 while(len > 0) {
831 q = p; 881 q = p;
832 /* Check for EOC */ 882 /* Check for EOC */
@@ -845,9 +895,15 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
845 } 895 }
846 /* If indefinite length constructed update max length */ 896 /* If indefinite length constructed update max length */
847 if(cst) { 897 if(cst) {
848 if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0; 898#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
899 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
900 return 0;
901#else
902 ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
903 return 0;
904#endif
849 } else { 905 } else {
850 if(!collect_data(buf, &p, plen)) return 0; 906 if(plen && !collect_data(buf, &p, plen)) return 0;
851 } 907 }
852 len -= p - q; 908 len -= p - q;
853 } 909 }
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index f6c8ddef0a..c675c3c832 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
445 case V_ASN1_BOOLEAN: 445 case V_ASN1_BOOLEAN:
446 tbool = (ASN1_BOOLEAN *)pval; 446 tbool = (ASN1_BOOLEAN *)pval;
447 if(*tbool == -1) return -1; 447 if(*tbool == -1) return -1;
448 /* Default handling if value == size field then omit */ 448 if (it->utype != V_ASN1_ANY)
449 if(*tbool && (it->size > 0)) return -1; 449 {
450 if(!*tbool && !it->size) return -1; 450 /* Default handling if value == size field then omit */
451 if(*tbool && (it->size > 0)) return -1;
452 if(!*tbool && !it->size) return -1;
453 }
451 c = (unsigned char)*tbool; 454 c = (unsigned char)*tbool;
452 cont = &c; 455 cont = &c;
453 len = 1; 456 len = 1;
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
index fc5bebefce..1931aba83f 100644
--- a/src/lib/libcrypto/bf/bf_skey.c
+++ b/src/lib/libcrypto/bf/bf_skey.c
@@ -60,6 +60,7 @@
60#include <string.h> 60#include <string.h>
61#include <openssl/crypto.h> 61#include <openssl/crypto.h>
62#include <openssl/blowfish.h> 62#include <openssl/blowfish.h>
63#include <openssl/fips.h>
63#include "bf_locl.h" 64#include "bf_locl.h"
64#include "bf_pi.h" 65#include "bf_pi.h"
65 66
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 8b753e7ca0..f2bd91d5a0 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -576,7 +576,7 @@ abs_val(LDOUBLE value)
576} 576}
577 577
578static LDOUBLE 578static LDOUBLE
579pow10(int in_exp) 579pow_10(int in_exp)
580{ 580{
581 LDOUBLE result = 1; 581 LDOUBLE result = 1;
582 while (in_exp) { 582 while (in_exp) {
@@ -639,11 +639,11 @@ fmtfp(
639 639
640 /* we "cheat" by converting the fractional part to integer by 640 /* we "cheat" by converting the fractional part to integer by
641 multiplying by a factor of 10 */ 641 multiplying by a factor of 10 */
642 fracpart = roundv((pow10(max)) * (ufvalue - intpart)); 642 fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
643 643
644 if (fracpart >= (long)pow10(max)) { 644 if (fracpart >= (long)pow_10(max)) {
645 intpart++; 645 intpart++;
646 fracpart -= (long)pow10(max); 646 fracpart -= (long)pow_10(max);
647 } 647 }
648 648
649 /* convert integer part */ 649 /* convert integer part */
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
index 68a119d895..8859a58ae4 100644
--- a/src/lib/libcrypto/bio/bio_err.c
+++ b/src/lib/libcrypto/bio/bio_err.c
@@ -1,6 +1,6 @@
1/* crypto/bio/bio_err.c */ 1/* crypto/bio/bio_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,73 +64,77 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
70
67static ERR_STRING_DATA BIO_str_functs[]= 71static ERR_STRING_DATA BIO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, 73{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
70{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, 74{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
71{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"}, 75{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
72{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, 76{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
73{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"}, 77{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
74{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, 78{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
75{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, 79{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
76{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, 80{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
77{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, 81{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
78{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"}, 82{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
79{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, 83{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
80{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, 84{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
81{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"}, 85{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
82{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"}, 86{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
83{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"}, 87{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
84{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"}, 88{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
85{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"}, 89{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
86{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, 90{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
87{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, 91{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
88{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, 92{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
89{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, 93{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
90{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, 94{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
91{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, 95{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
92{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, 96{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
93{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, 97{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
94{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"}, 98{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
95{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, 99{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
96{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, 100{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
97{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, 101{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
98{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, 102{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
99{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, 103{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
100{0,NULL} 104{0,NULL}
101 }; 105 };
102 106
103static ERR_STRING_DATA BIO_str_reasons[]= 107static ERR_STRING_DATA BIO_str_reasons[]=
104 { 108 {
105{BIO_R_ACCEPT_ERROR ,"accept error"}, 109{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
106{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, 110{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
107{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, 111{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
108{BIO_R_BROKEN_PIPE ,"broken pipe"}, 112{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
109{BIO_R_CONNECT_ERROR ,"connect error"}, 113{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
110{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"}, 114{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
111{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, 115{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
112{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, 116{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
113{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, 117{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
114{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, 118{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
115{BIO_R_INVALID_ARGUMENT ,"invalid argument"}, 119{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
116{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, 120{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
117{BIO_R_IN_USE ,"in use"}, 121{ERR_REASON(BIO_R_IN_USE) ,"in use"},
118{BIO_R_KEEPALIVE ,"keepalive"}, 122{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
119{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, 123{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
120{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, 124{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
121{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"}, 125{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
122{BIO_R_NO_PORT_DEFINED ,"no port defined"}, 126{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
123{BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, 127{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
124{BIO_R_NO_SUCH_FILE ,"no such file"}, 128{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
125{BIO_R_NULL_PARAMETER ,"null parameter"}, 129{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
126{BIO_R_TAG_MISMATCH ,"tag mismatch"}, 130{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
127{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, 131{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
128{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, 132{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
129{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, 133{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
130{BIO_R_UNINITIALIZED ,"uninitialized"}, 134{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
131{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, 135{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
132{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"}, 136{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
133{BIO_R_WSASTARTUP ,"WSAStartup"}, 137{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
134{0,NULL} 138{0,NULL}
135 }; 139 };
136 140
@@ -144,8 +148,8 @@ void ERR_load_BIO_strings(void)
144 { 148 {
145 init=0; 149 init=0;
146#ifndef OPENSSL_NO_ERR 150#ifndef OPENSSL_NO_ERR
147 ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); 151 ERR_load_strings(0,BIO_str_functs);
148 ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); 152 ERR_load_strings(0,BIO_str_reasons);
149#endif 153#endif
150 154
151 } 155 }
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index f5d0e759e2..216780ed5e 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
469 break; 469 break;
470 case BIO_C_DO_STATE_MACHINE: 470 case BIO_C_DO_STATE_MACHINE:
471 /* use this one to start the connection */ 471 /* use this one to start the connection */
472 if (!data->state != BIO_CONN_S_OK) 472 if (data->state != BIO_CONN_S_OK)
473 ret=(long)conn_state(b,data); 473 ret=(long)conn_state(b,data);
474 else 474 else
475 ret=1; 475 ret=1;
diff --git a/src/lib/libcrypto/bn/asm/sparcv8plus.S b/src/lib/libcrypto/bn/asm/sparcv8plus.S
index 0074dfdb75..8c56e2e7e7 100644
--- a/src/lib/libcrypto/bn/asm/sparcv8plus.S
+++ b/src/lib/libcrypto/bn/asm/sparcv8plus.S
@@ -162,10 +162,14 @@
162 * BN_ULONG w; 162 * BN_ULONG w;
163 */ 163 */
164bn_mul_add_words: 164bn_mul_add_words:
165 sra %o2,%g0,%o2 ! signx %o2
165 brgz,a %o2,.L_bn_mul_add_words_proceed 166 brgz,a %o2,.L_bn_mul_add_words_proceed
166 lduw [%o1],%g2 167 lduw [%o1],%g2
167 retl 168 retl
168 clr %o0 169 clr %o0
170 nop
171 nop
172 nop
169 173
170.L_bn_mul_add_words_proceed: 174.L_bn_mul_add_words_proceed:
171 srl %o3,%g0,%o3 ! clruw %o3 175 srl %o3,%g0,%o3 ! clruw %o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
260 * BN_ULONG w; 264 * BN_ULONG w;
261 */ 265 */
262bn_mul_words: 266bn_mul_words:
267 sra %o2,%g0,%o2 ! signx %o2
263 brgz,a %o2,.L_bn_mul_words_proceeed 268 brgz,a %o2,.L_bn_mul_words_proceeed
264 lduw [%o1],%g2 269 lduw [%o1],%g2
265 retl 270 retl
266 clr %o0 271 clr %o0
272 nop
273 nop
274 nop
267 275
268.L_bn_mul_words_proceeed: 276.L_bn_mul_words_proceeed:
269 srl %o3,%g0,%o3 ! clruw %o3 277 srl %o3,%g0,%o3 ! clruw %o3
@@ -344,10 +352,14 @@ bn_mul_words:
344 * int n; 352 * int n;
345 */ 353 */
346bn_sqr_words: 354bn_sqr_words:
355 sra %o2,%g0,%o2 ! signx %o2
347 brgz,a %o2,.L_bn_sqr_words_proceeed 356 brgz,a %o2,.L_bn_sqr_words_proceeed
348 lduw [%o1],%g2 357 lduw [%o1],%g2
349 retl 358 retl
350 clr %o0 359 clr %o0
360 nop
361 nop
362 nop
351 363
352.L_bn_sqr_words_proceeed: 364.L_bn_sqr_words_proceeed:
353 andcc %o2,-4,%g0 365 andcc %o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
445 * int n; 457 * int n;
446 */ 458 */
447bn_add_words: 459bn_add_words:
460 sra %o3,%g0,%o3 ! signx %o3
448 brgz,a %o3,.L_bn_add_words_proceed 461 brgz,a %o3,.L_bn_add_words_proceed
449 lduw [%o1],%o4 462 lduw [%o1],%o4
450 retl 463 retl
@@ -454,7 +467,6 @@ bn_add_words:
454 andcc %o3,-4,%g0 467 andcc %o3,-4,%g0
455 bz,pn %icc,.L_bn_add_words_tail 468 bz,pn %icc,.L_bn_add_words_tail
456 addcc %g0,0,%g0 ! clear carry flag 469 addcc %g0,0,%g0 ! clear carry flag
457 nop
458 470
459.L_bn_add_words_loop: ! wow! 32 aligned! 471.L_bn_add_words_loop: ! wow! 32 aligned!
460 dec 4,%o3 472 dec 4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
523 * int n; 535 * int n;
524 */ 536 */
525bn_sub_words: 537bn_sub_words:
538 sra %o3,%g0,%o3 ! signx %o3
526 brgz,a %o3,.L_bn_sub_words_proceed 539 brgz,a %o3,.L_bn_sub_words_proceed
527 lduw [%o1],%o4 540 lduw [%o1],%o4
528 retl 541 retl
@@ -532,7 +545,6 @@ bn_sub_words:
532 andcc %o3,-4,%g0 545 andcc %o3,-4,%g0
533 bz,pn %icc,.L_bn_sub_words_tail 546 bz,pn %icc,.L_bn_sub_words_tail
534 addcc %g0,0,%g0 ! clear carry flag 547 addcc %g0,0,%g0 ! clear carry flag
535 nop
536 548
537.L_bn_sub_words_loop: ! wow! 32 aligned! 549.L_bn_sub_words_loop: ! wow! 32 aligned!
538 dec 4,%o3 550 dec 4,%o3
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 3da6d8ced9..1251521c54 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -225,10 +225,23 @@ extern "C" {
225 225
226#define BN_FLG_MALLOCED 0x01 226#define BN_FLG_MALLOCED 0x01
227#define BN_FLG_STATIC_DATA 0x02 227#define BN_FLG_STATIC_DATA 0x02
228#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
229 * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
228#define BN_FLG_FREE 0x8000 /* used for debuging */ 230#define BN_FLG_FREE 0x8000 /* used for debuging */
229#define BN_set_flags(b,n) ((b)->flags|=(n)) 231#define BN_set_flags(b,n) ((b)->flags|=(n))
230#define BN_get_flags(b,n) ((b)->flags&(n)) 232#define BN_get_flags(b,n) ((b)->flags&(n))
231 233
234/* get a clone of a BIGNUM with changed flags, for *temporary* use only
235 * (the two BIGNUMs cannot not be used in parallel!) */
236#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
237 (dest)->top=(b)->top, \
238 (dest)->dmax=(b)->dmax, \
239 (dest)->neg=(b)->neg, \
240 (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
241 | ((b)->flags & ~BN_FLG_MALLOCED) \
242 | BN_FLG_STATIC_DATA \
243 | (n)))
244
232typedef struct bignum_st 245typedef struct bignum_st
233 { 246 {
234 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ 247 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
@@ -378,6 +391,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
378 const BIGNUM *m,BN_CTX *ctx); 391 const BIGNUM *m,BN_CTX *ctx);
379int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 392int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
380 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 393 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
394int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
395 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
381int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, 396int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
382 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 397 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
383int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, 398int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
@@ -423,6 +438,19 @@ int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
423 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, 438 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
424 int do_trial_division); 439 int do_trial_division);
425 440
441#ifdef OPENSSL_FIPS
442int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
443 void (*cb)(int, int, void *), void *cb_arg,
444 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
445 const BIGNUM *e, BN_CTX *ctx);
446int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
447int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
448 BIGNUM *Xp1, BIGNUM *Xp2,
449 const BIGNUM *Xp,
450 const BIGNUM *e, BN_CTX *ctx,
451 void (*cb)(int, int, void *), void *cb_arg);
452#endif
453
426BN_MONT_CTX *BN_MONT_CTX_new(void ); 454BN_MONT_CTX *BN_MONT_CTX_new(void );
427void BN_MONT_CTX_init(BN_MONT_CTX *ctx); 455void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
428int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, 456int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -434,6 +462,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
434void BN_MONT_CTX_free(BN_MONT_CTX *mont); 462void BN_MONT_CTX_free(BN_MONT_CTX *mont);
435int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); 463int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
436BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); 464BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
465BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
466 const BIGNUM *mod, BN_CTX *ctx);
437 467
438BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); 468BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
439void BN_BLINDING_free(BN_BLINDING *b); 469void BN_BLINDING_free(BN_BLINDING *b);
@@ -510,11 +540,15 @@ void ERR_load_BN_strings(void);
510#define BN_F_BN_CTX_GET 116 540#define BN_F_BN_CTX_GET 116
511#define BN_F_BN_CTX_NEW 106 541#define BN_F_BN_CTX_NEW 106
512#define BN_F_BN_DIV 107 542#define BN_F_BN_DIV 107
543#define BN_F_BN_EXP 123
513#define BN_F_BN_EXPAND2 108 544#define BN_F_BN_EXPAND2 108
514#define BN_F_BN_EXPAND_INTERNAL 120 545#define BN_F_BN_EXPAND_INTERNAL 120
515#define BN_F_BN_MOD_EXP2_MONT 118 546#define BN_F_BN_MOD_EXP2_MONT 118
516#define BN_F_BN_MOD_EXP_MONT 109 547#define BN_F_BN_MOD_EXP_MONT 109
548#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
517#define BN_F_BN_MOD_EXP_MONT_WORD 117 549#define BN_F_BN_MOD_EXP_MONT_WORD 117
550#define BN_F_BN_MOD_EXP_RECP 125
551#define BN_F_BN_MOD_EXP_SIMPLE 126
518#define BN_F_BN_MOD_INVERSE 110 552#define BN_F_BN_MOD_INVERSE 110
519#define BN_F_BN_MOD_LSHIFT_QUICK 119 553#define BN_F_BN_MOD_LSHIFT_QUICK 119
520#define BN_F_BN_MOD_MUL_RECIPROCAL 111 554#define BN_F_BN_MOD_MUL_RECIPROCAL 111
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index be8aa3ffc5..19978085b2 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
237 if (d == 0) return(BN_MASK2); 237 if (d == 0) return(BN_MASK2);
238 238
239 i=BN_num_bits_word(d); 239 i=BN_num_bits_word(d);
240 assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i)); 240 assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
241 241
242 i=BN_BITS2-i; 242 i=BN_BITS2-i;
243 if (h >= d) h-=d; 243 if (h >= d) h-=d;
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index fb84ee96d8..5dfac00c88 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -1,6 +1,6 @@
1/* crypto/bn/bn_err.c */ 1/* crypto/bn/bn_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,52 +64,60 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
70
67static ERR_STRING_DATA BN_str_functs[]= 71static ERR_STRING_DATA BN_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, 73{ERR_FUNC(BN_F_BN_BLINDING_CONVERT), "BN_BLINDING_convert"},
70{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"}, 74{ERR_FUNC(BN_F_BN_BLINDING_INVERT), "BN_BLINDING_invert"},
71{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"}, 75{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
72{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, 76{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
73{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, 77{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
74{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, 78{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
75{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, 79{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
76{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, 80{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
77{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, 81{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
78{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, 82{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
79{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, 83{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
80{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, 84{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
81{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, 85{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
82{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, 86{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
83{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, 87{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
84{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, 88{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
85{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, 89{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
86{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, 90{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
87{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, 91{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
88{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, 92{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
89{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, 93{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
90{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, 94{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
91{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, 95{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
96{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
97{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
98{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
99{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
92{0,NULL} 100{0,NULL}
93 }; 101 };
94 102
95static ERR_STRING_DATA BN_str_reasons[]= 103static ERR_STRING_DATA BN_str_reasons[]=
96 { 104 {
97{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, 105{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
98{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, 106{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
99{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, 107{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
100{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, 108{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
101{BN_R_DIV_BY_ZERO ,"div by zero"}, 109{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
102{BN_R_ENCODING_ERROR ,"encoding error"}, 110{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
103{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, 111{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
104{BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, 112{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
105{BN_R_INVALID_LENGTH ,"invalid length"}, 113{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
106{BN_R_INVALID_RANGE ,"invalid range"}, 114{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
107{BN_R_NOT_A_SQUARE ,"not a square"}, 115{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
108{BN_R_NOT_INITIALIZED ,"not initialized"}, 116{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
109{BN_R_NO_INVERSE ,"no inverse"}, 117{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
110{BN_R_P_IS_NOT_PRIME ,"p is not prime"}, 118{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
111{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, 119{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
112{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, 120{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
113{0,NULL} 121{0,NULL}
114 }; 122 };
115 123
@@ -123,8 +131,8 @@ void ERR_load_BN_strings(void)
123 { 131 {
124 init=0; 132 init=0;
125#ifndef OPENSSL_NO_ERR 133#ifndef OPENSSL_NO_ERR
126 ERR_load_strings(ERR_LIB_BN,BN_str_functs); 134 ERR_load_strings(0,BN_str_functs);
127 ERR_load_strings(ERR_LIB_BN,BN_str_reasons); 135 ERR_load_strings(0,BN_str_reasons);
128#endif 136#endif
129 137
130 } 138 }
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index afdfd580fb..9e1e88abe8 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
113#include "cryptlib.h" 113#include "cryptlib.h"
114#include "bn_lcl.h" 114#include "bn_lcl.h"
115 115
116/* maximum precomputation table size for *variable* sliding windows */
116#define TABLE_SIZE 32 117#define TABLE_SIZE 32
117 118
118/* this one works - simple but works */ 119/* this one works - simple but works */
@@ -121,6 +122,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
121 int i,bits,ret=0; 122 int i,bits,ret=0;
122 BIGNUM *v,*rr; 123 BIGNUM *v,*rr;
123 124
125 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
126 {
127 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
128 BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
129 return -1;
130 }
131
124 BN_CTX_start(ctx); 132 BN_CTX_start(ctx);
125 if ((r == a) || (r == p)) 133 if ((r == a) || (r == p))
126 rr = BN_CTX_get(ctx); 134 rr = BN_CTX_get(ctx);
@@ -204,7 +212,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
204 if (BN_is_odd(m)) 212 if (BN_is_odd(m))
205 { 213 {
206# ifdef MONT_EXP_WORD 214# ifdef MONT_EXP_WORD
207 if (a->top == 1 && !a->neg) 215 if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
208 { 216 {
209 BN_ULONG A = a->d[0]; 217 BN_ULONG A = a->d[0];
210 ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); 218 ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
@@ -234,6 +242,13 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
234 BIGNUM val[TABLE_SIZE]; 242 BIGNUM val[TABLE_SIZE];
235 BN_RECP_CTX recp; 243 BN_RECP_CTX recp;
236 244
245 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
246 {
247 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
248 BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
249 return -1;
250 }
251
237 bits=BN_num_bits(p); 252 bits=BN_num_bits(p);
238 253
239 if (bits == 0) 254 if (bits == 0)
@@ -361,6 +376,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
361 BIGNUM val[TABLE_SIZE]; 376 BIGNUM val[TABLE_SIZE];
362 BN_MONT_CTX *mont=NULL; 377 BN_MONT_CTX *mont=NULL;
363 378
379 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
380 {
381 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
382 }
383
364 bn_check_top(a); 384 bn_check_top(a);
365 bn_check_top(p); 385 bn_check_top(p);
366 bn_check_top(m); 386 bn_check_top(m);
@@ -493,6 +513,212 @@ err:
493 return(ret); 513 return(ret);
494 } 514 }
495 515
516
517/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
518 * so that accessing any of these table values shows the same access pattern as far
519 * as cache lines are concerned. The following functions are used to transfer a BIGNUM
520 * from/to that table. */
521
522static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
523 {
524 size_t i, j;
525
526 if (bn_wexpand(b, top) == NULL)
527 return 0;
528 while (b->top < top)
529 {
530 b->d[b->top++] = 0;
531 }
532
533 for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
534 {
535 buf[j] = ((unsigned char*)b->d)[i];
536 }
537
538 bn_fix_top(b);
539 return 1;
540 }
541
542static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
543 {
544 size_t i, j;
545
546 if (bn_wexpand(b, top) == NULL)
547 return 0;
548
549 for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
550 {
551 ((unsigned char*)b->d)[i] = buf[j];
552 }
553
554 b->top = top;
555 bn_fix_top(b);
556 return 1;
557 }
558
559/* Given a pointer value, compute the next address that is a cache line multiple. */
560#define MOD_EXP_CTIME_ALIGN(x_) \
561 ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
562
563/* This variant of BN_mod_exp_mont() uses fixed windows and the special
564 * precomputation memory layout to limit data-dependency to a minimum
565 * to protect secret exponents (cf. the hyper-threading timing attacks
566 * pointed out by Colin Percival,
567 * http://www.daemonology.net/hyperthreading-considered-harmful/)
568 */
569int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
570 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
571 {
572 int i,bits,ret=0,idx,window,wvalue;
573 int top;
574 BIGNUM *r;
575 const BIGNUM *aa;
576 BN_MONT_CTX *mont=NULL;
577
578 int numPowers;
579 unsigned char *powerbufFree=NULL;
580 int powerbufLen = 0;
581 unsigned char *powerbuf=NULL;
582 BIGNUM *computeTemp=NULL, *am=NULL;
583
584 bn_check_top(a);
585 bn_check_top(p);
586 bn_check_top(m);
587
588 top = m->top;
589
590 if (!(m->d[0] & 1))
591 {
592 BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
593 return(0);
594 }
595 bits=BN_num_bits(p);
596 if (bits == 0)
597 {
598 ret = BN_one(rr);
599 return ret;
600 }
601
602 /* Initialize BIGNUM context and allocate intermediate result */
603 BN_CTX_start(ctx);
604 r = BN_CTX_get(ctx);
605 if (r == NULL) goto err;
606
607 /* Allocate a montgomery context if it was not supplied by the caller.
608 * If this is not done, things will break in the montgomery part.
609 */
610 if (in_mont != NULL)
611 mont=in_mont;
612 else
613 {
614 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
615 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
616 }
617
618 /* Get the window size to use with size of p. */
619 window = BN_window_bits_for_ctime_exponent_size(bits);
620
621 /* Allocate a buffer large enough to hold all of the pre-computed
622 * powers of a.
623 */
624 numPowers = 1 << window;
625 powerbufLen = sizeof(m->d[0])*top*numPowers;
626 if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
627 goto err;
628
629 powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
630 memset(powerbuf, 0, powerbufLen);
631
632 /* Initialize the intermediate result. Do this early to save double conversion,
633 * once each for a^0 and intermediate result.
634 */
635 if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
636 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
637
638 /* Initialize computeTemp as a^1 with montgomery precalcs */
639 computeTemp = BN_CTX_get(ctx);
640 am = BN_CTX_get(ctx);
641 if (computeTemp==NULL || am==NULL) goto err;
642
643 if (a->neg || BN_ucmp(a,m) >= 0)
644 {
645 if (!BN_mod(am,a,m,ctx))
646 goto err;
647 aa= am;
648 }
649 else
650 aa=a;
651 if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
652 if (!BN_copy(computeTemp, am)) goto err;
653 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
654
655 /* If the window size is greater than 1, then calculate
656 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
657 * (even powers could instead be computed as (a^(i/2))^2
658 * to use the slight performance advantage of sqr over mul).
659 */
660 if (window > 1)
661 {
662 for (i=2; i<numPowers; i++)
663 {
664 /* Calculate a^i = a^(i-1) * a */
665 if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
666 goto err;
667 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
668 }
669 }
670
671 /* Adjust the number of bits up to a multiple of the window size.
672 * If the exponent length is not a multiple of the window size, then
673 * this pads the most significant bits with zeros to normalize the
674 * scanning loop to there's no special cases.
675 *
676 * * NOTE: Making the window size a power of two less than the native
677 * * word size ensures that the padded bits won't go past the last
678 * * word in the internal BIGNUM structure. Going past the end will
679 * * still produce the correct result, but causes a different branch
680 * * to be taken in the BN_is_bit_set function.
681 */
682 bits = ((bits+window-1)/window)*window;
683 idx=bits-1; /* The top bit of the window */
684
685 /* Scan the exponent one window at a time starting from the most
686 * significant bits.
687 */
688 while (idx >= 0)
689 {
690 wvalue=0; /* The 'value' of the window */
691
692 /* Scan the window, squaring the result as we go */
693 for (i=0; i<window; i++,idx--)
694 {
695 if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
696 wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
697 }
698
699 /* Fetch the appropriate pre-computed value from the pre-buf */
700 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
701
702 /* Multiply the result into the intermediate result */
703 if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
704 }
705
706 /* Convert the final result from montgomery to standard format */
707 if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
708 ret=1;
709err:
710 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
711 if (powerbuf!=NULL)
712 {
713 OPENSSL_cleanse(powerbuf,powerbufLen);
714 OPENSSL_free(powerbufFree);
715 }
716 if (am!=NULL) BN_clear(am);
717 if (computeTemp!=NULL) BN_clear(computeTemp);
718 BN_CTX_end(ctx);
719 return(ret);
720 }
721
496int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, 722int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
497 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 723 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
498 { 724 {
@@ -517,6 +743,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
517#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ 743#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
518 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) 744 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
519 745
746 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
747 {
748 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
749 BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
750 return -1;
751 }
752
520 bn_check_top(p); 753 bn_check_top(p);
521 bn_check_top(m); 754 bn_check_top(m);
522 755
@@ -644,6 +877,13 @@ int BN_mod_exp_simple(BIGNUM *r,
644 BIGNUM *d; 877 BIGNUM *d;
645 BIGNUM val[TABLE_SIZE]; 878 BIGNUM val[TABLE_SIZE];
646 879
880 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
881 {
882 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
883 BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
884 return -1;
885 }
886
647 bits=BN_num_bits(p); 887 bits=BN_num_bits(p);
648 888
649 if (bits == 0) 889 if (bits == 0)
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 253e195e23..a84998f2bd 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
177 177
178 178
179 179
180/* BN_mod_exp_mont_conttime is based on the assumption that the
181 * L1 data cache line width of the target processor is at least
182 * the following value.
183 */
184#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
185#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
186
187/* Window sizes optimized for fixed window size modular exponentiation
188 * algorithm (BN_mod_exp_mont_consttime).
189 *
190 * To achieve the security goals of BN_mode_exp_mont_consttime, the
191 * maximum size of the window must not exceed
192 * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
193 *
194 * Window size thresholds are defined for cache line sizes of 32 and 64,
195 * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
196 * window size of 7 should only be used on processors that have a 128
197 * byte or greater cache line size.
198 */
199#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
200
201# define BN_window_bits_for_ctime_exponent_size(b) \
202 ((b) > 937 ? 6 : \
203 (b) > 306 ? 5 : \
204 (b) > 89 ? 4 : \
205 (b) > 22 ? 3 : 1)
206# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
207
208#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
209
210# define BN_window_bits_for_ctime_exponent_size(b) \
211 ((b) > 306 ? 5 : \
212 (b) > 89 ? 4 : \
213 (b) > 22 ? 3 : 1)
214# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
215
216#endif
217
218
180/* Pentium pro 16,16,16,32,64 */ 219/* Pentium pro 16,16,16,32,64 */
181/* Alpha 16,16,16,16.64 */ 220/* Alpha 16,16,16,16.64 */
182#define BN_MULL_SIZE_NORMAL (16) /* 32 */ 221#define BN_MULL_SIZE_NORMAL (16) /* 32 */
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index b79b1b60da..3572e5a690 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -347,3 +347,23 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
347 return(to); 347 return(to);
348 } 348 }
349 349
350BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
351 const BIGNUM *mod, BN_CTX *ctx)
352 {
353 if (*pmont)
354 return *pmont;
355 CRYPTO_w_lock(lock);
356 if (!*pmont)
357 {
358 *pmont = BN_MONT_CTX_new();
359 if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
360 {
361 BN_MONT_CTX_free(*pmont);
362 *pmont = NULL;
363 }
364 }
365 CRYPTO_w_unlock(lock);
366 return *pmont;
367 }
368
369
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
index 79d813d85e..792a75ff4f 100644
--- a/src/lib/libcrypto/bn/bntest.c
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
86int test_mod(BIO *bp,BN_CTX *ctx); 86int test_mod(BIO *bp,BN_CTX *ctx);
87int test_mod_mul(BIO *bp,BN_CTX *ctx); 87int test_mod_mul(BIO *bp,BN_CTX *ctx);
88int test_mod_exp(BIO *bp,BN_CTX *ctx); 88int test_mod_exp(BIO *bp,BN_CTX *ctx);
89int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
89int test_exp(BIO *bp,BN_CTX *ctx); 90int test_exp(BIO *bp,BN_CTX *ctx);
90int test_kron(BIO *bp,BN_CTX *ctx); 91int test_kron(BIO *bp,BN_CTX *ctx);
91int test_sqrt(BIO *bp,BN_CTX *ctx); 92int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
213 if (!test_mod_exp(out,ctx)) goto err; 214 if (!test_mod_exp(out,ctx)) goto err;
214 BIO_flush(out); 215 BIO_flush(out);
215 216
217 message(out,"BN_mod_exp_mont_consttime");
218 if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
219 BIO_flush(out);
220
216 message(out,"BN_exp"); 221 message(out,"BN_exp");
217 if (!test_exp(out,ctx)) goto err; 222 if (!test_exp(out,ctx)) goto err;
218 BIO_flush(out); 223 BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
813 return(1); 818 return(1);
814 } 819 }
815 820
821int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
822 {
823 BIGNUM *a,*b,*c,*d,*e;
824 int i;
825
826 a=BN_new();
827 b=BN_new();
828 c=BN_new();
829 d=BN_new();
830 e=BN_new();
831
832 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
833 for (i=0; i<num2; i++)
834 {
835 BN_bntest_rand(a,20+i*5,0,0); /**/
836 BN_bntest_rand(b,2+i,0,0); /**/
837
838 if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
839 return(00);
840
841 if (bp != NULL)
842 {
843 if (!results)
844 {
845 BN_print(bp,a);
846 BIO_puts(bp," ^ ");
847 BN_print(bp,b);
848 BIO_puts(bp," % ");
849 BN_print(bp,c);
850 BIO_puts(bp," - ");
851 }
852 BN_print(bp,d);
853 BIO_puts(bp,"\n");
854 }
855 BN_exp(e,a,b,ctx);
856 BN_sub(e,e,d);
857 BN_div(a,b,e,c,ctx);
858 if(!BN_is_zero(b))
859 {
860 fprintf(stderr,"Modulo exponentiation test failed!\n");
861 return 0;
862 }
863 }
864 BN_free(a);
865 BN_free(b);
866 BN_free(c);
867 BN_free(d);
868 BN_free(e);
869 return(1);
870 }
871
816int test_exp(BIO *bp, BN_CTX *ctx) 872int test_exp(BIO *bp, BN_CTX *ctx)
817 { 873 {
818 BIGNUM *a,*b,*d,*e,*one; 874 BIGNUM *a,*b,*d,*e,*one;
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
index 07a1bcf51c..4d5f221f33 100644
--- a/src/lib/libcrypto/bn/expspeed.c
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
321#else /* TEST_SQRT */ 321#else /* TEST_SQRT */
322 "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" 322 "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
323#endif 323#endif
324 " -> %8.3fms %5.1f (%ld)\n", 324 " -> %8.6fms %5.1f (%ld)\n",
325#ifdef TEST_SQRT 325#ifdef TEST_SQRT
326 P_MOD_64, 326 P_MOD_64,
327#endif 327#endif
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
index b09cf88705..28aaac2ac1 100644
--- a/src/lib/libcrypto/bn/exptest.c
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
77 BIO *out=NULL; 77 BIO *out=NULL;
78 int i,ret; 78 int i,ret;
79 unsigned char c; 79 unsigned char c;
80 BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; 80 BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
81 81
82 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't 82 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
83 * even check its return value 83 * even check its return value
@@ -88,6 +88,7 @@ int main(int argc, char *argv[])
88 ctx=BN_CTX_new(); 88 ctx=BN_CTX_new();
89 if (ctx == NULL) EXIT(1); 89 if (ctx == NULL) EXIT(1);
90 r_mont=BN_new(); 90 r_mont=BN_new();
91 r_mont_const=BN_new();
91 r_recp=BN_new(); 92 r_recp=BN_new();
92 r_simple=BN_new(); 93 r_simple=BN_new();
93 a=BN_new(); 94 a=BN_new();
@@ -143,8 +144,17 @@ int main(int argc, char *argv[])
143 EXIT(1); 144 EXIT(1);
144 } 145 }
145 146
147 ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
148 if (ret <= 0)
149 {
150 printf("BN_mod_exp_mont_consttime() problems\n");
151 ERR_print_errors(out);
152 EXIT(1);
153 }
154
146 if (BN_cmp(r_simple, r_mont) == 0 155 if (BN_cmp(r_simple, r_mont) == 0
147 && BN_cmp(r_simple,r_recp) == 0) 156 && BN_cmp(r_simple,r_recp) == 0
157 && BN_cmp(r_simple,r_mont_const) == 0)
148 { 158 {
149 printf("."); 159 printf(".");
150 fflush(stdout); 160 fflush(stdout);
@@ -153,6 +163,8 @@ int main(int argc, char *argv[])
153 { 163 {
154 if (BN_cmp(r_simple,r_mont) != 0) 164 if (BN_cmp(r_simple,r_mont) != 0)
155 printf("\nsimple and mont results differ\n"); 165 printf("\nsimple and mont results differ\n");
166 if (BN_cmp(r_simple,r_mont) != 0)
167 printf("\nsimple and mont const time results differ\n");
156 if (BN_cmp(r_simple,r_recp) != 0) 168 if (BN_cmp(r_simple,r_recp) != 0)
157 printf("\nsimple and recp results differ\n"); 169 printf("\nsimple and recp results differ\n");
158 170
@@ -162,11 +174,13 @@ int main(int argc, char *argv[])
162 printf("\nsimple ="); BN_print(out,r_simple); 174 printf("\nsimple ="); BN_print(out,r_simple);
163 printf("\nrecp ="); BN_print(out,r_recp); 175 printf("\nrecp ="); BN_print(out,r_recp);
164 printf("\nmont ="); BN_print(out,r_mont); 176 printf("\nmont ="); BN_print(out,r_mont);
177 printf("\nmont_ct ="); BN_print(out,r_mont_const);
165 printf("\n"); 178 printf("\n");
166 EXIT(1); 179 EXIT(1);
167 } 180 }
168 } 181 }
169 BN_free(r_mont); 182 BN_free(r_mont);
183 BN_free(r_mont_const);
170 BN_free(r_recp); 184 BN_free(r_recp);
171 BN_free(r_simple); 185 BN_free(r_simple);
172 BN_free(a); 186 BN_free(a);
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
index 5eee653e14..1fc32a6861 100644
--- a/src/lib/libcrypto/buffer/buf_err.c
+++ b/src/lib/libcrypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
1/* crypto/buffer/buf_err.c */ 1/* crypto/buffer/buf_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,11 +64,15 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
70
67static ERR_STRING_DATA BUF_str_functs[]= 71static ERR_STRING_DATA BUF_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, 73{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
70{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, 74{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
71{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, 75{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
72{0,NULL} 76{0,NULL}
73 }; 77 };
74 78
@@ -87,8 +91,8 @@ void ERR_load_BUF_strings(void)
87 { 91 {
88 init=0; 92 init=0;
89#ifndef OPENSSL_NO_ERR 93#ifndef OPENSSL_NO_ERR
90 ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); 94 ERR_load_strings(0,BUF_str_functs);
91 ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); 95 ERR_load_strings(0,BUF_str_reasons);
92#endif 96#endif
93 97
94 } 98 }
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
index dc4791a8cf..db9b7573e0 100644
--- a/src/lib/libcrypto/cast/c_skey.c
+++ b/src/lib/libcrypto/cast/c_skey.c
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include <openssl/crypto.h> 59#include <openssl/crypto.h>
60#include <openssl/fips.h>
60#include <openssl/cast.h> 61#include <openssl/cast.h>
61 62
62#include "cast_lcl.h" 63#include "cast_lcl.h"
diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h
index 37f41cc6a4..e756021a33 100644
--- a/src/lib/libcrypto/cast/cast_lcl.h
+++ b/src/lib/libcrypto/cast/cast_lcl.h
@@ -64,11 +64,6 @@
64#endif 64#endif
65 65
66 66
67#ifdef OPENSSL_BUILD_SHLIBCRYPTO
68# undef OPENSSL_EXTERN
69# define OPENSSL_EXTERN OPENSSL_EXPORT
70#endif
71
72#undef c2l 67#undef c2l
73#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ 68#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
74 l|=((unsigned long)(*((c)++)))<< 8L, \ 69 l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -222,11 +217,11 @@
222 } 217 }
223#endif 218#endif
224 219
225OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; 220extern const CAST_LONG CAST_S_table0[256];
226OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; 221extern const CAST_LONG CAST_S_table1[256];
227OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; 222extern const CAST_LONG CAST_S_table2[256];
228OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; 223extern const CAST_LONG CAST_S_table3[256];
229OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; 224extern const CAST_LONG CAST_S_table4[256];
230OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; 225extern const CAST_LONG CAST_S_table5[256];
231OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; 226extern const CAST_LONG CAST_S_table6[256];
232OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; 227extern const CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
index 1bd2850d15..5fcb521ffb 100644
--- a/src/lib/libcrypto/comp/c_zlib.c
+++ b/src/lib/libcrypto/comp/c_zlib.c
@@ -51,30 +51,17 @@ static COMP_METHOD zlib_method={
51 */ 51 */
52#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 52#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
53# include <windows.h> 53# include <windows.h>
54
55# define Z_CALLCONV _stdcall
56# define ZLIB_SHARED
57#else
58# define Z_CALLCONV
59#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ 54#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
60 55
61#ifdef ZLIB_SHARED 56#ifdef ZLIB_SHARED
62#include <openssl/dso.h> 57#include <openssl/dso.h>
63 58
64/* Prototypes for built in stubs */
65static int stub_compress(Bytef *dest,uLongf *destLen,
66 const Bytef *source, uLong sourceLen);
67static int stub_inflateEnd(z_streamp strm);
68static int stub_inflate(z_streamp strm, int flush);
69static int stub_inflateInit_(z_streamp strm, const char * version,
70 int stream_size);
71
72/* Function pointers */ 59/* Function pointers */
73typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, 60typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
74 const Bytef *source, uLong sourceLen); 61 const Bytef *source, uLong sourceLen);
75typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); 62typedef int (*inflateEnd_ft)(z_streamp strm);
76typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); 63typedef int (*inflate_ft)(z_streamp strm, int flush);
77typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, 64typedef int (*inflateInit__ft)(z_streamp strm,
78 const char * version, int stream_size); 65 const char * version, int stream_size);
79static compress_ft p_compress=NULL; 66static compress_ft p_compress=NULL;
80static inflateEnd_ft p_inflateEnd=NULL; 67static inflateEnd_ft p_inflateEnd=NULL;
@@ -84,10 +71,10 @@ static inflateInit__ft p_inflateInit_=NULL;
84static int zlib_loaded = 0; /* only attempt to init func pts once */ 71static int zlib_loaded = 0; /* only attempt to init func pts once */
85static DSO *zlib_dso = NULL; 72static DSO *zlib_dso = NULL;
86 73
87#define compress stub_compress 74#define compress p_compress
88#define inflateEnd stub_inflateEnd 75#define inflateEnd p_inflateEnd
89#define inflate stub_inflate 76#define inflate p_inflate
90#define inflateInit_ stub_inflateInit_ 77#define inflateInit_ p_inflateInit_
91#endif /* ZLIB_SHARED */ 78#endif /* ZLIB_SHARED */
92 79
93static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, 80static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -191,16 +178,6 @@ COMP_METHOD *COMP_zlib(void)
191 { 178 {
192#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 179#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
193 zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); 180 zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
194 if (!zlib_dso)
195 {
196 zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
197 if (zlib_dso)
198 {
199 /* Clear the errors from the first failed
200 DSO_load() */
201 ERR_clear_error();
202 }
203 }
204#else 181#else
205 zlib_dso = DSO_load(NULL, "z", NULL, 0); 182 zlib_dso = DSO_load(NULL, "z", NULL, 0);
206#endif 183#endif
@@ -218,54 +195,21 @@ COMP_METHOD *COMP_zlib(void)
218 p_inflateInit_ 195 p_inflateInit_
219 = (inflateInit__ft) DSO_bind_func(zlib_dso, 196 = (inflateInit__ft) DSO_bind_func(zlib_dso,
220 "inflateInit_"); 197 "inflateInit_");
221 zlib_loaded++; 198
199 if (p_compress && p_inflateEnd && p_inflate
200 && p_inflateInit_)
201 zlib_loaded++;
222 } 202 }
223 } 203 }
224 204
225#endif 205#endif
206#ifdef ZLIB_SHARED
207 if (zlib_loaded)
208#endif
226#if defined(ZLIB) || defined(ZLIB_SHARED) 209#if defined(ZLIB) || defined(ZLIB_SHARED)
227 meth = &zlib_method; 210 meth = &zlib_method;
228#endif 211#endif
229 212
230 return(meth); 213 return(meth);
231 } 214 }
232 215
233#ifdef ZLIB_SHARED
234/* Stubs for each function to be dynamicly loaded */
235static int
236stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
237 {
238 if (p_compress)
239 return(p_compress(dest,destLen,source,sourceLen));
240 else
241 return(Z_MEM_ERROR);
242 }
243
244static int
245stub_inflateEnd(z_streamp strm)
246 {
247 if ( p_inflateEnd )
248 return(p_inflateEnd(strm));
249 else
250 return(Z_MEM_ERROR);
251 }
252
253static int
254stub_inflate(z_streamp strm, int flush)
255 {
256 if ( p_inflate )
257 return(p_inflate(strm,flush));
258 else
259 return(Z_MEM_ERROR);
260 }
261
262static int
263stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
264 {
265 if ( p_inflateInit_ )
266 return(p_inflateInit_(strm,version,stream_size));
267 else
268 return(Z_MEM_ERROR);
269 }
270
271#endif /* ZLIB_SHARED */
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index b5a876ae68..2464f8ed90 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
613 e++; 613 e++;
614 } 614 }
615 /* So at this point we have 615 /* So at this point we have
616 * ns which is the start of the name string which is 616 * np which is the start of the name string which is
617 * '\0' terminated. 617 * '\0' terminated.
618 * cs which is the start of the section string which is 618 * cp which is the start of the section string which is
619 * '\0' terminated. 619 * '\0' terminated.
620 * e is the 'next point after'. 620 * e is the 'next point after'.
621 * r and s are the chars replaced by the '\0' 621 * r and rr are the chars replaced by the '\0'
622 * rp and sp is where 'r' and 's' came from. 622 * rp and rrp is where 'r' and 'rr' came from.
623 */ 623 */
624 p=_CONF_get_string(conf,cp,np); 624 p=_CONF_get_string(conf,cp,np);
625 if (rrp != NULL) *rrp=rr; 625 if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
638 points at. /RL */ 638 points at. /RL */
639 len -= e-from; 639 len -= e-from;
640 from=e; 640 from=e;
641
642 /* In case there were no braces or parenthesis around
643 the variable reference, we have to put back the
644 character that was replaced with a '\0'. /RL */
645 *rp = r;
641 } 646 }
642 else 647 else
643 buf->data[to++]= *(from++); 648 buf->data[to++]= *(from++);
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
index ee07bfe9d9..f5e2ca4bf0 100644
--- a/src/lib/libcrypto/conf/conf_err.c
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -1,6 +1,6 @@
1/* crypto/conf/conf_err.c */ 1/* crypto/conf/conf_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,47 +64,51 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
70
67static ERR_STRING_DATA CONF_str_functs[]= 71static ERR_STRING_DATA CONF_str_functs[]=
68 { 72 {
69{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"}, 73{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
70{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, 74{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
71{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, 75{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
72{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, 76{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
73{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, 77{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
74{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, 78{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
75{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, 79{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
76{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, 80{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
77{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, 81{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
78{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, 82{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
79{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, 83{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
80{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, 84{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
81{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, 85{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
82{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, 86{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
83{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, 87{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
84{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, 88{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
85{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, 89{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
86{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, 90{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
87{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, 91{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
88{0,NULL} 92{0,NULL}
89 }; 93 };
90 94
91static ERR_STRING_DATA CONF_str_reasons[]= 95static ERR_STRING_DATA CONF_str_reasons[]=
92 { 96 {
93{CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, 97{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"},
94{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, 98{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
95{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, 99{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"},
96{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, 100{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
97{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, 101{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
98{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, 102{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
99{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, 103{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"},
100{CONF_R_NO_CONF ,"no conf"}, 104{ERR_REASON(CONF_R_NO_CONF) ,"no conf"},
101{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, 105{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
102{CONF_R_NO_SECTION ,"no section"}, 106{ERR_REASON(CONF_R_NO_SECTION) ,"no section"},
103{CONF_R_NO_SUCH_FILE ,"no such file"}, 107{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"},
104{CONF_R_NO_VALUE ,"no value"}, 108{ERR_REASON(CONF_R_NO_VALUE) ,"no value"},
105{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, 109{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
106{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, 110{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"},
107{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, 111{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
108{0,NULL} 112{0,NULL}
109 }; 113 };
110 114
@@ -118,8 +122,8 @@ void ERR_load_CONF_strings(void)
118 { 122 {
119 init=0; 123 init=0;
120#ifndef OPENSSL_NO_ERR 124#ifndef OPENSSL_NO_ERR
121 ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); 125 ERR_load_strings(0,CONF_str_functs);
122 ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); 126 ERR_load_strings(0,CONF_str_reasons);
123#endif 127#endif
124 128
125 } 129 }
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c
index 1b4a1cb4d4..06a6109cce 100644
--- a/src/lib/libcrypto/cpt_err.c
+++ b/src/lib/libcrypto/cpt_err.c
@@ -1,6 +1,6 @@
1/* crypto/cpt_err.c */ 1/* crypto/cpt_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,23 +64,27 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
70
67static ERR_STRING_DATA CRYPTO_str_functs[]= 71static ERR_STRING_DATA CRYPTO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, 73{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
70{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"}, 74{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
71{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, 75{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
72{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, 76{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
73{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"}, 77{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
74{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"}, 78{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
75{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"}, 79{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
76{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"}, 80{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
77{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"}, 81{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
78{0,NULL} 82{0,NULL}
79 }; 83 };
80 84
81static ERR_STRING_DATA CRYPTO_str_reasons[]= 85static ERR_STRING_DATA CRYPTO_str_reasons[]=
82 { 86 {
83{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"}, 87{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
84{0,NULL} 88{0,NULL}
85 }; 89 };
86 90
@@ -94,8 +98,8 @@ void ERR_load_CRYPTO_strings(void)
94 { 98 {
95 init=0; 99 init=0;
96#ifndef OPENSSL_NO_ERR 100#ifndef OPENSSL_NO_ERR
97 ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); 101 ERR_load_strings(0,CRYPTO_str_functs);
98 ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons); 102 ERR_load_strings(0,CRYPTO_str_reasons);
99#endif 103#endif
100 104
101 } 105 }
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index fef0afb29f..e63bbe8dba 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -480,6 +480,8 @@ const char *CRYPTO_get_lock_name(int type)
480 return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); 480 return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
481 } 481 }
482 482
483int OPENSSL_NONPIC_relocated=0;
484
483#if defined(_WIN32) && defined(_WINDLL) 485#if defined(_WIN32) && defined(_WINDLL)
484 486
485/* All we really need to do is remove the 'error' state when a thread 487/* All we really need to do is remove the 'error' state when a thread
@@ -491,6 +493,21 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
491 switch(fdwReason) 493 switch(fdwReason)
492 { 494 {
493 case DLL_PROCESS_ATTACH: 495 case DLL_PROCESS_ATTACH:
496#if defined(_WIN32_WINNT)
497 {
498 IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
499 IMAGE_NT_HEADERS *nt_headers;
500
501 if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
502 {
503 nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
504 + dos_header->e_lfanew);
505 if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
506 hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
507 OPENSSL_NONPIC_relocated=1;
508 }
509 }
510#endif
494 break; 511 break;
495 case DLL_THREAD_ATTACH: 512 case DLL_THREAD_ATTACH:
496 break; 513 break;
@@ -504,18 +521,160 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
504 } 521 }
505#endif 522#endif
506 523
524#if defined(_WIN32)
525#include <tchar.h>
526
527#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
528static int IsService(void)
529{ HWINSTA h;
530 DWORD len;
531 WCHAR *name;
532
533 (void)GetDesktopWindow(); /* return value is ignored */
534
535 h = GetProcessWindowStation();
536 if (h==NULL) return -1;
537
538 if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
539 GetLastError() != ERROR_INSUFFICIENT_BUFFER)
540 return -1;
541
542 if (len>512) return -1; /* paranoia */
543 len++,len&=~1; /* paranoia */
544#ifdef _MSC_VER
545 name=(WCHAR *)_alloca(len+sizeof(WCHAR));
546#else
547 name=(WCHAR *)alloca(len+sizeof(WCHAR));
548#endif
549 if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
550 return -1;
551
552 len++,len&=~1; /* paranoia */
553 name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */
554#if 1
555 /* This doesn't cover "interactive" services [working with real
556 * WinSta0's] nor programs started non-interactively by Task
557 * Scheduler [those are working with SAWinSta]. */
558 if (wcsstr(name,L"Service-0x")) return 1;
559#else
560 /* This covers all non-interactive programs such as services. */
561 if (!wcsstr(name,L"WinSta0")) return 1;
562#endif
563 else return 0;
564}
565#endif
566
567void OPENSSL_showfatal (const char *fmta,...)
568{ va_list ap;
569 TCHAR buf[256];
570 const TCHAR *fmt;
571 HANDLE h;
572
573 if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
574 GetFileType(h)!=FILE_TYPE_UNKNOWN)
575 { /* must be console application */
576 va_start (ap,fmta);
577 vfprintf (stderr,fmta,ap);
578 va_end (ap);
579 return;
580 }
581
582 if (sizeof(TCHAR)==sizeof(char))
583 fmt=(const TCHAR *)fmta;
584 else do
585 { int keepgoing;
586 size_t len_0=strlen(fmta)+1,i;
587 WCHAR *fmtw;
588
589#ifdef _MSC_VER
590 fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
591#else
592 fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
593#endif
594 if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
595
596#ifndef OPENSSL_NO_MULTIBYTE
597 if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
598#endif
599 for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
600
601 for (i=0;i<len_0;i++)
602 { if (fmtw[i]==L'%') do
603 { keepgoing=0;
604 switch (fmtw[i+1])
605 { case L'0': case L'1': case L'2': case L'3': case L'4':
606 case L'5': case L'6': case L'7': case L'8': case L'9':
607 case L'.': case L'*':
608 case L'-': i++; keepgoing=1; break;
609 case L's': fmtw[i+1]=L'S'; break;
610 case L'S': fmtw[i+1]=L's'; break;
611 case L'c': fmtw[i+1]=L'C'; break;
612 case L'C': fmtw[i+1]=L'c'; break;
613 }
614 } while (keepgoing);
615 }
616 fmt = (const TCHAR *)fmtw;
617 } while (0);
618
619 va_start (ap,fmta);
620 _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
621 buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
622 va_end (ap);
623
624#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
625 /* this -------------v--- guards NT-specific calls */
626 if (GetVersion() < 0x80000000 && IsService())
627 { HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
628 const TCHAR *pmsg=buf;
629 ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
630 DeregisterEventSource(h);
631 }
632 else
633#endif
634 { MSGBOXPARAMS m;
635
636 m.cbSize = sizeof(m);
637 m.hwndOwner = NULL;
638 m.lpszCaption = _T("OpenSSL: FATAL");
639 m.dwStyle = MB_OK;
640 m.hInstance = NULL;
641 m.lpszIcon = IDI_ERROR;
642 m.dwContextHelpId = 0;
643 m.lpfnMsgBoxCallback = NULL;
644 m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
645 m.lpszText = buf;
646
647 MessageBoxIndirect (&m);
648 }
649}
650#else
651void OPENSSL_showfatal (const char *fmta,...)
652{ va_list ap;
653
654 va_start (ap,fmta);
655 vfprintf (stderr,fmta,ap);
656 va_end (ap);
657}
658#endif
659
507void OpenSSLDie(const char *file,int line,const char *assertion) 660void OpenSSLDie(const char *file,int line,const char *assertion)
508 { 661 {
509 fprintf(stderr, 662 OPENSSL_showfatal(
510 "%s(%d): OpenSSL internal error, assertion failed: %s\n", 663 "%s(%d): OpenSSL internal error, assertion failed: %s\n",
511 file,line,assertion); 664 file,line,assertion);
512 abort(); 665 abort();
513 } 666 }
514 667
668void *OPENSSL_stderr(void) { return stderr; }
669
515#ifdef OPENSSL_FIPS 670#ifdef OPENSSL_FIPS
671
672void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
673void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
674void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
675void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
676
516static int fips_started = 0; 677static int fips_started = 0;
517static int fips_mode = 0;
518static void *fips_rand_check = 0;
519static unsigned long fips_thread = 0; 678static unsigned long fips_thread = 0;
520 679
521void fips_set_started(void) 680void fips_set_started(void)
@@ -576,57 +735,10 @@ int fips_clear_owning_thread(void)
576 return ret; 735 return ret;
577 } 736 }
578 737
579void fips_set_mode(int onoff) 738unsigned char *fips_signature_witness(void)
580 {
581 int owning_thread = fips_is_owning_thread();
582
583 if (fips_is_started())
584 {
585 if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
586 fips_mode = onoff;
587 if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
588 }
589 }
590
591void fips_set_rand_check(void *rand_check)
592 {
593 int owning_thread = fips_is_owning_thread();
594
595 if (fips_is_started())
596 {
597 if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
598 fips_rand_check = rand_check;
599 if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
600 }
601 }
602
603int FIPS_mode(void)
604 {
605 int ret = 0;
606 int owning_thread = fips_is_owning_thread();
607
608 if (fips_is_started())
609 {
610 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
611 ret = fips_mode;
612 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
613 }
614 return ret;
615 }
616
617void *FIPS_rand_check(void)
618 { 739 {
619 void *ret = 0; 740 extern unsigned char FIPS_signature[];
620 int owning_thread = fips_is_owning_thread(); 741 return FIPS_signature;
621
622 if (fips_is_started())
623 {
624 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
625 ret = fips_rand_check;
626 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
627 }
628 return ret;
629 } 742 }
630
631#endif /* OPENSSL_FIPS */ 743#endif /* OPENSSL_FIPS */
632 744
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index 0d6b9d59f0..6f59e08ca6 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -93,6 +93,10 @@ extern "C" {
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) 93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94#define HEX_SIZE(type) (sizeof(type)*2) 94#define HEX_SIZE(type) (sizeof(type)*2)
95 95
96void OPENSSL_showfatal(const char *,...);
97void *OPENSSL_stderr(void);
98extern int OPENSSL_NONPIC_relocated;
99
96#ifdef __cplusplus 100#ifdef __cplusplus
97} 101}
98#endif 102#endif
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
index c044ce0099..427c321f25 100644
--- a/src/lib/libcrypto/crypto-lib.com
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
184$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - 184$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
185 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - 185 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
186 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - 186 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
187 "bn_recp,bn_mont,bn_mpi,bn_exp2" 187 "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
188$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - 188$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
189 "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - 189 "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
190 "rsa_asn1" 190 "rsa_pss,rsa_x931,rsa_asn1"
191$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ - 191$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
192 "ec_err" 192 "ec_err"
193$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl" 193$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
265$! 265$!
266$! Setup exceptional compilations 266$! Setup exceptional compilations
267$! 267$!
268$ ! Add definitions for no threads on OpenVMS 7.1 and higher
268$ COMPILEWITH_CC3 = ",bss_rtcp," 269$ COMPILEWITH_CC3 = ",bss_rtcp,"
270$ ! Disable the DOLLARID warning
269$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," 271$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
272$ ! Disable disjoint optimization
270$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - 273$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
271 "sha_dgst,sha1dgst,rmd_dgst,bf_enc," 274 "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
275$ ! Disable the MIXLINKAGE warning
276$ COMPILEWITH_CC6 = ",enc_read,set_key,"
272$! 277$!
273$! Figure Out What Other Modules We Are To Build. 278$! Figure Out What Other Modules We Are To Build.
274$! 279$!
@@ -497,7 +502,12 @@ $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
497$ THEN 502$ THEN
498$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' 503$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
499$ ELSE 504$ ELSE
500$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' 505$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
506$ THEN
507$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
508$ ELSE
509$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
510$ ENDIF
501$ ENDIF 511$ ENDIF
502$ ENDIF 512$ ENDIF
503$ ENDIF 513$ ENDIF
@@ -960,7 +970,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
960$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 970$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
961$ CCEXTRAFLAGS = "" 971$ CCEXTRAFLAGS = ""
962$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 972$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
963$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 973$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
964$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 974$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
965 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 975 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
966$! 976$!
@@ -1077,14 +1087,18 @@ $ THEN
1077$ IF CCDISABLEWARNINGS .EQS. "" 1087$ IF CCDISABLEWARNINGS .EQS. ""
1078$ THEN 1088$ THEN
1079$ CC4DISABLEWARNINGS = "DOLLARID" 1089$ CC4DISABLEWARNINGS = "DOLLARID"
1090$ CC6DISABLEWARNINGS = "MIXLINKAGE"
1080$ ELSE 1091$ ELSE
1081$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" 1092$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
1093$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
1082$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" 1094$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
1083$ ENDIF 1095$ ENDIF
1084$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" 1096$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
1097$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
1085$ ELSE 1098$ ELSE
1086$ CCDISABLEWARNINGS = "" 1099$ CCDISABLEWARNINGS = ""
1087$ CC4DISABLEWARNINGS = "" 1100$ CC4DISABLEWARNINGS = ""
1101$ CC6DISABLEWARNINGS = ""
1088$ ENDIF 1102$ ENDIF
1089$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS 1103$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
1090$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS 1104$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $ ELSE
1095$ CC5 = CC + "/NOOPTIMIZE" 1109$ CC5 = CC + "/NOOPTIMIZE"
1096$ ENDIF 1110$ ENDIF
1097$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS 1111$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
1112$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
1098$! 1113$!
1099$! Show user the result 1114$! Show user the result
1100$! 1115$!
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 4d1dfac7f1..22fd939e65 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -434,12 +434,9 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
434 434
435/* die if we have to */ 435/* die if we have to */
436void OpenSSLDie(const char *file,int line,const char *assertion); 436void OpenSSLDie(const char *file,int line,const char *assertion);
437#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) 437#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
438 438
439#ifdef OPENSSL_FIPS 439#ifdef OPENSSL_FIPS
440int FIPS_mode(void);
441void *FIPS_rand_check(void);
442
443#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ 440#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
444 alg " previous FIPS forbidden algorithm error ignored"); 441 alg " previous FIPS forbidden algorithm error ignored");
445 442
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
index e44e8e98b2..8f04b18c50 100644
--- a/src/lib/libcrypto/des/des_locl.h
+++ b/src/lib/libcrypto/des/des_locl.h
@@ -421,7 +421,7 @@
421 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ 421 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
422 } 422 }
423 423
424OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; 424extern const DES_LONG DES_SPtrans[8][64];
425 425
426void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, 426void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
427 DES_LONG Eswap0, DES_LONG Eswap1); 427 DES_LONG Eswap0, DES_LONG Eswap1);
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 0aff7fe21f..8562d16fb7 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -70,7 +70,14 @@
70#include <openssl/crypto.h> 70#include <openssl/crypto.h>
71#include <openssl/ossl_typ.h> 71#include <openssl/ossl_typ.h>
72 72
73#define DH_FLAG_CACHE_MONT_P 0x01 73#define DH_FLAG_CACHE_MONT_P 0x01
74#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
75 * implementation now uses constant time
76 * modular exponentiation for secret exponents
77 * by default. This flag causes the
78 * faster variable sliding window method to
79 * be used for all exponents.
80 */
74 81
75#ifdef __cplusplus 82#ifdef __cplusplus
76extern "C" { 83extern "C" {
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index 914b8a9c53..9336bfce6b 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
1/* crypto/dh/dh_err.c */ 1/* crypto/dh/dh_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
70
67static ERR_STRING_DATA DH_str_functs[]= 71static ERR_STRING_DATA DH_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, 73{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
70{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, 74{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
71{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, 75{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
72{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, 76{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
73{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, 77{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
74{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, 78{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
75{0,NULL} 79{0,NULL}
76 }; 80 };
77 81
78static ERR_STRING_DATA DH_str_reasons[]= 82static ERR_STRING_DATA DH_str_reasons[]=
79 { 83 {
80{DH_R_BAD_GENERATOR ,"bad generator"}, 84{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
81{DH_R_NO_PRIVATE_VALUE ,"no private value"}, 85{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
82{DH_R_INVALID_PUBKEY ,"invalid public key"}, 86{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_DH_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_DH,DH_str_functs); 100 ERR_load_strings(0,DH_str_functs);
97 ERR_load_strings(ERR_LIB_DH,DH_str_reasons); 101 ERR_load_strings(0,DH_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 648766a6ec..e3641ec468 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
105 int generate_new_key=0; 105 int generate_new_key=0;
106 unsigned l; 106 unsigned l;
107 BN_CTX *ctx; 107 BN_CTX *ctx;
108 BN_MONT_CTX *mont; 108 BN_MONT_CTX *mont=NULL;
109 BIGNUM *pub_key=NULL,*priv_key=NULL; 109 BIGNUM *pub_key=NULL,*priv_key=NULL;
110 110
111 ctx = BN_CTX_new(); 111 ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
128 else 128 else
129 pub_key=dh->pub_key; 129 pub_key=dh->pub_key;
130 130
131 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) 131
132 if (dh->flags & DH_FLAG_CACHE_MONT_P)
132 { 133 {
133 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 134 mont = BN_MONT_CTX_set_locked(
134 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, 135 (BN_MONT_CTX **)&dh->method_mont_p,
135 dh->p,ctx)) goto err; 136 CRYPTO_LOCK_DH, dh->p, ctx);
137 if (!mont)
138 goto err;
136 } 139 }
137 mont=(BN_MONT_CTX *)dh->method_mont_p;
138 140
139 if (generate_new_key) 141 if (generate_new_key)
140 { 142 {
141 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ 143 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
142 if (!BN_rand(priv_key, l, 0, 0)) goto err; 144 if (!BN_rand(priv_key, l, 0, 0)) goto err;
143 } 145 }
144 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) 146
145 goto err; 147 {
148 BIGNUM local_prk;
149 BIGNUM *prk;
150
151 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
152 {
153 BN_init(&local_prk);
154 prk = &local_prk;
155 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
156 }
157 else
158 prk = priv_key;
159
160 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
161 }
146 162
147 dh->pub_key=pub_key; 163 dh->pub_key=pub_key;
148 dh->priv_key=priv_key; 164 dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
160static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 176static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
161 { 177 {
162 BN_CTX *ctx; 178 BN_CTX *ctx;
163 BN_MONT_CTX *mont; 179 BN_MONT_CTX *mont=NULL;
164 BIGNUM *tmp; 180 BIGNUM *tmp;
165 int ret= -1; 181 int ret= -1;
166 int check_result; 182 int check_result;
@@ -175,15 +191,20 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
175 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); 191 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
176 goto err; 192 goto err;
177 } 193 }
178 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) 194
195 if (dh->flags & DH_FLAG_CACHE_MONT_P)
179 { 196 {
180 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 197 mont = BN_MONT_CTX_set_locked(
181 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, 198 (BN_MONT_CTX **)&dh->method_mont_p,
182 dh->p,ctx)) goto err; 199 CRYPTO_LOCK_DH, dh->p, ctx);
200 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
201 {
202 /* XXX */
203 BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
204 }
205 if (!mont)
206 goto err;
183 } 207 }
184
185 mont=(BN_MONT_CTX *)dh->method_mont_p;
186
187 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) 208 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
188 { 209 {
189 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY); 210 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
@@ -197,8 +218,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
197 218
198 ret=BN_bn2bin(tmp,key); 219 ret=BN_bn2bin(tmp,key);
199err: 220err:
200 BN_CTX_end(ctx); 221 if (ctx != NULL)
201 BN_CTX_free(ctx); 222 {
223 BN_CTX_end(ctx);
224 BN_CTX_free(ctx);
225 }
202 return(ret); 226 return(ret);
203 } 227 }
204 228
@@ -207,7 +231,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
207 const BIGNUM *m, BN_CTX *ctx, 231 const BIGNUM *m, BN_CTX *ctx,
208 BN_MONT_CTX *m_ctx) 232 BN_MONT_CTX *m_ctx)
209 { 233 {
210 if (a->top == 1) 234 /* If a is only one word long and constant time is false, use the faster
235 * exponenentiation function.
236 */
237 if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
211 { 238 {
212 BN_ULONG A = a->d[0]; 239 BN_ULONG A = a->d[0];
213 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); 240 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
index d75077f9fa..b76dede771 100644
--- a/src/lib/libcrypto/dh/dhtest.c
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -136,6 +136,10 @@ int main(int argc, char *argv[])
136 b->g=BN_dup(a->g); 136 b->g=BN_dup(a->g);
137 if ((b->p == NULL) || (b->g == NULL)) goto err; 137 if ((b->p == NULL) || (b->g == NULL)) goto err;
138 138
139 /* Set a to run with normal modexp and b to use constant time */
140 a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
141 b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
142
139 if (!DH_generate_key(a)) goto err; 143 if (!DH_generate_key(a)) goto err;
140 BIO_puts(out,"pri 1="); 144 BIO_puts(out,"pri 1=");
141 BN_print(out,a->priv_key); 145 BN_print(out,a->priv_key);
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index 40e525dd56..8271d3dfc4 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -22,7 +22,7 @@ EVP_CIPHER_CTX_set_padding - EVP cipher routines
22 22
23 #include <openssl/evp.h> 23 #include <openssl/evp.h>
24 24
25 int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); 25 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
26 26
27 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 27 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
28 ENGINE *impl, unsigned char *key, unsigned char *iv); 28 ENGINE *impl, unsigned char *key, unsigned char *iv);
@@ -236,8 +236,8 @@ RC5 can be set.
236 236
237=head1 RETURN VALUES 237=head1 RETURN VALUES
238 238
239EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and 239EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
240EVP_EncryptFinal_ex() return 1 for success and 0 for failure. 240return 1 for success and 0 for failure.
241 241
242EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. 242EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
243EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. 243EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 225ff391f9..851e3f0445 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -80,6 +80,20 @@
80#endif 80#endif
81 81
82#define DSA_FLAG_CACHE_MONT_P 0x01 82#define DSA_FLAG_CACHE_MONT_P 0x01
83#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
84 * implementation now uses constant time
85 * modular exponentiation for secret exponents
86 * by default. This flag causes the
87 * faster variable sliding window method to
88 * be used for all exponents.
89 */
90
91/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
92 * it is then the applications responsibility to ensure the external method
93 * is compliant.
94 */
95
96#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
83 97
84#if defined(OPENSSL_FIPS) 98#if defined(OPENSSL_FIPS)
85#define FIPS_DSA_SIZE_T int 99#define FIPS_DSA_SIZE_T int
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 79aa4ff526..fd42053572 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/dsa/dsa_err.c */ 1/* crypto/dsa/dsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,29 +64,33 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
70
67static ERR_STRING_DATA DSA_str_functs[]= 71static ERR_STRING_DATA DSA_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, 73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, 74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
71{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, 75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
72{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, 76{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
73{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, 77{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
74{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, 78{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
75{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, 79{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
76{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, 80{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
77{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, 81{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
78{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, 82{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
79{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, 83{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
80{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, 84{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
81{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, 85{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
82{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, 86{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
86static ERR_STRING_DATA DSA_str_reasons[]= 90static ERR_STRING_DATA DSA_str_reasons[]=
87 { 91 {
88{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 92{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
89{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, 93{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
90{0,NULL} 94{0,NULL}
91 }; 95 };
92 96
@@ -100,8 +104,8 @@ void ERR_load_DSA_strings(void)
100 { 104 {
101 init=0; 105 init=0;
102#ifndef OPENSSL_NO_ERR 106#ifndef OPENSSL_NO_ERR
103 ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); 107 ERR_load_strings(0,DSA_str_functs);
104 ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); 108 ERR_load_strings(0,DSA_str_reasons);
105#endif 109#endif
106 110
107 } 111 }
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 30607ca579..980b6dc2d3 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -90,8 +90,22 @@ int DSA_generate_key(DSA *dsa)
90 } 90 }
91 else 91 else
92 pub_key=dsa->pub_key; 92 pub_key=dsa->pub_key;
93
94 {
95 BIGNUM local_prk;
96 BIGNUM *prk;
97
98 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
99 {
100 BN_init(&local_prk);
101 prk = &local_prk;
102 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
103 }
104 else
105 prk = priv_key;
93 106
94 if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err; 107 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
108 }
95 109
96 dsa->priv_key=priv_key; 110 dsa->priv_key=priv_key;
97 dsa->pub_key=pub_key; 111 dsa->pub_key=pub_key;
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index f1a85afcde..12509a7083 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
172static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 172static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
173 { 173 {
174 BN_CTX *ctx; 174 BN_CTX *ctx;
175 BIGNUM k,*kinv=NULL,*r=NULL; 175 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
176 int ret=0; 176 int ret=0;
177 177
178 if (!dsa->p || !dsa->q || !dsa->g) 178 if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
182 } 182 }
183 183
184 BN_init(&k); 184 BN_init(&k);
185 BN_init(&kq);
185 186
186 if (ctx_in == NULL) 187 if (ctx_in == NULL)
187 { 188 {
@@ -191,22 +192,49 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
191 ctx=ctx_in; 192 ctx=ctx_in;
192 193
193 if ((r=BN_new()) == NULL) goto err; 194 if ((r=BN_new()) == NULL) goto err;
194 kinv=NULL;
195 195
196 /* Get random k */ 196 /* Get random k */
197 do 197 do
198 if (!BN_rand_range(&k, dsa->q)) goto err; 198 if (!BN_rand_range(&k, dsa->q)) goto err;
199 while (BN_is_zero(&k)); 199 while (BN_is_zero(&k));
200 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
201 {
202 BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
203 }
200 204
201 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 205 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
202 { 206 {
203 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 207 if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
204 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, 208 CRYPTO_LOCK_DSA,
205 dsa->p,ctx)) goto err; 209 dsa->p, ctx))
210 goto err;
206 } 211 }
207 212
208 /* Compute r = (g^k mod p) mod q */ 213 /* Compute r = (g^k mod p) mod q */
209 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, 214
215 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
216 {
217 if (!BN_copy(&kq, &k)) goto err;
218
219 /* We do not want timing information to leak the length of k,
220 * so we compute g^k using an equivalent exponent of fixed length.
221 *
222 * (This is a kludge that we need because the BN_mod_exp_mont()
223 * does not let us specify the desired timing behaviour.) */
224
225 if (!BN_add(&kq, &kq, dsa->q)) goto err;
226 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
227 {
228 if (!BN_add(&kq, &kq, dsa->q)) goto err;
229 }
230
231 K = &kq;
232 }
233 else
234 {
235 K = &k;
236 }
237 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
210 (BN_MONT_CTX *)dsa->method_mont_p)) goto err; 238 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
211 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 239 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
212 240
@@ -229,6 +257,7 @@ err:
229 if (ctx_in == NULL) BN_CTX_free(ctx); 257 if (ctx_in == NULL) BN_CTX_free(ctx);
230 if (kinv != NULL) BN_clear_free(kinv); 258 if (kinv != NULL) BN_clear_free(kinv);
231 BN_clear_free(&k); 259 BN_clear_free(&k);
260 BN_clear_free(&kq);
232 return(ret); 261 return(ret);
233 } 262 }
234 263
@@ -275,13 +304,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
275 /* u2 = r * w mod q */ 304 /* u2 = r * w mod q */
276 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; 305 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
277 306
278 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 307
308 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
279 { 309 {
280 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 310 mont = BN_MONT_CTX_set_locked(
281 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, 311 (BN_MONT_CTX **)&dsa->method_mont_p,
282 dsa->p,ctx)) goto err; 312 CRYPTO_LOCK_DSA, dsa->p, ctx);
313 if (!mont)
314 goto err;
283 } 315 }
284 mont=(BN_MONT_CTX *)dsa->method_mont_p;
285 316
286#if 0 317#if 0
287 { 318 {
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 3c9753bac3..37c65efb20 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -72,7 +72,8 @@
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 { 73 {
74#ifdef OPENSSL_FIPS 74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
76 && !FIPS_dsa_check(dsa))
76 return NULL; 77 return NULL;
77#endif 78#endif
78 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 79 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
96int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 97int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
97 { 98 {
98#ifdef OPENSSL_FIPS 99#ifdef OPENSSL_FIPS
99 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 100 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
101 && !FIPS_dsa_check(dsa))
100 return 0; 102 return 0;
101#endif 103#endif
102 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 104 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 8ef0c45025..c9784bed48 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa) 74 DSA *dsa)
75 { 75 {
76#ifdef OPENSSL_FIPS 76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
78 && !FIPS_dsa_check(dsa))
78 return -1; 79 return -1;
79#endif 80#endif
80 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 81 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
index 4734ce4af8..55a3756aff 100644
--- a/src/lib/libcrypto/dsa/dsatest.c
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -194,10 +194,19 @@ int main(int argc, char **argv)
194 BIO_printf(bio_err,"g value is wrong\n"); 194 BIO_printf(bio_err,"g value is wrong\n");
195 goto end; 195 goto end;
196 } 196 }
197
198 dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
197 DSA_generate_key(dsa); 199 DSA_generate_key(dsa);
198 DSA_sign(0, str1, 20, sig, &siglen, dsa); 200 DSA_sign(0, str1, 20, sig, &siglen, dsa);
199 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) 201 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
200 ret=1; 202 ret=1;
203
204 dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
205 DSA_generate_key(dsa);
206 DSA_sign(0, str1, 20, sig, &siglen, dsa);
207 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
208 ret=1;
209
201end: 210end:
202 if (!ret) 211 if (!ret)
203 ERR_print_errors(bio_err); 212 ERR_print_errors(bio_err);
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
index 79d2cb4d8c..f7b4dfc0c3 100644
--- a/src/lib/libcrypto/dso/dso_dl.c
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
126 DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); 126 DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
127 goto err; 127 goto err;
128 } 128 }
129 ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); 129 ptr = shl_load(filename, BIND_IMMEDIATE |
130 (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
130 if(ptr == NULL) 131 if(ptr == NULL)
131 { 132 {
132 DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); 133 DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
281 return(translated); 282 return(translated);
282 } 283 }
283 284
285#ifdef OPENSSL_FIPS
286static void dl_ref_point(){}
287
288int DSO_pathbyaddr(void *addr,char *path,int sz)
289 {
290 struct shl_descriptor inf;
291 int i,len;
292
293 if (addr == NULL)
294 {
295 union { void(*f)(); void *p; } t = { dl_ref_point };
296 addr = t.p;
297 }
298
299 for (i=-1;shl_get_r(i,&inf)==0;i++)
300 {
301 if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
302 ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
303 {
304 len = (int)strlen(inf.filename);
305 if (sz <= 0) return len+1;
306 if (len >= sz) len=sz-1;
307 memcpy(path,inf.filename,len);
308 path[len++] = 0;
309 return len;
310 }
311 }
312
313 return -1;
314 }
315#endif
316
284#endif /* DSO_DL */ 317#endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index 2e72969431..d48b4202f2 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -56,6 +56,10 @@
56 * 56 *
57 */ 57 */
58 58
59#ifdef __linux
60#define _GNU_SOURCE
61#endif
62
59#include <stdio.h> 63#include <stdio.h>
60#include "cryptlib.h" 64#include "cryptlib.h"
61#include <openssl/dso.h> 65#include <openssl/dso.h>
@@ -228,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
228static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) 232static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
229 { 233 {
230 void *ptr; 234 void *ptr;
231 DSO_FUNC_TYPE sym; 235 DSO_FUNC_TYPE sym, *tsym = &sym;
232 236
233 if((dso == NULL) || (symname == NULL)) 237 if((dso == NULL) || (symname == NULL))
234 { 238 {
@@ -246,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
246 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); 250 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
247 return(NULL); 251 return(NULL);
248 } 252 }
249 sym = (DSO_FUNC_TYPE)dlsym(ptr, symname); 253 *(void**)(tsym) = dlsym(ptr, symname);
250 if(sym == NULL) 254 if(sym == NULL)
251 { 255 {
252 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); 256 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -290,4 +294,32 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
290 return(translated); 294 return(translated);
291 } 295 }
292 296
297#ifdef OPENSSL_FIPS
298static void dlfcn_ref_point(){}
299
300int DSO_pathbyaddr(void *addr,char *path,int sz)
301 {
302 Dl_info dli;
303 int len;
304
305 if (addr == NULL)
306 {
307 union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
308 addr = t.p;
309 }
310
311 if (dladdr(addr,&dli))
312 {
313 len = (int)strlen(dli.dli_fname);
314 if (sz <= 0) return len+1;
315 if (len >= sz) len=sz-1;
316 memcpy(path,dli.dli_fname,len);
317 path[len++]=0;
318 return len;
319 }
320
321 ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
322 return -1;
323 }
324#endif
293#endif /* DSO_DLFCN */ 325#endif /* DSO_DLFCN */
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
index cf452de1aa..581677cc36 100644
--- a/src/lib/libcrypto/dso/dso_err.c
+++ b/src/lib/libcrypto/dso/dso_err.c
@@ -1,6 +1,6 @@
1/* crypto/dso/dso_err.c */ 1/* crypto/dso/dso_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,56 +64,60 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
70
67static ERR_STRING_DATA DSO_str_functs[]= 71static ERR_STRING_DATA DSO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, 73{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
70{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, 74{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
71{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, 75{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
72{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, 76{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
73{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, 77{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
74{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, 78{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
75{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, 79{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
76{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, 80{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
77{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, 81{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
78{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, 82{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
79{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, 83{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
80{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, 84{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
81{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, 85{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
82{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, 86{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
83{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, 87{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
84{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, 88{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
85{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, 89{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
86{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, 90{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
87{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, 91{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
88{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, 92{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
89{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, 93{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
90{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"}, 94{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
91{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, 95{ERR_FUNC(DSO_F_VMS_BIND_VAR), "VMS_BIND_VAR"},
92{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, 96{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
93{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, 97{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
94{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, 98{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
95{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, 99{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
96{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, 100{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
97{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, 101{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
98{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, 102{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
99{0,NULL} 103{0,NULL}
100 }; 104 };
101 105
102static ERR_STRING_DATA DSO_str_reasons[]= 106static ERR_STRING_DATA DSO_str_reasons[]=
103 { 107 {
104{DSO_R_CTRL_FAILED ,"control command failed"}, 108{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"},
105{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, 109{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"},
106{DSO_R_FILENAME_TOO_BIG ,"filename too big"}, 110{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"},
107{DSO_R_FINISH_FAILED ,"cleanup method function failed"}, 111{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"},
108{DSO_R_LOAD_FAILED ,"could not load the shared library"}, 112{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"},
109{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, 113{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
110{DSO_R_NO_FILENAME ,"no filename"}, 114{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"},
111{DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, 115{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"},
112{DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, 116{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"},
113{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, 117{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"},
114{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, 118{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"},
115{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, 119{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"},
116{DSO_R_UNSUPPORTED ,"functionality not supported"}, 120{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"},
117{0,NULL} 121{0,NULL}
118 }; 122 };
119 123
@@ -127,8 +131,8 @@ void ERR_load_DSO_strings(void)
127 { 131 {
128 init=0; 132 init=0;
129#ifndef OPENSSL_NO_ERR 133#ifndef OPENSSL_NO_ERR
130 ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); 134 ERR_load_strings(0,DSO_str_functs);
131 ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); 135 ERR_load_strings(0,DSO_str_reasons);
132#endif 136#endif
133 137
134 } 138 }
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
index 3fa90eb27c..cc4ac68696 100644
--- a/src/lib/libcrypto/dso/dso_win32.c
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
68 } 68 }
69#else 69#else
70 70
71#ifdef _WIN32_WCE
72# if _WIN32_WCE < 300
73static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
74 {
75 WCHAR lpProcNameW[64];
76 int i;
77
78 for (i=0;lpProcName[i] && i<64;i++)
79 lpProcNameW[i] = (WCHAR)lpProcName[i];
80 if (i==64) return NULL;
81 lpProcNameW[i] = 0;
82
83 return GetProcAddressW(hModule,lpProcNameW);
84 }
85# endif
86# undef GetProcAddress
87# define GetProcAddress GetProcAddressA
88#endif
89
71/* Part of the hack in "win32_load" ... */ 90/* Part of the hack in "win32_load" ... */
72#define DSO_MAX_TRANSLATED_SIZE 256 91#define DSO_MAX_TRANSLATED_SIZE 256
73 92
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
122 DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); 141 DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
123 goto err; 142 goto err;
124 } 143 }
125 h = LoadLibrary(filename); 144 h = LoadLibraryA(filename);
126 if(h == NULL) 145 if(h == NULL)
127 { 146 {
128 DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); 147 DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index d37b6aba87..5b70f94382 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,6 +1,6 @@
1/* crypto/ec/ec_err.c */ 1/* crypto/ec/ec_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,70 +64,74 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
70
67static ERR_STRING_DATA EC_str_functs[]= 71static ERR_STRING_DATA EC_str_functs[]=
68 { 72 {
69{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"}, 73{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
70{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"}, 74{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
71{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, 75{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
72{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, 76{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
73{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, 77{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
74{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, 78{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"},
75{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, 79{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"},
76{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, 80{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
77{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"}, 81{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
78{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"}, 82{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
79{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"}, 83{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
80{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, 84{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
81{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, 85{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
82{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, 86{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"},
83{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, 87{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
84{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, 88{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
85{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, 89{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
86{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, 90{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
87{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, 91{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
88{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, 92{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
89{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, 93{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
90{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"}, 94{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
91{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"}, 95{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"},
92{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"}, 96{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
93{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"}, 97{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
94{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"}, 98{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
95{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"}, 99{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
96{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"}, 100{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
97{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"}, 101{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
98{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"}, 102{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
99{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"}, 103{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
100{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"}, 104{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
101{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"}, 105{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
102{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"}, 106{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
103{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"}, 107{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
104{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"}, 108{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
105{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"}, 109{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
106{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"}, 110{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
107{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"}, 111{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
108{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, 112{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
109{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, 113{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
110{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, 114{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
111{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"}, 115{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"},
112{0,NULL} 116{0,NULL}
113 }; 117 };
114 118
115static ERR_STRING_DATA EC_str_reasons[]= 119static ERR_STRING_DATA EC_str_reasons[]=
116 { 120 {
117{EC_R_BUFFER_TOO_SMALL ,"buffer too small"}, 121{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
118{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, 122{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
119{EC_R_INVALID_ARGUMENT ,"invalid argument"}, 123{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
120{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, 124{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
121{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, 125{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
122{EC_R_INVALID_ENCODING ,"invalid encoding"}, 126{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
123{EC_R_INVALID_FIELD ,"invalid field"}, 127{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
124{EC_R_INVALID_FORM ,"invalid form"}, 128{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
125{EC_R_NOT_INITIALIZED ,"not initialized"}, 129{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
126{EC_R_POINT_AT_INFINITY ,"point at infinity"}, 130{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
127{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, 131{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
128{EC_R_SLOT_FULL ,"slot full"}, 132{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
129{EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, 133{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
130{EC_R_UNKNOWN_ORDER ,"unknown order"}, 134{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
131{0,NULL} 135{0,NULL}
132 }; 136 };
133 137
@@ -141,8 +145,8 @@ void ERR_load_EC_strings(void)
141 { 145 {
142 init=0; 146 init=0;
143#ifndef OPENSSL_NO_ERR 147#ifndef OPENSSL_NO_ERR
144 ERR_load_strings(ERR_LIB_EC,EC_str_functs); 148 ERR_load_strings(0,EC_str_functs);
145 ERR_load_strings(ERR_LIB_EC,EC_str_reasons); 149 ERR_load_strings(0,EC_str_reasons);
146#endif 150#endif
147 151
148 } 152 }
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index cdf670901a..4225760af1 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
158 */ 158 */
159 if (!strcmp(ctrlvalue, "EMPTY")) 159 if (!strcmp(ctrlvalue, "EMPTY"))
160 ctrlvalue = NULL; 160 ctrlvalue = NULL;
161 else if (!strcmp(ctrlname, "init")) 161 if (!strcmp(ctrlname, "init"))
162 { 162 {
163 if (!NCONF_get_number_e(cnf, value, "init", &do_init)) 163 if (!NCONF_get_number_e(cnf, value, "init", &do_init))
164 goto err; 164 goto err;
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 814d95ee32..fdc0e7be0f 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
1/* crypto/engine/eng_err.c */ 1/* crypto/engine/eng_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,87 +64,91 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
70
67static ERR_STRING_DATA ENGINE_str_functs[]= 71static ERR_STRING_DATA ENGINE_str_functs[]=
68 { 72 {
69{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, 73{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
70{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, 74{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
71{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, 75{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
72{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, 76{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
73{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, 77{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
74{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, 78{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
75{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, 79{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
76{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, 80{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
77{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, 81{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
78{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, 82{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
79{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, 83{ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"},
80{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"}, 84{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
81{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, 85{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
82{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"}, 86{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
83{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, 87{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
84{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, 88{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
85{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, 89{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
86{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, 90{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
87{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, 91{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
88{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, 92{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
89{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, 93{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
90{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"}, 94{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
91{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, 95{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
92{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, 96{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
93{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"}, 97{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
94{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, 98{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
95{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, 99{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
96{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, 100{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
97{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, 101{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
98{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, 102{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
99{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, 103{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
100{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, 104{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
101{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, 105{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
102{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, 106{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
103{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, 107{ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"},
104{0,NULL} 108{0,NULL}
105 }; 109 };
106 110
107static ERR_STRING_DATA ENGINE_str_reasons[]= 111static ERR_STRING_DATA ENGINE_str_reasons[]=
108 { 112 {
109{ENGINE_R_ALREADY_LOADED ,"already loaded"}, 113{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
110{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, 114{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
111{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, 115{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
112{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, 116{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
113{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, 117{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
114{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, 118{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
115{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, 119{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
116{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, 120{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
117{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, 121{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
118{ENGINE_R_DSO_FAILURE ,"DSO failure"}, 122{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
119{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, 123{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
120{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"}, 124{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
121{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, 125{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
122{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"}, 126{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
123{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, 127{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
124{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, 128{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
125{ENGINE_R_FINISH_FAILED ,"finish failed"}, 129{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
126{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, 130{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
127{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, 131{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
128{ENGINE_R_INIT_FAILED ,"init failed"}, 132{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
129{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, 133{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
130{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, 134{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
131{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, 135{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
132{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, 136{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
133{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"}, 137{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
134{ENGINE_R_INVALID_STRING ,"invalid string"}, 138{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
135{ENGINE_R_NOT_INITIALISED ,"not initialised"}, 139{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
136{ENGINE_R_NOT_LOADED ,"not loaded"}, 140{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
137{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, 141{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
138{ENGINE_R_NO_INDEX ,"no index"}, 142{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
139{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, 143{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
140{ENGINE_R_NO_REFERENCE ,"no reference"}, 144{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
141{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, 145{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
142{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, 146{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
143{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, 147{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
144{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, 148{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
145{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"}, 149{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
146{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"}, 150{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
147{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, 151{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
148{0,NULL} 152{0,NULL}
149 }; 153 };
150 154
@@ -158,8 +162,8 @@ void ERR_load_ENGINE_strings(void)
158 { 162 {
159 init=0; 163 init=0;
160#ifndef OPENSSL_NO_ERR 164#ifndef OPENSSL_NO_ERR
161 ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); 165 ERR_load_strings(0,ENGINE_str_functs);
162 ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); 166 ERR_load_strings(0,ENGINE_str_reasons);
163#endif 167#endif
164 168
165 } 169 }
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
index 8b8380a582..5f1772ea99 100644
--- a/src/lib/libcrypto/engine/hw_aep.c
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
474 474
475 if(aep_dso) 475 if(aep_dso)
476 DSO_free(aep_dso); 476 DSO_free(aep_dso);
477 aep_dso = NULL;
477 478
478 p_AEP_OpenConnection = NULL; 479 p_AEP_OpenConnection = NULL;
479 p_AEP_ModExp = NULL; 480 p_AEP_ModExp = NULL;
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
index e9eff9fad1..2b8342bbdd 100644
--- a/src/lib/libcrypto/engine/hw_atalla.c
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
375err: 375err:
376 if(atalla_dso) 376 if(atalla_dso)
377 DSO_free(atalla_dso); 377 DSO_free(atalla_dso);
378 atalla_dso = NULL;
378 p_Atalla_GetHardwareConfig = NULL; 379 p_Atalla_GetHardwareConfig = NULL;
379 p_Atalla_RSAPrivateKeyOpFn = NULL; 380 p_Atalla_RSAPrivateKeyOpFn = NULL;
380 p_Atalla_GetPerformanceStatistics = NULL; 381 p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
index f128ee5a68..1411fd8333 100644
--- a/src/lib/libcrypto/engine/hw_cswift.c
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
90static int cswift_init(ENGINE *e); 90static int cswift_init(ENGINE *e);
91static int cswift_finish(ENGINE *e); 91static int cswift_finish(ENGINE *e);
92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
93 94
94/* BIGNUM stuff */ 95/* BIGNUM stuff */
95static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 96static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
403 return 1; 404 return 1;
404err: 405err:
405 if(cswift_dso) 406 if(cswift_dso)
407 {
406 DSO_free(cswift_dso); 408 DSO_free(cswift_dso);
409 cswift_dso = NULL;
410 }
407 p_CSwift_AcquireAccContext = NULL; 411 p_CSwift_AcquireAccContext = NULL;
408 p_CSwift_AttachKeyParam = NULL; 412 p_CSwift_AttachKeyParam = NULL;
409 p_CSwift_SimpleRequest = NULL; 413 p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
553 return to_return; 557 return to_return;
554 } 558 }
555 559
560
561int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
562{
563 int mod;
564 int numbytes = BN_num_bytes(in);
565
566 mod = 0;
567 while( ((out->nbytes = (numbytes+mod)) % 32) )
568 {
569 mod++;
570 }
571 out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
572 if(!out->value)
573 {
574 return 0;
575 }
576 BN_bn2bin(in, &out->value[mod]);
577 if(mod)
578 memset(out->value, 0, mod);
579
580 return 1;
581}
582
556/* Un petit mod_exp chinois */ 583/* Un petit mod_exp chinois */
557static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 584static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
558 const BIGNUM *q, const BIGNUM *dmp1, 585 const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
562 SW_LARGENUMBER arg, res; 589 SW_LARGENUMBER arg, res;
563 SW_PARAM sw_param; 590 SW_PARAM sw_param;
564 SW_CONTEXT_HANDLE hac; 591 SW_CONTEXT_HANDLE hac;
565 BIGNUM *rsa_p = NULL;
566 BIGNUM *rsa_q = NULL;
567 BIGNUM *rsa_dmp1 = NULL;
568 BIGNUM *rsa_dmq1 = NULL;
569 BIGNUM *rsa_iqmp = NULL;
570 BIGNUM *argument = NULL;
571 BIGNUM *result = NULL; 592 BIGNUM *result = NULL;
593 BIGNUM *argument = NULL;
572 int to_return = 0; /* expect failure */ 594 int to_return = 0; /* expect failure */
573 int acquired = 0; 595 int acquired = 0;
596
597 sw_param.up.crt.p.value = NULL;
598 sw_param.up.crt.q.value = NULL;
599 sw_param.up.crt.dmp1.value = NULL;
600 sw_param.up.crt.dmq1.value = NULL;
601 sw_param.up.crt.iqmp.value = NULL;
574 602
575 if(!get_context(&hac)) 603 if(!get_context(&hac))
576 { 604 {
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
578 goto err; 606 goto err;
579 } 607 }
580 acquired = 1; 608 acquired = 1;
609
581 /* Prepare the params */ 610 /* Prepare the params */
582 BN_CTX_start(ctx); 611 argument = BN_new();
583 rsa_p = BN_CTX_get(ctx); 612 result = BN_new();
584 rsa_q = BN_CTX_get(ctx); 613 if(!result || !argument)
585 rsa_dmp1 = BN_CTX_get(ctx);
586 rsa_dmq1 = BN_CTX_get(ctx);
587 rsa_iqmp = BN_CTX_get(ctx);
588 argument = BN_CTX_get(ctx);
589 result = BN_CTX_get(ctx);
590 if(!result)
591 { 614 {
592 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL); 615 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
593 goto err; 616 goto err;
594 } 617 }
595 if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) || 618
596 !bn_wexpand(rsa_dmp1, dmp1->top) || 619
597 !bn_wexpand(rsa_dmq1, dmq1->top) || 620 sw_param.type = SW_ALG_CRT;
598 !bn_wexpand(rsa_iqmp, iqmp->top) || 621 /************************************************************************/
599 !bn_wexpand(argument, a->top) || 622 /* 04/02/2003 */
623 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
624 /* limitation of cswift with values not a multiple of 32 */
625 /************************************************************************/
626 if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
627 {
628 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
629 goto err;
630 }
631 if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
632 {
633 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
634 goto err;
635 }
636 if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
637 {
638 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
639 goto err;
640 }
641 if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
642 {
643 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
644 goto err;
645 }
646 if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
647 {
648 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
649 goto err;
650 }
651 if( !bn_wexpand(argument, a->top) ||
600 !bn_wexpand(result, p->top + q->top)) 652 !bn_wexpand(result, p->top + q->top))
601 { 653 {
602 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL); 654 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
603 goto err; 655 goto err;
604 } 656 }
605 sw_param.type = SW_ALG_CRT; 657
606 sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
607 sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
608 sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
609 sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
610 sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
611 (unsigned char *)rsa_dmp1->d);
612 sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
613 sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
614 (unsigned char *)rsa_dmq1->d);
615 sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
616 sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
617 (unsigned char *)rsa_iqmp->d);
618 sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
619 /* Attach the key params */ 658 /* Attach the key params */
620 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); 659 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
621 switch(sw_status) 660 switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
654 BN_bin2bn((unsigned char *)result->d, res.nbytes, r); 693 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
655 to_return = 1; 694 to_return = 1;
656err: 695err:
696 if(sw_param.up.crt.p.value)
697 OPENSSL_free(sw_param.up.crt.p.value);
698 if(sw_param.up.crt.q.value)
699 OPENSSL_free(sw_param.up.crt.q.value);
700 if(sw_param.up.crt.dmp1.value)
701 OPENSSL_free(sw_param.up.crt.dmp1.value);
702 if(sw_param.up.crt.dmq1.value)
703 OPENSSL_free(sw_param.up.crt.dmq1.value);
704 if(sw_param.up.crt.iqmp.value)
705 OPENSSL_free(sw_param.up.crt.iqmp.value);
706 if(result)
707 BN_free(result);
708 if(argument)
709 BN_free(argument);
657 if(acquired) 710 if(acquired)
658 release_context(hac); 711 release_context(hac);
659 BN_CTX_end(ctx);
660 return to_return; 712 return to_return;
661 } 713 }
662 714
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
665 { 717 {
666 BN_CTX *ctx; 718 BN_CTX *ctx;
667 int to_return = 0; 719 int to_return = 0;
720 const RSA_METHOD * def_rsa_method;
721
722 /* Try the limits of RSA (2048 bits) */
723 if(BN_num_bytes(rsa->p) > 128 ||
724 BN_num_bytes(rsa->q) > 128 ||
725 BN_num_bytes(rsa->dmp1) > 128 ||
726 BN_num_bytes(rsa->dmq1) > 128 ||
727 BN_num_bytes(rsa->iqmp) > 128)
728 {
729#ifdef RSA_NULL
730 def_rsa_method=RSA_null_method();
731#else
732#if 0
733 def_rsa_method=RSA_PKCS1_RSAref();
734#else
735 def_rsa_method=RSA_PKCS1_SSLeay();
736#endif
737#endif
738 if(def_rsa_method)
739 return def_rsa_method->rsa_mod_exp(r0, I, rsa);
740 }
668 741
669 if((ctx = BN_CTX_new()) == NULL) 742 if((ctx = BN_CTX_new()) == NULL)
670 goto err; 743 goto err;
@@ -686,6 +759,26 @@ err:
686static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 759static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
687 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 760 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
688 { 761 {
762 const RSA_METHOD * def_rsa_method;
763
764 /* Try the limits of RSA (2048 bits) */
765 if(BN_num_bytes(r) > 256 ||
766 BN_num_bytes(a) > 256 ||
767 BN_num_bytes(m) > 256)
768 {
769#ifdef RSA_NULL
770 def_rsa_method=RSA_null_method();
771#else
772#if 0
773 def_rsa_method=RSA_PKCS1_RSAref();
774#else
775 def_rsa_method=RSA_PKCS1_SSLeay();
776#endif
777#endif
778 if(def_rsa_method)
779 return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
780 }
781
689 return cswift_mod_exp(r, a, p, m, ctx); 782 return cswift_mod_exp(r, a, p, m, ctx);
690 } 783 }
691 784
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
930 SW_CONTEXT_HANDLE hac; 1023 SW_CONTEXT_HANDLE hac;
931 SW_STATUS swrc; 1024 SW_STATUS swrc;
932 SW_LARGENUMBER largenum; 1025 SW_LARGENUMBER largenum;
933 size_t nbytes = 0;
934 int acquired = 0; 1026 int acquired = 0;
935 int to_return = 0; /* assume failure */ 1027 int to_return = 0; /* assume failure */
1028 unsigned char buf32[1024];
1029
936 1030
937 if (!get_context(&hac)) 1031 if (!get_context(&hac))
938 { 1032 {
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
941 } 1035 }
942 acquired = 1; 1036 acquired = 1;
943 1037
944 while (nbytes < (size_t)num) 1038 /************************************************************************/
1039 /* 04/02/2003 */
1040 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
1041 /* limitation of cswift with values not a multiple of 32 */
1042 /************************************************************************/
1043
1044 while(num >= sizeof(buf32))
945 { 1045 {
1046 largenum.value = buf;
1047 largenum.nbytes = sizeof(buf32);
946 /* tell CryptoSwift how many bytes we want and where we want it. 1048 /* tell CryptoSwift how many bytes we want and where we want it.
947 * Note: - CryptoSwift cannot do more than 4096 bytes at a time. 1049 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
948 * - CryptoSwift can only do multiple of 32-bits. */ 1050 * - CryptoSwift can only do multiple of 32-bits. */
949 largenum.value = (SW_BYTE *) buf + nbytes;
950 if (4096 > num - nbytes)
951 largenum.nbytes = num - nbytes;
952 else
953 largenum.nbytes = 4096;
954
955 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); 1051 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
956 if (swrc != SW_OK) 1052 if (swrc != SW_OK)
957 { 1053 {
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
961 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); 1057 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
962 goto err; 1058 goto err;
963 } 1059 }
964 1060 buf += sizeof(buf32);
965 nbytes += largenum.nbytes; 1061 num -= sizeof(buf32);
1062 }
1063 if(num)
1064 {
1065 largenum.nbytes = sizeof(buf32);
1066 largenum.value = buf32;
1067 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1068 if (swrc != SW_OK)
1069 {
1070 char tmpbuf[20];
1071 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
1072 sprintf(tmpbuf, "%ld", swrc);
1073 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1074 goto err;
1075 }
1076 memcpy(buf, largenum.value, num);
966 } 1077 }
967 to_return = 1; /* success */
968 1078
1079 to_return = 1; /* success */
969err: 1080err:
970 if (acquired) 1081 if (acquired)
971 release_context(hac); 1082 release_context(hac);
1083
972 return to_return; 1084 return to_return;
973} 1085}
974 1086
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
index 5234a08a07..8fb834af31 100644
--- a/src/lib/libcrypto/engine/hw_ubsec.c
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
454err: 454err:
455 if(ubsec_dso) 455 if(ubsec_dso)
456 DSO_free(ubsec_dso); 456 DSO_free(ubsec_dso);
457 ubsec_dso = NULL;
457 p_UBSEC_ubsec_bytes_to_bits = NULL; 458 p_UBSEC_ubsec_bytes_to_bits = NULL;
458 p_UBSEC_ubsec_bits_to_bytes = NULL; 459 p_UBSEC_ubsec_bits_to_bytes = NULL;
459 p_UBSEC_ubsec_open = NULL; 460 p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
index 80170591f2..7efe181927 100644
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
94 { 94 {
95 if(e->dsa_meth) 95 if(e->dsa_meth)
96 return engine_table_register(&dsa_table, 96 return engine_table_register(&dsa_table,
97 engine_unregister_all_DSA, e, &dummy_nid, 1, 0); 97 engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
98 return 1; 98 return 1;
99 } 99 }
100 100
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index c78790a54c..53687d79ab 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -621,7 +621,8 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str)
621 { 621 {
622 while (str->error) 622 while (str->error)
623 { 623 {
624 str->error|=ERR_PACK(lib,0,0); 624 if (lib)
625 str->error|=ERR_PACK(lib,0,0);
625 ERRFN(err_set_item)(str); 626 ERRFN(err_set_item)(str);
626 str++; 627 str++;
627 } 628 }
@@ -637,7 +638,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
637 { 638 {
638 while (str->error) 639 while (str->error)
639 { 640 {
640 str->error|=ERR_PACK(lib,0,0); 641 if (lib)
642 str->error|=ERR_PACK(lib,0,0);
641 ERRFN(err_del_item)(str); 643 ERRFN(err_del_item)(str);
642 str++; 644 str++;
643 } 645 }
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
index 447a7f87ed..f8cd6937e7 100644
--- a/src/lib/libcrypto/err/openssl.ec
+++ b/src/lib/libcrypto/err/openssl.ec
@@ -27,7 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c
27L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c 27L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
28L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c 28L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
29L UI crypto/ui/ui.h crypto/ui/ui_err.c 29L UI crypto/ui/ui.h crypto/ui/ui_err.c
30L FIPS fips/fips.h fips/fips_err.h 30L FIPS fips-1.0/fips.h fips-1.0/fips_err.h
31 31
32# additional header files to be scanned for function names 32# additional header files to be scanned for function names
33L NONE crypto/x509/x509_vfy.h NONE 33L NONE crypto/x509/x509_vfy.h NONE
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index ab81851503..b8cda1a9f0 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -71,7 +71,7 @@ static int enc_new(BIO *h);
71static int enc_free(BIO *data); 71static int enc_free(BIO *data);
72static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); 72static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
73#define ENC_BLOCK_SIZE (1024*4) 73#define ENC_BLOCK_SIZE (1024*4)
74#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH 74#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
75 75
76typedef struct enc_struct 76typedef struct enc_struct
77 { 77 {
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
index aae7bf7482..929ea56a3e 100644
--- a/src/lib/libcrypto/evp/c_alld.c
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -100,4 +100,14 @@ void OpenSSL_add_all_digests(void)
100 EVP_add_digest_alias(SN_ripemd160,"ripemd"); 100 EVP_add_digest_alias(SN_ripemd160,"ripemd");
101 EVP_add_digest_alias(SN_ripemd160,"rmd160"); 101 EVP_add_digest_alias(SN_ripemd160,"rmd160");
102#endif 102#endif
103#ifdef OPENSSL_FIPS
104#ifndef OPENSSL_NO_SHA256
105 EVP_add_digest(EVP_sha224());
106 EVP_add_digest(EVP_sha256());
107#endif
108#ifndef OPENSSL_NO_SHA512
109 EVP_add_digest(EVP_sha384());
110 EVP_add_digest(EVP_sha512());
111#endif
112#endif
103 } 113 }
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index f35036c9d7..7b67984fa1 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
86 86
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) 87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
88 88
89IMPLEMENT_AES_CFBR(128,1,0) 89IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
90IMPLEMENT_AES_CFBR(192,1,0) 90IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
91IMPLEMENT_AES_CFBR(256,1,0) 91IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
92 92
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) 93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) 94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 08209357ce..33e540087d 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
313 /* There will never be more than two '=' */ 313 /* There will never be more than two '=' */
314 } 314 }
315 315
316 if ((v == B64_EOF) || (n >= 64)) 316 if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
317 { 317 {
318 /* This is needed to work correctly on 64 byte input 318 /* This is needed to work correctly on 64 byte input
319 * lines. We process the line and then need to 319 * lines. We process the line and then need to
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 09e597f631..f29e0ba8f0 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -86,7 +86,7 @@
86#define EVP_CAST5_KEY_SIZE 16 86#define EVP_CAST5_KEY_SIZE 16
87#define EVP_RC5_32_12_16_KEY_SIZE 16 87#define EVP_RC5_32_12_16_KEY_SIZE 16
88*/ 88*/
89#define EVP_MAX_MD_SIZE 64 /* to fit SHA512 */ 89#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
90#define EVP_MAX_KEY_LENGTH 32 90#define EVP_MAX_KEY_LENGTH 32
91#define EVP_MAX_IV_LENGTH 16 91#define EVP_MAX_IV_LENGTH 16
92#define EVP_MAX_BLOCK_LENGTH 32 92#define EVP_MAX_BLOCK_LENGTH 32
@@ -589,6 +589,16 @@ const EVP_MD *EVP_sha(void);
589const EVP_MD *EVP_sha1(void); 589const EVP_MD *EVP_sha1(void);
590const EVP_MD *EVP_dss(void); 590const EVP_MD *EVP_dss(void);
591const EVP_MD *EVP_dss1(void); 591const EVP_MD *EVP_dss1(void);
592#ifdef OPENSSL_FIPS
593#ifndef OPENSSL_NO_SHA256
594const EVP_MD *EVP_sha224(void);
595const EVP_MD *EVP_sha256(void);
596#endif
597#ifndef OPENSSL_NO_SHA512
598const EVP_MD *EVP_sha384(void);
599const EVP_MD *EVP_sha512(void);
600#endif
601#endif
592#endif 602#endif
593#ifndef OPENSSL_NO_MDC2 603#ifndef OPENSSL_NO_MDC2
594const EVP_MD *EVP_mdc2(void); 604const EVP_MD *EVP_mdc2(void);
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index 40135d0729..77eee070d3 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -64,88 +64,92 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
70
67static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
68 { 72 {
69{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
70{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, 74{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
71{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"}, 75{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"},
72{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"}, 76{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"},
73{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, 77{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
74{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, 78{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
75{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, 79{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
76{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, 80{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"},
77{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, 81{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
78{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, 82{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"},
79{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"}, 83{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"},
80{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"}, 84{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
81{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, 85{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
82{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, 86{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
83{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, 87{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
84{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, 88{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
85{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, 89{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
86{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, 90{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"},
87{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, 91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
88{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, 92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
89{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, 93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
90{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, 94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
91{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, 95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
92{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, 96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
93{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, 97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
94{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, 98{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
95{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, 99{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
96{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, 100{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
97{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, 101{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
98{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, 102{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
99{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, 103{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
100{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, 104{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
101{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, 105{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
102{0,NULL} 106{0,NULL}
103 }; 107 };
104 108
105static ERR_STRING_DATA EVP_str_reasons[]= 109static ERR_STRING_DATA EVP_str_reasons[]=
106 { 110 {
107{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, 111{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
108{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, 112{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
109{EVP_R_BAD_DECRYPT ,"bad decrypt"}, 113{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
110{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, 114{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
111{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, 115{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
112{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, 116{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
113{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, 117{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
114{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, 118{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
115{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, 119{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
116{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, 120{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
117{EVP_R_DECODE_ERROR ,"decode error"}, 121{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
118{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, 122{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
119{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"}, 123{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
120{EVP_R_ENCODE_ERROR ,"encode error"}, 124{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
121{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, 125{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
122{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, 126{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
123{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, 127{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
124{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, 128{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
125{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, 129{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
126{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, 130{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
127{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, 131{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
128{EVP_R_IV_TOO_LARGE ,"iv too large"}, 132{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
129{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, 133{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
130{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, 134{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
131{EVP_R_NO_CIPHER_SET ,"no cipher set"}, 135{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
132{EVP_R_NO_DIGEST_SET ,"no digest set"}, 136{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
133{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, 137{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
134{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, 138{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
135{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, 139{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
136{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, 140{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
137{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, 141{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
138{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, 142{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
139{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, 143{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
140{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 144{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
141{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, 145{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
142{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, 146{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
143{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, 147{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
144{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, 148{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
145{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, 149{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
146{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, 150{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
147{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, 151{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
148{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, 152{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
149{0,NULL} 153{0,NULL}
150 }; 154 };
151 155
@@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void)
159 { 163 {
160 init=0; 164 init=0;
161#ifndef OPENSSL_NO_ERR 165#ifndef OPENSSL_NO_ERR
162 ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); 166 ERR_load_strings(0,EVP_str_functs);
163 ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); 167 ERR_load_strings(0,EVP_str_reasons);
164#endif 168#endif
165 169
166 } 170 }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 5f387a94d3..f8650d5df6 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
126 EVP_MD_CTX_init(&c); 126 EVP_MD_CTX_init(&c);
127 for (;;) 127 for (;;)
128 { 128 {
129 EVP_DigestInit_ex(&c,md, NULL); 129 if (!EVP_DigestInit_ex(&c,md, NULL))
130 return 0;
130 if (addmd++) 131 if (addmd++)
131 EVP_DigestUpdate(&c,&(md_buf[0]),mds); 132 EVP_DigestUpdate(&c,&(md_buf[0]),mds);
132 EVP_DigestUpdate(&c,data,datal); 133 EVP_DigestUpdate(&c,data,datal);
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index f5668ebda0..23b90d0538 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 67 { return SHA1_Init(ctx->md_data); }
68 68
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
70#ifndef OPENSSL_FIPS
70 { return SHA1_Update(ctx->md_data,data,count); } 71 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
71 78
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 79static int final(EVP_MD_CTX *ctx,unsigned char *md)
73 { return SHA1_Final(md,ctx->md_data); } 80 { return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
77 NID_dsa, 84 NID_dsa,
78 NID_dsaWithSHA1, 85 NID_dsaWithSHA1,
79 SHA_DIGEST_LENGTH, 86 SHA_DIGEST_LENGTH,
80 0, 87 EVP_MD_FLAG_FIPS,
81 init, 88 init,
82 update, 89 update,
83 final, 90 final,
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
index d1785e5f74..ed54909b16 100644
--- a/src/lib/libcrypto/evp/m_sha.c
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -59,6 +59,9 @@
59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) 59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
63 * exactly what we want to achieve here... */
64#include <openssl/sha.h>
62#include <openssl/evp.h> 65#include <openssl/evp.h>
63#include "evp_locl.h" 66#include "evp_locl.h"
64#include <openssl/objects.h> 67#include <openssl/objects.h>
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index fe4402389a..60da93873c 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 67 { return SHA1_Init(ctx->md_data); }
68 68
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
70#ifndef OPENSSL_FIPS
70 { return SHA1_Update(ctx->md_data,data,count); } 71 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
71 78
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 79static int final(EVP_MD_CTX *ctx,unsigned char *md)
73 { return SHA1_Final(md,ctx->md_data); } 80 { return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
93 return(&sha1_md); 100 return(&sha1_md);
94 } 101 }
95#endif 102#endif
103
104#ifdef OPENSSL_FIPS
105#ifndef OPENSSL_NO_SHA256
106static int init224(EVP_MD_CTX *ctx)
107 { return SHA224_Init(ctx->md_data); }
108static int init256(EVP_MD_CTX *ctx)
109 { return SHA256_Init(ctx->md_data); }
110/*
111 * Even though there're separate SHA224_[Update|Final], we call
112 * SHA256 functions even in SHA224 context. This is what happens
113 * there anyway, so we can spare few CPU cycles:-)
114 */
115static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
116 {
117 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
118 return SHA256_Update(ctx->md_data,data,count);
119 }
120static int final256(EVP_MD_CTX *ctx,unsigned char *md)
121 { return SHA256_Final(md,ctx->md_data); }
122
123static const EVP_MD sha224_md=
124 {
125 NID_sha224,
126 NID_sha224WithRSAEncryption,
127 SHA224_DIGEST_LENGTH,
128 EVP_MD_FLAG_FIPS,
129 init224,
130 update256,
131 final256,
132 NULL,
133 NULL,
134 EVP_PKEY_RSA_method,
135 SHA256_CBLOCK,
136 sizeof(EVP_MD *)+sizeof(SHA256_CTX),
137 };
138
139const EVP_MD *EVP_sha224(void)
140 { return(&sha224_md); }
141
142static const EVP_MD sha256_md=
143 {
144 NID_sha256,
145 NID_sha256WithRSAEncryption,
146 SHA256_DIGEST_LENGTH,
147 EVP_MD_FLAG_FIPS,
148 init256,
149 update256,
150 final256,
151 NULL,
152 NULL,
153 EVP_PKEY_RSA_method,
154 SHA256_CBLOCK,
155 sizeof(EVP_MD *)+sizeof(SHA256_CTX),
156 };
157
158const EVP_MD *EVP_sha256(void)
159 { return(&sha256_md); }
160#endif /* ifndef OPENSSL_NO_SHA256 */
161
162#ifndef OPENSSL_NO_SHA512
163static int init384(EVP_MD_CTX *ctx)
164 { return SHA384_Init(ctx->md_data); }
165static int init512(EVP_MD_CTX *ctx)
166 { return SHA512_Init(ctx->md_data); }
167/* See comment in SHA224/256 section */
168static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
169 {
170 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
171 return SHA512_Update(ctx->md_data,data,count);
172 }
173static int final512(EVP_MD_CTX *ctx,unsigned char *md)
174 { return SHA512_Final(md,ctx->md_data); }
175
176static const EVP_MD sha384_md=
177 {
178 NID_sha384,
179 NID_sha384WithRSAEncryption,
180 SHA384_DIGEST_LENGTH,
181 EVP_MD_FLAG_FIPS,
182 init384,
183 update512,
184 final512,
185 NULL,
186 NULL,
187 EVP_PKEY_RSA_method,
188 SHA512_CBLOCK,
189 sizeof(EVP_MD *)+sizeof(SHA512_CTX),
190 };
191
192const EVP_MD *EVP_sha384(void)
193 { return(&sha384_md); }
194
195static const EVP_MD sha512_md=
196 {
197 NID_sha512,
198 NID_sha512WithRSAEncryption,
199 SHA512_DIGEST_LENGTH,
200 EVP_MD_FLAG_FIPS,
201 init512,
202 update512,
203 final512,
204 NULL,
205 NULL,
206 EVP_PKEY_RSA_method,
207 SHA512_CBLOCK,
208 sizeof(EVP_MD *)+sizeof(SHA512_CTX),
209 };
210
211const EVP_MD *EVP_sha512(void)
212 { return(&sha512_md); }
213#endif /* ifndef OPENSSL_NO_SHA512 */
214#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 1f94e1ef88..1d5fabc4b2 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
194 194
195 /* Now decode key derivation function */ 195 /* Now decode key derivation function */
196 196
197 if(!pbe2->keyfunc->parameter ||
198 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
199 {
200 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
201 goto err;
202 }
203
197 pbuf = pbe2->keyfunc->parameter->value.sequence->data; 204 pbuf = pbe2->keyfunc->parameter->value.sequence->data;
198 plen = pbe2->keyfunc->parameter->value.sequence->length; 205 plen = pbe2->keyfunc->parameter->value.sequence->length;
199 if(!pbe2->keyfunc->parameter || 206 if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
200 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
201 !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
202 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 207 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
203 goto err; 208 goto err;
204 } 209 }
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 06ee80761f..6c110bd52b 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,6 +61,8 @@
61#include <openssl/hmac.h> 61#include <openssl/hmac.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63 63
64#ifndef OPENSSL_FIPS
65
64void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, 66void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
65 const EVP_MD *md, ENGINE *impl) 67 const EVP_MD *md, ENGINE *impl)
66 { 68 {
@@ -77,15 +79,6 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
77 79
78 if (key != NULL) 80 if (key != NULL)
79 { 81 {
80#ifdef OPENSSL_FIPS
81 if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
82 && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
83 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
84 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
85 OpenSSLDie(__FILE__,__LINE__,
86 "HMAC: digest not allowed in FIPS mode");
87#endif
88
89 reset=1; 82 reset=1;
90 j=EVP_MD_block_size(md); 83 j=EVP_MD_block_size(md);
91 OPENSSL_assert(j <= sizeof ctx->key); 84 OPENSSL_assert(j <= sizeof ctx->key);
@@ -187,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
187 EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); 180 EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
188 } 181 }
189 182
183#endif
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index 294ab3b36a..c6489c04c8 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -64,7 +64,11 @@
64 64
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66 66
67#ifdef OPENSSL_FIPS
68#define HMAC_MAX_MD_CBLOCK 128
69#else
67#define HMAC_MAX_MD_CBLOCK 64 70#define HMAC_MAX_MD_CBLOCK 64
71#endif
68 72
69#ifdef __cplusplus 73#ifdef __cplusplus
70extern "C" { 74extern "C" {
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
index 835160ef56..8c36ba5779 100644
--- a/src/lib/libcrypto/md2/md2_one.c
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -69,7 +69,8 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
69 static unsigned char m[MD2_DIGEST_LENGTH]; 69 static unsigned char m[MD2_DIGEST_LENGTH];
70 70
71 if (md == NULL) md=m; 71 if (md == NULL) md=m;
72 MD2_Init(&c); 72 if (!MD2_Init(&c))
73 return NULL;
73#ifndef CHARSET_EBCDIC 74#ifndef CHARSET_EBCDIC
74 MD2_Update(&c,d,n); 75 MD2_Update(&c,d,n);
75#else 76#else
diff --git a/src/lib/libcrypto/md4/md4_one.c b/src/lib/libcrypto/md4/md4_one.c
index 00565507e4..50f79352f6 100644
--- a/src/lib/libcrypto/md4/md4_one.c
+++ b/src/lib/libcrypto/md4/md4_one.c
@@ -71,7 +71,8 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
71 static unsigned char m[MD4_DIGEST_LENGTH]; 71 static unsigned char m[MD4_DIGEST_LENGTH];
72 72
73 if (md == NULL) md=m; 73 if (md == NULL) md=m;
74 MD4_Init(&c); 74 if (!MD4_Init(&c))
75 return NULL;
75#ifndef CHARSET_EBCDIC 76#ifndef CHARSET_EBCDIC
76 MD4_Update(&c,d,n); 77 MD4_Update(&c,d,n);
77#else 78#else
diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c
index c5dd2d81db..44c6c455d1 100644
--- a/src/lib/libcrypto/md5/md5_one.c
+++ b/src/lib/libcrypto/md5/md5_one.c
@@ -71,7 +71,8 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
71 static unsigned char m[MD5_DIGEST_LENGTH]; 71 static unsigned char m[MD5_DIGEST_LENGTH];
72 72
73 if (md == NULL) md=m; 73 if (md == NULL) md=m;
74 MD5_Init(&c); 74 if (!MD5_Init(&c))
75 return NULL;
75#ifndef CHARSET_EBCDIC 76#ifndef CHARSET_EBCDIC
76 MD5_Update(&c,d,n); 77 MD5_Update(&c,d,n);
77#else 78#else
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
index 38c785bf95..b8e9a9a4fa 100644
--- a/src/lib/libcrypto/mdc2/Makefile
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -1,5 +1,5 @@
1# 1#
2# SSLeay/crypto/mdc2/Makefile 2# OpenSSL/crypto/mdc2/Makefile
3# 3#
4 4
5DIR= mdc2 5DIR= mdc2
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
index 2b5f43e3cc..0682979b38 100644
--- a/src/lib/libcrypto/objects/obj_err.c
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -1,6 +1,6 @@
1/* crypto/objects/obj_err.c */ 1/* crypto/objects/obj_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
70
67static ERR_STRING_DATA OBJ_str_functs[]= 71static ERR_STRING_DATA OBJ_str_functs[]=
68 { 72 {
69{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"}, 73{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
70{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, 74{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
71{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, 75{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
72{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"}, 76{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
73{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, 77{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
74{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, 78{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
75{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, 79{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
76{0,NULL} 80{0,NULL}
77 }; 81 };
78 82
79static ERR_STRING_DATA OBJ_str_reasons[]= 83static ERR_STRING_DATA OBJ_str_reasons[]=
80 { 84 {
81{OBJ_R_MALLOC_FAILURE ,"malloc failure"}, 85{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"},
82{OBJ_R_UNKNOWN_NID ,"unknown nid"}, 86{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_OBJ_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); 100 ERR_load_strings(0,OBJ_str_functs);
97 ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); 101 ERR_load_strings(0,OBJ_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index 0e64a929ba..84555d936e 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -287,9 +287,9 @@ qcStatements 286
287ac_auditEntity 287 287ac_auditEntity 287
288ac_targeting 288 288ac_targeting 288
289aaControls 289 289aaControls 289
290sbqp_ipAddrBlock 290 290sbgp_ipAddrBlock 290
291sbqp_autonomousSysNum 291 291sbgp_autonomousSysNum 291
292sbqp_routerIdentifier 292 292sbgp_routerIdentifier 292
293textNotice 293 293textNotice 293
294ipsecEndSystem 294 294ipsecEndSystem 294
295ipsecTunnel 295 295ipsecTunnel 295
@@ -663,5 +663,13 @@ id_ppl 662
663proxyCertInfo 663 663proxyCertInfo 663
664id_ppl_anyLanguage 664 664id_ppl_anyLanguage 664
665id_ppl_inheritAll 665 665id_ppl_inheritAll 665
666id_ppl_independent 666 666name_constraints 666
667Independent 667 667Independent 667
668sha256WithRSAEncryption 668
669sha384WithRSAEncryption 669
670sha512WithRSAEncryption 670
671sha224WithRSAEncryption 671
672sha256 672
673sha384 673
674sha512 674
675sha224 675
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index 50e9031e61..2635c4e667 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -63,6 +63,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
63pkcs1 3 : RSA-MD4 : md4WithRSAEncryption 63pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
64pkcs1 4 : RSA-MD5 : md5WithRSAEncryption 64pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
65pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption 65pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
66# According to PKCS #1 version 2.1
67pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
68pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
69pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
70pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
66 71
67pkcs 3 : pkcs3 72pkcs 3 : pkcs3
68pkcs3 1 : : dhKeyAgreement 73pkcs3 1 : : dhKeyAgreement
@@ -341,9 +346,9 @@ id-pe 3 : qcStatements
341id-pe 4 : ac-auditEntity 346id-pe 4 : ac-auditEntity
342id-pe 5 : ac-targeting 347id-pe 5 : ac-targeting
343id-pe 6 : aaControls 348id-pe 6 : aaControls
344id-pe 7 : sbqp-ipAddrBlock 349id-pe 7 : sbgp-ipAddrBlock
345id-pe 8 : sbqp-autonomousSysNum 350id-pe 8 : sbgp-autonomousSysNum
346id-pe 9 : sbqp-routerIdentifier 351id-pe 9 : sbgp-routerIdentifier
347id-pe 10 : ac-proxying 352id-pe 10 : ac-proxying
348!Cname sinfo-access 353!Cname sinfo-access
349id-pe 11 : subjectInfoAccess : Subject Information Access 354id-pe 11 : subjectInfoAccess : Subject Information Access
@@ -584,6 +589,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code
584id-ce 24 : invalidityDate : Invalidity Date 589id-ce 24 : invalidityDate : Invalidity Date
585!Cname delta-crl 590!Cname delta-crl
586id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator 591id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
592!Cname name-constraints
593id-ce 30 : nameConstraints : X509v3 Name Constraints
587!Cname crl-distribution-points 594!Cname crl-distribution-points
588id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points 595id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
589!Cname certificate-policies 596!Cname certificate-policies
@@ -703,6 +710,13 @@ aes 44 : AES-256-CFB : aes-256-cfb
703 : DES-EDE3-CFB1 : des-ede3-cfb1 710 : DES-EDE3-CFB1 : des-ede3-cfb1
704 : DES-EDE3-CFB8 : des-ede3-cfb8 711 : DES-EDE3-CFB8 : des-ede3-cfb8
705 712
713# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
714!Alias nist_hashalgs nistAlgorithms 2
715nist_hashalgs 1 : SHA256 : sha256
716nist_hashalgs 2 : SHA384 : sha384
717nist_hashalgs 3 : SHA512 : sha512
718nist_hashalgs 4 : SHA224 : sha224
719
706# Hold instruction CRL entry extension 720# Hold instruction CRL entry extension
707!Cname hold-instruction-code 721!Cname hold-instruction-code
708id-ce 23 : holdInstructionCode : Hold Instruction Code 722id-ce 23 : holdInstructionCode : Hold Instruction Code
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index 4c4d8306f8..65e6093fbc 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
1/* crypto/ocsp/ocsp_err.c */ 1/* crypto/ocsp/ocsp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,60 +64,64 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
70
67static ERR_STRING_DATA OCSP_str_functs[]= 71static ERR_STRING_DATA OCSP_str_functs[]=
68 { 72 {
69{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"}, 73{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
70{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"}, 74{ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"},
71{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"}, 75{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
72{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"}, 76{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
73{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"}, 77{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
74{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"}, 78{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
75{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"}, 79{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
76{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"}, 80{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
77{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"}, 81{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
78{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"}, 82{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
79{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"}, 83{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
80{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"}, 84{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
81{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"}, 85{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
82{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"}, 86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
83{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"}, 87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
84{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"}, 88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
85{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"}, 89{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
86{0,NULL} 90{0,NULL}
87 }; 91 };
88 92
89static ERR_STRING_DATA OCSP_str_reasons[]= 93static ERR_STRING_DATA OCSP_str_reasons[]=
90 { 94 {
91{OCSP_R_BAD_DATA ,"bad data"}, 95{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
92{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, 96{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
93{OCSP_R_DIGEST_ERR ,"digest err"}, 97{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
94{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"}, 98{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
95{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"}, 99{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
96{OCSP_R_ERROR_PARSING_URL ,"error parsing url"}, 100{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
97{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"}, 101{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
98{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"}, 102{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
99{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"}, 103{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
100{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"}, 104{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
101{OCSP_R_NO_CONTENT ,"no content"}, 105{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
102{OCSP_R_NO_PUBLIC_KEY ,"no public key"}, 106{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
103{OCSP_R_NO_RESPONSE_DATA ,"no response data"}, 107{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
104{OCSP_R_NO_REVOKED_TIME ,"no revoked time"}, 108{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
105{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, 109{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
106{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"}, 110{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
107{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"}, 111{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
108{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"}, 112{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
109{OCSP_R_SERVER_READ_ERROR ,"server read error"}, 113{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
110{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"}, 114{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
111{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"}, 115{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
112{OCSP_R_SERVER_WRITE_ERROR ,"server write error"}, 116{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
113{OCSP_R_SIGNATURE_FAILURE ,"signature failure"}, 117{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
114{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, 118{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
115{OCSP_R_STATUS_EXPIRED ,"status expired"}, 119{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
116{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"}, 120{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
117{OCSP_R_STATUS_TOO_OLD ,"status too old"}, 121{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
118{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"}, 122{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
119{OCSP_R_UNKNOWN_NID ,"unknown nid"}, 123{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
120{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"}, 124{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
121{0,NULL} 125{0,NULL}
122 }; 126 };
123 127
@@ -131,8 +135,8 @@ void ERR_load_OCSP_strings(void)
131 { 135 {
132 init=0; 136 init=0;
133#ifndef OPENSSL_NO_ERR 137#ifndef OPENSSL_NO_ERR
134 ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs); 138 ERR_load_strings(0,OCSP_str_functs);
135 ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons); 139 ERR_load_strings(0,OCSP_str_reasons);
136#endif 140#endif
137 141
138 } 142 }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 5d5f688edd..e50c1baf00 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090707fL 28#define OPENSSL_VERSION_NUMBER 0x009070afL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips 11 Apr 2005" 30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g 11 Apr 2005" 32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index 3b39b84d66..8527028ebc 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,6 +1,6 @@
1/* crypto/pem/pem_err.c */ 1/* crypto/pem/pem_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,52 +64,56 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70
67static ERR_STRING_DATA PEM_str_functs[]= 71static ERR_STRING_DATA PEM_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"}, 73{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
70{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"}, 74{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
71{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, 75{ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"},
72{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, 76{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
73{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, 77{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
74{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"}, 78{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
75{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, 79{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
76{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, 80{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
77{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, 81{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
78{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"}, 82{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"},
79{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, 83{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
80{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, 84{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
81{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, 85{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
82{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, 86{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
83{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"}, 87{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
84{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"}, 88{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
85{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, 89{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
86{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, 90{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
87{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, 91{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
88{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"}, 92{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
89{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, 93{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
90{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, 94{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
91{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, 95{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
92{0,NULL} 96{0,NULL}
93 }; 97 };
94 98
95static ERR_STRING_DATA PEM_str_reasons[]= 99static ERR_STRING_DATA PEM_str_reasons[]=
96 { 100 {
97{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"}, 101{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
98{PEM_R_BAD_DECRYPT ,"bad decrypt"}, 102{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
99{PEM_R_BAD_END_LINE ,"bad end line"}, 103{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
100{PEM_R_BAD_IV_CHARS ,"bad iv chars"}, 104{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
101{PEM_R_BAD_PASSWORD_READ ,"bad password read"}, 105{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
102{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"}, 106{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
103{PEM_R_NOT_DEK_INFO ,"not dek info"}, 107{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
104{PEM_R_NOT_ENCRYPTED ,"not encrypted"}, 108{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
105{PEM_R_NOT_PROC_TYPE ,"not proc type"}, 109{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
106{PEM_R_NO_START_LINE ,"no start line"}, 110{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
107{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"}, 111{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
108{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"}, 112{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
109{PEM_R_READ_KEY ,"read key"}, 113{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
110{PEM_R_SHORT_HEADER ,"short header"}, 114{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
111{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 115{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
112{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, 116{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
113{0,NULL} 117{0,NULL}
114 }; 118 };
115 119
@@ -123,8 +127,8 @@ void ERR_load_PEM_strings(void)
123 { 127 {
124 init=0; 128 init=0;
125#ifndef OPENSSL_NO_ERR 129#ifndef OPENSSL_NO_ERR
126 ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); 130 ERR_load_strings(0,PEM_str_functs);
127 ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); 131 ERR_load_strings(0,PEM_str_reasons);
128#endif 132#endif
129 133
130 } 134 }
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
index 60233f80e8..c3de90c65d 100644
--- a/src/lib/libcrypto/perlasm/x86asm.pl
+++ b/src/lib/libcrypto/perlasm/x86asm.pl
@@ -96,7 +96,7 @@ $tmp
96#ifdef OUT 96#ifdef OUT
97#define OK 1 97#define OK 1
98#define ALIGN 4 98#define ALIGN 4
99#if defined(__CYGWIN__) || defined(__DJGPP__) 99#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
100#undef SIZE 100#undef SIZE
101#undef TYPE 101#undef TYPE
102#define SIZE(a,b) 102#define SIZE(a,b)
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
index 5009acb4b3..4bdb3fe180 100644
--- a/src/lib/libcrypto/perlasm/x86nasm.pl
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
221 221
222sub main'file 222sub main'file
223 { 223 {
224 push(@out, "segment .text use32\n"); 224 local $tmp;
225 $tmp=<<___;
226%ifdef __omf__
227section code use32 class=code
228%else
229section .text
230%endif
231___
232 push(@out,$tmp);
225 } 233 }
226 234
227sub main'function_begin 235sub main'function_begin
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 1909f28506..27015dd8c3 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ 148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) 149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
150{ 150{
151 if(!PKCS7_type_is_data(p7)) return NULL; 151 if(!PKCS7_type_is_data(p7))
152 {
153 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
154 return NULL;
155 }
152 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); 156 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
153} 157}
154 158
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
211 215
212STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) 216STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
213{ 217{
218 if (!PKCS7_type_is_data(p12->authsafes))
219 {
220 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
221 return NULL;
222 }
214 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); 223 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
215} 224}
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 4c36c643ce..40340a7bef 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
76 unsigned int keyidlen; 76 unsigned int keyidlen;
77 77
78 /* Set defaults */ 78 /* Set defaults */
79 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; 79 if(!nid_cert)
80 {
81#ifdef OPENSSL_FIPS
82 if (FIPS_mode())
83 nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
84 else
85#endif
86 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
87 }
80 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 88 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
81 if(!iter) iter = PKCS12_DEFAULT_ITER; 89 if(!iter) iter = PKCS12_DEFAULT_ITER;
82 if(!mac_iter) mac_iter = 1; 90 if(!mac_iter) mac_iter = 1;
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index 4886b9b289..140d21155e 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; 72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter; 73 int saltlen, iter;
74 74
75 if (!PKCS7_type_is_data(p12->authsafes))
76 {
77 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
78 return 0;
79 }
80
75 salt = p12->mac->salt->data; 81 salt = p12->mac->salt->data;
76 saltlen = p12->mac->salt->length; 82 saltlen = p12->mac->salt->length;
77 if (!p12->mac->iter) iter = 1; 83 if (!p12->mac->iter) iter = 1;
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 10ab80502c..a33b37b1c7 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
1/* crypto/pkcs12/pk12err.c */ 1/* crypto/pkcs12/pk12err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,60 +64,67 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
70
67static ERR_STRING_DATA PKCS12_str_functs[]= 71static ERR_STRING_DATA PKCS12_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, 73{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"}, 74{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"}, 75{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"}, 76{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
73{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"}, 77{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
74{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"}, 78{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
75{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"}, 79{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
76{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"}, 80{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
77{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"}, 81{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
78{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"}, 82{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"}, 83{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, 84{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, 85{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, 86{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, 87{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, 88{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, 89{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, 90{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"}, 91{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
88{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"}, 92{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
89{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"}, 93{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
90{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"}, 94{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
91{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"}, 95{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
92{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"}, 96{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
93{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"}, 97{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
94{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"}, 98{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
99{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
100{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
95{0,NULL} 101{0,NULL}
96 }; 102 };
97 103
98static ERR_STRING_DATA PKCS12_str_reasons[]= 104static ERR_STRING_DATA PKCS12_str_reasons[]=
99 { 105 {
100{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"}, 106{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
101{PKCS12_R_DECODE_ERROR ,"decode error"}, 107{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
102{PKCS12_R_ENCODE_ERROR ,"encode error"}, 108{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, 109{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, 110{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 111{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, 112{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, 113{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
108{PKCS12_R_KEY_GEN_ERROR ,"key gen error"}, 114{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
109{PKCS12_R_MAC_ABSENT ,"mac absent"}, 115{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
110{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"}, 116{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
111{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"}, 117{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
112{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"}, 118{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
113{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"}, 119{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
114{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"}, 120{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
115{PKCS12_R_PARSE_ERROR ,"parse error"}, 121{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
116{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"}, 122{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
117{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"}, 123{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
118{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"}, 124{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
119{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"}, 125{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
120{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"}, 126{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
127{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
121{0,NULL} 128{0,NULL}
122 }; 129 };
123 130
@@ -131,8 +138,8 @@ void ERR_load_PKCS12_strings(void)
131 { 138 {
132 init=0; 139 init=0;
133#ifndef OPENSSL_NO_ERR 140#ifndef OPENSSL_NO_ERR
134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); 141 ERR_load_strings(0,PKCS12_str_functs);
135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); 142 ERR_load_strings(0,PKCS12_str_reasons);
136#endif 143#endif
137 144
138 } 145 }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index dd338f266c..fb8af82d4f 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
288#define PKCS12_F_PKCS12_SETUP_MAC 122 288#define PKCS12_F_PKCS12_SETUP_MAC 122
289#define PKCS12_F_PKCS12_SET_MAC 123 289#define PKCS12_F_PKCS12_SET_MAC 123
290#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129
291#define PKCS12_F_PKCS12_UNPACK_P7DATA 130
290#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 292#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
291#define PKCS12_F_PKCS8_ENCRYPT 125 293#define PKCS12_F_PKCS8_ENCRYPT 125
292#define PKCS12_F_VERIFY_MAC 126 294#define PKCS12_F_VERIFY_MAC 126
293 295
294/* Reason codes. */ 296/* Reason codes. */
295#define PKCS12_R_CANT_PACK_STRUCTURE 100 297#define PKCS12_R_CANT_PACK_STRUCTURE 100
298#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
296#define PKCS12_R_DECODE_ERROR 101 299#define PKCS12_R_DECODE_ERROR 101
297#define PKCS12_R_ENCODE_ERROR 102 300#define PKCS12_R_ENCODE_ERROR 102
298#define PKCS12_R_ENCRYPT_ERROR 103 301#define PKCS12_R_ENCRYPT_ERROR 103
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 5d2a97839d..927b88c3e7 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -152,11 +152,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
152{ 152{
153 char bound[33], c; 153 char bound[33], c;
154 int i; 154 int i;
155 char *mime_prefix, *mime_eol; 155 char *mime_prefix, *mime_eol, *msg_type=NULL;
156 if (flags & PKCS7_NOOLDMIMETYPE) 156 if (flags & PKCS7_NOOLDMIMETYPE)
157 mime_prefix = "application/pkcs7-"; 157 mime_prefix = "application/pkcs7-";
158 else 158 else
159 mime_prefix = "application/x-pkcs7-"; 159 mime_prefix = "application/x-pkcs7-";
160
160 if (flags & PKCS7_CRLFEOL) 161 if (flags & PKCS7_CRLFEOL)
161 mime_eol = "\r\n"; 162 mime_eol = "\r\n";
162 else 163 else
@@ -198,11 +199,30 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
198 mime_eol, mime_eol); 199 mime_eol, mime_eol);
199 return 1; 200 return 1;
200 } 201 }
202
203 /* Determine smime-type header */
204
205 if (PKCS7_type_is_enveloped(p7))
206 msg_type = "enveloped-data";
207 else if (PKCS7_type_is_signed(p7))
208 {
209 /* If we have any signers it is signed-data othewise
210 * certs-only.
211 */
212 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
213 sinfos = PKCS7_get_signer_info(p7);
214 if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
215 msg_type = "signed-data";
216 else
217 msg_type = "certs-only";
218 }
201 /* MIME headers */ 219 /* MIME headers */
202 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); 220 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
203 BIO_printf(bio, "Content-Disposition: attachment;"); 221 BIO_printf(bio, "Content-Disposition: attachment;");
204 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); 222 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
205 BIO_printf(bio, "Content-Type: %smime;", mime_prefix); 223 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
224 if (msg_type)
225 BIO_printf(bio, " smime-type=%s;", msg_type);
206 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); 226 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
207 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", 227 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
208 mime_eol, mime_eol); 228 mime_eol, mime_eol);
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index a852b49235..99a0d63f38 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -296,11 +296,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
296 296
297 if (tmpin == indata) 297 if (tmpin == indata)
298 { 298 {
299 if(indata) BIO_pop(p7bio); 299 if (indata) BIO_pop(p7bio);
300 BIO_free_all(p7bio);
301 } 300 }
302 else 301 BIO_free_all(p7bio);
303 BIO_free_all(tmpin);
304 302
305 sk_X509_free(signers); 303 sk_X509_free(signers);
306 304
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index 5e51527a40..19894c80a4 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
1/* crypto/pkcs7/pkcs7err.c */ 1/* crypto/pkcs7/pkcs7err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,81 +64,85 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
70
67static ERR_STRING_DATA PKCS7_str_functs[]= 71static ERR_STRING_DATA PKCS7_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, 73{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
70{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, 74{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
71{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, 75{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
72{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, 76{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
73{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, 77{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
74{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, 78{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
75{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, 79{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
76{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, 80{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
77{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, 81{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
78{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, 82{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
79{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, 83{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
80{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, 84{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
81{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, 85{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
82{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, 86{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
83{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, 87{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
84{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, 88{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
85{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, 89{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
86{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, 90{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
87{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, 91{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
88{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, 92{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
89{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, 93{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
90{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, 94{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
91{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, 95{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
92{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, 96{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
93{0,NULL} 97{0,NULL}
94 }; 98 };
95 99
96static ERR_STRING_DATA PKCS7_str_reasons[]= 100static ERR_STRING_DATA PKCS7_str_reasons[]=
97 { 101 {
98{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, 102{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
99{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, 103{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
100{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, 104{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
101{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, 105{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
102{PKCS7_R_DECODE_ERROR ,"decode error"}, 106{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"},
103{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, 107{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
104{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, 108{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"},
105{PKCS7_R_DIGEST_FAILURE ,"digest failure"}, 109{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"},
106{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, 110{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
107{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, 111{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
108{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, 112{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"},
109{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, 113{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
110{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, 114{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
111{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, 115{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"},
112{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, 116{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
113{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, 117{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
114{PKCS7_R_NO_CONTENT ,"no content"}, 118{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"},
115{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, 119{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"},
116{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, 120{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
117{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, 121{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
118{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, 122{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
119{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, 123{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
120{PKCS7_R_NO_SIGNERS ,"no signers"}, 124{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
121{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, 125{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
122{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, 126{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
123{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, 127{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
124{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, 128{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
125{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, 129{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
126{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, 130{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
127{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, 131{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
128{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, 132{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
129{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, 133{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"},
130{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, 134{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
131{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, 135{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
132{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, 136{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"},
133{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, 137{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
134{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, 138{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
135{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, 139{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
136{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, 140{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
137{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, 141{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"},
138{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, 142{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
139{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, 143{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
140{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, 144{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"},
141{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, 145{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"},
142{0,NULL} 146{0,NULL}
143 }; 147 };
144 148
@@ -152,8 +156,8 @@ void ERR_load_PKCS7_strings(void)
152 { 156 {
153 init=0; 157 init=0;
154#ifndef OPENSSL_NO_ERR 158#ifndef OPENSSL_NO_ERR
155 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); 159 ERR_load_strings(0,PKCS7_str_functs);
156 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); 160 ERR_load_strings(0,PKCS7_str_reasons);
157#endif 161#endif
158 162
159 } 163 }
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 95574659ac..97f96e1aee 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1/* crypto/rand/rand_err.c */ 1/* crypto/rand/rand_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
70
67static ERR_STRING_DATA RAND_str_functs[]= 71static ERR_STRING_DATA RAND_str_functs[]=
68 { 72 {
69{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"}, 73{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
70{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, 74{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
71{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, 75{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
72{0,NULL} 76{0,NULL}
73 }; 77 };
74 78
75static ERR_STRING_DATA RAND_str_reasons[]= 79static ERR_STRING_DATA RAND_str_reasons[]=
76 { 80 {
77{RAND_R_NON_FIPS_METHOD ,"non fips method"}, 81{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
78{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"}, 82{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
79{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"}, 83{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
80{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"}, 84{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
81{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, 85{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
82{RAND_R_PRNG_STUCK ,"prng stuck"}, 86{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_RAND_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); 100 ERR_load_strings(0,RAND_str_functs);
97 ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); 101 ERR_load_strings(0,RAND_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 88f1b56d91..a21bde79de 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
87 87
88const RAND_METHOD *RAND_get_rand_method(void) 88const RAND_METHOD *RAND_get_rand_method(void)
89 { 89 {
90#ifdef OPENSSL_FIPS
91 if(FIPS_mode()
92 && default_RAND_meth != FIPS_rand_check())
93 {
94 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
95 return 0;
96 }
97#endif
98
99
100 if (!default_RAND_meth) 90 if (!default_RAND_meth)
101 { 91 {
102#ifndef OPENSSL_NO_ENGINE 92#ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
114 funct_ref = e; 104 funct_ref = e;
115 else 105 else
116#endif 106#endif
117 default_RAND_meth = RAND_SSLeay(); 107#ifdef OPENSSL_FIPS
108 if(FIPS_mode())
109 default_RAND_meth=FIPS_rand_method();
110 else
111#endif
112 default_RAND_meth = RAND_SSLeay();
118 } 113 }
114
115#ifdef OPENSSL_FIPS
116 if(FIPS_mode()
117 && default_RAND_meth != FIPS_rand_check())
118 {
119 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
120 return 0;
121 }
122#endif
119 return default_RAND_meth; 123 return default_RAND_meth;
120 } 124 }
121 125
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 9bd89ba495..d847d8ebdf 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,7 @@
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */ 59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#define _XOPEN_SOURCE 1 60#define _XOPEN_SOURCE 500
61 61
62#include <errno.h> 62#include <errno.h>
63#include <stdio.h> 63#include <stdio.h>
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
index 22f372f85c..9652865188 100644
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -58,6 +58,7 @@
58 58
59#include <openssl/rc2.h> 59#include <openssl/rc2.h>
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include <openssl/fips.h>
61#include "rc2_locl.h" 62#include "rc2_locl.h"
62 63
63static unsigned char key_table[256]={ 64static unsigned char key_table[256]={
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
index 47d34b444e..4d0e1242ea 100644
--- a/src/lib/libcrypto/rc2/rc2speed.c
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
102#ifndef HZ 102#ifndef HZ
103#ifndef CLK_TCK 103#ifndef CLK_TCK
104#define HZ 100.0 104#define HZ 100.0
105#endif 105#else /* CLK_TCK */
106#else /* CLK_TCK */
107#define HZ ((double)CLK_TCK) 106#define HZ ((double)CLK_TCK)
108#endif 107#endif /* CLK_TCK */
108#endif /* HZ */
109 109
110#define BUFSIZE ((long)1024) 110#define BUFSIZE ((long)1024)
111long run=0; 111long run=0;
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
index dd90d9fde0..ae0cea75b8 100644
--- a/src/lib/libcrypto/rc4/rc4.h
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
73 { 73 {
74 RC4_INT x,y; 74 RC4_INT x,y;
75 RC4_INT data[256]; 75 RC4_INT data[256];
76#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
77 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
78 RC4_INT pad[512-256-2];
79#endif
80 } RC4_KEY; 76 } RC4_KEY;
81 77
82 78
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
index 81a97ea3b7..d5f18a3a70 100644
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
77 x=key->x; 77 x=key->x;
78 y=key->y; 78 y=key->y;
79 d=key->data; 79 d=key->data;
80#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
81 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
82 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
83#endif
84 80
85#if defined(RC4_CHUNK) 81#if defined(RC4_CHUNK)
86 /* 82 /*
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
index 07234f061a..60510624fd 100644
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -58,6 +58,7 @@
58 58
59#include <openssl/rc4.h> 59#include <openssl/rc4.h>
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include <openssl/fips.h>
61#include "rc4_locl.h" 62#include "rc4_locl.h"
62#include <openssl/opensslv.h> 63#include <openssl/opensslv.h>
63 64
@@ -94,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
94 unsigned int i; 95 unsigned int i;
95 96
96 d= &(key->data[0]); 97 d= &(key->data[0]);
97#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
98 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
99 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
100#endif
101 98
102 for (i=0; i<256; i++) 99 for (i=0; i<256; i++)
103 d[i]=i; 100 d[i]=i;
diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c
index f8b580c33a..b88446b267 100644
--- a/src/lib/libcrypto/ripemd/rmd_one.c
+++ b/src/lib/libcrypto/ripemd/rmd_one.c
@@ -68,7 +68,8 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
68 static unsigned char m[RIPEMD160_DIGEST_LENGTH]; 68 static unsigned char m[RIPEMD160_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 RIPEMD160_Init(&c); 71 if (!RIPEMD160_Init(&c))
72 return NULL;
72 RIPEMD160_Update(&c,d,n); 73 RIPEMD160_Update(&c,d,n);
73 RIPEMD160_Final(md,&c); 74 RIPEMD160_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ 75 OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index fc3bb5f86d..0b639cd37f 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -157,33 +157,41 @@ struct rsa_st
157#define RSA_3 0x3L 157#define RSA_3 0x3L
158#define RSA_F4 0x10001L 158#define RSA_F4 0x10001L
159 159
160#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ 160#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
161 161
162#define RSA_FLAG_CACHE_PUBLIC 0x02 162#define RSA_FLAG_CACHE_PUBLIC 0x0002
163#define RSA_FLAG_CACHE_PRIVATE 0x04 163#define RSA_FLAG_CACHE_PRIVATE 0x0004
164#define RSA_FLAG_BLINDING 0x08 164#define RSA_FLAG_BLINDING 0x0008
165#define RSA_FLAG_THREAD_SAFE 0x10 165#define RSA_FLAG_THREAD_SAFE 0x0010
166/* This flag means the private key operations will be handled by rsa_mod_exp 166/* This flag means the private key operations will be handled by rsa_mod_exp
167 * and that they do not depend on the private key components being present: 167 * and that they do not depend on the private key components being present:
168 * for example a key stored in external hardware. Without this flag bn_mod_exp 168 * for example a key stored in external hardware. Without this flag bn_mod_exp
169 * gets called when private key components are absent. 169 * gets called when private key components are absent.
170 */ 170 */
171#define RSA_FLAG_EXT_PKEY 0x20 171#define RSA_FLAG_EXT_PKEY 0x0020
172 172
173/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. 173/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
174 */ 174 */
175#define RSA_FLAG_SIGN_VER 0x40 175#define RSA_FLAG_SIGN_VER 0x0040
176 176
177#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in 177#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
178 * RSA implementation now uses blinding by 178 * RSA implementation now uses blinding by
179 * default (ignoring RSA_FLAG_BLINDING), 179 * default (ignoring RSA_FLAG_BLINDING),
180 * but other engines might not need it 180 * but other engines might not need it
181 */ 181 */
182#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
183 * implementation now uses constant time
184 * modular exponentiation for secret exponents
185 * by default. This flag causes the
186 * faster variable sliding window method to
187 * be used for all exponents.
188 */
182 189
183#define RSA_PKCS1_PADDING 1 190#define RSA_PKCS1_PADDING 1
184#define RSA_SSLV23_PADDING 2 191#define RSA_SSLV23_PADDING 2
185#define RSA_NO_PADDING 3 192#define RSA_NO_PADDING 3
186#define RSA_PKCS1_OAEP_PADDING 4 193#define RSA_PKCS1_OAEP_PADDING 4
194#define RSA_X931_PADDING 5
187 195
188#define RSA_PKCS1_PADDING_SIZE 11 196#define RSA_PKCS1_PADDING_SIZE 11
189 197
@@ -196,6 +204,15 @@ int RSA_size(const RSA *);
196RSA * RSA_generate_key(int bits, unsigned long e,void 204RSA * RSA_generate_key(int bits, unsigned long e,void
197 (*callback)(int,int,void *),void *cb_arg); 205 (*callback)(int,int,void *),void *cb_arg);
198int RSA_check_key(const RSA *); 206int RSA_check_key(const RSA *);
207#ifdef OPENSSL_FIPS
208int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
209 void (*cb)(int, int, void *), void *cb_arg,
210 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
211 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
212 const BIGNUM *e);
213RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
214 void (*cb)(int,int,void *), void *cb_arg);
215#endif
199 /* next 4 return -1 on error */ 216 /* next 4 return -1 on error */
200int RSA_public_encrypt(int flen, const unsigned char *from, 217int RSA_public_encrypt(int flen, const unsigned char *from,
201 unsigned char *to, RSA *rsa,int padding); 218 unsigned char *to, RSA *rsa,int padding);
@@ -268,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
268 const unsigned char *f,int fl); 285 const unsigned char *f,int fl);
269int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, 286int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
270 const unsigned char *f,int fl,int rsa_len); 287 const unsigned char *f,int fl,int rsa_len);
288int PKCS1_MGF1(unsigned char *mask, long len,
289 const unsigned char *seed, long seedlen, const EVP_MD *dgst);
271int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, 290int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
272 const unsigned char *f,int fl, 291 const unsigned char *f,int fl,
273 const unsigned char *p,int pl); 292 const unsigned char *p,int pl);
@@ -282,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
282 const unsigned char *f,int fl); 301 const unsigned char *f,int fl);
283int RSA_padding_check_none(unsigned char *to,int tlen, 302int RSA_padding_check_none(unsigned char *to,int tlen,
284 const unsigned char *f,int fl,int rsa_len); 303 const unsigned char *f,int fl,int rsa_len);
304int RSA_padding_add_X931(unsigned char *to,int tlen,
305 const unsigned char *f,int fl);
306int RSA_padding_check_X931(unsigned char *to,int tlen,
307 const unsigned char *f,int fl,int rsa_len);
308int RSA_X931_hash_id(int nid);
309
310int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
311 const EVP_MD *Hash, const unsigned char *EM, int sLen);
312int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
313 const unsigned char *mHash,
314 const EVP_MD *Hash, int sLen);
285 315
286int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 316int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
287 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 317 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -311,20 +341,24 @@ void ERR_load_RSA_strings(void);
311#define RSA_F_RSA_NULL 124 341#define RSA_F_RSA_NULL 124
312#define RSA_F_RSA_PADDING_ADD_NONE 107 342#define RSA_F_RSA_PADDING_ADD_NONE 107
313#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 343#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
344#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
314#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 345#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
315#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 346#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
316#define RSA_F_RSA_PADDING_ADD_SSLV23 110 347#define RSA_F_RSA_PADDING_ADD_SSLV23 110
348#define RSA_F_RSA_PADDING_ADD_X931 127
317#define RSA_F_RSA_PADDING_CHECK_NONE 111 349#define RSA_F_RSA_PADDING_CHECK_NONE 111
318#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 350#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
319#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 351#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
320#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 352#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
321#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 353#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
354#define RSA_F_RSA_PADDING_CHECK_X931 128
322#define RSA_F_RSA_PRINT 115 355#define RSA_F_RSA_PRINT 115
323#define RSA_F_RSA_PRINT_FP 116 356#define RSA_F_RSA_PRINT_FP 116
324#define RSA_F_RSA_SIGN 117 357#define RSA_F_RSA_SIGN 117
325#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 358#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
326#define RSA_F_RSA_VERIFY 119 359#define RSA_F_RSA_VERIFY 119
327#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 360#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
361#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
328 362
329/* Reason codes. */ 363/* Reason codes. */
330#define RSA_R_ALGORITHM_MISMATCH 100 364#define RSA_R_ALGORITHM_MISMATCH 100
@@ -344,9 +378,14 @@ void ERR_load_RSA_strings(void);
344#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 378#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
345#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 379#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
346#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 380#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
381#define RSA_R_FIRST_OCTET_INVALID 133
382#define RSA_R_INVALID_HEADER 137
347#define RSA_R_INVALID_MESSAGE_LENGTH 131 383#define RSA_R_INVALID_MESSAGE_LENGTH 131
384#define RSA_R_INVALID_PADDING 138
385#define RSA_R_INVALID_TRAILER 139
348#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 386#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
349#define RSA_R_KEY_SIZE_TOO_SMALL 120 387#define RSA_R_KEY_SIZE_TOO_SMALL 120
388#define RSA_R_LAST_OCTET_INVALID 134
350#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 389#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
351#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 390#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
352#define RSA_R_OAEP_DECODING_ERROR 121 391#define RSA_R_OAEP_DECODING_ERROR 121
@@ -354,6 +393,8 @@ void ERR_load_RSA_strings(void);
354#define RSA_R_P_NOT_PRIME 128 393#define RSA_R_P_NOT_PRIME 128
355#define RSA_R_Q_NOT_PRIME 129 394#define RSA_R_Q_NOT_PRIME 129
356#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 395#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
396#define RSA_R_SLEN_CHECK_FAILED 136
397#define RSA_R_SLEN_RECOVERY_FAILED 135
357#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 398#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
358#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 399#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
359#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 400#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index d4caab3f95..be4ac96ce3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include "cryptlib.h" 113#include "cryptlib.h"
@@ -145,30 +198,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
145 goto err; 198 goto err;
146 } 199 }
147 200
148 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 201 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
149 { 202 {
150 BN_MONT_CTX* bn_mont_ctx; 203 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
151 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 204 CRYPTO_LOCK_RSA, rsa->n, ctx))
152 goto err;
153 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
154 {
155 BN_MONT_CTX_free(bn_mont_ctx);
156 goto err; 205 goto err;
157 }
158 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
159 {
160 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
161 if (rsa->_method_mod_n == NULL)
162 {
163 rsa->_method_mod_n = bn_mont_ctx;
164 bn_mont_ctx = NULL;
165 }
166 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
167 }
168 if (bn_mont_ctx)
169 BN_MONT_CTX_free(bn_mont_ctx);
170 } 206 }
171 207
172 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 208 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
173 rsa->_method_mod_n)) goto err; 209 rsa->_method_mod_n)) goto err;
174 210
@@ -249,7 +285,7 @@ err:
249static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 285static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
250 unsigned char *to, RSA *rsa, int padding) 286 unsigned char *to, RSA *rsa, int padding)
251 { 287 {
252 BIGNUM f,ret; 288 BIGNUM f,ret, *res;
253 int i,j,k,num=0,r= -1; 289 int i,j,k,num=0,r= -1;
254 unsigned char *buf=NULL; 290 unsigned char *buf=NULL;
255 BN_CTX *ctx=NULL; 291 BN_CTX *ctx=NULL;
@@ -331,19 +367,43 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
331 (rsa->dmp1 != NULL) && 367 (rsa->dmp1 != NULL) &&
332 (rsa->dmq1 != NULL) && 368 (rsa->dmq1 != NULL) &&
333 (rsa->iqmp != NULL)) ) 369 (rsa->iqmp != NULL)) )
334 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } 370 {
371 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
372 }
335 else 373 else
336 { 374 {
337 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; 375 BIGNUM local_d;
376 BIGNUM *d = NULL;
377
378 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
379 {
380 BN_init(&local_d);
381 d = &local_d;
382 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
383 }
384 else
385 d = rsa->d;
386 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
338 } 387 }
339 388
340 if (blinding) 389 if (blinding)
341 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; 390 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
342 391
392 if (padding == RSA_X931_PADDING)
393 {
394 BN_sub(&f, rsa->n, &ret);
395 if (BN_cmp(&ret, &f))
396 res = &f;
397 else
398 res = &ret;
399 }
400 else
401 res = &ret;
402
343 /* put in leading 0 bytes if the number is less than the 403 /* put in leading 0 bytes if the number is less than the
344 * length of the modulus */ 404 * length of the modulus */
345 j=BN_num_bytes(&ret); 405 j=BN_num_bytes(res);
346 i=BN_bn2bin(&ret,&(to[num-j])); 406 i=BN_bn2bin(res,&(to[num-j]));
347 for (k=0; k<(num-i); k++) 407 for (k=0; k<(num-i); k++)
348 to[k]=0; 408 to[k]=0;
349 409
@@ -444,10 +504,22 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
444 (rsa->dmp1 != NULL) && 504 (rsa->dmp1 != NULL) &&
445 (rsa->dmq1 != NULL) && 505 (rsa->dmq1 != NULL) &&
446 (rsa->iqmp != NULL)) ) 506 (rsa->iqmp != NULL)) )
447 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } 507 {
508 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
509 }
448 else 510 else
449 { 511 {
450 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) 512 BIGNUM local_d;
513 BIGNUM *d = NULL;
514
515 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
516 {
517 d = &local_d;
518 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
519 }
520 else
521 d = rsa->d;
522 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
451 goto err; 523 goto err;
452 } 524 }
453 525
@@ -534,33 +606,20 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
534 } 606 }
535 607
536 /* do the decrypt */ 608 /* do the decrypt */
537 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 609
610 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
538 { 611 {
539 BN_MONT_CTX* bn_mont_ctx; 612 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
540 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 613 CRYPTO_LOCK_RSA, rsa->n, ctx))
541 goto err;
542 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
543 {
544 BN_MONT_CTX_free(bn_mont_ctx);
545 goto err; 614 goto err;
546 }
547 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
548 {
549 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
550 if (rsa->_method_mod_n == NULL)
551 {
552 rsa->_method_mod_n = bn_mont_ctx;
553 bn_mont_ctx = NULL;
554 }
555 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
556 }
557 if (bn_mont_ctx)
558 BN_MONT_CTX_free(bn_mont_ctx);
559 } 615 }
560 616
561 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 617 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
562 rsa->_method_mod_n)) goto err; 618 rsa->_method_mod_n)) goto err;
563 619
620 if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
621 BN_sub(&ret, rsa->n, &ret);
622
564 p=buf; 623 p=buf;
565 i=BN_bn2bin(&ret,p); 624 i=BN_bn2bin(&ret,p);
566 625
@@ -594,6 +653,8 @@ err:
594static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) 653static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
595 { 654 {
596 BIGNUM r1,m1,vrfy; 655 BIGNUM r1,m1,vrfy;
656 BIGNUM local_dmp1, local_dmq1;
657 BIGNUM *dmp1, *dmq1;
597 int ret=0; 658 int ret=0;
598 BN_CTX *ctx; 659 BN_CTX *ctx;
599 660
@@ -604,61 +665,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
604 665
605 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) 666 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
606 { 667 {
607 if (rsa->_method_mod_p == NULL) 668 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
608 { 669 CRYPTO_LOCK_RSA, rsa->p, ctx))
609 BN_MONT_CTX* bn_mont_ctx; 670 goto err;
610 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 671 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
611 goto err; 672 CRYPTO_LOCK_RSA, rsa->q, ctx))
612 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) 673 goto err;
613 {
614 BN_MONT_CTX_free(bn_mont_ctx);
615 goto err;
616 }
617 if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
618 {
619 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
620 if (rsa->_method_mod_p == NULL)
621 {
622 rsa->_method_mod_p = bn_mont_ctx;
623 bn_mont_ctx = NULL;
624 }
625 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
626 }
627 if (bn_mont_ctx)
628 BN_MONT_CTX_free(bn_mont_ctx);
629 }
630
631 if (rsa->_method_mod_q == NULL)
632 {
633 BN_MONT_CTX* bn_mont_ctx;
634 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
635 goto err;
636 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
637 {
638 BN_MONT_CTX_free(bn_mont_ctx);
639 goto err;
640 }
641 if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
642 {
643 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
644 if (rsa->_method_mod_q == NULL)
645 {
646 rsa->_method_mod_q = bn_mont_ctx;
647 bn_mont_ctx = NULL;
648 }
649 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
650 }
651 if (bn_mont_ctx)
652 BN_MONT_CTX_free(bn_mont_ctx);
653 }
654 } 674 }
655 675
656 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; 676 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
657 if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, 677 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
678 {
679 dmq1 = &local_dmq1;
680 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
681 }
682 else
683 dmq1 = rsa->dmq1;
684 if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
658 rsa->_method_mod_q)) goto err; 685 rsa->_method_mod_q)) goto err;
659 686
660 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; 687 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
661 if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, 688 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
689 {
690 dmp1 = &local_dmp1;
691 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
692 }
693 else
694 dmp1 = rsa->dmp1;
695 if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
662 rsa->_method_mod_p)) goto err; 696 rsa->_method_mod_p)) goto err;
663 697
664 if (!BN_sub(r0,r0,&m1)) goto err; 698 if (!BN_sub(r0,r0,&m1)) goto err;
@@ -693,10 +727,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
693 if (vrfy.neg) 727 if (vrfy.neg)
694 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; 728 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
695 if (!BN_is_zero(&vrfy)) 729 if (!BN_is_zero(&vrfy))
730 {
696 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak 731 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
697 * miscalculated CRT output, just do a raw (slower) 732 * miscalculated CRT output, just do a raw (slower)
698 * mod_exp and return that instead. */ 733 * mod_exp and return that instead. */
699 if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; 734
735 BIGNUM local_d;
736 BIGNUM *d = NULL;
737
738 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
739 {
740 d = &local_d;
741 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
742 }
743 else
744 d = rsa->d;
745 if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
746 }
700 } 747 }
701 ret=1; 748 ret=1;
702err: 749err:
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index a7766c3b76..2ec4b30ff7 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,70 +64,85 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
70
67static ERR_STRING_DATA RSA_str_functs[]= 71static ERR_STRING_DATA RSA_str_functs[]=
68 { 72 {
69{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, 73{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
70{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, 74{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
71{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, 75{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
72{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, 76{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
73{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, 77{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
74{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, 78{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
75{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, 79{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
76{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, 80{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
77{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, 81{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
78{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, 82{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
79{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, 83{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
80{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, 84{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
81{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, 85{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
82{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, 86{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
83{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, 87{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
84{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, 88{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
85{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, 89{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
86{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, 90{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
87{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, 91{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
88{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, 92{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
89{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, 93{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
90{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, 94{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
91{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, 95{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
92{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, 96{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
93{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, 97{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
98{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
99{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
100{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
101{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
94{0,NULL} 102{0,NULL}
95 }; 103 };
96 104
97static ERR_STRING_DATA RSA_str_reasons[]= 105static ERR_STRING_DATA RSA_str_reasons[]=
98 { 106 {
99{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, 107{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"},
100{RSA_R_BAD_E_VALUE ,"bad e value"}, 108{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"},
101{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, 109{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
102{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, 110{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"},
103{RSA_R_BAD_SIGNATURE ,"bad signature"}, 111{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"},
104{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, 112{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"},
105{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, 113{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"},
106{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, 114{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
107{RSA_R_DATA_TOO_LARGE ,"data too large"}, 115{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"},
108{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 116{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
109{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, 117{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
110{RSA_R_DATA_TOO_SMALL ,"data too small"}, 118{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"},
111{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, 119{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
112{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, 120{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
113{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, 121{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
114{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, 122{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
115{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, 123{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
116{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, 124{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
117{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, 125{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
118{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, 126{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
119{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, 127{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
120{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, 128{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
121{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, 129{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
122{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, 130{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
123{RSA_R_P_NOT_PRIME ,"p not prime"}, 131{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
124{RSA_R_Q_NOT_PRIME ,"q not prime"}, 132{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
125{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, 133{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
126{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, 134{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
127{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 135{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
128{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, 136{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
129{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, 137{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
130{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, 138{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
139{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
140{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
141{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
142{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
143{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
144{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
145{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
131{0,NULL} 146{0,NULL}
132 }; 147 };
133 148
@@ -141,8 +156,8 @@ void ERR_load_RSA_strings(void)
141 { 156 {
142 init=0; 157 init=0;
143#ifndef OPENSSL_NO_ERR 158#ifndef OPENSSL_NO_ERR
144 ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); 159 ERR_load_strings(0,RSA_str_functs);
145 ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); 160 ERR_load_strings(0,RSA_str_reasons);
146#endif 161#endif
147 162
148 } 163 }
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index adb5e34da5..dd1422cc98 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -184,7 +184,8 @@ err:
184 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); 184 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
185 ok=0; 185 ok=0;
186 } 186 }
187 BN_CTX_end(ctx); 187 if (ctx != NULL)
188 BN_CTX_end(ctx);
188 BN_CTX_free(ctx); 189 BN_CTX_free(ctx);
189 BN_CTX_free(ctx2); 190 BN_CTX_free(ctx2);
190 191
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index e3f7c608ec..d43ecaca63 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/sha.h> 29#include <openssl/sha.h>
30 30
31int MGF1(unsigned char *mask, long len,
32 const unsigned char *seed, long seedlen);
33
34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 31int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
35 const unsigned char *from, int flen, 32 const unsigned char *from, int flen,
36 const unsigned char *param, int plen) 33 const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
76 20); 73 20);
77#endif 74#endif
78 75
79 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); 76 PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
77 EVP_sha1());
80 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) 78 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
81 db[i] ^= dbmask[i]; 79 db[i] ^= dbmask[i];
82 80
83 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); 81 PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
82 EVP_sha1());
84 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 83 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
85 seed[i] ^= seedmask[i]; 84 seed[i] ^= seedmask[i];
86 85
@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
126 return -1; 125 return -1;
127 } 126 }
128 127
129 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); 128 PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
130 for (i = lzero; i < SHA_DIGEST_LENGTH; i++) 129 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
131 seed[i] ^= from[i - lzero]; 130 seed[i] ^= from[i - lzero];
132 131
133 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); 132 PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
134 for (i = 0; i < dblen; i++) 133 for (i = 0; i < dblen; i++)
135 db[i] ^= maskeddb[i]; 134 db[i] ^= maskeddb[i];
136 135
@@ -170,28 +169,30 @@ decoding_err:
170 return -1; 169 return -1;
171 } 170 }
172 171
173int MGF1(unsigned char *mask, long len, 172int PKCS1_MGF1(unsigned char *mask, long len,
174 const unsigned char *seed, long seedlen) 173 const unsigned char *seed, long seedlen, const EVP_MD *dgst)
175 { 174 {
176 long i, outlen = 0; 175 long i, outlen = 0;
177 unsigned char cnt[4]; 176 unsigned char cnt[4];
178 EVP_MD_CTX c; 177 EVP_MD_CTX c;
179 unsigned char md[SHA_DIGEST_LENGTH]; 178 unsigned char md[EVP_MAX_MD_SIZE];
179 int mdlen;
180 180
181 EVP_MD_CTX_init(&c); 181 EVP_MD_CTX_init(&c);
182 mdlen = EVP_MD_size(dgst);
182 for (i = 0; outlen < len; i++) 183 for (i = 0; outlen < len; i++)
183 { 184 {
184 cnt[0] = (unsigned char)((i >> 24) & 255); 185 cnt[0] = (unsigned char)((i >> 24) & 255);
185 cnt[1] = (unsigned char)((i >> 16) & 255); 186 cnt[1] = (unsigned char)((i >> 16) & 255);
186 cnt[2] = (unsigned char)((i >> 8)) & 255; 187 cnt[2] = (unsigned char)((i >> 8)) & 255;
187 cnt[3] = (unsigned char)(i & 255); 188 cnt[3] = (unsigned char)(i & 255);
188 EVP_DigestInit_ex(&c,EVP_sha1(), NULL); 189 EVP_DigestInit_ex(&c,dgst, NULL);
189 EVP_DigestUpdate(&c, seed, seedlen); 190 EVP_DigestUpdate(&c, seed, seedlen);
190 EVP_DigestUpdate(&c, cnt, 4); 191 EVP_DigestUpdate(&c, cnt, 4);
191 if (outlen + SHA_DIGEST_LENGTH <= len) 192 if (outlen + mdlen <= len)
192 { 193 {
193 EVP_DigestFinal_ex(&c, mask + outlen, NULL); 194 EVP_DigestFinal_ex(&c, mask + outlen, NULL);
194 outlen += SHA_DIGEST_LENGTH; 195 outlen += mdlen;
195 } 196 }
196 else 197 else
197 { 198 {
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
203 EVP_MD_CTX_cleanup(&c); 204 EVP_MD_CTX_cleanup(&c);
204 return 0; 205 return 0;
205 } 206 }
207
208int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
209 {
210 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
211 }
206#endif 212#endif
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
index 924e9ad1f6..218bb2a39b 100644
--- a/src/lib/libcrypto/rsa/rsa_test.c
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
227 227
228 plen = sizeof(ptext_ex) - 1; 228 plen = sizeof(ptext_ex) - 1;
229 229
230 for (v = 0; v < 3; v++) 230 for (v = 0; v < 6; v++)
231 { 231 {
232 key = RSA_new(); 232 key = RSA_new();
233 switch (v) { 233 switch (v%3) {
234 case 0: 234 case 0:
235 clen = key1(key, ctext_ex); 235 clen = key1(key, ctext_ex);
236 break; 236 break;
@@ -241,6 +241,7 @@ int main(int argc, char *argv[])
241 clen = key3(key, ctext_ex); 241 clen = key3(key, ctext_ex);
242 break; 242 break;
243 } 243 }
244 if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
244 245
245 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, 246 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
246 RSA_PKCS1_PADDING); 247 RSA_PKCS1_PADDING);
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 20e660c71d..f4694b701b 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -61,14 +61,15 @@
61#include <openssl/sha.h> 61#include <openssl/sha.h>
62#include <openssl/crypto.h> 62#include <openssl/crypto.h>
63 63
64#ifndef OPENSSL_NO_SHA1 64#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
65unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) 65unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
66 { 66 {
67 SHA_CTX c; 67 SHA_CTX c;
68 static unsigned char m[SHA_DIGEST_LENGTH]; 68 static unsigned char m[SHA_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 SHA1_Init(&c); 71 if (!SHA1_Init(&c))
72 return NULL;
72 SHA1_Update(&c,d,n); 73 SHA1_Update(&c,d,n);
73 SHA1_Final(md,&c); 74 SHA1_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); 75 OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
index e61c63f3e9..d4f4d344df 100644
--- a/src/lib/libcrypto/sha/sha_one.c
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -68,7 +68,8 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
68 static unsigned char m[SHA_DIGEST_LENGTH]; 68 static unsigned char m[SHA_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 SHA_Init(&c); 71 if (!SHA_Init(&c))
72 return NULL;
72 SHA_Update(&c,d,n); 73 SHA_Update(&c,d,n);
73 SHA_Final(md,&c); 74 SHA_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); 75 OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
index bd1121c279..6010b7f122 100644
--- a/src/lib/libcrypto/stack/safestack.h
+++ b/src/lib/libcrypto/stack/safestack.h
@@ -55,6 +55,9 @@
55#ifndef HEADER_SAFESTACK_H 55#ifndef HEADER_SAFESTACK_H
56#define HEADER_SAFESTACK_H 56#define HEADER_SAFESTACK_H
57 57
58typedef void (*openssl_fptr)(void);
59#define openssl_fcast(f) ((openssl_fptr)f)
60
58#include <openssl/stack.h> 61#include <openssl/stack.h>
59 62
60#ifdef DEBUG_SAFESTACK 63#ifdef DEBUG_SAFESTACK
@@ -73,74 +76,74 @@ STACK_OF(type) \
73/* SKM_sk_... stack macros are internal to safestack.h: 76/* SKM_sk_... stack macros are internal to safestack.h:
74 * never use them directly, use sk_<type>_... instead */ 77 * never use them directly, use sk_<type>_... instead */
75#define SKM_sk_new(type, cmp) \ 78#define SKM_sk_new(type, cmp) \
76 ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp) 79 ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
77#define SKM_sk_new_null(type) \ 80#define SKM_sk_new_null(type) \
78 ((STACK_OF(type) * (*)(void))sk_new_null)() 81 ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
79#define SKM_sk_free(type, st) \ 82#define SKM_sk_free(type, st) \
80 ((void (*)(STACK_OF(type) *))sk_free)(st) 83 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
81#define SKM_sk_num(type, st) \ 84#define SKM_sk_num(type, st) \
82 ((int (*)(const STACK_OF(type) *))sk_num)(st) 85 ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
83#define SKM_sk_value(type, st,i) \ 86#define SKM_sk_value(type, st,i) \
84 ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i) 87 ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
85#define SKM_sk_set(type, st,i,val) \ 88#define SKM_sk_set(type, st,i,val) \
86 ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val) 89 ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
87#define SKM_sk_zero(type, st) \ 90#define SKM_sk_zero(type, st) \
88 ((void (*)(STACK_OF(type) *))sk_zero)(st) 91 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
89#define SKM_sk_push(type, st,val) \ 92#define SKM_sk_push(type, st,val) \
90 ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val) 93 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
91#define SKM_sk_unshift(type, st,val) \ 94#define SKM_sk_unshift(type, st,val) \
92 ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val) 95 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
93#define SKM_sk_find(type, st,val) \ 96#define SKM_sk_find(type, st,val) \
94 ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val) 97 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
95#define SKM_sk_delete(type, st,i) \ 98#define SKM_sk_delete(type, st,i) \
96 ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i) 99 ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
97#define SKM_sk_delete_ptr(type, st,ptr) \ 100#define SKM_sk_delete_ptr(type, st,ptr) \
98 ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr) 101 ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
99#define SKM_sk_insert(type, st,val,i) \ 102#define SKM_sk_insert(type, st,val,i) \
100 ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i) 103 ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
101#define SKM_sk_set_cmp_func(type, st,cmp) \ 104#define SKM_sk_set_cmp_func(type, st,cmp) \
102 ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ 105 ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
103 (const type * const *, const type * const *))sk_set_cmp_func)\ 106 (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
104 (st, cmp) 107 (st, cmp)
105#define SKM_sk_dup(type, st) \ 108#define SKM_sk_dup(type, st) \
106 ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st) 109 ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
107#define SKM_sk_pop_free(type, st,free_func) \ 110#define SKM_sk_pop_free(type, st,free_func) \
108 ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\ 111 ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
109 (st, free_func) 112 (st, free_func)
110#define SKM_sk_shift(type, st) \ 113#define SKM_sk_shift(type, st) \
111 ((type * (*)(STACK_OF(type) *))sk_shift)(st) 114 ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
112#define SKM_sk_pop(type, st) \ 115#define SKM_sk_pop(type, st) \
113 ((type * (*)(STACK_OF(type) *))sk_pop)(st) 116 ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
114#define SKM_sk_sort(type, st) \ 117#define SKM_sk_sort(type, st) \
115 ((void (*)(STACK_OF(type) *))sk_sort)(st) 118 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
116#define SKM_sk_is_sorted(type, st) \ 119#define SKM_sk_is_sorted(type, st) \
117 ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st) 120 ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
118 121
119#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ 122#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
120 ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ 123 ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
121 type *(*)(type **, unsigned char **,long), \ 124 type *(*)(type **, unsigned char **,long), \
122 void (*)(type *), int ,int )) d2i_ASN1_SET) \ 125 void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
123 (st,pp,length, d2i_func, free_func, ex_tag,ex_class) 126 (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
124#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ 127#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
125 ((int (*)(STACK_OF(type) *,unsigned char **, \ 128 ((int (*)(STACK_OF(type) *,unsigned char **, \
126 int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \ 129 int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
127 (st,pp,i2d_func,ex_tag,ex_class,is_set) 130 (st,pp,i2d_func,ex_tag,ex_class,is_set)
128 131
129#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ 132#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
130 ((unsigned char *(*)(STACK_OF(type) *, \ 133 ((unsigned char *(*)(STACK_OF(type) *, \
131 int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \ 134 int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
132 (st, i2d_func, buf, len) 135 (st, i2d_func, buf, len)
133#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ 136#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
134 ((STACK_OF(type) * (*)(unsigned char *,int, \ 137 ((STACK_OF(type) * (*)(unsigned char *,int, \
135 type *(*)(type **,unsigned char **, long), \ 138 type *(*)(type **,unsigned char **, long), \
136 void (*)(type *)))ASN1_seq_unpack) \ 139 void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
137 (buf,len,d2i_func, free_func) 140 (buf,len,d2i_func, free_func)
138 141
139#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ 142#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
140 ((STACK_OF(type) * (*)(X509_ALGOR *, \ 143 ((STACK_OF(type) * (*)(X509_ALGOR *, \
141 type *(*)(type **, unsigned char **, long), void (*)(type *), \ 144 type *(*)(type **, unsigned char **, long), void (*)(type *), \
142 const char *, int, \ 145 const char *, int, \
143 ASN1_STRING *, int))PKCS12_decrypt_d2i) \ 146 ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
144 (algor,d2i_func,free_func,pass,passlen,oct,seq) 147 (algor,d2i_func,free_func,pass,passlen,oct,seq)
145 148
146#else 149#else
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
index 39a62ae737..d983cdd66f 100644
--- a/src/lib/libcrypto/ui/ui_err.c
+++ b/src/lib/libcrypto/ui/ui_err.c
@@ -1,6 +1,6 @@
1/* crypto/ui/ui_err.c */ 1/* crypto/ui/ui_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,32 +64,36 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
70
67static ERR_STRING_DATA UI_str_functs[]= 71static ERR_STRING_DATA UI_str_functs[]=
68 { 72 {
69{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"}, 73{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
70{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"}, 74{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
71{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"}, 75{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
72{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"}, 76{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
73{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"}, 77{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
74{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"}, 78{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
75{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"}, 79{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
76{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"}, 80{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
77{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"}, 81{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
78{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"}, 82{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
79{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"}, 83{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
80{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"}, 84{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
81{0,NULL} 85{0,NULL}
82 }; 86 };
83 87
84static ERR_STRING_DATA UI_str_reasons[]= 88static ERR_STRING_DATA UI_str_reasons[]=
85 { 89 {
86{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"}, 90{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
87{UI_R_INDEX_TOO_LARGE ,"index too large"}, 91{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"},
88{UI_R_INDEX_TOO_SMALL ,"index too small"}, 92{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"},
89{UI_R_NO_RESULT_BUFFER ,"no result buffer"}, 93{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"},
90{UI_R_RESULT_TOO_LARGE ,"result too large"}, 94{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"},
91{UI_R_RESULT_TOO_SMALL ,"result too small"}, 95{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"},
92{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"}, 96{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
93{0,NULL} 97{0,NULL}
94 }; 98 };
95 99
@@ -103,8 +107,8 @@ void ERR_load_UI_strings(void)
103 { 107 {
104 init=0; 108 init=0;
105#ifndef OPENSSL_NO_ERR 109#ifndef OPENSSL_NO_ERR
106 ERR_load_strings(ERR_LIB_UI,UI_str_functs); 110 ERR_load_strings(0,UI_str_functs);
107 ERR_load_strings(ERR_LIB_UI,UI_str_reasons); 111 ERR_load_strings(0,UI_str_reasons);
108#endif 112#endif
109 113
110 } 114 }
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 56fb7446e0..4222bef6d6 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
2811FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: 2811FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
2812FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: 2812FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
2813EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES 2813EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
2814FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION: 2814FIPS_allow_md5 3256 NOEXIST::FUNCTION:
2815DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES 2815DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
2816EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES 2816EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
2817FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION: 2817FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:
2837AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES 2837AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
2838EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES 2838EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
2839FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: 2839FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
2840FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION: 2840FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
2841FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: 2841FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
2842FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: 2842FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
2843sk_is_sorted 3285 EXIST::FUNCTION: 2843sk_is_sorted 3285 EXIST::FUNCTION:
@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
2867PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: 2867PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
2868PROXY_POLICY_free 3308 EXIST::FUNCTION: 2868PROXY_POLICY_free 3308 EXIST::FUNCTION:
2869PROXY_POLICY_new 3309 EXIST::FUNCTION: 2869PROXY_POLICY_new 3309 EXIST::FUNCTION:
2870BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
2871FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
2872EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2873EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2874EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2875EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2876FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
2877FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
2878BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
2879RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
2880RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
2881RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
2882RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
2883RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
2884PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
2885BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:
2886RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA
2887BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:
2888BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:
2889RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA
2890SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2891SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2892SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2893SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2894SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2895SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2896SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2897SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2898SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2899SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2900SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2901SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2902SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2903SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2904SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2905SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2906SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2907SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 957264c6b5..05a6086164 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -10,6 +10,20 @@ $OPTIONS="";
10$ssl_version=""; 10$ssl_version="";
11$banner="\t\@echo Building OpenSSL"; 11$banner="\t\@echo Building OpenSSL";
12 12
13local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
14local $zlib_lib = "";
15
16my $fips_canister_path = "";
17my $fips_premain_dso_exe_path = "";
18my $fips_premain_c_path = "";
19my $fips_sha1_exe_path = "";
20
21my $fipslibdir = "";
22my $baseaddr = "";
23
24my $ex_l_libs = "";
25
26
13open(IN,"<Makefile") || die "unable to open Makefile!\n"; 27open(IN,"<Makefile") || die "unable to open Makefile!\n";
14while(<IN>) { 28while(<IN>) {
15 $ssl_version=$1 if (/^VERSION=(.*)$/); 29 $ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -24,6 +38,7 @@ $infile="MINFO";
24 38
25%ops=( 39%ops=(
26 "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", 40 "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
41 "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
27 "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", 42 "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
28 "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", 43 "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
29 "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", 44 "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -43,6 +58,7 @@ $infile="MINFO";
43 ); 58 );
44 59
45$platform=""; 60$platform="";
61my $xcflags="";
46foreach (@ARGV) 62foreach (@ARGV)
47 { 63 {
48 if (!&read_options && !defined($ops{$_})) 64 if (!&read_options && !defined($ops{$_}))
@@ -104,8 +120,12 @@ $inc_def="outinc";
104$tmp_def="tmp"; 120$tmp_def="tmp";
105 121
106$mkdir="-mkdir"; 122$mkdir="-mkdir";
123$mkcanister="ld -r -o";
124
125$ex_build_targets = "";
107 126
108($ssl,$crypto)=("ssl","crypto"); 127($ssl,$crypto)=("ssl","crypto");
128$cryptocompat = "";
109$ranlib="echo ranlib"; 129$ranlib="echo ranlib";
110 130
111$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; 131$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
140 $NT = 1 if $platform eq "VC-NT"; 160 $NT = 1 if $platform eq "VC-NT";
141 require 'VC-32.pl'; 161 require 'VC-32.pl';
142 } 162 }
163elsif ($platform eq "VC-WIN32-GMAKE")
164 {
165 require 'VC-32-GMAKE.pl';
166 }
143elsif ($platform eq "VC-CE") 167elsif ($platform eq "VC-CE")
144 { 168 {
145 require 'VC-CE.pl'; 169 require 'VC-CE.pl';
@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
210 234
211$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); 235$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
212 236
237$cflags= "$xcflags$cflags" if $xcflags ne "";
238
213$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; 239$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
214$cflags.=" -DOPENSSL_NO_AES" if $no_aes; 240$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
215$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; 241$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
239$cflags.=" -DOPENSSL_FIPS" if $fips; 265$cflags.=" -DOPENSSL_FIPS" if $fips;
240#$cflags.=" -DRSAref" if $rsaref ne ""; 266#$cflags.=" -DRSAref" if $rsaref ne "";
241 267
268$cflags.= " -DZLIB" if $zlib_opt;
269$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
270
242## if ($unix) 271## if ($unix)
243## { $cflags="$c_flags" if ($c_flags ne ""); } 272## { $cflags="$c_flags" if ($c_flags ne ""); }
244##else 273##else
@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
246 275
247$ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); 276$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
248 277
278
249%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", 279%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
250 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); 280 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
251 281
@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
262 292
263$INSTALLTOP =~ s|/|$o|g; 293$INSTALLTOP =~ s|/|$o|g;
264 294
295#############################################
296# We parse in input file and 'store' info for later printing.
297open(IN,"<$infile") || die "unable to open $infile:$!\n";
298$_=<IN>;
299for (;;)
300 {
301 chop;
302
303 ($key,$val)=/^([^=]+)=(.*)/;
304 if ($key eq "RELATIVE_DIRECTORY")
305 {
306 if ($lib ne "")
307 {
308 if ($fips && $dir =~ /^fips/)
309 {
310 $uc = "FIPS";
311 }
312 else
313 {
314 $uc=$lib;
315 $uc =~ s/^lib(.*)\.a/$1/;
316 $uc =~ tr/a-z/A-Z/;
317 }
318 if (($uc ne "FIPS") || $fips_canister_build)
319 {
320 $lib_nam{$uc}=$uc;
321 $lib_obj{$uc}.=$libobj." ";
322 }
323 }
324 last if ($val eq "FINISHED");
325 $lib="";
326 $libobj="";
327 $dir=$val;
328 }
329
330 if ($key eq "KRB5_INCLUDES")
331 { $cflags .= " $val";}
332
333 if ($key eq "ZLIB_INCLUDE")
334 { $cflags .= " $val" if $val ne "";}
335
336 if ($key eq "LIBZLIB")
337 { $zlib_lib = "$val" if $val ne "";}
338
339 if ($key eq "LIBKRB5")
340 { $ex_libs .= " $val" if $val ne "";}
341
342 if ($key eq "TEST")
343 { $test.=&var_add($dir,$val); }
344
345 if (($key eq "PROGS") || ($key eq "E_OBJ"))
346 { $e_exe.=&var_add($dir,$val); }
347
348 if ($key eq "LIB")
349 {
350 $lib=$val;
351 $lib =~ s/^.*\/([^\/]+)$/$1/;
352 }
353
354 if ($key eq "EXHEADER")
355 { $exheader.=&var_add($dir,$val); }
356
357 if ($key eq "HEADER")
358 { $header.=&var_add($dir,$val); }
359
360 if ($key eq "LIBOBJ")
361 { $libobj=&var_add($dir,$val); }
362
363 if ($key eq "FIPSLIBDIR")
364 { $fipslibdir=$val;}
365
366 if ($key eq "BASEADDR")
367 { $baseaddr=$val;}
368
369 if (!($_=<IN>))
370 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
371 }
372close(IN);
373
374if ($fips_canister_path eq "")
375 {
376 $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
377 }
378
379if ($fips_premain_c_path eq "")
380 {
381 $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
382 }
383
384if ($fips)
385 {
386 if ($fips_sha1_exe_path eq "")
387 {
388 $fips_sha1_exe_path =
389 "\$(BIN_D)${o}fips_standalone_sha1$exep";
390 }
391 }
392 else
393 {
394 $fips_sha1_exe_path = "";
395 }
396
397if ($fips_premain_dso_exe_path eq "")
398 {
399 $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
400 }
401
402# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
403
404if ($fips)
405 {
406 if (!$shlib)
407 {
408 $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
409 $ex_l_libs .= " \$(O_FIPSCANISTER)";
410 }
411 if ($fipslibdir eq "")
412 {
413 open (IN, "util/fipslib_path.txt") || fipslib_error();
414 $fipslibdir = <IN>;
415 chomp $fipslibdir;
416 close IN;
417 }
418 fips_check_files($fipslibdir,
419 "fipscanister.o", "fipscanister.o.sha1",
420 "fips_premain.c", "fips_premain.c.sha1");
421 }
422
423
265$defs= <<"EOF"; 424$defs= <<"EOF";
266# This makefile has been automatically generated from the OpenSSL distribution. 425# This makefile has been automatically generated from the OpenSSL distribution.
267# This single makefile will build the complete OpenSSL distribution and 426# This single makefile will build the complete OpenSSL distribution and
@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")
286!INCLUDE <\$(WCECOMPAT)/wcedefs.mak> 445!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
287 446
288EOF 447EOF
448 $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
289 } 449 }
290 450
291$defs.= <<"EOF"; 451$defs.= <<"EOF";
@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs
308SRC_D=$src_dir 468SRC_D=$src_dir
309 469
310LINK=$link 470LINK=$link
471PERL=perl
472FIPSLINK=\$(PERL) util${o}fipslink.pl
311LFLAGS=$lflags 473LFLAGS=$lflags
312 474
313BN_ASM_OBJ=$bn_asm_obj 475BN_ASM_OBJ=$bn_asm_obj
@@ -339,6 +501,9 @@ TMP_D=$tmp_dir
339INC_D=$inc_dir 501INC_D=$inc_dir
340INCO_D=$inc_dir${o}openssl 502INCO_D=$inc_dir${o}openssl
341 503
504# Directory containing FIPS module
505
506
342CP=$cp 507CP=$cp
343RM=$rm 508RM=$rm
344RANLIB=$ranlib 509RANLIB=$ranlib
@@ -346,6 +511,18 @@ MKDIR=$mkdir
346MKLIB=$bin_dir$mklib 511MKLIB=$bin_dir$mklib
347MLFLAGS=$mlflags 512MLFLAGS=$mlflags
348ASM=$bin_dir$asm 513ASM=$bin_dir$asm
514MKCANISTER=$mkcanister
515
516# FIPS validated module and support file locations
517
518E_PREMAIN_DSO=fips_premain_dso
519
520FIPSLIB_D=$fipslibdir
521BASEADDR=$baseaddr
522FIPS_PREMAIN_SRC=$fips_premain_c_path
523O_FIPSCANISTER=$fips_canister_path
524FIPS_SHA1_EXE=$fips_sha1_exe_path
525PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
349 526
350###################################################### 527######################################################
351# You should not need to touch anything below this point 528# You should not need to touch anything below this point
@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
377L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp 554L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
378L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp 555L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
379 556
380L_LIBS= \$(L_SSL) \$(L_CRYPTO) 557L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
381 558
382###################################################### 559######################################################
383# Don't touch anything below this point 560# Don't touch anything below this point
@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
387APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) 564APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
388LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) 565LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
389SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) 566SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
390LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) 567LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
391 568
392############################################# 569#############################################
393EOF 570EOF
394 571
395$rules=<<"EOF"; 572$rules=<<"EOF";
396all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe 573all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
397 574
398banner: 575banner:
399$banner 576$banner
@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();
479printf OUT "#endif\n"; 656printf OUT "#endif\n";
480close(OUT); 657close(OUT);
481 658
482#############################################
483# We parse in input file and 'store' info for later printing.
484open(IN,"<$infile") || die "unable to open $infile:$!\n";
485$_=<IN>;
486for (;;)
487 {
488 chop;
489
490 ($key,$val)=/^([^=]+)=(.*)/;
491 if ($key eq "RELATIVE_DIRECTORY")
492 {
493 if ($lib ne "")
494 {
495 $uc=$lib;
496 $uc =~ s/^lib(.*)\.a/$1/;
497 $uc =~ tr/a-z/A-Z/;
498 $lib_nam{$uc}=$uc;
499 $lib_obj{$uc}.=$libobj." ";
500 }
501 last if ($val eq "FINISHED");
502 $lib="";
503 $libobj="";
504 $dir=$val;
505 }
506
507 if ($key eq "TEST")
508 { $test.=&var_add($dir,$val); }
509
510 if (($key eq "PROGS") || ($key eq "E_OBJ"))
511 { $e_exe.=&var_add($dir,$val); }
512
513 if ($key eq "LIB")
514 {
515 $lib=$val;
516 $lib =~ s/^.*\/([^\/]+)$/$1/;
517 }
518
519 if ($key eq "EXHEADER")
520 { $exheader.=&var_add($dir,$val); }
521
522 if ($key eq "HEADER")
523 { $header.=&var_add($dir,$val); }
524
525 if ($key eq "LIBOBJ")
526 { $libobj=&var_add($dir,$val); }
527
528 if (!($_=<IN>))
529 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
530 }
531close(IN);
532
533# Strip of trailing ' ' 659# Strip of trailing ' '
534foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } 660foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
535$test=&clean_up_ws($test); 661$test=&clean_up_ws($test);
@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
554$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); 680$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
555$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); 681$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
556 682
683# Special case rules for fips_start and fips_end fips_premain_dso
684
685if ($fips)
686 {
687 if ($fips_canister_build)
688 {
689 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
690 "fips-1.0${o}fips_canister.c",
691 "-DFIPS_START \$(SHLIB_CFLAGS)");
692 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
693 "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
694 }
695 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
696 "fips-1.0${o}sha${o}fips_standalone_sha1.c",
697 "\$(SHLIB_CFLAGS)");
698 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
699 "fips-1.0${o}sha${o}fips_sha1dgst.c",
700 "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
701 $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
702 "fips-1.0${o}fips_premain.c",
703 "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
704 }
705
557foreach (values %lib_nam) 706foreach (values %lib_nam)
558 { 707 {
559 $lib_obj=$lib_obj{$_}; 708 $lib_obj=$lib_obj{$_};
@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))
630 } 779 }
631 780
632$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); 781$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
633$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); 782
634 783
635if ($fips) 784if ($fips)
636 { 785 {
637 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep"); 786 if ($shlib)
787 {
788 $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
789 "\$(O_CRYPTO)",
790 "$crypto",
791 $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
792 }
793 else
794 {
795 $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
796 "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
797 $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
798 "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
799 }
638 } 800 }
639else 801 else
640 { 802 {
641 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); 803 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
804 "\$(SO_CRYPTO)");
642 } 805 }
806
807
808if ($fips)
809 {
810 $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
811 $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
812
813 $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
814 }
815
816 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
817
643print $defs; 818print $defs;
644 819
645if ($platform eq "linux-elf") { 820if ($platform eq "linux-elf") {
@@ -935,6 +1110,24 @@ sub read_options
935 elsif (/^shlib$/) { $shlib=1; } 1110 elsif (/^shlib$/) { $shlib=1; }
936 elsif (/^dll$/) { $shlib=1; } 1111 elsif (/^dll$/) { $shlib=1; }
937 elsif (/^shared$/) { } # We just need to ignore it for now... 1112 elsif (/^shared$/) { } # We just need to ignore it for now...
1113 elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
1114 elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
1115 elsif (/^--with-krb5-flavor=(.*)$/)
1116 {
1117 my $krb5_flavor = $1;
1118 if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
1119 {
1120 $xcflags="-DKRB5_HEIMDAL $xcflags";
1121 }
1122 elsif ($krb5_flavor =~ /^MIT/i)
1123 {
1124 $xcflags="-DKRB5_MIT $xcflags";
1125 if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
1126 {
1127 $xcflags="-DKRB5_MIT_OLD11 $xcflags"
1128 }
1129 }
1130 }
938 elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } 1131 elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
939 elsif (/^-[lL].*$/) { $l_flags.="$_ "; } 1132 elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
940 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) 1133 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -942,3 +1135,31 @@ sub read_options
942 else { return(0); } 1135 else { return(0); }
943 return(1); 1136 return(1);
944 } 1137 }
1138
1139sub fipslib_error
1140 {
1141 print STDERR "***FIPS module directory sanity check failed***\n";
1142 print STDERR "FIPS module build failed, or was deleted\n";
1143 print STDERR "Please rebuild FIPS module.\n";
1144 exit 1;
1145 }
1146
1147sub fips_check_files
1148 {
1149 my $dir = shift @_;
1150 my $ret = 1;
1151 if (!-d $dir)
1152 {
1153 print STDERR "FIPS module directory $dir does not exist\n";
1154 fipslib_error();
1155 }
1156 foreach (@_)
1157 {
1158 if (!-f "$dir${o}$_")
1159 {
1160 print STDERR "FIPS module file $_ does not exist!\n";
1161 $ret = 0;
1162 }
1163 }
1164 fipslib_error() if ($ret == 0);
1165 }
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
index 9918c3d549..6c1e53bb14 100644
--- a/src/lib/libcrypto/util/mkdef.pl
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
83my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); 83my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
84my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", 84my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
85 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", 85 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
86 "RIPEMD", 86 "SHA256", "SHA512", "RIPEMD",
87 "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES", 87 "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
88 # Envelope "algorithms" 88 # Envelope "algorithms"
89 "EVP", "X509", "ASN1_TYPEDEFS", 89 "EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
267$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; 267$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
268$crypto.=" crypto/krb5/krb5_asn.h"; 268$crypto.=" crypto/krb5/krb5_asn.h";
269$crypto.=" crypto/tmdiff.h"; 269$crypto.=" crypto/tmdiff.h";
270$crypto.=" fips/fips.h fips/rand/fips_rand.h"; 270$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
271 271
272my $symhacks="crypto/symhacks.h"; 272my $symhacks="crypto/symhacks.h";
273 273
@@ -864,6 +864,9 @@ sub do_defs
864 $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); 864 $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
865 $a .= ",RSA" if($s =~ /RSAPrivateKey/); 865 $a .= ",RSA" if($s =~ /RSAPrivateKey/);
866 $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); 866 $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
867 # SHA2 algorithms only defined in FIPS mode for
868 # OpenSSL 0.9.7
869 $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
867 870
868 $platform{$s} = 871 $platform{$s} =
869 &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); 872 &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1011,7 +1014,7 @@ sub is_valid
1011{ 1014{
1012 my ($keywords_txt,$platforms) = @_; 1015 my ($keywords_txt,$platforms) = @_;
1013 my (@keywords) = split /,/,$keywords_txt; 1016 my (@keywords) = split /,/,$keywords_txt;
1014 my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords)); 1017 my ($falsesum, $truesum) = (0, 1);
1015 1018
1016 # Param: one keyword 1019 # Param: one keyword
1017 sub recognise 1020 sub recognise
@@ -1079,7 +1082,7 @@ sub is_valid
1079 if ($k =~ /^!(.*)$/) { 1082 if ($k =~ /^!(.*)$/) {
1080 $falsesum += &recognise($1,$platforms); 1083 $falsesum += &recognise($1,$platforms);
1081 } else { 1084 } else {
1082 $truesum += &recognise($k,$platforms); 1085 $truesum *= &recognise($k,$platforms);
1083 } 1086 }
1084 } 1087 }
1085 print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug; 1088 print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
index 60e534807e..9678514604 100644
--- a/src/lib/libcrypto/util/mkerr.pl
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -9,6 +9,9 @@ my $reindex = 0;
9my $dowrite = 0; 9my $dowrite = 0;
10my $staticloader = ""; 10my $staticloader = "";
11 11
12my $pack_errcode;
13my $load_errcode;
14
12while (@ARGV) { 15while (@ARGV) {
13 my $arg = $ARGV[0]; 16 my $arg = $ARGV[0];
14 if($arg eq "-conf") { 17 if($arg eq "-conf") {
@@ -41,8 +44,8 @@ while (@ARGV) {
41} 44}
42 45
43if($recurse) { 46if($recurse) {
44 @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>, 47 @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
45 <fips/*/*.c>); 48 <fips-1.0/*/*.c>);
46} else { 49} else {
47 @source = @ARGV; 50 @source = @ARGV;
48} 51}
@@ -399,6 +402,20 @@ EOF
399 $hincf = "\"$hfile\""; 402 $hincf = "\"$hfile\"";
400 } 403 }
401 404
405 # If static we know the error code at compile time so use it
406 # in error definitions.
407
408 if ($static)
409 {
410 $pack_errcode = "ERR_LIB_${lib}";
411 $load_errcode = "0";
412 }
413 else
414 {
415 $pack_errcode = "0";
416 $load_errcode = "ERR_LIB_${lib}";
417 }
418
402 419
403 open (OUT,">$cfile") || die "Can't open $cfile for writing"; 420 open (OUT,">$cfile") || die "Can't open $cfile for writing";
404 421
@@ -469,6 +486,10 @@ EOF
469 486
470/* BEGIN ERROR CODES */ 487/* BEGIN ERROR CODES */
471#ifndef OPENSSL_NO_ERR 488#ifndef OPENSSL_NO_ERR
489
490#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
491#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
492
472static ERR_STRING_DATA ${lib}_str_functs[]= 493static ERR_STRING_DATA ${lib}_str_functs[]=
473 { 494 {
474EOF 495EOF
@@ -480,7 +501,8 @@ EOF
480 if(exists $ftrans{$fn}) { 501 if(exists $ftrans{$fn}) {
481 $fn = $ftrans{$fn}; 502 $fn = $ftrans{$fn};
482 } 503 }
483 print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n"; 504# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
505 print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
484 } 506 }
485 print OUT <<"EOF"; 507 print OUT <<"EOF";
486{0,NULL} 508{0,NULL}
@@ -492,6 +514,7 @@ EOF
492 # Add each reason code. 514 # Add each reason code.
493 foreach $i (@reasons) { 515 foreach $i (@reasons) {
494 my $rn; 516 my $rn;
517 my $rstr = "ERR_REASON($i)";
495 my $nspc = 0; 518 my $nspc = 0;
496 if (exists $err_reason_strings{$i}) { 519 if (exists $err_reason_strings{$i}) {
497 $rn = $err_reason_strings{$i}; 520 $rn = $err_reason_strings{$i};
@@ -500,9 +523,9 @@ EOF
500 $rn = $1; 523 $rn = $1;
501 $rn =~ tr/_[A-Z]/ [a-z]/; 524 $rn =~ tr/_[A-Z]/ [a-z]/;
502 } 525 }
503 $nspc = 40 - length($i) unless length($i) > 40; 526 $nspc = 40 - length($rstr) unless length($rstr) > 40;
504 $nspc = " " x $nspc; 527 $nspc = " " x $nspc;
505 print OUT "{${i}${nspc},\"$rn\"},\n"; 528 print OUT "{${rstr}${nspc},\"$rn\"},\n";
506 } 529 }
507if($static) { 530if($static) {
508 print OUT <<"EOF"; 531 print OUT <<"EOF";
@@ -519,8 +542,8 @@ ${staticloader}void ERR_load_${lib}_strings(void)
519 { 542 {
520 init=0; 543 init=0;
521#ifndef OPENSSL_NO_ERR 544#ifndef OPENSSL_NO_ERR
522 ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs); 545 ERR_load_strings($load_errcode,${lib}_str_functs);
523 ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons); 546 ERR_load_strings($load_errcode,${lib}_str_reasons);
524#endif 547#endif
525 548
526 } 549 }
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
index 928a274303..bc78510f56 100644
--- a/src/lib/libcrypto/util/mkfiles.pl
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -51,14 +51,15 @@ my @dirs = (
51"crypto/ocsp", 51"crypto/ocsp",
52"crypto/ui", 52"crypto/ui",
53"crypto/krb5", 53"crypto/krb5",
54"fips", 54"fips-1.0",
55"fips/aes", 55"fips-1.0/aes",
56"fips/des", 56"fips-1.0/des",
57"fips/dsa", 57"fips-1.0/dsa",
58"fips/dh", 58"fips-1.0/dh",
59"fips/rand", 59"fips-1.0/hmac",
60"fips/rsa", 60"fips-1.0/rand",
61"fips/sha1", 61"fips-1.0/rsa",
62"fips-1.0/sha",
62"ssl", 63"ssl",
63"apps", 64"apps",
64"test", 65"test",
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
index c8653cecc3..182732d959 100644
--- a/src/lib/libcrypto/util/mklink.pl
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -14,13 +14,16 @@
14# not contain symbolic links and that the parent of / is never referenced. 14# not contain symbolic links and that the parent of / is never referenced.
15# Apart from this, this script should be able to handle even the most 15# Apart from this, this script should be able to handle even the most
16# pathological cases. 16# pathological cases.
17#
18
19use Cwd;
17 20
18my $from = shift; 21my $from = shift;
19my @files = @ARGV; 22my @files = @ARGV;
20 23
21my @from_path = split(/[\\\/]/, $from); 24my @from_path = split(/[\\\/]/, $from);
22my $pwd = `pwd`; 25my $pwd = getcwd();
23chop($pwd); 26chomp($pwd);
24my @pwd_path = split(/[\\\/]/, $pwd); 27my @pwd_path = split(/[\\\/]/, $pwd);
25 28
26my @to_path = (); 29my @to_path = ();
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 897ae9d824..28869c868d 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
18$tmp_def="tmp32"; 18$tmp_def="tmp32";
19$inc_def="inc32"; 19$inc_def="inc32";
20#enable max error messages, disable most common warnings 20#enable max error messages, disable most common warnings
21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp "; 21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
22if ($debug) 22if ($debug)
23{ 23{
24 $cflags.="-Od -y -v -vi- -D_DEBUG"; 24 $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
51$shlib_ex_obj=""; 51$shlib_ex_obj="";
52$app_ex_obj="c0x32.obj"; 52$app_ex_obj="c0x32.obj";
53 53
54$asm='nasmw -f obj'; 54$asm='nasmw -f obj -d__omf__';
55$asm.=" /Zi" if $debug; 55$asm.=" /Zi" if $debug;
56$afile='-o'; 56$afile='-o';
57 57
@@ -106,9 +106,13 @@ sub do_lib_rule
106 $ret.="$target: $objs\n"; 106 $ret.="$target: $objs\n";
107 if (!$shlib) 107 if (!$shlib)
108 { 108 {
109 # $ret.="\t\$(RM) \$(O_$Name)\n"; 109 $ret.=<<___;
110 $ret.="\techo LIB $<\n"; 110 -\$(RM) $lfile$target
111 $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n"; 111 \$(MKLIB) $lfile$target \@&&!
112+\$(**: = &^
113+)
114!
115___
112 } 116 }
113 else 117 else
114 { 118 {
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
index 75d72ebbcb..8dbeaa7a08 100644
--- a/src/lib/libcrypto/util/pl/OS2-EMX.pl
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)
68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; 68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; 69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; 70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
71 $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
71 } 72 }
72 73
73if ($shlib) 74if ($shlib)
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index cf689b9feb..4e97dfa9af 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -3,15 +3,28 @@
3# 3#
4 4
5$ssl= "ssleay32"; 5$ssl= "ssleay32";
6$crypto="libeay32"; 6
7if ($fips && !$shlib)
8 {
9 $crypto="libeayfips32";
10 $crypto_compat = "libeaycompat32.lib";
11 }
12else
13 {
14 $crypto="libeay32";
15 }
7 16
8$o='\\'; 17$o='\\';
9$cp='copy nul+'; # Timestamps get stuffed otherwise 18$cp='copy nul+'; # Timestamps get stuffed otherwise
10$rm='del'; 19$rm='del';
11 20
21$zlib_lib="zlib1.lib";
22
12# C compiler stuff 23# C compiler stuff
13$cc='cl'; 24$cc='cl';
14$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; 25$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
26$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
27$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
15$lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; 28$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
16$mlflags=''; 29$mlflags='';
17 30
@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";
100 113
101sub do_lib_rule 114sub do_lib_rule
102 { 115 {
103 local($objs,$target,$name,$shlib)=@_; 116 local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
104 local($ret,$Name); 117 local($ret,$Name);
105 118
106 $taget =~ s/\//$o/g if $o ne '/'; 119 $taget =~ s/\//$o/g if $o ne '/';
107 ($Name=$name) =~ tr/a-z/A-Z/; 120 ($Name=$name) =~ tr/a-z/A-Z/;
121 my $base_arg;
122 if ($base_addr ne "")
123 {
124 $base_arg= " /base:$base_addr";
125 }
126 else
127 {
128 $base_arg = "";
129 }
130
108 131
109# $target="\$(LIB_D)$o$target"; 132# $target="\$(LIB_D)$o$target";
110 $ret.="$target: $objs\n";
111 if (!$shlib) 133 if (!$shlib)
112 { 134 {
113# $ret.="\t\$(RM) \$(O_$Name)\n"; 135# $ret.="\t\$(RM) \$(O_$Name)\n";
136 $ret.="$target: $objs\n";
114 $ex =' advapi32.lib'; 137 $ex =' advapi32.lib';
138 $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
115 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; 139 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
116 } 140 }
117 else 141 else
118 { 142 {
119 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; 143 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
120 $ex.=' wsock32.lib gdi32.lib advapi32.lib'; 144 $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
121 $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; 145 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
146 if ($fips && $target =~ /O_CRYPTO/)
147 {
148 $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
149 $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
150 $ret.="\tSET FIPS_LINK=\$(LINK)\n";
151 $ret.="\tSET FIPS_CC=\$(CC)\n";
152 $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
153 $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
154 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
155 $ret.="\tSET FIPS_TARGET=$target\n";
156 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
157 $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
158 $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
159 $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
160 }
161 else
162 {
163 $ret.="$target: $objs\n";
164 $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
165 }
122 } 166 }
123 $ret.="\n"; 167 $ret.="\n";
124 return($ret); 168 return($ret);
@@ -126,20 +170,51 @@ sub do_lib_rule
126 170
127sub do_link_rule 171sub do_link_rule
128 { 172 {
129 local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; 173 local($target,$files,$dep_libs,$libs,$standalone)=@_;
130 local($ret,$_); 174 local($ret,$_);
131
132 $file =~ s/\//$o/g if $o ne '/'; 175 $file =~ s/\//$o/g if $o ne '/';
133 $n=&bname($targer); 176 $n=&bname($targer);
134 $ret.="$target: $files $dep_libs\n"; 177 $ret.="$target: $files $dep_libs\n";
135 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; 178 if ($standalone)
136 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; 179 {
137 if (defined $sha1file) 180 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
181 $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
182 $ret.="$files $libs\n<<\n";
183 }
184 elsif ($fips && !$shlib)
138 { 185 {
139 $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; 186 $ret.="\tSET FIPS_LINK=\$(LINK)\n";
187 $ret.="\tSET FIPS_CC=\$(CC)\n";
188 $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
189 $ret.="\tSET PREMAIN_DSO_EXE=\n";
190 $ret.="\tSET FIPS_TARGET=$target\n";
191 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
192 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
193 $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
194 $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
140 } 195 }
196 else
197 {
198 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
199 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
200 }
201 $ret.="\n";
202 return($ret);
203 }
204
205sub do_rlink_rule
206 {
207 local($target,$files,$dep_libs,$libs)=@_;
208 local($ret,$_);
209
210 $file =~ s/\//$o/g if $o ne '/';
211 $n=&bname($targer);
212 $ret.="$target: $files $dep_libs\n";
213 $ret.=" \$(MKCANISTER) $target <<\n";
214 $ret.="INPUT($files)\n<<\n";
141 $ret.="\n"; 215 $ret.="\n";
142 return($ret); 216 return($ret);
143 } 217 }
144 218
219
1451; 2201;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
index 657e4e264e..546d1ec186 100644
--- a/src/lib/libcrypto/util/pod2man.pl
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -425,6 +425,7 @@ if ($name ne 'something') {
425 } 425 }
426 next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME 426 next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
427 next if /^=pod\b/; # It is OK to have =pod before NAME 427 next if /^=pod\b/; # It is OK to have =pod before NAME
428 next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
428 die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; 429 die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
429 } 430 }
430 die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; 431 die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
index e9d5aa8938..4778c5ab01 100644
--- a/src/lib/libcrypto/util/selftest.pl
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
49} 49}
50 50
51$cversion=`$cc -v 2>&1`; 51$cversion=`$cc -v 2>&1`;
52$cversion=`$cc -V 2>&1` if $cversion =~ "usage"; 52$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
53$cversion=`$cc -V |head -1` if $cversion =~ "Error"; 53$cversion=`$cc -V |head -1` if $cversion =~ "Error";
54$cversion=`$cc --version` if $cversion eq ""; 54$cversion=`$cc --version` if $cversion eq "";
55$cversion =~ s/Reading specs.*\n//; 55$cversion =~ s/Reading specs.*\n//;
@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
130 goto err; 130 goto err;
131} 131}
132 132
133$_=$options; 133# Not sure why this is here. The tests themselves can detect if their
134s/no-asm//; 134# particular feature isn't included, and should therefore skip themselves.
135s/no-shared//; 135# To skip *all* tests just because one algorithm isn't included is like
136s/no-krb5//; 136# shooting mosquito with an elephant gun...
137if (/no-/) 137# -- Richard Levitte, inspired by problem report 1089
138{ 138#
139 print OUT "Test skipped.\n"; 139#$_=$options;
140 goto err; 140#s/no-asm//;
141} 141#s/no-shared//;
142#s/no-krb5//;
143#if (/no-/)
144#{
145# print OUT "Test skipped.\n";
146# goto err;
147#}
142 148
143print "Running make test...\n"; 149print "Running make test...\n";
144if (system("make test 2>&1 | tee maketest.log") > 255) 150if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 6207340472..ea689aed1a 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
114 { 114 {
115 int ret=0; 115 int ret=0;
116 BY_DIR *ld; 116 BY_DIR *ld;
117 char *dir; 117 char *dir = NULL;
118 118
119 ld=(BY_DIR *)ctx->method_data; 119 ld=(BY_DIR *)ctx->method_data;
120 120
@@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
123 case X509_L_ADD_DIR: 123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT) 124 if (argl == X509_FILETYPE_DEFAULT)
125 { 125 {
126 ret=add_cert_dir(ld,X509_get_default_cert_dir(), 126 dir=(char *)Getenv(X509_get_default_cert_dir_env());
127 X509_FILETYPE_PEM); 127 if (dir)
128 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
129 else
130 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
131 X509_FILETYPE_PEM);
128 if (!ret) 132 if (!ret)
129 { 133 {
130 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); 134 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
131 } 135 }
132 else
133 {
134 dir=(char *)Getenv(X509_get_default_cert_dir_env());
135 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
136 }
137 } 136 }
138 else 137 else
139 ret=add_cert_dir(ld,argp,(int)argl); 138 ret=add_cert_dir(ld,argp,(int)argl);
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index 5bbf4acf76..d44d046027 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -1,6 +1,6 @@
1/* crypto/x509/x509_err.c */ 1/* crypto/x509/x509_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,77 +64,81 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70
67static ERR_STRING_DATA X509_str_functs[]= 71static ERR_STRING_DATA X509_str_functs[]=
68 { 72 {
69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, 73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, 74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, 75{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, 76{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"}, 77{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"}, 78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, 79{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"}, 80{ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"}, 81{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"}, 82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"}, 83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"}, 84{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"}, 85{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, 86{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, 87{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, 88{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, 89{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, 90{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, 91{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, 92{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, 93{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, 94{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"}, 95{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, 96{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, 97{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, 98{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
95{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, 99{ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"},
96{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, 100{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
97{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, 101{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, 102{ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"},
99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, 103{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, 104{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, 105{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, 106{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, 107{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
104{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, 108{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
105{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, 109{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
106{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, 110{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
107{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, 111{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
108{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"}, 112{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
109{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, 113{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
110{0,NULL} 114{0,NULL}
111 }; 115 };
112 116
113static ERR_STRING_DATA X509_str_reasons[]= 117static ERR_STRING_DATA X509_str_reasons[]=
114 { 118 {
115{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, 119{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
116{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"}, 120{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
117{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, 121{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
118{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, 122{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
119{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, 123{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
120{X509_R_INVALID_DIRECTORY ,"invalid directory"}, 124{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
121{X509_R_INVALID_FIELD_NAME ,"invalid field name"}, 125{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
122{X509_R_INVALID_TRUST ,"invalid trust"}, 126{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
123{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, 127{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
124{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, 128{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
125{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, 129{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
126{X509_R_LOADING_DEFAULTS ,"loading defaults"}, 130{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
127{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, 131{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
128{X509_R_SHOULD_RETRY ,"should retry"}, 132{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
129{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, 133{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
130{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, 134{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
131{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, 135{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
132{X509_R_UNKNOWN_NID ,"unknown nid"}, 136{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
133{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"}, 137{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
134{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"}, 138{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
135{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, 139{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
136{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, 140{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
137{X509_R_WRONG_TYPE ,"wrong type"}, 141{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
138{0,NULL} 142{0,NULL}
139 }; 143 };
140 144
@@ -148,8 +152,8 @@ void ERR_load_X509_strings(void)
148 { 152 {
149 init=0; 153 init=0;
150#ifndef OPENSSL_NO_ERR 154#ifndef OPENSSL_NO_ERR
151 ERR_load_strings(ERR_LIB_X509,X509_str_functs); 155 ERR_load_strings(0,X509_str_functs);
152 ERR_load_strings(ERR_LIB_X509,X509_str_reasons); 156 ERR_load_strings(0,X509_str_reasons);
153#endif 157#endif
154 158
155 } 159 }
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index e43c861ee7..383e082aba 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
944 offset=0; 944 offset=0;
945 else 945 else
946 { 946 {
947 if ((*str != '+') && (str[5] != '-')) 947 if ((*str != '+') && (*str != '-'))
948 return 0; 948 return 0;
949 offset=((str[1]-'0')*10+(str[2]-'0'))*60; 949 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
950 offset+=(str[3]-'0')*10+(str[4]-'0'); 950 offset+=(str[3]-'0')*10+(str[4]-'0');
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index 0d554f3a2c..867525f336 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
137 CONF_VALUE *cnf; 137 CONF_VALUE *cnf;
138 int i, ia5org; 138 int i, ia5org;
139 pols = sk_POLICYINFO_new_null(); 139 pols = sk_POLICYINFO_new_null();
140 if (pols == NULL) {
141 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142 return NULL;
143 }
140 vals = X509V3_parse_list(value); 144 vals = X509V3_parse_list(value);
145 if (vals == NULL) {
146 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
147 goto err;
148 }
141 ia5org = 0; 149 ia5org = 0;
142 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { 150 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
143 cnf = sk_CONF_VALUE_value(vals, i); 151 cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
176 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 184 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
177 return pols; 185 return pols;
178 err: 186 err:
187 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
179 sk_POLICYINFO_pop_free(pols, POLICYINFO_free); 188 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
180 return NULL; 189 return NULL;
181} 190}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index 2df0c3ef01..e1edaf5248 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -64,114 +64,118 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
70
67static ERR_STRING_DATA X509V3_str_functs[]= 71static ERR_STRING_DATA X509V3_str_functs[]=
68 { 72 {
69{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, 73{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
70{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, 74{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
71{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, 75{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
72{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, 76{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
73{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, 77{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, 78{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
75{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"}, 79{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
76{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, 80{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
77{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, 81{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
78{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, 82{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
79{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, 83{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
80{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, 84{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
81{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, 85{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
82{ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"}, 86{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
83{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, 87{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
84{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, 88{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
85{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, 89{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
86{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, 90{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
87{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"}, 91{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
88{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"}, 92{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
89{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"}, 93{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
90{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"}, 94{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
91{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, 95{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
92{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, 96{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
93{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, 97{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
94{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, 98{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
95{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, 99{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
96{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, 100{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
97{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, 101{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
98{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"}, 102{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
99{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, 103{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
100{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, 104{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
101{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, 105{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
102{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, 106{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
103{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, 107{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
104{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, 108{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
105{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, 109{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
106{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, 110{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
107{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, 111{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
108{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, 112{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
109{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, 113{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
110{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, 114{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
111{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, 115{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
112{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"}, 116{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
113{0,NULL} 117{0,NULL}
114 }; 118 };
115 119
116static ERR_STRING_DATA X509V3_str_reasons[]= 120static ERR_STRING_DATA X509V3_str_reasons[]=
117 { 121 {
118{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"}, 122{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
119{X509V3_R_BAD_OBJECT ,"bad object"}, 123{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
120{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, 124{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
121{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, 125{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
122{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, 126{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
123{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, 127{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
124{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, 128{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
125{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, 129{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
126{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, 130{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
127{X509V3_R_EXTENSION_EXISTS ,"extension exists"}, 131{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
128{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, 132{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
129{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, 133{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
130{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, 134{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
131{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, 135{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
132{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, 136{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
133{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"}, 137{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
134{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, 138{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
135{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, 139{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
136{X509V3_R_INVALID_NAME ,"invalid name"}, 140{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
137{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 141{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
138{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, 142{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
139{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, 143{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
140{X509V3_R_INVALID_NUMBER ,"invalid number"}, 144{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
141{X509V3_R_INVALID_NUMBERS ,"invalid numbers"}, 145{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
142{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, 146{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
143{X509V3_R_INVALID_OPTION ,"invalid option"}, 147{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
144{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, 148{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
145{X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"}, 149{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
146{X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"}, 150{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
147{X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, 151{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
148{X509V3_R_INVALID_SECTION ,"invalid section"}, 152{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
149{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, 153{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
150{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, 154{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
151{X509V3_R_MISSING_VALUE ,"missing value"}, 155{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
152{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, 156{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
153{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, 157{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
154{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, 158{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
155{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, 159{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
156{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, 160{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
157{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"}, 161{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
158{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, 162{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
159{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, 163{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
160{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, 164{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
161{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"}, 165{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
162{X509V3_R_POLICY_PATH_LENGTH ,"policy path length"}, 166{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
163{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"}, 167{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
164{X509V3_R_POLICY_SYNTAX_NOT ,"policy syntax not"}, 168{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
165{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"}, 169{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
166{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"}, 170{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
167{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, 171{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
168{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, 172{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
169{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, 173{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
170{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"}, 174{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
171{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"}, 175{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
172{X509V3_R_UNKNOWN_OPTION ,"unknown option"}, 176{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
173{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"}, 177{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
174{X509V3_R_USER_TOO_LONG ,"user too long"}, 178{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
175{0,NULL} 179{0,NULL}
176 }; 180 };
177 181
@@ -185,8 +189,8 @@ void ERR_load_X509V3_strings(void)
185 { 189 {
186 init=0; 190 init=0;
187#ifndef OPENSSL_NO_ERR 191#ifndef OPENSSL_NO_ERR
188 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); 192 ERR_load_strings(0,X509V3_str_functs);
189 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); 193 ERR_load_strings(0,X509V3_str_reasons);
190#endif 194#endif
191 195
192 } 196 }
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index 40277883a5..e6afecc724 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 779e94a35c..86356731ea 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -106,7 +106,7 @@ SSL_METHOD *SSLv23_client_method(void)
106int ssl23_connect(SSL *s) 106int ssl23_connect(SSL *s)
107 { 107 {
108 BUF_MEM *buf=NULL; 108 BUF_MEM *buf=NULL;
109 unsigned long Time=time(NULL); 109 unsigned long Time=(unsigned long)time(NULL);
110 void (*cb)(const SSL *ssl,int type,int val)=NULL; 110 void (*cb)(const SSL *ssl,int type,int val)=NULL;
111 int ret= -1; 111 int ret= -1;
112 int new_state,state; 112 int new_state,state;
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
220 { 220 {
221 unsigned char *buf; 221 unsigned char *buf;
222 unsigned char *p,*d; 222 unsigned char *p,*d;
223 int i,ch_len; 223 int i,j,ch_len;
224 unsigned long Time,l;
225 int ssl2_compat;
226 int version = 0, version_major, version_minor;
227 SSL_COMP *comp;
224 int ret; 228 int ret;
225 229
230 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
231
232 if (!(s->options & SSL_OP_NO_TLSv1))
233 {
234 version = TLS1_VERSION;
235 }
236 else if (!(s->options & SSL_OP_NO_SSLv3))
237 {
238 version = SSL3_VERSION;
239 }
240 else if (!(s->options & SSL_OP_NO_SSLv2))
241 {
242 version = SSL2_VERSION;
243 }
244
226 buf=(unsigned char *)s->init_buf->data; 245 buf=(unsigned char *)s->init_buf->data;
227 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 246 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
228 { 247 {
@@ -235,19 +254,15 @@ static int ssl23_client_hello(SSL *s)
235#endif 254#endif
236 255
237 p=s->s3->client_random; 256 p=s->s3->client_random;
238 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) 257 Time=(unsigned long)time(NULL); /* Time */
239 return -1; 258 l2n(Time,p);
240 259 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
241 /* Do the message type and length last */ 260 return -1;
242 d= &(buf[2]);
243 p=d+9;
244 261
245 *(d++)=SSL2_MT_CLIENT_HELLO; 262 if (version == TLS1_VERSION)
246 if (!(s->options & SSL_OP_NO_TLSv1))
247 { 263 {
248 *(d++)=TLS1_VERSION_MAJOR; 264 version_major = TLS1_VERSION_MAJOR;
249 *(d++)=TLS1_VERSION_MINOR; 265 version_minor = TLS1_VERSION_MINOR;
250 s->client_version=TLS1_VERSION;
251 } 266 }
252#ifdef OPENSSL_FIPS 267#ifdef OPENSSL_FIPS
253 else if(FIPS_mode()) 268 else if(FIPS_mode())
@@ -257,17 +272,15 @@ static int ssl23_client_hello(SSL *s)
257 return -1; 272 return -1;
258 } 273 }
259#endif 274#endif
260 else if (!(s->options & SSL_OP_NO_SSLv3)) 275 else if (version == SSL3_VERSION)
261 { 276 {
262 *(d++)=SSL3_VERSION_MAJOR; 277 version_major = SSL3_VERSION_MAJOR;
263 *(d++)=SSL3_VERSION_MINOR; 278 version_minor = SSL3_VERSION_MINOR;
264 s->client_version=SSL3_VERSION;
265 } 279 }
266 else if (!(s->options & SSL_OP_NO_SSLv2)) 280 else if (version == SSL2_VERSION)
267 { 281 {
268 *(d++)=SSL2_VERSION_MAJOR; 282 version_major = SSL2_VERSION_MAJOR;
269 *(d++)=SSL2_VERSION_MINOR; 283 version_minor = SSL2_VERSION_MINOR;
270 s->client_version=SSL2_VERSION;
271 } 284 }
272 else 285 else
273 { 286 {
@@ -275,59 +288,153 @@ static int ssl23_client_hello(SSL *s)
275 return(-1); 288 return(-1);
276 } 289 }
277 290
278 /* Ciphers supported */ 291 s->client_version = version;
279 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); 292
280 if (i == 0) 293 if (ssl2_compat)
281 { 294 {
282 /* no ciphers */ 295 /* create SSL 2.0 compatible Client Hello */
283 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 296
284 return(-1); 297 /* two byte record header will be written last */
285 } 298 d = &(buf[2]);
286 s2n(i,d); 299 p = d + 9; /* leave space for message type, version, individual length fields */
287 p+=i;
288 300
289 /* put in the session-id, zero since there is no 301 *(d++) = SSL2_MT_CLIENT_HELLO;
290 * reuse. */ 302 *(d++) = version_major;
303 *(d++) = version_minor;
304
305 /* Ciphers supported */
306 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
307 if (i == 0)
308 {
309 /* no ciphers */
310 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
311 return -1;
312 }
313 s2n(i,d);
314 p+=i;
315
316 /* put in the session-id length (zero since there is no reuse) */
291#if 0 317#if 0
292 s->session->session_id_length=0; 318 s->session->session_id_length=0;
293#endif 319#endif
294 s2n(0,d); 320 s2n(0,d);
295 321
296 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 322 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
297 ch_len=SSL2_CHALLENGE_LENGTH; 323 ch_len=SSL2_CHALLENGE_LENGTH;
324 else
325 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
326
327 /* write out sslv2 challenge */
328 if (SSL3_RANDOM_SIZE < ch_len)
329 i=SSL3_RANDOM_SIZE;
330 else
331 i=ch_len;
332 s2n(i,d);
333 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
334 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
335 return -1;
336
337 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
338 p+=i;
339
340 i= p- &(buf[2]);
341 buf[0]=((i>>8)&0xff)|0x80;
342 buf[1]=(i&0xff);
343
344 /* number of bytes to write */
345 s->init_num=i+2;
346 s->init_off=0;
347
348 ssl3_finish_mac(s,&(buf[2]),i);
349 }
298 else 350 else
299 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 351 {
352 /* create Client Hello in SSL 3.0/TLS 1.0 format */
300 353
301 /* write out sslv2 challenge */ 354 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
302 if (SSL3_RANDOM_SIZE < ch_len) 355 d = p = &(buf[9]);
303 i=SSL3_RANDOM_SIZE; 356
304 else 357 *(p++) = version_major;
305 i=ch_len; 358 *(p++) = version_minor;
306 s2n(i,d); 359
307 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 360 /* Random stuff */
308 if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 361 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
309 return -1; 362 p += SSL3_RANDOM_SIZE;
363
364 /* Session ID (zero since there is no reuse) */
365 *(p++) = 0;
366
367 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
368 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
369 if (i == 0)
370 {
371 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
372 return -1;
373 }
374 s2n(i,p);
375 p+=i;
376
377 /* COMPRESSION */
378 if (s->ctx->comp_methods == NULL)
379 j=0;
380 else
381 j=sk_SSL_COMP_num(s->ctx->comp_methods);
382 *(p++)=1+j;
383 for (i=0; i<j; i++)
384 {
385 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
386 *(p++)=comp->id;
387 }
388 *(p++)=0; /* Add the NULL method */
389
390 l = p-d;
391 *p = 42;
310 392
311 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 393 /* fill in 4-byte handshake header */
312 p+=i; 394 d=&(buf[5]);
395 *(d++)=SSL3_MT_CLIENT_HELLO;
396 l2n3(l,d);
313 397
314 i= p- &(buf[2]); 398 l += 4;
315 buf[0]=((i>>8)&0xff)|0x80; 399
316 buf[1]=(i&0xff); 400 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
401 {
402 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
403 return -1;
404 }
405
406 /* fill in 5-byte record header */
407 d=buf;
408 *(d++) = SSL3_RT_HANDSHAKE;
409 *(d++) = version_major;
410 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
411 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
412 s2n((int)l,d);
413
414 /* number of bytes to write */
415 s->init_num=p-buf;
416 s->init_off=0;
417
418 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
419 }
317 420
318 s->state=SSL23_ST_CW_CLNT_HELLO_B; 421 s->state=SSL23_ST_CW_CLNT_HELLO_B;
319 /* number of bytes to write */
320 s->init_num=i+2;
321 s->init_off=0; 422 s->init_off=0;
322
323 ssl3_finish_mac(s,&(buf[2]),i);
324 } 423 }
325 424
326 /* SSL3_ST_CW_CLNT_HELLO_B */ 425 /* SSL3_ST_CW_CLNT_HELLO_B */
327 ret = ssl23_write_bytes(s); 426 ret = ssl23_write_bytes(s);
328 if (ret >= 2) 427
329 if (s->msg_callback) 428 if ((ret >= 2) && s->msg_callback)
330 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 429 {
430 /* Client Hello has been sent; tell msg_callback */
431
432 if (ssl2_compat)
433 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
434 else
435 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
436 }
437
331 return ret; 438 return ret;
332 } 439 }
333 440
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index e9edc34328..b73abc448f 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -158,7 +158,7 @@ SSL_METHOD *SSLv23_server_method(void)
158int ssl23_accept(SSL *s) 158int ssl23_accept(SSL *s)
159 { 159 {
160 BUF_MEM *buf; 160 BUF_MEM *buf;
161 unsigned long Time=time(NULL); 161 unsigned long Time=(unsigned long)time(NULL);
162 void (*cb)(const SSL *ssl,int type,int val)=NULL; 162 void (*cb)(const SSL *ssl,int type,int val)=NULL;
163 int ret= -1; 163 int ret= -1;
164 int new_state,state; 164 int new_state,state;
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
268 int n=0,j; 268 int n=0,j;
269 int type=0; 269 int type=0;
270 int v[2]; 270 int v[2];
271#ifndef OPENSSL_NO_RSA
272 int use_sslv2_strong=0;
273#endif
274 271
275 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 272 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
276 { 273 {
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index ebf83b0322..4163d97944 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -165,7 +165,7 @@ SSL_METHOD *SSLv3_client_method(void)
165int ssl3_connect(SSL *s) 165int ssl3_connect(SSL *s)
166 { 166 {
167 BUF_MEM *buf=NULL; 167 BUF_MEM *buf=NULL;
168 unsigned long Time=time(NULL),l; 168 unsigned long Time=(unsigned long)time(NULL),l;
169 long num1; 169 long num1;
170 void (*cb)(const SSL *ssl,int type,int val)=NULL; 170 void (*cb)(const SSL *ssl,int type,int val)=NULL;
171 int ret= -1; 171 int ret= -1;
@@ -533,7 +533,7 @@ static int ssl3_client_hello(SSL *s)
533 /* else use the pre-loaded session */ 533 /* else use the pre-loaded session */
534 534
535 p=s->s3->client_random; 535 p=s->s3->client_random;
536 Time=time(NULL); /* Time */ 536 Time=(unsigned long)time(NULL); /* Time */
537 l2n(Time,p); 537 l2n(Time,p);
538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
539 goto err; 539 goto err;
@@ -567,7 +567,7 @@ static int ssl3_client_hello(SSL *s)
567 } 567 }
568 568
569 /* Ciphers supported */ 569 /* Ciphers supported */
570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); 570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
571 if (i == 0) 571 if (i == 0)
572 { 572 {
573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9bf1dbec06..a77588e725 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -835,7 +835,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
835 TLS1_TXT_RSA_WITH_AES_128_SHA, 835 TLS1_TXT_RSA_WITH_AES_128_SHA,
836 TLS1_CK_RSA_WITH_AES_128_SHA, 836 TLS1_CK_RSA_WITH_AES_128_SHA,
837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
838 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
839 0, 839 0,
840 128, 840 128,
841 128, 841 128,
@@ -848,7 +848,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
849 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 849 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
851 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 851 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
852 0, 852 0,
853 128, 853 128,
854 128, 854 128,
@@ -861,7 +861,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
862 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 862 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
864 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 864 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
865 0, 865 0,
866 128, 866 128,
867 128, 867 128,
@@ -874,7 +874,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
877 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 877 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
878 0, 878 0,
879 128, 879 128,
880 128, 880 128,
@@ -887,7 +887,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
890 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 890 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
891 0, 891 0,
892 128, 892 128,
893 128, 893 128,
@@ -900,7 +900,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
900 TLS1_TXT_ADH_WITH_AES_128_SHA, 900 TLS1_TXT_ADH_WITH_AES_128_SHA,
901 TLS1_CK_ADH_WITH_AES_128_SHA, 901 TLS1_CK_ADH_WITH_AES_128_SHA,
902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
903 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
904 0, 904 0,
905 128, 905 128,
906 128, 906 128,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c4a1a71523..36fc39d7f8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -173,7 +173,7 @@ SSL_METHOD *SSLv3_server_method(void)
173int ssl3_accept(SSL *s) 173int ssl3_accept(SSL *s)
174 { 174 {
175 BUF_MEM *buf; 175 BUF_MEM *buf;
176 unsigned long l,Time=time(NULL); 176 unsigned long l,Time=(unsigned long)time(NULL);
177 void (*cb)(const SSL *ssl,int type,int val)=NULL; 177 void (*cb)(const SSL *ssl,int type,int val)=NULL;
178 long num1; 178 long num1;
179 int ret= -1; 179 int ret= -1;
@@ -954,7 +954,7 @@ static int ssl3_send_server_hello(SSL *s)
954 { 954 {
955 buf=(unsigned char *)s->init_buf->data; 955 buf=(unsigned char *)s->init_buf->data;
956 p=s->s3->server_random; 956 p=s->s3->server_random;
957 Time=time(NULL); /* Time */ 957 Time=(unsigned long)time(NULL); /* Time */
958 l2n(Time,p); 958 l2n(Time,p);
959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
960 return -1; 960 return -1;
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index cccc4f812f..2840a36a6d 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,8 +2,94 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.7i and 0.9.7j [04 May 2006]
6
7 *) Adapt fipsld and the build system to link against the validated FIPS
8 module in FIPS mode.
9 [Steve Henson]
10
11 *) Fixes for VC++ 2005 build under Windows.
12 [Steve Henson]
13
14 *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
15 from a Windows bash shell such as MSYS. It is autodetected from the
16 "config" script when run from a VC++ environment. Modify standard VC++
17 build to use fipscanister.o from the GNU make build.
18 [Steve Henson]
19
20 Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
21
22 *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
23 The value now differs depending on if you build for FIPS or not.
24 BEWARE! A program linked with a shared FIPSed libcrypto can't be
25 safely run with a non-FIPSed libcrypto, as it may crash because of
26 the difference induced by this change.
27 [Andy Polyakov]
28
29 Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
30
31 *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
32 (part of SSL_OP_ALL). This option used to disable the
33 countermeasure against man-in-the-middle protocol-version
34 rollback in the SSL 2.0 server implementation, which is a bad
35 idea. (CVE-2005-2969)
36
37 [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
38 for Information Security, National Institute of Advanced Industrial
39 Science and Technology [AIST], Japan)]
40
41 *) Minimal support for X9.31 signatures and PSS padding modes. This is
42 mainly for FIPS compliance and not fully integrated at this stage.
43 [Steve Henson]
44
45 *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
46 the exponentiation using a fixed-length exponent. (Otherwise,
47 the information leaked through timing could expose the secret key
48 after many signatures; cf. Bleichenbacher's attack on DSA with
49 biased k.)
50 [Bodo Moeller]
51
52 *) Make a new fixed-window mod_exp implementation the default for
53 RSA, DSA, and DH private-key operations so that the sequence of
54 squares and multiplies and the memory access pattern are
55 independent of the particular secret key. This will mitigate
56 cache-timing and potential related attacks.
57
58 BN_mod_exp_mont_consttime() is the new exponentiation implementation,
59 and this is automatically used by BN_mod_exp_mont() if the new flag
60 BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
61 will use this BN flag for private exponents unless the flag
62 RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
63 DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
64
65 [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
66
67 *) Change the client implementation for SSLv23_method() and
68 SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
69 Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
70 (Previously, the SSL 2.0 backwards compatible Client Hello
71 message format would be used even with SSL_OP_NO_SSLv2.)
72 [Bodo Moeller]
73
74 *) Add support for smime-type MIME parameter in S/MIME messages which some
75 clients need.
76 [Steve Henson]
77
78 *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
79 a threadsafe manner. Modify rsa code to use new function and add calls
80 to dsa and dh code (which had race conditions before).
81 [Steve Henson]
82
83 *) Include the fixed error library code in the C error file definitions
84 instead of fixing them up at runtime. This keeps the error code
85 structures constant.
86 [Steve Henson]
87
5 Changes between 0.9.7f and 0.9.7g [11 Apr 2005] 88 Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
6 89
90 [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
91 OpenSSL 0.9.8.]
92
7 *) Fixes for newer kerberos headers. NB: the casts are needed because 93 *) Fixes for newer kerberos headers. NB: the casts are needed because
8 the 'length' field is signed on one version and unsigned on another 94 the 'length' field is signed on one version and unsigned on another
9 with no (?) obvious way to tell the difference, without these VC++ 95 with no (?) obvious way to tell the difference, without these VC++
@@ -111,11 +197,11 @@
111 Changes between 0.9.7c and 0.9.7d [17 Mar 2004] 197 Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
112 198
113 *) Fix null-pointer assignment in do_change_cipher_spec() revealed 199 *) Fix null-pointer assignment in do_change_cipher_spec() revealed
114 by using the Codenomicon TLS Test Tool (CAN-2004-0079) 200 by using the Codenomicon TLS Test Tool (CVE-2004-0079)
115 [Joe Orton, Steve Henson] 201 [Joe Orton, Steve Henson]
116 202
117 *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites 203 *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
118 (CAN-2004-0112) 204 (CVE-2004-0112)
119 [Joe Orton, Steve Henson] 205 [Joe Orton, Steve Henson]
120 206
121 *) Make it possible to have multiple active certificates with the same 207 *) Make it possible to have multiple active certificates with the same
@@ -158,9 +244,9 @@
158 *) Fix various bugs revealed by running the NISCC test suite: 244 *) Fix various bugs revealed by running the NISCC test suite:
159 245
160 Stop out of bounds reads in the ASN1 code when presented with 246 Stop out of bounds reads in the ASN1 code when presented with
161 invalid tags (CAN-2003-0543 and CAN-2003-0544). 247 invalid tags (CVE-2003-0543 and CVE-2003-0544).
162 248
163 Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545). 249 Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
164 250
165 If verify callback ignores invalid public key errors don't try to check 251 If verify callback ignores invalid public key errors don't try to check
166 certificate signature with the NULL public key. 252 certificate signature with the NULL public key.
@@ -245,7 +331,7 @@
245 via timing by performing a MAC computation even if incorrrect 331 via timing by performing a MAC computation even if incorrrect
246 block cipher padding has been found. This is a countermeasure 332 block cipher padding has been found. This is a countermeasure
247 against active attacks where the attacker has to distinguish 333 against active attacks where the attacker has to distinguish
248 between bad padding and a MAC verification error. (CAN-2003-0078) 334 between bad padding and a MAC verification error. (CVE-2003-0078)
249 335
250 [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), 336 [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
251 Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and 337 Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -462,7 +548,7 @@
462 548
463 Remote buffer overflow in SSL3 protocol - an attacker could 549 Remote buffer overflow in SSL3 protocol - an attacker could
464 supply an oversized master key in Kerberos-enabled versions. 550 supply an oversized master key in Kerberos-enabled versions.
465 (CAN-2002-0657) 551 (CVE-2002-0657)
466 [Ben Laurie (CHATS)] 552 [Ben Laurie (CHATS)]
467 553
468 *) Change the SSL kerb5 codes to match RFC 2712. 554 *) Change the SSL kerb5 codes to match RFC 2712.
@@ -2146,7 +2232,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2146 Changes between 0.9.6l and 0.9.6m [17 Mar 2004] 2232 Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
2147 2233
2148 *) Fix null-pointer assignment in do_change_cipher_spec() revealed 2234 *) Fix null-pointer assignment in do_change_cipher_spec() revealed
2149 by using the Codenomicon TLS Test Tool (CAN-2004-0079) 2235 by using the Codenomicon TLS Test Tool (CVE-2004-0079)
2150 [Joe Orton, Steve Henson] 2236 [Joe Orton, Steve Henson]
2151 2237
2152 Changes between 0.9.6k and 0.9.6l [04 Nov 2003] 2238 Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
@@ -2154,7 +2240,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2154 *) Fix additional bug revealed by the NISCC test suite: 2240 *) Fix additional bug revealed by the NISCC test suite:
2155 2241
2156 Stop bug triggering large recursion when presented with 2242 Stop bug triggering large recursion when presented with
2157 certain ASN.1 tags (CAN-2003-0851) 2243 certain ASN.1 tags (CVE-2003-0851)
2158 [Steve Henson] 2244 [Steve Henson]
2159 2245
2160 Changes between 0.9.6j and 0.9.6k [30 Sep 2003] 2246 Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
@@ -2162,7 +2248,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2162 *) Fix various bugs revealed by running the NISCC test suite: 2248 *) Fix various bugs revealed by running the NISCC test suite:
2163 2249
2164 Stop out of bounds reads in the ASN1 code when presented with 2250 Stop out of bounds reads in the ASN1 code when presented with
2165 invalid tags (CAN-2003-0543 and CAN-2003-0544). 2251 invalid tags (CVE-2003-0543 and CVE-2003-0544).
2166 2252
2167 If verify callback ignores invalid public key errors don't try to check 2253 If verify callback ignores invalid public key errors don't try to check
2168 certificate signature with the NULL public key. 2254 certificate signature with the NULL public key.
@@ -2214,7 +2300,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2214 via timing by performing a MAC computation even if incorrrect 2300 via timing by performing a MAC computation even if incorrrect
2215 block cipher padding has been found. This is a countermeasure 2301 block cipher padding has been found. This is a countermeasure
2216 against active attacks where the attacker has to distinguish 2302 against active attacks where the attacker has to distinguish
2217 between bad padding and a MAC verification error. (CAN-2003-0078) 2303 between bad padding and a MAC verification error. (CVE-2003-0078)
2218 2304
2219 [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), 2305 [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
2220 Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and 2306 Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -2347,7 +2433,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2347 *) Add various sanity checks to asn1_get_length() to reject 2433 *) Add various sanity checks to asn1_get_length() to reject
2348 the ASN1 length bytes if they exceed sizeof(long), will appear 2434 the ASN1 length bytes if they exceed sizeof(long), will appear
2349 negative or the content length exceeds the length of the 2435 negative or the content length exceeds the length of the
2350 supplied buffer. (CAN-2002-0659) 2436 supplied buffer. (CVE-2002-0659)
2351 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>] 2437 [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
2352 2438
2353 *) Assertions for various potential buffer overflows, not known to 2439 *) Assertions for various potential buffer overflows, not known to
@@ -2355,15 +2441,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
2355 [Ben Laurie (CHATS)] 2441 [Ben Laurie (CHATS)]
2356 2442
2357 *) Various temporary buffers to hold ASCII versions of integers were 2443 *) Various temporary buffers to hold ASCII versions of integers were
2358 too small for 64 bit platforms. (CAN-2002-0655) 2444 too small for 64 bit platforms. (CVE-2002-0655)
2359 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)> 2445 [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
2360 2446
2361 *) Remote buffer overflow in SSL3 protocol - an attacker could 2447 *) Remote buffer overflow in SSL3 protocol - an attacker could
2362 supply an oversized session ID to a client. (CAN-2002-0656) 2448 supply an oversized session ID to a client. (CVE-2002-0656)
2363 [Ben Laurie (CHATS)] 2449 [Ben Laurie (CHATS)]
2364 2450
2365 *) Remote buffer overflow in SSL2 protocol - an attacker could 2451 *) Remote buffer overflow in SSL2 protocol - an attacker could
2366 supply an oversized client master key. (CAN-2002-0656) 2452 supply an oversized client master key. (CVE-2002-0656)
2367 [Ben Laurie (CHATS)] 2453 [Ben Laurie (CHATS)]
2368 2454
2369 Changes between 0.9.6c and 0.9.6d [9 May 2002] 2455 Changes between 0.9.6c and 0.9.6d [9 May 2002]
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index e0e732c445..a38783dd98 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -177,11 +177,11 @@ my %table=(
177# actually recommend to consider using gcc shared build even with vendor 177# actually recommend to consider using gcc shared build even with vendor
178# compiler:-) 178# compiler:-)
179# <appro@fy.chalmers.se> 179# <appro@fy.chalmers.se>
180"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 180"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
181 181
182#### Solaris x86 with Sun C setups 182#### Solaris x86 with Sun C setups
183"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 183"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
184"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 184"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
185 185
186#### SPARC Solaris with GNU C setups 186#### SPARC Solaris with GNU C setups
187"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 187"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -200,17 +200,17 @@ my %table=(
200 200
201#### SPARC Solaris with Sun C setups 201#### SPARC Solaris with Sun C setups
202# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests 202# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests
203"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 203"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
204# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. 204# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
205# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 205# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
206# SC5.0 note: Compiler common patch 107357-01 or later is required! 206# SC5.0 note: Compiler common patch 107357-01 or later is required!
207"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 207"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
208"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 208"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
209"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 209"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
210"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", 210"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
211#### 211####
212"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 212"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
213"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 213"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
214 214
215#### SPARC Linux setups 215#### SPARC Linux setups
216"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", 216"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
@@ -271,56 +271,56 @@ my %table=(
271# 271#
272#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", 272#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
273# Since there is mention of this in shlib/hpux10-cc.sh 273# Since there is mention of this in shlib/hpux10-cc.sh
274"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 274"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
275"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 275"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
276"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 276"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
277# 64bit PARISC for GCC without optimization, which seems to make problems. 277# 64bit PARISC for GCC without optimization, which seems to make problems.
278# Submitted by <ross.alexander@uk.neceur.com> 278# Submitted by <ross.alexander@uk.neceur.com>
279"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 279"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
280"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 280"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
281 281
282# IA-64 targets 282# IA-64 targets
283"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 283"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:-b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
284# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with 284# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
285# with debugging of the following config. 285# with debugging of the following config.
286"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 286"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
287 287
288# More attempts at unified 10.X and 11.X targets for HP C compiler. 288# More attempts at unified 10.X and 11.X targets for HP C compiler.
289# 289#
290# Chris Ruemmler <ruemmler@cup.hp.com> 290# Chris Ruemmler <ruemmler@cup.hp.com>
291# Kevin Steves <ks@hp.se> 291# Kevin Steves <ks@hp.se>
292"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 292"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
293"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 293"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
294"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 294"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
295# Isn't the line below meaningless? HP-UX cc optimizes for host by default. 295# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
296# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro> 296# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
297"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 297"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+cdp,../%3a,+cdp,./%3a,+s,+b,\$(INSTALLTOP)/lib -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
298 298
299# HPUX 9.X config. 299# HPUX 9.X config.
300# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or 300# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
301# egcs. gcc 2.8.1 is also broken. 301# egcs. gcc 2.8.1 is also broken.
302 302
303"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 303"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
304# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, 304# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
305# please report your OS and compiler version to the openssl-bugs@openssl.org 305# please report your OS and compiler version to the openssl-bugs@openssl.org
306# mailing list. 306# mailing list.
307"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 307"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
308 308
309"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 309"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
310# If hpux-gcc fails, try this one: 310# If hpux-gcc fails, try this one:
311"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 311"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
312 312
313# HPUX 9.X on Motorola 68k platforms with gcc 313# HPUX 9.X on Motorola 68k platforms with gcc
314"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::", 314"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
315 315
316# HPUX 10.X config. Supports threads. 316# HPUX 10.X config. Supports threads.
317"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 317"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
318# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): 318# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
319"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 319"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
320 320
321"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 321"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
322# If hpux10-gcc fails, try this one: 322# If hpux10-gcc fails, try this one:
323"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 323"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s,+b,\$(INSTALLTOP)/lib -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
324 324
325# HPUX 11.X from www.globus.org. 325# HPUX 11.X from www.globus.org.
326# Only works on PA-RISC 2.0 cpus, and not optimized. Why? 326# Only works on PA-RISC 2.0 cpus, and not optimized. Why?
@@ -409,10 +409,9 @@ my %table=(
409"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", 409"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
410"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 410"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
411"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 411"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
412"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 412"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
413"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 413"linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
414"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 414"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
415"linux-em64t", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
416"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 415"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
417"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 416"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
418"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 417"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -530,17 +529,17 @@ my %table=(
530"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", 529"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
531 530
532# MinGW 531# MinGW
533"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll", 532"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
534 533
535# UWIN 534# UWIN
536"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", 535"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
537 536
538# Cygwin 537# Cygwin
539"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", 538"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
540"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll", 539"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll.a",
541 540
542# DJGPP 541# DJGPP
543"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", 542"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
544 543
545# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> 544# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
546"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", 545"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -563,8 +562,8 @@ my %table=(
563 562
564##### MacOS X (a.k.a. Rhapsody or Darwin) setup 563##### MacOS X (a.k.a. Rhapsody or Darwin) setup
565"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", 564"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
566"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 565"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/osx_ppc32.o:::::::::dlfcn:darwin-shared:-fPIC -fno-common::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
567"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 566"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
568 567
569##### A/UX 568##### A/UX
570"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", 569"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -622,6 +621,8 @@ my $prefix="";
622my $openssldir=""; 621my $openssldir="";
623my $exe_ext=""; 622my $exe_ext="";
624my $install_prefix=""; 623my $install_prefix="";
624my $fipslibdir="/usr/local/ssl/lib";
625my $baseaddr="0xFB00000";
625my $no_threads=0; 626my $no_threads=0;
626my $no_shared=1; 627my $no_shared=1;
627my $zlib=0; 628my $zlib=0;
@@ -807,7 +808,7 @@ PROCESS_ARGS:
807 { 808 {
808 while (<IN>) 809 while (<IN>)
809 { 810 {
810 chop; 811 chomp;
811 if (/^CONFIGURE_ARGS=(.*)/) 812 if (/^CONFIGURE_ARGS=(.*)/)
812 { 813 {
813 $argvstring=$1; 814 $argvstring=$1;
@@ -866,6 +867,22 @@ PROCESS_ARGS:
866 { 867 {
867 $withargs{"krb5-".$1}=$2; 868 $withargs{"krb5-".$1}=$2;
868 } 869 }
870 elsif (/^--with-zlib-lib=(.*)$/)
871 {
872 $withargs{"zlib-lib"}=$1;
873 }
874 elsif (/^--with-fipslibdir=(.*)$/)
875 {
876 $fipslibdir="$1";
877 }
878 elsif (/^--with-baseaddr=(.*)$/)
879 {
880 $baseaddr="$1";
881 }
882 elsif (/^--with-zlib-include=(.*)$/)
883 {
884 $withargs{"zlib-include"}="-I$1";
885 }
869 else 886 else
870 { 887 {
871 print STDERR $usage; 888 print STDERR $usage;
@@ -879,7 +896,7 @@ PROCESS_ARGS:
879 } 896 }
880 else 897 else
881 { 898 {
882 die "target already defined - $target\n" if ($target ne ""); 899 die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
883 $target=$_; 900 $target=$_;
884 } 901 }
885 unless ($_ eq $target) { 902 unless ($_ eq $target) {
@@ -965,10 +982,26 @@ chop $prefix if $prefix =~ /\/$/;
965$openssldir=$prefix . "/ssl" if $openssldir eq ""; 982$openssldir=$prefix . "/ssl" if $openssldir eq "";
966$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; 983$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
967 984
985if ($fips && ! -f "$fipslibdir/fipscanister.o")
986 {
987 my $fipswinerr = "";
988 $fipswinerr = <<EOF if $IsWindows;
989 Ensure that the correct path to the FIPS module directory
990has been given to the --with-fipslibdir option.
991EOF
992 print STDERR <<EOF;
993The file fipscanister.o could not be located. Please build and install the
994FIPS module using the instructions in the user guide before compiling OpenSSL
995in FIPS mode.$fipswinerr
996EOF
997 exit 1;
998 }
999
968 1000
969print "IsWindows=$IsWindows\n"; 1001print "IsWindows=$IsWindows\n";
970 1002
971my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); 1003my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1004for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
972my $cc = $fields[$idx_cc]; 1005my $cc = $fields[$idx_cc];
973my $cflags = $fields[$idx_cflags]; 1006my $cflags = $fields[$idx_cflags];
974my $unistd = $fields[$idx_unistd]; 1007my $unistd = $fields[$idx_unistd];
@@ -1027,7 +1060,7 @@ else
1027 if $withargs{"krb5-dir"} eq ""; 1060 if $withargs{"krb5-dir"} eq "";
1028 $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. 1061 $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
1029 "/lib -lgssapi -lkrb5 -lcom_err" 1062 "/lib -lgssapi -lkrb5 -lcom_err"
1030 if $withargs{"krb5-lib"} eq ""; 1063 if $withargs{"krb5-lib"} eq "" && !$IsWindows;
1031 $cflags="-DKRB5_HEIMDAL $cflags"; 1064 $cflags="-DKRB5_HEIMDAL $cflags";
1032 } 1065 }
1033 if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) 1066 if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
@@ -1036,7 +1069,7 @@ else
1036 if $withargs{"krb5-dir"} eq ""; 1069 if $withargs{"krb5-dir"} eq "";
1037 $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. 1070 $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
1038 "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" 1071 "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
1039 if $withargs{"krb5-lib"} eq ""; 1072 if $withargs{"krb5-lib"} eq "" && !$IsWindows;
1040 $cflags="-DKRB5_MIT $cflags"; 1073 $cflags="-DKRB5_MIT $cflags";
1041 $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; 1074 $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
1042 if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) 1075 if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
@@ -1055,7 +1088,7 @@ else
1055 } 1088 }
1056 } 1089 }
1057 $withargs{"krb5-lib"} .= " -lresolv" 1090 $withargs{"krb5-lib"} .= " -lresolv"
1058 if ("$lresolv" ne ""); 1091 if ("$lresolv" ne "" && !$IsWindows);
1059 $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" 1092 $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
1060 if $withargs{"krb5-include"} eq "" && 1093 if $withargs{"krb5-include"} eq "" &&
1061 $withargs{"krb5-dir"} ne ""; 1094 $withargs{"krb5-dir"} ne "";
@@ -1151,7 +1184,8 @@ if (!$no_shared)
1151 { 1184 {
1152 if ($shared_cflag ne "") 1185 if ($shared_cflag ne "")
1153 { 1186 {
1154 $cflags = "$shared_cflag $cflags"; 1187 $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
1188 $shared_ldflag = "$shared_ldflag $shared_cflag" if($fips);
1155 } 1189 }
1156 } 1190 }
1157 1191
@@ -1174,16 +1208,22 @@ if ($ranlib eq "")
1174$bn_obj = $bn_asm unless $bn_obj ne ""; 1208$bn_obj = $bn_asm unless $bn_obj ne "";
1175 1209
1176my $fips_des_obj; 1210my $fips_des_obj;
1211my $fips_aes_obj;
1177my $fips_sha1_obj; 1212my $fips_sha1_obj;
1178if ($fips) 1213if ($fips)
1179 { 1214 {
1180 if ($des_obj =~ /\-elf\.o$/ && $no_shared) # FIPS DES module is not PIC 1215 if ($des_obj =~ /\-elf\.o$/)
1181 { 1216 {
1182 $fips_des_obj='asm/fips-dx86-elf.o'; 1217 $fips_des_obj='asm/fips-dx86-elf.o';
1183 $openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n"; 1218 $openssl_other_defines.="#define OPENSSL_FIPS_DES_ASM\n";
1219 $fips_aes_obj='asm/fips-ax86-elf.o';
1220 $openssl_other_defines.="#define OPENSSL_FIPS_AES_ASM\n";
1221 }
1222 else {
1223 $fips_des_obj=$fips_des_enc;
1224 $fips_aes_obj='fips_aes_core.o';
1184 } 1225 }
1185 else { $fips_des_obj=$fips_des_enc; } 1226 $fips_sha1_obj='asm/fips-sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
1186 $fips_sha1_obj='asm/sx86-elf.o' if ($sha1_obj =~ /\-elf\.o$/);
1187 $des_obj=$sha1_obj=""; 1227 $des_obj=$sha1_obj="";
1188 $openssl_other_defines.="#define OPENSSL_FIPS\n"; 1228 $openssl_other_defines.="#define OPENSSL_FIPS\n";
1189 } 1229 }
@@ -1255,7 +1295,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
1255my $sdirs=0; 1295my $sdirs=0;
1256while (<IN>) 1296while (<IN>)
1257 { 1297 {
1258 chop; 1298 chomp;
1259 $sdirs = 1 if /^SDIRS=/; 1299 $sdirs = 1 if /^SDIRS=/;
1260 if ($sdirs) { 1300 if ($sdirs) {
1261 my $dir; 1301 my $dir;
@@ -1287,6 +1327,7 @@ while (<IN>)
1287 s/^BN_ASM=.*$/BN_ASM= $bn_obj/; 1327 s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
1288 s/^DES_ENC=.*$/DES_ENC= $des_obj/; 1328 s/^DES_ENC=.*$/DES_ENC= $des_obj/;
1289 s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/; 1329 s/^FIPS_DES_ENC=.*$/FIPS_DES_ENC= $fips_des_obj/;
1330 s/^FIPS_AES_ENC=.*$/FIPS_AES_ENC= $fips_aes_obj/;
1290 s/^BF_ENC=.*$/BF_ENC= $bf_obj/; 1331 s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
1291 s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; 1332 s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
1292 s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; 1333 s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
@@ -1301,6 +1342,10 @@ while (<IN>)
1301 s/^PERL=.*/PERL= $perl/; 1342 s/^PERL=.*/PERL= $perl/;
1302 s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; 1343 s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
1303 s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; 1344 s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
1345 s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
1346 s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
1347 s/^BASEADDR=.*/BASEADDR=$baseaddr/;
1348 s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
1304 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; 1349 s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
1305 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; 1350 s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
1306 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); 1351 s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1654,12 +1699,13 @@ sub print_table_entry
1654 { 1699 {
1655 my $target = shift; 1700 my $target = shift;
1656 1701
1702 my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1703 for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
1657 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, 1704 (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
1658 my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, 1705 my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
1659 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, 1706 my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
1660 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, 1707 my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
1661 my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)= 1708 my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=@fields;
1662 split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1663 1709
1664 print <<EOF 1710 print <<EOF
1665 1711
@@ -1702,6 +1748,7 @@ sub test_sanity
1702 foreach $target (sort keys %table) 1748 foreach $target (sort keys %table)
1703 { 1749 {
1704 @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); 1750 @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
1751 for (@fields) { s/%([\dA-Fa-f]{2})/chr(hex($1))/eg; }
1705 1752
1706 if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/) 1753 if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
1707 { 1754 {
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index 943fc9d4a3..6545cd72aa 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -70,7 +70,7 @@ OpenSSL - Frequently Asked Questions
70* Which is the current version of OpenSSL? 70* Which is the current version of OpenSSL?
71 71
72The current version is available from <URL: http://www.openssl.org>. 72The current version is available from <URL: http://www.openssl.org>.
73OpenSSL 0.9.7g was released on April 11, 2005. 73OpenSSL 0.9.7j was released on May 4, 2006.
74 74
75In addition to the current stable release, you can also access daily 75In addition to the current stable release, you can also access daily
76snapshots of the OpenSSL development version at <URL: 76snapshots of the OpenSSL development version at <URL:
@@ -141,8 +141,8 @@ less Unix-centric, it might have been used much earlier.
141 141
142With version 0.9.6 OpenSSL was extended to interface to external crypto 142With version 0.9.6 OpenSSL was extended to interface to external crypto
143hardware. This was realized in a special release '0.9.6-engine'. With 143hardware. This was realized in a special release '0.9.6-engine'. With
144version 0.9.7 (not yet released) the changes were merged into the main 144version 0.9.7 the changes were merged into the main development line,
145development line, so that the special release is no longer necessary. 145so that the special release is no longer necessary.
146 146
147* How do I check the authenticity of the OpenSSL distribution? 147* How do I check the authenticity of the OpenSSL distribution?
148 148
diff --git a/src/lib/libssl/src/LICENSE b/src/lib/libssl/src/LICENSE
index 40277883a5..e6afecc724 100644
--- a/src/lib/libssl/src/LICENSE
+++ b/src/lib/libssl/src/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index cc4000b148..b9db0dd57d 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -102,6 +102,7 @@ PROCESSOR=
102# Set DES_ENC to des_enc.o if you want to use the C version 102# Set DES_ENC to des_enc.o if you want to use the C version
103#There are 4 x86 assember options. 103#There are 4 x86 assember options.
104FIPS_DES_ENC= des_enc.o fcrypt_b.o 104FIPS_DES_ENC= des_enc.o fcrypt_b.o
105FIPS_AES_ENC= fips_aes_core.o
105DES_ENC= asm/dx86-out.o asm/yx86-out.o 106DES_ENC= asm/dx86-out.o asm/yx86-out.o
106#DES_ENC= des_enc.o fcrypt_b.o # C 107#DES_ENC= des_enc.o fcrypt_b.o # C
107#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf 108#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
@@ -171,11 +172,29 @@ RMD160_ASM_OBJ= asm/rm86-out.o
171KRB5_INCLUDES= 172KRB5_INCLUDES=
172LIBKRB5= 173LIBKRB5=
173 174
175# Zlib stuff
176ZLIB_INCLUDE=
177LIBZLIB=
178
179# This is the location of fipscanister.o and friends.
180# The FIPS module build will place it $(INSTALLTOP)/lib
181# but since $(INSTALLTOP) can only take the default value
182# when the module is built it will be in /usr/local/ssl/lib
183# $(INSTALLTOP) for this build make be different so hard
184# code the path.
185
186FIPSLIBDIR=/usr/local/ssl/lib
187
188# Shared library base address. Currently only used on Windows.
189#
190
191BASEADDR=
192
174# When we're prepared to use shared libraries in the programs we link here 193# When we're prepared to use shared libraries in the programs we link here
175# we might set SHLIB_MARK to '$(SHARED_LIBS)'. 194# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
176SHLIB_MARK= 195SHLIB_MARK=
177 196
178DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools 197DIRS= crypto fips-1.0 ssl $(SHLIB_MARK) apps test tools
179SHLIBDIRS= crypto ssl 198SHLIBDIRS= crypto ssl
180 199
181# dirs in crypto to build 200# dirs in crypto to build
@@ -186,7 +205,7 @@ SDIRS= objects \
186 buffer bio stack lhash rand err \ 205 buffer bio stack lhash rand err \
187 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 206 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
188 207
189FDIRS= sha1 rand des aes dsa rsa dh 208FDIRS= sha rand des aes dsa rsa dh hmac
190 209
191# tests to perform. "alltests" is a special word indicating that all tests 210# tests to perform. "alltests" is a special word indicating that all tests
192# should be performed. 211# should be performed.
@@ -205,7 +224,6 @@ ONEDIRS=out tmp
205EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS 224EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
206WDIRS= windows 225WDIRS= windows
207LIBS= libcrypto.a libssl.a 226LIBS= libcrypto.a libssl.a
208SIGS= libcrypto.a.sha1
209SHARED_CRYPTO=libcrypto$(SHLIB_EXT) 227SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
210SHARED_SSL=libssl$(SHLIB_EXT) 228SHARED_SSL=libssl$(SHLIB_EXT)
211SHARED_LIBS= 229SHARED_LIBS=
@@ -225,19 +243,12 @@ HEADER= e_os.h
225 243
226all: Makefile sub_all openssl.pc 244all: Makefile sub_all openssl.pc
227 245
228sigs: $(SIGS)
229libcrypto.a.sha1: libcrypto.a
230 @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
231 $(RANLIB) libcrypto.a; \
232 fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
233 fi
234
235sub_all: 246sub_all:
236 @for i in $(DIRS); \ 247 @for i in $(DIRS); \
237 do \ 248 do \
238 if [ -d "$$i" ]; then \ 249 if [ -d "$$i" ]; then \
239 (cd $$i && echo "making all in $$i..." && \ 250 (cd $$i && echo "making all in $$i..." && \
240 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ 251 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' FIPSLIBDIR='${FIPSLIBDIR}' all ) || exit 1; \
241 else \ 252 else \
242 $(MAKE) $$i; \ 253 $(MAKE) $$i; \
243 fi; \ 254 fi; \
@@ -248,7 +259,7 @@ sub_target:
248 do \ 259 do \
249 if [ -d "$$i" ]; then \ 260 if [ -d "$$i" ]; then \
250 (cd $$i && echo "making $(TARGET) in $$i..." && \ 261 (cd $$i && echo "making $(TARGET) in $$i..." && \
251 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \ 262 $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' FIPS_AES_ENC='${FIPS_AES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
252 else \ 263 else \
253 $(MAKE) $$i; \ 264 $(MAKE) $$i; \
254 fi; \ 265 fi; \
@@ -304,12 +315,12 @@ do_gnu-shared:
304 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 315 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
305 libs="$(LIBKRB5) $$libs"; \ 316 libs="$(LIBKRB5) $$libs"; \
306 fi; \ 317 fi; \
307 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 318 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
308 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 319 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
309 -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 320 -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
310 -Wl,-Bsymbolic \ 321 -Wl,-Bsymbolic \
311 -Wl,--whole-archive lib$$i.a \ 322 -Wl,--whole-archive lib$$i.a \
312 -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ 323 -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
313 libs="-l$$i $$libs"; \ 324 libs="-l$$i $$libs"; \
314 done 325 done
315 326
@@ -321,7 +332,8 @@ do_darwin-shared:
321 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 332 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
322 libs="$(LIBKRB5) $$libs"; \ 333 libs="$(LIBKRB5) $$libs"; \
323 fi; \ 334 fi; \
324 ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ 335 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
336 --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
325 lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ 337 lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
326 -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ 338 -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
327 -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ 339 -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
@@ -338,14 +350,15 @@ do_cygwin-shared:
338 [ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \ 350 [ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
339 [ -f apps/$$shlib ] && rm apps/$$shlib; \ 351 [ -f apps/$$shlib ] && rm apps/$$shlib; \
340 [ -f test/$$shlib ] && rm test/$$shlib; \ 352 [ -f test/$$shlib ] && rm test/$$shlib; \
341 base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \ 353 base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
342 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 354 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
343 -shared $$base -o $$shlib \ 355 -shared $$base -o $$shlib \
344 -Wl,-Bsymbolic \ 356 -Wl,-Bsymbolic \
345 -Wl,--whole-archive lib$$i.a \ 357 -Wl,--whole-archive lib$$i.a \
346 -Wl,--out-implib,lib$$i.dll.a \ 358 -Wl,--out-implib,lib$$i.dll.a \
347 -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \ 359 -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
348 cp -p $$shlib apps/; cp -p $$shlib test/; \ 360 cp -p $$shlib apps/; cp -p $$shlib test/; \
361 touch -c lib$$i.dll.a; \
349 libs="-l$$i $$libs"; \ 362 libs="-l$$i $$libs"; \
350 done 363 done
351 364
@@ -358,10 +371,10 @@ do_alpha-osf1-shared:
358 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 371 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
359 libs="$(LIBKRB5) $$libs"; \ 372 libs="$(LIBKRB5) $$libs"; \
360 fi; \ 373 fi; \
361 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 374 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
362 -shared -o lib$$i.so \ 375 -shared -o lib$$i.so \
363 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ 376 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
364 -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ 377 -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
365 libs="-l$$i $$libs"; \ 378 libs="-l$$i $$libs"; \
366 done; \ 379 done; \
367 fi 380 fi
@@ -377,10 +390,10 @@ do_tru64-shared:
377 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 390 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
378 libs="$(LIBKRB5) $$libs"; \ 391 libs="$(LIBKRB5) $$libs"; \
379 fi; \ 392 fi; \
380 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 393 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
381 -shared -msym -o lib$$i.so \ 394 -shared -msym -o lib$$i.so \
382 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ 395 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
383 -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ 396 -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
384 libs="-l$$i $$libs"; \ 397 libs="-l$$i $$libs"; \
385 done; \ 398 done; \
386 fi 399 fi
@@ -396,11 +409,11 @@ do_tru64-shared-rpath:
396 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ 409 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
397 libs="$(LIBKRB5) $$libs"; \ 410 libs="$(LIBKRB5) $$libs"; \
398 fi; \ 411 fi; \
399 ( set -x; ${CC} ${SHARED_LDFLAGS} \ 412 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
400 -shared -msym -o lib$$i.so \ 413 -shared -msym -o lib$$i.so \
401 -rpath ${INSTALLTOP}/lib \ 414 -rpath ${INSTALLTOP}/lib \
402 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ 415 -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
403 -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ 416 -all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
404 libs="-l$$i $$libs"; \ 417 libs="-l$$i $$libs"; \
405 done; \ 418 done; \
406 fi 419 fi
@@ -418,12 +431,12 @@ do_solaris-shared:
418 ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ 431 ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
419 MINUSZ='-z '; \ 432 MINUSZ='-z '; \
420 (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ 433 (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
421 set -x; ${CC} ${SHARED_LDFLAGS} -G -dy -z text \ 434 set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
422 -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 435 -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
423 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 436 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
424 -Wl,-Bsymbolic \ 437 -Wl,-Bsymbolic \
425 $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ 438 $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
426 $$libs ${EX_LIBS} -lc ) || exit 1; \ 439 $$libs ${EX_LIBS} ) || exit 1; \
427 libs="-l$$i $$libs"; \ 440 libs="-l$$i $$libs"; \
428 done; \ 441 done; \
429 fi 442 fi
@@ -443,7 +456,7 @@ do_svr3-shared:
443 for obj in `ar t lib$$i.a` ; do \ 456 for obj in `ar t lib$$i.a` ; do \
444 OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ 457 OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
445 done ; \ 458 done ; \
446 set -x; ${CC} ${SHARED_LDFLAGS} \ 459 set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
447 -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 460 -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
448 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 461 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
449 $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ 462 $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -469,7 +482,7 @@ do_svr5-shared:
469 OBJS="$${OBJS} `grep /$$obj allobjs`" ; \ 482 OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
470 done ; \ 483 done ; \
471 set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \ 484 set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
472 ${CC} ${SHARED_LDFLAGS} \ 485 $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
473 $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 486 $${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
474 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 487 -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
475 $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ 488 $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
@@ -488,24 +501,15 @@ do_irix-shared:
488 fi; \ 501 fi; \
489 ( WHOLELIB="-all lib$$i.a -none"; \ 502 ( WHOLELIB="-all lib$$i.a -none"; \
490 (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \ 503 (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
491 set -x; ${CC} ${SHARED_LDFLAGS} \ 504 set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
492 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 505 -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
493 -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ 506 -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
494 $${WHOLELIB} $$libs ${EX_LIBS} -lc) || exit 1; \ 507 $${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \
495 libs="-l$$i $$libs"; \ 508 libs="-l$$i $$libs"; \
496 done; \ 509 done; \
497 fi 510 fi
498 511
499# This assumes that GNU utilities are *not* used 512# This assumes that GNU utilities are *not* used
500# HP-UX includes the full pathname of libs we depend on, so we would get
501# ./libcrypto (with ./ as path information) compiled into libssl, hence
502# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
503# anyway.
504# The object modules are loaded from lib$i.a using the undocumented -Fl
505# option.
506#
507# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
508# by temporarily specifying "+s"!
509# 513#
510do_hpux-shared: 514do_hpux-shared:
511 for i in ${SHLIBDIRS}; do \ 515 for i in ${SHLIBDIRS}; do \
@@ -518,38 +522,11 @@ do_hpux-shared:
518 shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ 522 shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
519 fi; \ 523 fi; \
520 [ -f $$shlib ] && rm -f $$shlib; \ 524 [ -f $$shlib ] && rm -f $$shlib; \
521 ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ 525 ALLSYMSFLAGS='-Wl,-Fl'; \
522 +vnocompatwarnings \ 526 expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
523 -b -z +s \ 527 ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
524 -o $$shlib +h $$shlib \ 528 -Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
525 -Fl lib$$i.a -ldld -lc ) || exit 1; \ 529 -o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
526 chmod a=rx $$shlib; \
527 done
528
529# This assumes that GNU utilities are *not* used
530# HP-UX includes the full pathname of libs we depend on, so we would get
531# ./libcrypto (with ./ as path information) compiled into libssl, hence
532# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
533# anyway.
534#
535# HP-UX in 64bit mode has "+s" enabled by default; it will search for
536# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
537#
538do_hpux64-shared:
539 for i in ${SHLIBDIRS}; do \
540 if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
541 libs="$(LIBKRB5) $$libs"; \
542 fi; \
543 if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
544 shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
545 else \
546 shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
547 fi; \
548 [ -f $$shlib ] && rm -f $$shlib; \
549 ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
550 -b -z \
551 -o $$shlib +h $$shlib \
552 +forceload lib$$i.a -ldl -lc ) || exit 1; \
553 chmod a=rx $$shlib; \ 530 chmod a=rx $$shlib; \
554 done 531 done
555 532
@@ -595,7 +572,7 @@ do_aix-shared:
595 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ 572 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
596 ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ 573 ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
597 ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ 574 ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
598 $(SHAREDCMD) $(SHAREDFLAGS) \ 575 $${FIPSLD:-${CC}} $(SHAREDFLAGS) \
599 -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ 576 -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
600 $$libs ${EX_LIBS} ) ) \ 577 $$libs ${EX_LIBS} ) ) \
601 || exit 1; \ 578 || exit 1; \
@@ -611,7 +588,7 @@ do_reliantunix-shared:
611 ( set -x; \ 588 ( set -x; \
612 ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ 589 ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
613 cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \ 590 cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
614 ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \ 591 $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
615 ) || exit 1; \ 592 ) || exit 1; \
616 cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ 593 cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
617 ) || exit 1; \ 594 ) || exit 1; \
@@ -757,11 +734,15 @@ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt c
757apps/openssl-vms.cnf: apps/openssl.cnf 734apps/openssl-vms.cnf: apps/openssl.cnf
758 $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf 735 $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
759 736
737crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
738 $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
739
740
760TABLE: Configure 741TABLE: Configure
761 (echo 'Output of `Configure TABLE'"':"; \ 742 (echo 'Output of `Configure TABLE'"':"; \
762 $(PERL) Configure TABLE) > TABLE 743 $(PERL) Configure TABLE) > TABLE
763 744
764update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf TABLE 745update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
765 746
766# Build distribution tar-file. As the list of files returned by "find" is 747# Build distribution tar-file. As the list of files returned by "find" is
767# pretty long, on several platforms a "too many arguments" error or similar 748# pretty long, on several platforms a "too many arguments" error or similar
@@ -866,15 +847,6 @@ install_sw:
866 sed -e '1,/^$$/d' doc/openssl-shared.txt; \ 847 sed -e '1,/^$$/d' doc/openssl-shared.txt; \
867 fi; \ 848 fi; \
868 fi 849 fi
869 @for i in $(SIGS) ;\
870 do \
871 if [ -f "$$i" ]; then \
872 ( echo installing $$i; \
873 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
874 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
875 mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
876 fi; \
877 done;
878 cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig 850 cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
879 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc 851 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
880 852
@@ -900,8 +872,8 @@ install_docs:
900 --release=$(VERSION) `basename $$i`") \ 872 --release=$(VERSION) `basename $$i`") \
901 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ 873 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
902 $(PERL) util/extract-names.pl < $$i | \ 874 $(PERL) util/extract-names.pl < $$i | \
903 grep -v $$filecase "^$$fn\$$" | \ 875 (grep -v $$filecase "^$$fn\$$"; true) | \
904 grep -v "[ ]" | \ 876 (grep -v "[ ]"; true) | \
905 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ 877 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
906 while read n; do \ 878 while read n; do \
907 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ 879 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
@@ -917,8 +889,8 @@ install_docs:
917 --release=$(VERSION) `basename $$i`") \ 889 --release=$(VERSION) `basename $$i`") \
918 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ 890 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
919 $(PERL) util/extract-names.pl < $$i | \ 891 $(PERL) util/extract-names.pl < $$i | \
920 grep -v $$filecase "^$$fn\$$" | \ 892 (grep -v $$filecase "^$$fn\$$"; true) | \
921 grep -v "[ ]" | \ 893 (grep -v "[ ]"; true) | \
922 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ 894 (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
923 while read n; do \ 895 while read n; do \
924 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ 896 $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 8e1ce65a5f..49b443ed4d 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,20 @@
5 This file gives a brief overview of the major changes between each OpenSSL 5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file. 6 release. For more details please read the CHANGES file.
7 7
8 Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
9
10 o Update Windows build system for FIPS.
11
12 Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
13
14 o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
15
16 Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
17
18 o Fix SSL 2.0 Rollback, CAN-2005-2969
19 o Allow use of fixed-length exponent on DSA signing
20 o Default fixed-window RSA, DSA, DH private-key operations
21
8 Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g: 22 Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
9 23
10 o More compilation issues fixed. 24 o More compilation issues fixed.
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index c52c2d94bd..a6a97c8858 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,5 @@
1 1
2 OpenSSL 0.9.7g 11 April 2005 2 OpenSSL 0.9.7j 04 May 2006
3 3
4 Copyright (c) 1998-2005 The OpenSSL Project 4 Copyright (c) 1998-2005 The OpenSSL Project
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -14,13 +14,13 @@
14 protocols as well as a full-strength general purpose cryptography library. 14 protocols as well as a full-strength general purpose cryptography library.
15 The project is managed by a worldwide community of volunteers that use the 15 The project is managed by a worldwide community of volunteers that use the
16 Internet to communicate, plan, and develop the OpenSSL toolkit and its 16 Internet to communicate, plan, and develop the OpenSSL toolkit and its
17 related documentation. 17 related documentation.
18 18
19 OpenSSL is based on the excellent SSLeay library developed from Eric A. Young 19 OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
20 and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the 20 and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
21 OpenSSL license plus the SSLeay license) situation, which basically means 21 OpenSSL license plus the SSLeay license) situation, which basically means
22 that you are free to get and use it for commercial and non-commercial 22 that you are free to get and use it for commercial and non-commercial
23 purposes as long as you fulfill the conditions of both licenses. 23 purposes as long as you fulfill the conditions of both licenses.
24 24
25 OVERVIEW 25 OVERVIEW
26 -------- 26 --------
@@ -53,11 +53,11 @@
53 MDC2 message digest. A DES based hash that is popular on smart cards. 53 MDC2 message digest. A DES based hash that is popular on smart cards.
54 54
55 Public Key 55 Public Key
56 RSA encryption/decryption/generation. 56 RSA encryption/decryption/generation.
57 There is no limit on the number of bits. 57 There is no limit on the number of bits.
58 DSA encryption/decryption/generation. 58 DSA encryption/decryption/generation.
59 There is no limit on the number of bits. 59 There is no limit on the number of bits.
60 Diffie-Hellman key-exchange/key generation. 60 Diffie-Hellman key-exchange/key generation.
61 There is no limit on the number of bits. 61 There is no limit on the number of bits.
62 62
63 X.509v3 certificates 63 X.509v3 certificates
@@ -80,16 +80,16 @@
80 A simple stack. 80 A simple stack.
81 A Configuration loader that uses a format similar to MS .ini files. 81 A Configuration loader that uses a format similar to MS .ini files.
82 82
83 openssl: 83 openssl:
84 A command line tool that can be used for: 84 A command line tool that can be used for:
85 Creation of RSA, DH and DSA key parameters 85 Creation of RSA, DH and DSA key parameters
86 Creation of X.509 certificates, CSRs and CRLs 86 Creation of X.509 certificates, CSRs and CRLs
87 Calculation of Message Digests 87 Calculation of Message Digests
88 Encryption and Decryption with Ciphers 88 Encryption and Decryption with Ciphers
89 SSL/TLS Client and Server Tests 89 SSL/TLS Client and Server Tests
90 Handling of S/MIME signed or encrypted mail 90 Handling of S/MIME signed or encrypted mail
91 91
92 92
93 PATENTS 93 PATENTS
94 ------- 94 -------
95 95
@@ -104,13 +104,15 @@
104 licensing conditions. Their web page is http://www.rsasecurity.com/. 104 licensing conditions. Their web page is http://www.rsasecurity.com/.
105 105
106 RC4 is a trademark of RSA Security, so use of this label should perhaps 106 RC4 is a trademark of RSA Security, so use of this label should perhaps
107 only be used with RSA Security's permission. 107 only be used with RSA Security's permission.
108 108
109 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, 109 The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
110 Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They 110 Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
111 should be contacted if that algorithm is to be used; their web page is 111 should be contacted if that algorithm is to be used; their web page is
112 http://www.ascom.ch/. 112 http://www.ascom.ch/.
113 113
114 The MDC2 algorithm is patented by IBM.
115
114 INSTALLATION 116 INSTALLATION
115 ------------ 117 ------------
116 118
@@ -129,7 +131,7 @@
129 or application author. We try to collect those in doc/PROBLEMS, with current 131 or application author. We try to collect those in doc/PROBLEMS, with current
130 thoughts on how they should be solved in a future of OpenSSL. 132 thoughts on how they should be solved in a future of OpenSSL.
131 133
132 SUPPORT 134 SUPPORT
133 ------- 135 -------
134 136
135 If you have any problems with OpenSSL then please take the following steps 137 If you have any problems with OpenSSL then please take the following steps
@@ -138,7 +140,7 @@
138 - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ 140 - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
139 to see if the problem has already been addressed 141 to see if the problem has already been addressed
140 - Remove ASM versions of libraries 142 - Remove ASM versions of libraries
141 - Remove compiler optimisation flags 143 - Remove compiler optimisation flags
142 144
143 If you wish to report a bug then please include the following information in 145 If you wish to report a bug then please include the following information in
144 any bug report: 146 any bug report:
@@ -191,3 +193,4 @@
191 # ./Configure dist; make clean 193 # ./Configure dist; make clean
192 # cd .. 194 # cd ..
193 # diff -ur openssl-orig openssl-work > mydiffs.patch 195 # diff -ur openssl-orig openssl-work > mydiffs.patch
196
diff --git a/src/lib/libssl/src/apps/CA.pl.in b/src/lib/libssl/src/apps/CA.pl.in
index 39f267d313..9c99739092 100644
--- a/src/lib/libssl/src/apps/CA.pl.in
+++ b/src/lib/libssl/src/apps/CA.pl.in
@@ -66,19 +66,19 @@ foreach (@ARGV) {
66 exit 0; 66 exit 0;
67 } elsif (/^-newcert$/) { 67 } elsif (/^-newcert$/) {
68 # create a certificate 68 # create a certificate
69 system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS"); 69 system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
70 $RET=$?; 70 $RET=$?;
71 print "Certificate (and private key) is in newreq.pem\n" 71 print "Certificate is in newcert.pem, private key is in newkey.pem\n"
72 } elsif (/^-newreq$/) { 72 } elsif (/^-newreq$/) {
73 # create a certificate request 73 # create a certificate request
74 system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS"); 74 system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
75 $RET=$?; 75 $RET=$?;
76 print "Request (and private key) is in newreq.pem\n"; 76 print "Request is in newreq.pem, private key is in newkey.pem\n";
77 } elsif (/^-newreq-nodes$/) { 77 } elsif (/^-newreq-nodes$/) {
78 # create a certificate request 78 # create a certificate request
79 system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS"); 79 system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
80 $RET=$?; 80 $RET=$?;
81 print "Request (and private key) is in newreq.pem\n"; 81 print "Request is in newreq.pem, private key is in newkey.pem\n";
82 } elsif (/^-newca$/) { 82 } elsif (/^-newca$/) {
83 # if explicitly asked for or it doesn't exist then setup the 83 # if explicitly asked for or it doesn't exist then setup the
84 # directory structure that Eric likes to manage things 84 # directory structure that Eric likes to manage things
@@ -118,10 +118,11 @@ foreach (@ARGV) {
118 } elsif (/^-pkcs12$/) { 118 } elsif (/^-pkcs12$/) {
119 my $cname = $ARGV[1]; 119 my $cname = $ARGV[1];
120 $cname = "My Certificate" unless defined $cname; 120 $cname = "My Certificate" unless defined $cname;
121 system ("$PKCS12 -in newcert.pem -inkey newreq.pem " . 121 system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
122 "-certfile ${CATOP}/$CACERT -out newcert.p12 " . 122 "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
123 "-export -name \"$cname\""); 123 "-export -name \"$cname\"");
124 $RET=$?; 124 $RET=$?;
125 print "PKCS #12 file is in newcert.p12\n";
125 exit $RET; 126 exit $RET;
126 } elsif (/^-xsign$/) { 127 } elsif (/^-xsign$/) {
127 system ("$CA -policy policy_anything -infiles newreq.pem"); 128 system ("$CA -policy policy_anything -infiles newreq.pem");
diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh
index 030a11fc25..84d7ec0b33 100644
--- a/src/lib/libssl/src/apps/CA.sh
+++ b/src/lib/libssl/src/apps/CA.sh
@@ -51,15 +51,15 @@ case $i in
51 ;; 51 ;;
52-newcert) 52-newcert)
53 # create a certificate 53 # create a certificate
54 $REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS 54 $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
55 RET=$? 55 RET=$?
56 echo "Certificate (and private key) is in newreq.pem" 56 echo "Certificate is in newcert.pem, private key is in newkey.pem"
57 ;; 57 ;;
58-newreq) 58-newreq)
59 # create a certificate request 59 # create a certificate request
60 $REQ -new -keyout newreq.pem -out newreq.pem $DAYS 60 $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
61 RET=$? 61 RET=$?
62 echo "Request (and private key) is in newreq.pem" 62 echo "Request is in newreq.pem, private key is in newkey.pem"
63 ;; 63 ;;
64-newca) 64-newca)
65 # if explicitly asked for or it doesn't exist then setup the directory 65 # if explicitly asked for or it doesn't exist then setup the directory
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 9157cdfcdc..9b07e913c5 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -361,10 +361,17 @@ int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
361 /* The start of something good :-) */ 361 /* The start of something good :-) */
362 if (num >= arg->count) 362 if (num >= arg->count)
363 { 363 {
364 arg->count+=20; 364 char **tmp_p;
365 arg->data=(char **)OPENSSL_realloc(arg->data, 365 int tlen = arg->count + 20;
366 sizeof(char *)*arg->count); 366 tmp_p = (char **)OPENSSL_realloc(arg->data,
367 if (argc == 0) return(0); 367 sizeof(char *)*tlen);
368 if (tmp_p == NULL)
369 return 0;
370 arg->data = tmp_p;
371 arg->count = tlen;
372 /* initialize newly allocated data */
373 for (i = num; i < arg->count; i++)
374 arg->data[i] = NULL;
368 } 375 }
369 arg->data[num++]=p; 376 arg->data[num++]=p;
370 377
@@ -1591,8 +1598,9 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
1591 { 1598 {
1592 if (errno != ENOENT 1599 if (errno != ENOENT
1593#ifdef ENOTDIR 1600#ifdef ENOTDIR
1594 && errno != ENOTDIR) 1601 && errno != ENOTDIR
1595#endif 1602#endif
1603 )
1596 goto err; 1604 goto err;
1597 } 1605 }
1598 else 1606 else
@@ -1893,8 +1901,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
1893 { 1901 {
1894 if (errno != ENOENT 1902 if (errno != ENOENT
1895#ifdef ENOTDIR 1903#ifdef ENOTDIR
1896 && errno != ENOTDIR) 1904 && errno != ENOTDIR
1897#endif 1905#endif
1906 )
1898 goto err; 1907 goto err;
1899 } 1908 }
1900 else 1909 else
@@ -1929,8 +1938,9 @@ int rotate_index(char *dbfile, char *new_suffix, char *old_suffix)
1929 { 1938 {
1930 if (errno != ENOENT 1939 if (errno != ENOENT
1931#ifdef ENOTDIR 1940#ifdef ENOTDIR
1932 && errno != ENOTDIR) 1941 && errno != ENOTDIR
1933#endif 1942#endif
1943 )
1934 goto err; 1944 goto err;
1935 } 1945 }
1936 else 1946 else
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index c89b358b23..a6b6c41f13 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -182,7 +182,7 @@ int MAIN(int argc, char **argv)
182bad: 182bad:
183 BIO_printf(bio_err,"%s [options] <infile\n",prog); 183 BIO_printf(bio_err,"%s [options] <infile\n",prog);
184 BIO_printf(bio_err,"where options are\n"); 184 BIO_printf(bio_err,"where options are\n");
185 BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); 185 BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
186 BIO_printf(bio_err," -in arg input file\n"); 186 BIO_printf(bio_err," -in arg input file\n");
187 BIO_printf(bio_err," -out arg output file (output format is always DER\n"); 187 BIO_printf(bio_err," -out arg output file (output format is always DER\n");
188 BIO_printf(bio_err," -noout arg don't produce any output\n"); 188 BIO_printf(bio_err," -noout arg don't produce any output\n");
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 44c1679a17..616c3720d2 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -943,7 +943,6 @@ bad:
943 if (verbose) BIO_printf(bio_err, 943 if (verbose) BIO_printf(bio_err,
944 "Done. %d entries marked as expired\n",i); 944 "Done. %d entries marked as expired\n",i);
945 } 945 }
946 goto err;
947 } 946 }
948 947
949 /*****************************************************************/ 948 /*****************************************************************/
diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c
index 12283d0aed..e8a599f9e5 100644
--- a/src/lib/libssl/src/apps/engine.c
+++ b/src/lib/libssl/src/apps/engine.c
@@ -387,11 +387,15 @@ int MAIN(int argc, char **argv)
387 else if (strcmp(*argv,"-pre") == 0) 387 else if (strcmp(*argv,"-pre") == 0)
388 { 388 {
389 argc--; argv++; 389 argc--; argv++;
390 if (argc == 0)
391 goto skip_arg_loop;
390 sk_push(pre_cmds,*argv); 392 sk_push(pre_cmds,*argv);
391 } 393 }
392 else if (strcmp(*argv,"-post") == 0) 394 else if (strcmp(*argv,"-post") == 0)
393 { 395 {
394 argc--; argv++; 396 argc--; argv++;
397 if (argc == 0)
398 goto skip_arg_loop;
395 sk_push(post_cmds,*argv); 399 sk_push(post_cmds,*argv);
396 } 400 }
397 else if ((strncmp(*argv,"-h",2) == 0) || 401 else if ((strncmp(*argv,"-h",2) == 0) ||
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index 63be873b7b..7dbd0923b6 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -88,6 +88,9 @@ int MAIN(int argc, char **argv)
88 RSA *rsa=NULL; 88 RSA *rsa=NULL;
89 int i,num=DEFBITS; 89 int i,num=DEFBITS;
90 long l; 90 long l;
91#ifdef OPENSSL_FIPS
92 int use_x931 = 0;
93#endif
91 const EVP_CIPHER *enc=NULL; 94 const EVP_CIPHER *enc=NULL;
92 unsigned long f4=RSA_F4; 95 unsigned long f4=RSA_F4;
93 char *outfile=NULL; 96 char *outfile=NULL;
@@ -126,6 +129,10 @@ int MAIN(int argc, char **argv)
126 f4=3; 129 f4=3;
127 else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) 130 else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
128 f4=RSA_F4; 131 f4=RSA_F4;
132#ifdef OPENSSL_FIPS
133 else if (strcmp(*argv,"-x931") == 0)
134 use_x931 = 1;
135#endif
129#ifndef OPENSSL_NO_ENGINE 136#ifndef OPENSSL_NO_ENGINE
130 else if (strcmp(*argv,"-engine") == 0) 137 else if (strcmp(*argv,"-engine") == 0)
131 { 138 {
@@ -233,11 +240,27 @@ bad:
233 240
234 BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", 241 BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
235 num); 242 num);
236 rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err); 243#ifdef OPENSSL_FIPS
244 if (use_x931)
245 {
246 BIGNUM *pubexp;
247 pubexp = BN_new();
248 BN_set_word(pubexp, f4);
249 rsa = RSA_X931_generate_key(num, pubexp, genrsa_cb, bio_err);
250 BN_free(pubexp);
251 }
252 else
253#endif
254 rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
237 255
238 app_RAND_write_file(NULL, bio_err); 256 app_RAND_write_file(NULL, bio_err);
239 257
240 if (rsa == NULL) goto err; 258 if (rsa == NULL)
259 {
260 BIO_printf(bio_err, "Key Generation error\n");
261
262 goto err;
263 }
241 264
242 /* We need to do the following for when the base number size is < 265 /* We need to do the following for when the base number size is <
243 * long, esp windows 3.1 :-(. */ 266 * long, esp windows 3.1 :-(. */
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
index 2f1af9ec94..7b5ff90c62 100644
--- a/src/lib/libssl/src/apps/makeapps.com
+++ b/src/lib/libssl/src/apps/makeapps.com
@@ -650,7 +650,7 @@ $ CCDEFS = "MONOLITH"
650$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 650$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
651$ CCEXTRAFLAGS = "" 651$ CCEXTRAFLAGS = ""
652$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 652$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
653$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 653$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
654$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 654$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
655 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 655 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
656$! 656$!
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 65a9ee8a66..cb6ee740e7 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -237,21 +237,12 @@ int main(int Argc, char *Argv[])
237 237
238#ifdef OPENSSL_FIPS 238#ifdef OPENSSL_FIPS
239 if(getenv("OPENSSL_FIPS")) { 239 if(getenv("OPENSSL_FIPS")) {
240#if defined(_WIN32) 240 if (!FIPS_mode_set(1)) {
241 char filename[MAX_PATH] = "";
242 GetModuleFileNameA( NULL, filename, MAX_PATH) ;
243 p = filename;
244#else
245 p = Argv[0];
246#endif
247 if (!FIPS_mode_set(1,p)) {
248 ERR_load_crypto_strings(); 241 ERR_load_crypto_strings();
249 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); 242 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
250 EXIT(1); 243 EXIT(1);
251 } 244 }
252 in_FIPS_mode = 1; 245 in_FIPS_mode = 1;
253 if (getenv("OPENSSL_FIPS_MD5"))
254 FIPS_allow_md5(1);
255 } 246 }
256#endif 247#endif
257 if (bio_err == NULL) 248 if (bio_err == NULL)
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 5db6fe7cd7..bdfbe31c14 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -147,6 +147,7 @@ int MAIN(int argc, char **argv)
147 else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING; 147 else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
148 else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING; 148 else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
149 else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING; 149 else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
150 else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
150 else if(!strcmp(*argv, "-sign")) { 151 else if(!strcmp(*argv, "-sign")) {
151 rsa_mode = RSA_SIGN; 152 rsa_mode = RSA_SIGN;
152 need_priv = 1; 153 need_priv = 1;
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 5ed510ced6..2fc327c375 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -1706,7 +1706,7 @@ show_res:
1706 k,rsa_bits[k],rsa_results[k][0], 1706 k,rsa_bits[k],rsa_results[k][0],
1707 rsa_results[k][1]); 1707 rsa_results[k][1]);
1708 else 1708 else
1709 fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", 1709 fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
1710 rsa_bits[k],rsa_results[k][0],rsa_results[k][1], 1710 rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
1711 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); 1711 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
1712 } 1712 }
@@ -1725,7 +1725,7 @@ show_res:
1725 fprintf(stdout,"+F3:%u:%u:%f:%f\n", 1725 fprintf(stdout,"+F3:%u:%u:%f:%f\n",
1726 k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]); 1726 k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
1727 else 1727 else
1728 fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", 1728 fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
1729 dsa_bits[k],dsa_results[k][0],dsa_results[k][1], 1729 dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
1730 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); 1730 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
1731 } 1731 }
diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config
index 0715d378d9..c2f504f59e 100644
--- a/src/lib/libssl/src/config
+++ b/src/lib/libssl/src/config
@@ -54,6 +54,22 @@ SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
54VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" 54VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
55 55
56 56
57
58
59
60# Check for VC++ presence first.
61#
62#if [ "x$MSVCDIR" != "x" -o "x$VCINSTALLDIR" != "x" ]; then
63# perl Configure VC-WIN32 $*
64# cmd /c ms\\do_masm.bat
65# perl util/mk1mf.pl VC-WIN32-GMAKE >mak.tmp
66# rm Makefile
67# mv mak.tmp Makefile
68# echo "Configured for VC++ using GNU make"
69# exit 0
70#fi
71#
72
57# Now test for ISC and SCO, since it is has a braindamaged uname. 73# Now test for ISC and SCO, since it is has a braindamaged uname.
58# 74#
59# We need to work around FreeBSD 1.1.5.1 75# We need to work around FreeBSD 1.1.5.1
@@ -339,6 +355,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
339 355
340 MINGW*) 356 MINGW*)
341 echo "${MACHINE}-whatever-mingw"; echo 0; 357 echo "${MACHINE}-whatever-mingw"; echo 0;
358 # Save fipslib path so VC++ build can find it
359 (cd /usr/local/ssl/lib ; pwd -W ) > util/fipslib_path.txt
360 # Extract _chkstk.o so VC++ can use it, to avoid __alloca link error
361 (cd ms ; ar x `gcc -print-libgcc-file-name` _chkstk.o)
342 ;; 362 ;;
343 CYGWIN*) 363 CYGWIN*)
344 case "$RELEASE" in 364 case "$RELEASE" in
@@ -407,7 +427,7 @@ if [ "$GCCVER" != "" ]; then
407 CC=gcc 427 CC=gcc
408 # then strip off whatever prefix egcs prepends the number with... 428 # then strip off whatever prefix egcs prepends the number with...
409 # Hopefully, this will work for any future prefixes as well. 429 # Hopefully, this will work for any future prefixes as well.
410 GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'` 430 GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
411 # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion 431 # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
412 # does give us what we want though, so we use that. We just just the 432 # does give us what we want though, so we use that. We just just the
413 # major and minor version numbers. 433 # major and minor version numbers.
diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c
index d2ba6bcdb4..373864cd4b 100644
--- a/src/lib/libssl/src/crypto/aes/aes_cbc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
59#include <openssl/aes.h> 59#include <openssl/aes.h>
60#include "aes_locl.h" 60#include "aes_locl.h"
61 61
62#if !defined(OPENSSL_FIPS_AES_ASM)
62void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, 63void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
63 const unsigned long length, const AES_KEY *key, 64 const unsigned long length, const AES_KEY *key,
64 unsigned char *ivec, const int enc) { 65 unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
129 } 130 }
130 } 131 }
131} 132}
133#endif
diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h
index ceaeb4cbe3..0184b475a7 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1.h
+++ b/src/lib/libssl/src/crypto/asn1/asn1.h
@@ -962,6 +962,7 @@ void ERR_load_ASN1_strings(void);
962#define ASN1_F_ASN1_DUP 111 962#define ASN1_F_ASN1_DUP 111
963#define ASN1_F_ASN1_ENUMERATED_SET 112 963#define ASN1_F_ASN1_ENUMERATED_SET 112
964#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 964#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
965#define ASN1_F_ASN1_FIND_END 182
965#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178 966#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
966#define ASN1_F_ASN1_GET_OBJECT 114 967#define ASN1_F_ASN1_GET_OBJECT 114
967#define ASN1_F_ASN1_HEADER_NEW 115 968#define ASN1_F_ASN1_HEADER_NEW 115
@@ -1075,6 +1076,7 @@ void ERR_load_ASN1_strings(void);
1075#define ASN1_R_MISSING_SECOND_NUMBER 138 1076#define ASN1_R_MISSING_SECOND_NUMBER 138
1076#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 1077#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
1077#define ASN1_R_MSTRING_WRONG_TAG 140 1078#define ASN1_R_MSTRING_WRONG_TAG 140
1079#define ASN1_R_NESTED_ASN1_STRING 174
1078#define ASN1_R_NON_HEX_CHARACTERS 141 1080#define ASN1_R_NON_HEX_CHARACTERS 141
1079#define ASN1_R_NOT_ENOUGH_DATA 142 1081#define ASN1_R_NOT_ENOUGH_DATA 142
1080#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 1082#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index 3b57c8fbae..315d0a0807 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
1/* crypto/asn1/asn1_err.c */ 1/* crypto/asn1/asn1_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,169 +64,175 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
70
67static ERR_STRING_DATA ASN1_str_functs[]= 71static ERR_STRING_DATA ASN1_str_functs[]=
68 { 72 {
69{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, 73{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
70{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, 74{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
71{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, 75{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
72{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, 76{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
73{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"}, 77{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
74{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, 78{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
75{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, 79{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
76{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, 80{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
77{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, 81{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
78{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, 82{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
79{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, 83{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
80{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"}, 84{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
81{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, 85{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
82{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, 86{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
83{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, 87{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
84{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, 88{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
85{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"}, 89{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
86{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, 90{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
87{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, 91{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
88{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, 92{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
89{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, 93{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
90{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, 94{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
91{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, 95{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
92{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"}, 96{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
93{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"}, 97{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
94{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"}, 98{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW), "ASN1_item_new"},
95{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, 99{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY), "ASN1_mbstring_copy"},
96{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, 100{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
97{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, 101{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
98{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, 102{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
99{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, 103{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
100{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, 104{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
101{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"}, 105{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
102{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, 106{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
103{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, 107{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
104{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, 108{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
105{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, 109{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I), "ASN1_TEMPLATE_D2I"},
106{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, 110{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
107{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, 111{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
108{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, 112{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
109{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, 113{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
110{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, 114{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
111{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"}, 115{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
112{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, 116{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
113{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, 117{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
114{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, 118{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
115{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, 119{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
116{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, 120{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
117{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, 121{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
118{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, 122{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
119{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, 123{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
120{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, 124{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
121{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, 125{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
122{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, 126{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
123{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, 127{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
124{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, 128{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
125{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, 129{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
126{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, 130{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
127{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, 131{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
128{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, 132{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
129{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, 133{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
130{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, 134{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
131{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, 135{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
132{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, 136{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
133{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, 137{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
134{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, 138{ERR_FUNC(ASN1_F_D2I_X509_NAME), "D2I_X509_NAME"},
135{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"}, 139{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
136{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, 140{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
137{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, 141{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
138{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, 142{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
139{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, 143{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA), "i2d_Netscape_RSA"},
140{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, 144{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
141{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, 145{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
142{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, 146{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
143{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, 147{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
144{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, 148{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
145{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, 149{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
146{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, 150{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
147{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, 151{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
148{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, 152{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
149{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, 153{ERR_FUNC(ASN1_F_X509_NAME_NEW), "X509_NAME_NEW"},
150{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, 154{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
155{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
151{0,NULL} 156{0,NULL}
152 }; 157 };
153 158
154static ERR_STRING_DATA ASN1_str_reasons[]= 159static ERR_STRING_DATA ASN1_str_reasons[]=
155 { 160 {
156{ASN1_R_ADDING_OBJECT ,"adding object"}, 161{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
157{ASN1_R_AUX_ERROR ,"aux error"}, 162{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
158{ASN1_R_BAD_CLASS ,"bad class"}, 163{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
159{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, 164{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
160{ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, 165{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
161{ASN1_R_BAD_TAG ,"bad tag"}, 166{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
162{ASN1_R_BN_LIB ,"bn lib"}, 167{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
163{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, 168{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
164{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, 169{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
165{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, 170{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
166{ASN1_R_DATA_IS_WRONG ,"data is wrong"}, 171{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
167{ASN1_R_DECODE_ERROR ,"decode error"}, 172{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
168{ASN1_R_DECODING_ERROR ,"decoding error"}, 173{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
169{ASN1_R_ENCODE_ERROR ,"encode error"}, 174{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
170{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, 175{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
171{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, 176{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
172{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, 177{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
173{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, 178{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
174{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, 179{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
175{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, 180{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
176{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, 181{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
177{ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, 182{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
178{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, 183{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
179{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, 184{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
180{ASN1_R_FIELD_MISSING ,"field missing"}, 185{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
181{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, 186{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
182{ASN1_R_HEADER_TOO_LONG ,"header too long"}, 187{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
183{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"}, 188{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
184{ASN1_R_ILLEGAL_NULL ,"illegal null"}, 189{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
185{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"}, 190{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
186{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"}, 191{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
187{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"}, 192{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
188{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"}, 193{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
189{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"}, 194{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
190{ASN1_R_INVALID_DIGIT ,"invalid digit"}, 195{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
191{ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, 196{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
192{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, 197{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
193{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"}, 198{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
194{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"}, 199{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
195{ASN1_R_IV_TOO_LARGE ,"iv too large"}, 200{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
196{ASN1_R_LENGTH_ERROR ,"length error"}, 201{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
197{ASN1_R_MISSING_EOC ,"missing eoc"}, 202{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
198{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, 203{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
199{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"}, 204{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
200{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"}, 205{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
201{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, 206{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
202{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, 207{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
203{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"}, 208{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
204{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"}, 209{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
205{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, 210{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
206{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, 211{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
207{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, 212{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
208{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"}, 213{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
209{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"}, 214{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
210{ASN1_R_SHORT_LINE ,"short line"}, 215{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
211{ASN1_R_STRING_TOO_LONG ,"string too long"}, 216{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
212{ASN1_R_STRING_TOO_SHORT ,"string too short"}, 217{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
213{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, 218{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
214{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 219{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
215{ASN1_R_TOO_LONG ,"too long"}, 220{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
216{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"}, 221{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
217{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, 222{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
218{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, 223{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
219{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, 224{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
220{ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, 225{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
221{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, 226{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
222{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, 227{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
223{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, 228{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
224{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"}, 229{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
225{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 230{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
226{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, 231{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
227{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, 232{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
228{ASN1_R_WRONG_TAG ,"wrong tag"}, 233{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
229{ASN1_R_WRONG_TYPE ,"wrong type"}, 234{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
235{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
230{0,NULL} 236{0,NULL}
231 }; 237 };
232 238
@@ -240,8 +246,8 @@ void ERR_load_ASN1_strings(void)
240 { 246 {
241 init=0; 247 init=0;
242#ifndef OPENSSL_NO_ERR 248#ifndef OPENSSL_NO_ERR
243 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); 249 ERR_load_strings(0,ASN1_str_functs);
244 ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); 250 ERR_load_strings(0,ASN1_str_reasons);
245#endif 251#endif
246 252
247 } 253 }
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 2426cb6253..c22501fc63 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -66,6 +66,7 @@
66#include <openssl/err.h> 66#include <openssl/err.h>
67 67
68static int asn1_check_eoc(unsigned char **in, long len); 68static int asn1_check_eoc(unsigned char **in, long len);
69static int asn1_find_end(unsigned char **in, long len, char inf);
69static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass); 70static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
70static int collect_data(BUF_MEM *buf, unsigned char **p, long plen); 71static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
71static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, 72static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
@@ -644,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
644 cont = *in; 645 cont = *in;
645 /* If indefinite length constructed find the real end */ 646 /* If indefinite length constructed find the real end */
646 if(inf) { 647 if(inf) {
647 if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err; 648 if(!asn1_find_end(&p, plen, inf)) goto err;
648 len = p - cont; 649 len = p - cont;
649 } else { 650 } else {
650 len = p - cont + plen; 651 len = p - cont + plen;
@@ -807,12 +808,66 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char
807 return ret; 808 return ret;
808} 809}
809 810
811/* This function finds the end of an ASN1 structure when passed its maximum
812 * length, whether it is indefinite length and a pointer to the content.
813 * This is more efficient than calling asn1_collect because it does not
814 * recurse on each indefinite length header.
815 */
816
817static int asn1_find_end(unsigned char **in, long len, char inf)
818 {
819 int expected_eoc;
820 long plen;
821 unsigned char *p = *in, *q;
822 /* If not indefinite length constructed just add length */
823 if (inf == 0)
824 {
825 *in += len;
826 return 1;
827 }
828 expected_eoc = 1;
829 /* Indefinite length constructed form. Find the end when enough EOCs
830 * are found. If more indefinite length constructed headers
831 * are encountered increment the expected eoc count otherwise justi
832 * skip to the end of the data.
833 */
834 while (len > 0)
835 {
836 if(asn1_check_eoc(&p, len))
837 {
838 expected_eoc--;
839 if (expected_eoc == 0)
840 break;
841 len -= 2;
842 continue;
843 }
844 q = p;
845 /* Just read in a header: only care about the length */
846 if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
847 -1, 0, 0, NULL))
848 {
849 ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
850 return 0;
851 }
852 if (inf)
853 expected_eoc++;
854 else
855 p += plen;
856 len -= p - q;
857 }
858 if (expected_eoc)
859 {
860 ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
861 return 0;
862 }
863 *in = p;
864 return 1;
865 }
866
810/* This function collects the asn1 data from a constructred string 867/* This function collects the asn1 data from a constructred string
811 * type into a buffer. The values of 'in' and 'len' should refer 868 * type into a buffer. The values of 'in' and 'len' should refer
812 * to the contents of the constructed type and 'inf' should be set 869 * to the contents of the constructed type and 'inf' should be set
813 * if it is indefinite length. If 'buf' is NULL then we just want 870 * if it is indefinite length.
814 * to find the end of the current structure: useful for indefinite
815 * length constructed stuff.
816 */ 871 */
817 872
818static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass) 873static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
@@ -822,11 +877,6 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
822 char cst, ininf; 877 char cst, ininf;
823 p = *in; 878 p = *in;
824 inf &= 1; 879 inf &= 1;
825 /* If no buffer and not indefinite length constructed just pass over the encoded data */
826 if(!buf && !inf) {
827 *in += len;
828 return 1;
829 }
830 while(len > 0) { 880 while(len > 0) {
831 q = p; 881 q = p;
832 /* Check for EOC */ 882 /* Check for EOC */
@@ -845,9 +895,15 @@ static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, in
845 } 895 }
846 /* If indefinite length constructed update max length */ 896 /* If indefinite length constructed update max length */
847 if(cst) { 897 if(cst) {
848 if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0; 898#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
899 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
900 return 0;
901#else
902 ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
903 return 0;
904#endif
849 } else { 905 } else {
850 if(!collect_data(buf, &p, plen)) return 0; 906 if(plen && !collect_data(buf, &p, plen)) return 0;
851 } 907 }
852 len -= p - q; 908 len -= p - q;
853 } 909 }
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index f6c8ddef0a..c675c3c832 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -445,9 +445,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_
445 case V_ASN1_BOOLEAN: 445 case V_ASN1_BOOLEAN:
446 tbool = (ASN1_BOOLEAN *)pval; 446 tbool = (ASN1_BOOLEAN *)pval;
447 if(*tbool == -1) return -1; 447 if(*tbool == -1) return -1;
448 /* Default handling if value == size field then omit */ 448 if (it->utype != V_ASN1_ANY)
449 if(*tbool && (it->size > 0)) return -1; 449 {
450 if(!*tbool && !it->size) return -1; 450 /* Default handling if value == size field then omit */
451 if(*tbool && (it->size > 0)) return -1;
452 if(!*tbool && !it->size) return -1;
453 }
451 c = (unsigned char)*tbool; 454 c = (unsigned char)*tbool;
452 cont = &c; 455 cont = &c;
453 len = 1; 456 len = 1;
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c
index fc5bebefce..1931aba83f 100644
--- a/src/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/src/lib/libssl/src/crypto/bf/bf_skey.c
@@ -60,6 +60,7 @@
60#include <string.h> 60#include <string.h>
61#include <openssl/crypto.h> 61#include <openssl/crypto.h>
62#include <openssl/blowfish.h> 62#include <openssl/blowfish.h>
63#include <openssl/fips.h>
63#include "bf_locl.h" 64#include "bf_locl.h"
64#include "bf_pi.h" 65#include "bf_pi.h"
65 66
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index 8b753e7ca0..f2bd91d5a0 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -576,7 +576,7 @@ abs_val(LDOUBLE value)
576} 576}
577 577
578static LDOUBLE 578static LDOUBLE
579pow10(int in_exp) 579pow_10(int in_exp)
580{ 580{
581 LDOUBLE result = 1; 581 LDOUBLE result = 1;
582 while (in_exp) { 582 while (in_exp) {
@@ -639,11 +639,11 @@ fmtfp(
639 639
640 /* we "cheat" by converting the fractional part to integer by 640 /* we "cheat" by converting the fractional part to integer by
641 multiplying by a factor of 10 */ 641 multiplying by a factor of 10 */
642 fracpart = roundv((pow10(max)) * (ufvalue - intpart)); 642 fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
643 643
644 if (fracpart >= (long)pow10(max)) { 644 if (fracpart >= (long)pow_10(max)) {
645 intpart++; 645 intpart++;
646 fracpart -= (long)pow10(max); 646 fracpart -= (long)pow_10(max);
647 } 647 }
648 648
649 /* convert integer part */ 649 /* convert integer part */
diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c
index 68a119d895..8859a58ae4 100644
--- a/src/lib/libssl/src/crypto/bio/bio_err.c
+++ b/src/lib/libssl/src/crypto/bio/bio_err.c
@@ -1,6 +1,6 @@
1/* crypto/bio/bio_err.c */ 1/* crypto/bio/bio_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,73 +64,77 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
70
67static ERR_STRING_DATA BIO_str_functs[]= 71static ERR_STRING_DATA BIO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, 73{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
70{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, 74{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
71{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"}, 75{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
72{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, 76{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
73{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"}, 77{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
74{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, 78{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
75{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, 79{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
76{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, 80{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
77{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, 81{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
78{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"}, 82{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
79{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, 83{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
80{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, 84{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
81{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"}, 85{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
82{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"}, 86{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
83{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"}, 87{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
84{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"}, 88{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
85{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"}, 89{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
86{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, 90{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
87{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, 91{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
88{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, 92{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
89{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, 93{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
90{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, 94{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
91{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, 95{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
92{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, 96{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
93{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, 97{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
94{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"}, 98{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
95{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, 99{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
96{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, 100{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
97{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, 101{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
98{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, 102{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
99{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, 103{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
100{0,NULL} 104{0,NULL}
101 }; 105 };
102 106
103static ERR_STRING_DATA BIO_str_reasons[]= 107static ERR_STRING_DATA BIO_str_reasons[]=
104 { 108 {
105{BIO_R_ACCEPT_ERROR ,"accept error"}, 109{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
106{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, 110{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
107{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, 111{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
108{BIO_R_BROKEN_PIPE ,"broken pipe"}, 112{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
109{BIO_R_CONNECT_ERROR ,"connect error"}, 113{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
110{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"}, 114{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
111{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, 115{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
112{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, 116{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
113{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, 117{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
114{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, 118{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
115{BIO_R_INVALID_ARGUMENT ,"invalid argument"}, 119{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
116{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, 120{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
117{BIO_R_IN_USE ,"in use"}, 121{ERR_REASON(BIO_R_IN_USE) ,"in use"},
118{BIO_R_KEEPALIVE ,"keepalive"}, 122{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
119{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, 123{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
120{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, 124{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
121{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"}, 125{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
122{BIO_R_NO_PORT_DEFINED ,"no port defined"}, 126{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
123{BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, 127{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
124{BIO_R_NO_SUCH_FILE ,"no such file"}, 128{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
125{BIO_R_NULL_PARAMETER ,"null parameter"}, 129{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
126{BIO_R_TAG_MISMATCH ,"tag mismatch"}, 130{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
127{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, 131{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
128{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, 132{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
129{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, 133{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
130{BIO_R_UNINITIALIZED ,"uninitialized"}, 134{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
131{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, 135{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
132{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"}, 136{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
133{BIO_R_WSASTARTUP ,"WSAStartup"}, 137{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
134{0,NULL} 138{0,NULL}
135 }; 139 };
136 140
@@ -144,8 +148,8 @@ void ERR_load_BIO_strings(void)
144 { 148 {
145 init=0; 149 init=0;
146#ifndef OPENSSL_NO_ERR 150#ifndef OPENSSL_NO_ERR
147 ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); 151 ERR_load_strings(0,BIO_str_functs);
148 ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); 152 ERR_load_strings(0,BIO_str_reasons);
149#endif 153#endif
150 154
151 } 155 }
diff --git a/src/lib/libssl/src/crypto/bio/bss_conn.c b/src/lib/libssl/src/crypto/bio/bss_conn.c
index f5d0e759e2..216780ed5e 100644
--- a/src/lib/libssl/src/crypto/bio/bss_conn.c
+++ b/src/lib/libssl/src/crypto/bio/bss_conn.c
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
469 break; 469 break;
470 case BIO_C_DO_STATE_MACHINE: 470 case BIO_C_DO_STATE_MACHINE:
471 /* use this one to start the connection */ 471 /* use this one to start the connection */
472 if (!data->state != BIO_CONN_S_OK) 472 if (data->state != BIO_CONN_S_OK)
473 ret=(long)conn_state(b,data); 473 ret=(long)conn_state(b,data);
474 else 474 else
475 ret=1; 475 ret=1;
diff --git a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
index 0074dfdb75..8c56e2e7e7 100644
--- a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
+++ b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S
@@ -162,10 +162,14 @@
162 * BN_ULONG w; 162 * BN_ULONG w;
163 */ 163 */
164bn_mul_add_words: 164bn_mul_add_words:
165 sra %o2,%g0,%o2 ! signx %o2
165 brgz,a %o2,.L_bn_mul_add_words_proceed 166 brgz,a %o2,.L_bn_mul_add_words_proceed
166 lduw [%o1],%g2 167 lduw [%o1],%g2
167 retl 168 retl
168 clr %o0 169 clr %o0
170 nop
171 nop
172 nop
169 173
170.L_bn_mul_add_words_proceed: 174.L_bn_mul_add_words_proceed:
171 srl %o3,%g0,%o3 ! clruw %o3 175 srl %o3,%g0,%o3 ! clruw %o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
260 * BN_ULONG w; 264 * BN_ULONG w;
261 */ 265 */
262bn_mul_words: 266bn_mul_words:
267 sra %o2,%g0,%o2 ! signx %o2
263 brgz,a %o2,.L_bn_mul_words_proceeed 268 brgz,a %o2,.L_bn_mul_words_proceeed
264 lduw [%o1],%g2 269 lduw [%o1],%g2
265 retl 270 retl
266 clr %o0 271 clr %o0
272 nop
273 nop
274 nop
267 275
268.L_bn_mul_words_proceeed: 276.L_bn_mul_words_proceeed:
269 srl %o3,%g0,%o3 ! clruw %o3 277 srl %o3,%g0,%o3 ! clruw %o3
@@ -344,10 +352,14 @@ bn_mul_words:
344 * int n; 352 * int n;
345 */ 353 */
346bn_sqr_words: 354bn_sqr_words:
355 sra %o2,%g0,%o2 ! signx %o2
347 brgz,a %o2,.L_bn_sqr_words_proceeed 356 brgz,a %o2,.L_bn_sqr_words_proceeed
348 lduw [%o1],%g2 357 lduw [%o1],%g2
349 retl 358 retl
350 clr %o0 359 clr %o0
360 nop
361 nop
362 nop
351 363
352.L_bn_sqr_words_proceeed: 364.L_bn_sqr_words_proceeed:
353 andcc %o2,-4,%g0 365 andcc %o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
445 * int n; 457 * int n;
446 */ 458 */
447bn_add_words: 459bn_add_words:
460 sra %o3,%g0,%o3 ! signx %o3
448 brgz,a %o3,.L_bn_add_words_proceed 461 brgz,a %o3,.L_bn_add_words_proceed
449 lduw [%o1],%o4 462 lduw [%o1],%o4
450 retl 463 retl
@@ -454,7 +467,6 @@ bn_add_words:
454 andcc %o3,-4,%g0 467 andcc %o3,-4,%g0
455 bz,pn %icc,.L_bn_add_words_tail 468 bz,pn %icc,.L_bn_add_words_tail
456 addcc %g0,0,%g0 ! clear carry flag 469 addcc %g0,0,%g0 ! clear carry flag
457 nop
458 470
459.L_bn_add_words_loop: ! wow! 32 aligned! 471.L_bn_add_words_loop: ! wow! 32 aligned!
460 dec 4,%o3 472 dec 4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
523 * int n; 535 * int n;
524 */ 536 */
525bn_sub_words: 537bn_sub_words:
538 sra %o3,%g0,%o3 ! signx %o3
526 brgz,a %o3,.L_bn_sub_words_proceed 539 brgz,a %o3,.L_bn_sub_words_proceed
527 lduw [%o1],%o4 540 lduw [%o1],%o4
528 retl 541 retl
@@ -532,7 +545,6 @@ bn_sub_words:
532 andcc %o3,-4,%g0 545 andcc %o3,-4,%g0
533 bz,pn %icc,.L_bn_sub_words_tail 546 bz,pn %icc,.L_bn_sub_words_tail
534 addcc %g0,0,%g0 ! clear carry flag 547 addcc %g0,0,%g0 ! clear carry flag
535 nop
536 548
537.L_bn_sub_words_loop: ! wow! 32 aligned! 549.L_bn_sub_words_loop: ! wow! 32 aligned!
538 dec 4,%o3 550 dec 4,%o3
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index 3da6d8ced9..1251521c54 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -225,10 +225,23 @@ extern "C" {
225 225
226#define BN_FLG_MALLOCED 0x01 226#define BN_FLG_MALLOCED 0x01
227#define BN_FLG_STATIC_DATA 0x02 227#define BN_FLG_STATIC_DATA 0x02
228#define BN_FLG_EXP_CONSTTIME 0x04 /* avoid leaking exponent information through timings
229 * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
228#define BN_FLG_FREE 0x8000 /* used for debuging */ 230#define BN_FLG_FREE 0x8000 /* used for debuging */
229#define BN_set_flags(b,n) ((b)->flags|=(n)) 231#define BN_set_flags(b,n) ((b)->flags|=(n))
230#define BN_get_flags(b,n) ((b)->flags&(n)) 232#define BN_get_flags(b,n) ((b)->flags&(n))
231 233
234/* get a clone of a BIGNUM with changed flags, for *temporary* use only
235 * (the two BIGNUMs cannot not be used in parallel!) */
236#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
237 (dest)->top=(b)->top, \
238 (dest)->dmax=(b)->dmax, \
239 (dest)->neg=(b)->neg, \
240 (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
241 | ((b)->flags & ~BN_FLG_MALLOCED) \
242 | BN_FLG_STATIC_DATA \
243 | (n)))
244
232typedef struct bignum_st 245typedef struct bignum_st
233 { 246 {
234 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ 247 BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
@@ -378,6 +391,8 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
378 const BIGNUM *m,BN_CTX *ctx); 391 const BIGNUM *m,BN_CTX *ctx);
379int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 392int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
380 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 393 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
394int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
395 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
381int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, 396int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
382 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 397 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
383int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, 398int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
@@ -423,6 +438,19 @@ int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
423 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, 438 void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
424 int do_trial_division); 439 int do_trial_division);
425 440
441#ifdef OPENSSL_FIPS
442int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
443 void (*cb)(int, int, void *), void *cb_arg,
444 const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
445 const BIGNUM *e, BN_CTX *ctx);
446int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
447int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
448 BIGNUM *Xp1, BIGNUM *Xp2,
449 const BIGNUM *Xp,
450 const BIGNUM *e, BN_CTX *ctx,
451 void (*cb)(int, int, void *), void *cb_arg);
452#endif
453
426BN_MONT_CTX *BN_MONT_CTX_new(void ); 454BN_MONT_CTX *BN_MONT_CTX_new(void );
427void BN_MONT_CTX_init(BN_MONT_CTX *ctx); 455void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
428int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, 456int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -434,6 +462,8 @@ int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
434void BN_MONT_CTX_free(BN_MONT_CTX *mont); 462void BN_MONT_CTX_free(BN_MONT_CTX *mont);
435int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); 463int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
436BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); 464BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
465BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
466 const BIGNUM *mod, BN_CTX *ctx);
437 467
438BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); 468BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
439void BN_BLINDING_free(BN_BLINDING *b); 469void BN_BLINDING_free(BN_BLINDING *b);
@@ -510,11 +540,15 @@ void ERR_load_BN_strings(void);
510#define BN_F_BN_CTX_GET 116 540#define BN_F_BN_CTX_GET 116
511#define BN_F_BN_CTX_NEW 106 541#define BN_F_BN_CTX_NEW 106
512#define BN_F_BN_DIV 107 542#define BN_F_BN_DIV 107
543#define BN_F_BN_EXP 123
513#define BN_F_BN_EXPAND2 108 544#define BN_F_BN_EXPAND2 108
514#define BN_F_BN_EXPAND_INTERNAL 120 545#define BN_F_BN_EXPAND_INTERNAL 120
515#define BN_F_BN_MOD_EXP2_MONT 118 546#define BN_F_BN_MOD_EXP2_MONT 118
516#define BN_F_BN_MOD_EXP_MONT 109 547#define BN_F_BN_MOD_EXP_MONT 109
548#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
517#define BN_F_BN_MOD_EXP_MONT_WORD 117 549#define BN_F_BN_MOD_EXP_MONT_WORD 117
550#define BN_F_BN_MOD_EXP_RECP 125
551#define BN_F_BN_MOD_EXP_SIMPLE 126
518#define BN_F_BN_MOD_INVERSE 110 552#define BN_F_BN_MOD_INVERSE 110
519#define BN_F_BN_MOD_LSHIFT_QUICK 119 553#define BN_F_BN_MOD_LSHIFT_QUICK 119
520#define BN_F_BN_MOD_MUL_RECIPROCAL 111 554#define BN_F_BN_MOD_MUL_RECIPROCAL 111
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c
index be8aa3ffc5..19978085b2 100644
--- a/src/lib/libssl/src/crypto/bn/bn_asm.c
+++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -237,7 +237,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
237 if (d == 0) return(BN_MASK2); 237 if (d == 0) return(BN_MASK2);
238 238
239 i=BN_num_bits_word(d); 239 i=BN_num_bits_word(d);
240 assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i)); 240 assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
241 241
242 i=BN_BITS2-i; 242 i=BN_BITS2-i;
243 if (h >= d) h-=d; 243 if (h >= d) h-=d;
diff --git a/src/lib/libssl/src/crypto/bn/bn_err.c b/src/lib/libssl/src/crypto/bn/bn_err.c
index fb84ee96d8..5dfac00c88 100644
--- a/src/lib/libssl/src/crypto/bn/bn_err.c
+++ b/src/lib/libssl/src/crypto/bn/bn_err.c
@@ -1,6 +1,6 @@
1/* crypto/bn/bn_err.c */ 1/* crypto/bn/bn_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,52 +64,60 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
70
67static ERR_STRING_DATA BN_str_functs[]= 71static ERR_STRING_DATA BN_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, 73{ERR_FUNC(BN_F_BN_BLINDING_CONVERT), "BN_BLINDING_convert"},
70{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"}, 74{ERR_FUNC(BN_F_BN_BLINDING_INVERT), "BN_BLINDING_invert"},
71{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"}, 75{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
72{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, 76{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
73{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, 77{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
74{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, 78{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
75{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, 79{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
76{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, 80{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
77{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, 81{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
78{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, 82{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
79{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, 83{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
80{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, 84{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
81{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, 85{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
82{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, 86{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
83{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, 87{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
84{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, 88{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
85{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, 89{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
86{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, 90{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
87{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, 91{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
88{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, 92{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
89{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, 93{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
90{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, 94{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
91{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, 95{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
96{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
97{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
98{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
99{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
92{0,NULL} 100{0,NULL}
93 }; 101 };
94 102
95static ERR_STRING_DATA BN_str_reasons[]= 103static ERR_STRING_DATA BN_str_reasons[]=
96 { 104 {
97{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, 105{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
98{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, 106{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
99{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, 107{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
100{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, 108{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
101{BN_R_DIV_BY_ZERO ,"div by zero"}, 109{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
102{BN_R_ENCODING_ERROR ,"encoding error"}, 110{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
103{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, 111{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
104{BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, 112{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
105{BN_R_INVALID_LENGTH ,"invalid length"}, 113{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
106{BN_R_INVALID_RANGE ,"invalid range"}, 114{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
107{BN_R_NOT_A_SQUARE ,"not a square"}, 115{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
108{BN_R_NOT_INITIALIZED ,"not initialized"}, 116{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
109{BN_R_NO_INVERSE ,"no inverse"}, 117{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
110{BN_R_P_IS_NOT_PRIME ,"p is not prime"}, 118{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
111{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, 119{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
112{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, 120{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
113{0,NULL} 121{0,NULL}
114 }; 122 };
115 123
@@ -123,8 +131,8 @@ void ERR_load_BN_strings(void)
123 { 131 {
124 init=0; 132 init=0;
125#ifndef OPENSSL_NO_ERR 133#ifndef OPENSSL_NO_ERR
126 ERR_load_strings(ERR_LIB_BN,BN_str_functs); 134 ERR_load_strings(0,BN_str_functs);
127 ERR_load_strings(ERR_LIB_BN,BN_str_reasons); 135 ERR_load_strings(0,BN_str_reasons);
128#endif 136#endif
129 137
130 } 138 }
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
index afdfd580fb..9e1e88abe8 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
113#include "cryptlib.h" 113#include "cryptlib.h"
114#include "bn_lcl.h" 114#include "bn_lcl.h"
115 115
116/* maximum precomputation table size for *variable* sliding windows */
116#define TABLE_SIZE 32 117#define TABLE_SIZE 32
117 118
118/* this one works - simple but works */ 119/* this one works - simple but works */
@@ -121,6 +122,13 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
121 int i,bits,ret=0; 122 int i,bits,ret=0;
122 BIGNUM *v,*rr; 123 BIGNUM *v,*rr;
123 124
125 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
126 {
127 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
128 BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
129 return -1;
130 }
131
124 BN_CTX_start(ctx); 132 BN_CTX_start(ctx);
125 if ((r == a) || (r == p)) 133 if ((r == a) || (r == p))
126 rr = BN_CTX_get(ctx); 134 rr = BN_CTX_get(ctx);
@@ -204,7 +212,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
204 if (BN_is_odd(m)) 212 if (BN_is_odd(m))
205 { 213 {
206# ifdef MONT_EXP_WORD 214# ifdef MONT_EXP_WORD
207 if (a->top == 1 && !a->neg) 215 if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
208 { 216 {
209 BN_ULONG A = a->d[0]; 217 BN_ULONG A = a->d[0];
210 ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); 218 ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
@@ -234,6 +242,13 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
234 BIGNUM val[TABLE_SIZE]; 242 BIGNUM val[TABLE_SIZE];
235 BN_RECP_CTX recp; 243 BN_RECP_CTX recp;
236 244
245 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
246 {
247 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
248 BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
249 return -1;
250 }
251
237 bits=BN_num_bits(p); 252 bits=BN_num_bits(p);
238 253
239 if (bits == 0) 254 if (bits == 0)
@@ -361,6 +376,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
361 BIGNUM val[TABLE_SIZE]; 376 BIGNUM val[TABLE_SIZE];
362 BN_MONT_CTX *mont=NULL; 377 BN_MONT_CTX *mont=NULL;
363 378
379 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
380 {
381 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
382 }
383
364 bn_check_top(a); 384 bn_check_top(a);
365 bn_check_top(p); 385 bn_check_top(p);
366 bn_check_top(m); 386 bn_check_top(m);
@@ -493,6 +513,212 @@ err:
493 return(ret); 513 return(ret);
494 } 514 }
495 515
516
517/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
518 * so that accessing any of these table values shows the same access pattern as far
519 * as cache lines are concerned. The following functions are used to transfer a BIGNUM
520 * from/to that table. */
521
522static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
523 {
524 size_t i, j;
525
526 if (bn_wexpand(b, top) == NULL)
527 return 0;
528 while (b->top < top)
529 {
530 b->d[b->top++] = 0;
531 }
532
533 for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
534 {
535 buf[j] = ((unsigned char*)b->d)[i];
536 }
537
538 bn_fix_top(b);
539 return 1;
540 }
541
542static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
543 {
544 size_t i, j;
545
546 if (bn_wexpand(b, top) == NULL)
547 return 0;
548
549 for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
550 {
551 ((unsigned char*)b->d)[i] = buf[j];
552 }
553
554 b->top = top;
555 bn_fix_top(b);
556 return 1;
557 }
558
559/* Given a pointer value, compute the next address that is a cache line multiple. */
560#define MOD_EXP_CTIME_ALIGN(x_) \
561 ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
562
563/* This variant of BN_mod_exp_mont() uses fixed windows and the special
564 * precomputation memory layout to limit data-dependency to a minimum
565 * to protect secret exponents (cf. the hyper-threading timing attacks
566 * pointed out by Colin Percival,
567 * http://www.daemonology.net/hyperthreading-considered-harmful/)
568 */
569int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
570 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
571 {
572 int i,bits,ret=0,idx,window,wvalue;
573 int top;
574 BIGNUM *r;
575 const BIGNUM *aa;
576 BN_MONT_CTX *mont=NULL;
577
578 int numPowers;
579 unsigned char *powerbufFree=NULL;
580 int powerbufLen = 0;
581 unsigned char *powerbuf=NULL;
582 BIGNUM *computeTemp=NULL, *am=NULL;
583
584 bn_check_top(a);
585 bn_check_top(p);
586 bn_check_top(m);
587
588 top = m->top;
589
590 if (!(m->d[0] & 1))
591 {
592 BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
593 return(0);
594 }
595 bits=BN_num_bits(p);
596 if (bits == 0)
597 {
598 ret = BN_one(rr);
599 return ret;
600 }
601
602 /* Initialize BIGNUM context and allocate intermediate result */
603 BN_CTX_start(ctx);
604 r = BN_CTX_get(ctx);
605 if (r == NULL) goto err;
606
607 /* Allocate a montgomery context if it was not supplied by the caller.
608 * If this is not done, things will break in the montgomery part.
609 */
610 if (in_mont != NULL)
611 mont=in_mont;
612 else
613 {
614 if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
615 if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
616 }
617
618 /* Get the window size to use with size of p. */
619 window = BN_window_bits_for_ctime_exponent_size(bits);
620
621 /* Allocate a buffer large enough to hold all of the pre-computed
622 * powers of a.
623 */
624 numPowers = 1 << window;
625 powerbufLen = sizeof(m->d[0])*top*numPowers;
626 if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
627 goto err;
628
629 powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
630 memset(powerbuf, 0, powerbufLen);
631
632 /* Initialize the intermediate result. Do this early to save double conversion,
633 * once each for a^0 and intermediate result.
634 */
635 if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
636 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
637
638 /* Initialize computeTemp as a^1 with montgomery precalcs */
639 computeTemp = BN_CTX_get(ctx);
640 am = BN_CTX_get(ctx);
641 if (computeTemp==NULL || am==NULL) goto err;
642
643 if (a->neg || BN_ucmp(a,m) >= 0)
644 {
645 if (!BN_mod(am,a,m,ctx))
646 goto err;
647 aa= am;
648 }
649 else
650 aa=a;
651 if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
652 if (!BN_copy(computeTemp, am)) goto err;
653 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
654
655 /* If the window size is greater than 1, then calculate
656 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
657 * (even powers could instead be computed as (a^(i/2))^2
658 * to use the slight performance advantage of sqr over mul).
659 */
660 if (window > 1)
661 {
662 for (i=2; i<numPowers; i++)
663 {
664 /* Calculate a^i = a^(i-1) * a */
665 if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
666 goto err;
667 if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
668 }
669 }
670
671 /* Adjust the number of bits up to a multiple of the window size.
672 * If the exponent length is not a multiple of the window size, then
673 * this pads the most significant bits with zeros to normalize the
674 * scanning loop to there's no special cases.
675 *
676 * * NOTE: Making the window size a power of two less than the native
677 * * word size ensures that the padded bits won't go past the last
678 * * word in the internal BIGNUM structure. Going past the end will
679 * * still produce the correct result, but causes a different branch
680 * * to be taken in the BN_is_bit_set function.
681 */
682 bits = ((bits+window-1)/window)*window;
683 idx=bits-1; /* The top bit of the window */
684
685 /* Scan the exponent one window at a time starting from the most
686 * significant bits.
687 */
688 while (idx >= 0)
689 {
690 wvalue=0; /* The 'value' of the window */
691
692 /* Scan the window, squaring the result as we go */
693 for (i=0; i<window; i++,idx--)
694 {
695 if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
696 wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
697 }
698
699 /* Fetch the appropriate pre-computed value from the pre-buf */
700 if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
701
702 /* Multiply the result into the intermediate result */
703 if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
704 }
705
706 /* Convert the final result from montgomery to standard format */
707 if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
708 ret=1;
709err:
710 if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
711 if (powerbuf!=NULL)
712 {
713 OPENSSL_cleanse(powerbuf,powerbufLen);
714 OPENSSL_free(powerbufFree);
715 }
716 if (am!=NULL) BN_clear(am);
717 if (computeTemp!=NULL) BN_clear(computeTemp);
718 BN_CTX_end(ctx);
719 return(ret);
720 }
721
496int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, 722int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
497 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) 723 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
498 { 724 {
@@ -517,6 +743,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
517#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ 743#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
518 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) 744 (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
519 745
746 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
747 {
748 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
749 BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
750 return -1;
751 }
752
520 bn_check_top(p); 753 bn_check_top(p);
521 bn_check_top(m); 754 bn_check_top(m);
522 755
@@ -644,6 +877,13 @@ int BN_mod_exp_simple(BIGNUM *r,
644 BIGNUM *d; 877 BIGNUM *d;
645 BIGNUM val[TABLE_SIZE]; 878 BIGNUM val[TABLE_SIZE];
646 879
880 if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
881 {
882 /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
883 BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
884 return -1;
885 }
886
647 bits=BN_num_bits(p); 887 bits=BN_num_bits(p);
648 888
649 if (bits == 0) 889 if (bits == 0)
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index 253e195e23..a84998f2bd 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -177,6 +177,45 @@ struct bignum_ctx
177 177
178 178
179 179
180/* BN_mod_exp_mont_conttime is based on the assumption that the
181 * L1 data cache line width of the target processor is at least
182 * the following value.
183 */
184#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
185#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
186
187/* Window sizes optimized for fixed window size modular exponentiation
188 * algorithm (BN_mod_exp_mont_consttime).
189 *
190 * To achieve the security goals of BN_mode_exp_mont_consttime, the
191 * maximum size of the window must not exceed
192 * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
193 *
194 * Window size thresholds are defined for cache line sizes of 32 and 64,
195 * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
196 * window size of 7 should only be used on processors that have a 128
197 * byte or greater cache line size.
198 */
199#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
200
201# define BN_window_bits_for_ctime_exponent_size(b) \
202 ((b) > 937 ? 6 : \
203 (b) > 306 ? 5 : \
204 (b) > 89 ? 4 : \
205 (b) > 22 ? 3 : 1)
206# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
207
208#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
209
210# define BN_window_bits_for_ctime_exponent_size(b) \
211 ((b) > 306 ? 5 : \
212 (b) > 89 ? 4 : \
213 (b) > 22 ? 3 : 1)
214# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
215
216#endif
217
218
180/* Pentium pro 16,16,16,32,64 */ 219/* Pentium pro 16,16,16,32,64 */
181/* Alpha 16,16,16,16.64 */ 220/* Alpha 16,16,16,16.64 */
182#define BN_MULL_SIZE_NORMAL (16) /* 32 */ 221#define BN_MULL_SIZE_NORMAL (16) /* 32 */
diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c
index b79b1b60da..3572e5a690 100644
--- a/src/lib/libssl/src/crypto/bn/bn_mont.c
+++ b/src/lib/libssl/src/crypto/bn/bn_mont.c
@@ -347,3 +347,23 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
347 return(to); 347 return(to);
348 } 348 }
349 349
350BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
351 const BIGNUM *mod, BN_CTX *ctx)
352 {
353 if (*pmont)
354 return *pmont;
355 CRYPTO_w_lock(lock);
356 if (!*pmont)
357 {
358 *pmont = BN_MONT_CTX_new();
359 if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
360 {
361 BN_MONT_CTX_free(*pmont);
362 *pmont = NULL;
363 }
364 }
365 CRYPTO_w_unlock(lock);
366 return *pmont;
367 }
368
369
diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c
index 79d813d85e..792a75ff4f 100644
--- a/src/lib/libssl/src/crypto/bn/bntest.c
+++ b/src/lib/libssl/src/crypto/bn/bntest.c
@@ -86,6 +86,7 @@ int test_mont(BIO *bp,BN_CTX *ctx);
86int test_mod(BIO *bp,BN_CTX *ctx); 86int test_mod(BIO *bp,BN_CTX *ctx);
87int test_mod_mul(BIO *bp,BN_CTX *ctx); 87int test_mod_mul(BIO *bp,BN_CTX *ctx);
88int test_mod_exp(BIO *bp,BN_CTX *ctx); 88int test_mod_exp(BIO *bp,BN_CTX *ctx);
89int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
89int test_exp(BIO *bp,BN_CTX *ctx); 90int test_exp(BIO *bp,BN_CTX *ctx);
90int test_kron(BIO *bp,BN_CTX *ctx); 91int test_kron(BIO *bp,BN_CTX *ctx);
91int test_sqrt(BIO *bp,BN_CTX *ctx); 92int test_sqrt(BIO *bp,BN_CTX *ctx);
@@ -213,6 +214,10 @@ int main(int argc, char *argv[])
213 if (!test_mod_exp(out,ctx)) goto err; 214 if (!test_mod_exp(out,ctx)) goto err;
214 BIO_flush(out); 215 BIO_flush(out);
215 216
217 message(out,"BN_mod_exp_mont_consttime");
218 if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
219 BIO_flush(out);
220
216 message(out,"BN_exp"); 221 message(out,"BN_exp");
217 if (!test_exp(out,ctx)) goto err; 222 if (!test_exp(out,ctx)) goto err;
218 BIO_flush(out); 223 BIO_flush(out);
@@ -813,6 +818,57 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
813 return(1); 818 return(1);
814 } 819 }
815 820
821int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
822 {
823 BIGNUM *a,*b,*c,*d,*e;
824 int i;
825
826 a=BN_new();
827 b=BN_new();
828 c=BN_new();
829 d=BN_new();
830 e=BN_new();
831
832 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
833 for (i=0; i<num2; i++)
834 {
835 BN_bntest_rand(a,20+i*5,0,0); /**/
836 BN_bntest_rand(b,2+i,0,0); /**/
837
838 if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
839 return(00);
840
841 if (bp != NULL)
842 {
843 if (!results)
844 {
845 BN_print(bp,a);
846 BIO_puts(bp," ^ ");
847 BN_print(bp,b);
848 BIO_puts(bp," % ");
849 BN_print(bp,c);
850 BIO_puts(bp," - ");
851 }
852 BN_print(bp,d);
853 BIO_puts(bp,"\n");
854 }
855 BN_exp(e,a,b,ctx);
856 BN_sub(e,e,d);
857 BN_div(a,b,e,c,ctx);
858 if(!BN_is_zero(b))
859 {
860 fprintf(stderr,"Modulo exponentiation test failed!\n");
861 return 0;
862 }
863 }
864 BN_free(a);
865 BN_free(b);
866 BN_free(c);
867 BN_free(d);
868 BN_free(e);
869 return(1);
870 }
871
816int test_exp(BIO *bp, BN_CTX *ctx) 872int test_exp(BIO *bp, BN_CTX *ctx)
817 { 873 {
818 BIGNUM *a,*b,*d,*e,*one; 874 BIGNUM *a,*b,*d,*e,*one;
diff --git a/src/lib/libssl/src/crypto/bn/expspeed.c b/src/lib/libssl/src/crypto/bn/expspeed.c
index 07a1bcf51c..4d5f221f33 100644
--- a/src/lib/libssl/src/crypto/bn/expspeed.c
+++ b/src/lib/libssl/src/crypto/bn/expspeed.c
@@ -321,7 +321,7 @@ void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
321#else /* TEST_SQRT */ 321#else /* TEST_SQRT */
322 "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d" 322 "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
323#endif 323#endif
324 " -> %8.3fms %5.1f (%ld)\n", 324 " -> %8.6fms %5.1f (%ld)\n",
325#ifdef TEST_SQRT 325#ifdef TEST_SQRT
326 P_MOD_64, 326 P_MOD_64,
327#endif 327#endif
diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c
index b09cf88705..28aaac2ac1 100644
--- a/src/lib/libssl/src/crypto/bn/exptest.c
+++ b/src/lib/libssl/src/crypto/bn/exptest.c
@@ -77,7 +77,7 @@ int main(int argc, char *argv[])
77 BIO *out=NULL; 77 BIO *out=NULL;
78 int i,ret; 78 int i,ret;
79 unsigned char c; 79 unsigned char c;
80 BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; 80 BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
81 81
82 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't 82 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
83 * even check its return value 83 * even check its return value
@@ -88,6 +88,7 @@ int main(int argc, char *argv[])
88 ctx=BN_CTX_new(); 88 ctx=BN_CTX_new();
89 if (ctx == NULL) EXIT(1); 89 if (ctx == NULL) EXIT(1);
90 r_mont=BN_new(); 90 r_mont=BN_new();
91 r_mont_const=BN_new();
91 r_recp=BN_new(); 92 r_recp=BN_new();
92 r_simple=BN_new(); 93 r_simple=BN_new();
93 a=BN_new(); 94 a=BN_new();
@@ -143,8 +144,17 @@ int main(int argc, char *argv[])
143 EXIT(1); 144 EXIT(1);
144 } 145 }
145 146
147 ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
148 if (ret <= 0)
149 {
150 printf("BN_mod_exp_mont_consttime() problems\n");
151 ERR_print_errors(out);
152 EXIT(1);
153 }
154
146 if (BN_cmp(r_simple, r_mont) == 0 155 if (BN_cmp(r_simple, r_mont) == 0
147 && BN_cmp(r_simple,r_recp) == 0) 156 && BN_cmp(r_simple,r_recp) == 0
157 && BN_cmp(r_simple,r_mont_const) == 0)
148 { 158 {
149 printf("."); 159 printf(".");
150 fflush(stdout); 160 fflush(stdout);
@@ -153,6 +163,8 @@ int main(int argc, char *argv[])
153 { 163 {
154 if (BN_cmp(r_simple,r_mont) != 0) 164 if (BN_cmp(r_simple,r_mont) != 0)
155 printf("\nsimple and mont results differ\n"); 165 printf("\nsimple and mont results differ\n");
166 if (BN_cmp(r_simple,r_mont) != 0)
167 printf("\nsimple and mont const time results differ\n");
156 if (BN_cmp(r_simple,r_recp) != 0) 168 if (BN_cmp(r_simple,r_recp) != 0)
157 printf("\nsimple and recp results differ\n"); 169 printf("\nsimple and recp results differ\n");
158 170
@@ -162,11 +174,13 @@ int main(int argc, char *argv[])
162 printf("\nsimple ="); BN_print(out,r_simple); 174 printf("\nsimple ="); BN_print(out,r_simple);
163 printf("\nrecp ="); BN_print(out,r_recp); 175 printf("\nrecp ="); BN_print(out,r_recp);
164 printf("\nmont ="); BN_print(out,r_mont); 176 printf("\nmont ="); BN_print(out,r_mont);
177 printf("\nmont_ct ="); BN_print(out,r_mont_const);
165 printf("\n"); 178 printf("\n");
166 EXIT(1); 179 EXIT(1);
167 } 180 }
168 } 181 }
169 BN_free(r_mont); 182 BN_free(r_mont);
183 BN_free(r_mont_const);
170 BN_free(r_recp); 184 BN_free(r_recp);
171 BN_free(r_simple); 185 BN_free(r_simple);
172 BN_free(a); 186 BN_free(a);
diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c
index 5eee653e14..1fc32a6861 100644
--- a/src/lib/libssl/src/crypto/buffer/buf_err.c
+++ b/src/lib/libssl/src/crypto/buffer/buf_err.c
@@ -1,6 +1,6 @@
1/* crypto/buffer/buf_err.c */ 1/* crypto/buffer/buf_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,11 +64,15 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
70
67static ERR_STRING_DATA BUF_str_functs[]= 71static ERR_STRING_DATA BUF_str_functs[]=
68 { 72 {
69{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, 73{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
70{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, 74{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
71{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, 75{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
72{0,NULL} 76{0,NULL}
73 }; 77 };
74 78
@@ -87,8 +91,8 @@ void ERR_load_BUF_strings(void)
87 { 91 {
88 init=0; 92 init=0;
89#ifndef OPENSSL_NO_ERR 93#ifndef OPENSSL_NO_ERR
90 ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); 94 ERR_load_strings(0,BUF_str_functs);
91 ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); 95 ERR_load_strings(0,BUF_str_reasons);
92#endif 96#endif
93 97
94 } 98 }
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
index dc4791a8cf..db9b7573e0 100644
--- a/src/lib/libssl/src/crypto/cast/c_skey.c
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include <openssl/crypto.h> 59#include <openssl/crypto.h>
60#include <openssl/fips.h>
60#include <openssl/cast.h> 61#include <openssl/cast.h>
61 62
62#include "cast_lcl.h" 63#include "cast_lcl.h"
diff --git a/src/lib/libssl/src/crypto/cast/cast_lcl.h b/src/lib/libssl/src/crypto/cast/cast_lcl.h
index 37f41cc6a4..e756021a33 100644
--- a/src/lib/libssl/src/crypto/cast/cast_lcl.h
+++ b/src/lib/libssl/src/crypto/cast/cast_lcl.h
@@ -64,11 +64,6 @@
64#endif 64#endif
65 65
66 66
67#ifdef OPENSSL_BUILD_SHLIBCRYPTO
68# undef OPENSSL_EXTERN
69# define OPENSSL_EXTERN OPENSSL_EXPORT
70#endif
71
72#undef c2l 67#undef c2l
73#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ 68#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
74 l|=((unsigned long)(*((c)++)))<< 8L, \ 69 l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -222,11 +217,11 @@
222 } 217 }
223#endif 218#endif
224 219
225OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; 220extern const CAST_LONG CAST_S_table0[256];
226OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; 221extern const CAST_LONG CAST_S_table1[256];
227OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; 222extern const CAST_LONG CAST_S_table2[256];
228OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; 223extern const CAST_LONG CAST_S_table3[256];
229OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; 224extern const CAST_LONG CAST_S_table4[256];
230OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; 225extern const CAST_LONG CAST_S_table5[256];
231OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; 226extern const CAST_LONG CAST_S_table6[256];
232OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; 227extern const CAST_LONG CAST_S_table7[256];
diff --git a/src/lib/libssl/src/crypto/comp/c_zlib.c b/src/lib/libssl/src/crypto/comp/c_zlib.c
index 1bd2850d15..5fcb521ffb 100644
--- a/src/lib/libssl/src/crypto/comp/c_zlib.c
+++ b/src/lib/libssl/src/crypto/comp/c_zlib.c
@@ -51,30 +51,17 @@ static COMP_METHOD zlib_method={
51 */ 51 */
52#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 52#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
53# include <windows.h> 53# include <windows.h>
54
55# define Z_CALLCONV _stdcall
56# define ZLIB_SHARED
57#else
58# define Z_CALLCONV
59#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ 54#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
60 55
61#ifdef ZLIB_SHARED 56#ifdef ZLIB_SHARED
62#include <openssl/dso.h> 57#include <openssl/dso.h>
63 58
64/* Prototypes for built in stubs */
65static int stub_compress(Bytef *dest,uLongf *destLen,
66 const Bytef *source, uLong sourceLen);
67static int stub_inflateEnd(z_streamp strm);
68static int stub_inflate(z_streamp strm, int flush);
69static int stub_inflateInit_(z_streamp strm, const char * version,
70 int stream_size);
71
72/* Function pointers */ 59/* Function pointers */
73typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, 60typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
74 const Bytef *source, uLong sourceLen); 61 const Bytef *source, uLong sourceLen);
75typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); 62typedef int (*inflateEnd_ft)(z_streamp strm);
76typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); 63typedef int (*inflate_ft)(z_streamp strm, int flush);
77typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, 64typedef int (*inflateInit__ft)(z_streamp strm,
78 const char * version, int stream_size); 65 const char * version, int stream_size);
79static compress_ft p_compress=NULL; 66static compress_ft p_compress=NULL;
80static inflateEnd_ft p_inflateEnd=NULL; 67static inflateEnd_ft p_inflateEnd=NULL;
@@ -84,10 +71,10 @@ static inflateInit__ft p_inflateInit_=NULL;
84static int zlib_loaded = 0; /* only attempt to init func pts once */ 71static int zlib_loaded = 0; /* only attempt to init func pts once */
85static DSO *zlib_dso = NULL; 72static DSO *zlib_dso = NULL;
86 73
87#define compress stub_compress 74#define compress p_compress
88#define inflateEnd stub_inflateEnd 75#define inflateEnd p_inflateEnd
89#define inflate stub_inflate 76#define inflate p_inflate
90#define inflateInit_ stub_inflateInit_ 77#define inflateInit_ p_inflateInit_
91#endif /* ZLIB_SHARED */ 78#endif /* ZLIB_SHARED */
92 79
93static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, 80static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
@@ -191,16 +178,6 @@ COMP_METHOD *COMP_zlib(void)
191 { 178 {
192#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) 179#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
193 zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); 180 zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
194 if (!zlib_dso)
195 {
196 zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
197 if (zlib_dso)
198 {
199 /* Clear the errors from the first failed
200 DSO_load() */
201 ERR_clear_error();
202 }
203 }
204#else 181#else
205 zlib_dso = DSO_load(NULL, "z", NULL, 0); 182 zlib_dso = DSO_load(NULL, "z", NULL, 0);
206#endif 183#endif
@@ -218,54 +195,21 @@ COMP_METHOD *COMP_zlib(void)
218 p_inflateInit_ 195 p_inflateInit_
219 = (inflateInit__ft) DSO_bind_func(zlib_dso, 196 = (inflateInit__ft) DSO_bind_func(zlib_dso,
220 "inflateInit_"); 197 "inflateInit_");
221 zlib_loaded++; 198
199 if (p_compress && p_inflateEnd && p_inflate
200 && p_inflateInit_)
201 zlib_loaded++;
222 } 202 }
223 } 203 }
224 204
225#endif 205#endif
206#ifdef ZLIB_SHARED
207 if (zlib_loaded)
208#endif
226#if defined(ZLIB) || defined(ZLIB_SHARED) 209#if defined(ZLIB) || defined(ZLIB_SHARED)
227 meth = &zlib_method; 210 meth = &zlib_method;
228#endif 211#endif
229 212
230 return(meth); 213 return(meth);
231 } 214 }
232 215
233#ifdef ZLIB_SHARED
234/* Stubs for each function to be dynamicly loaded */
235static int
236stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
237 {
238 if (p_compress)
239 return(p_compress(dest,destLen,source,sourceLen));
240 else
241 return(Z_MEM_ERROR);
242 }
243
244static int
245stub_inflateEnd(z_streamp strm)
246 {
247 if ( p_inflateEnd )
248 return(p_inflateEnd(strm));
249 else
250 return(Z_MEM_ERROR);
251 }
252
253static int
254stub_inflate(z_streamp strm, int flush)
255 {
256 if ( p_inflate )
257 return(p_inflate(strm,flush));
258 else
259 return(Z_MEM_ERROR);
260 }
261
262static int
263stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
264 {
265 if ( p_inflateInit_ )
266 return(p_inflateInit_(strm,version,stream_size));
267 else
268 return(Z_MEM_ERROR);
269 }
270
271#endif /* ZLIB_SHARED */
diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c
index b5a876ae68..2464f8ed90 100644
--- a/src/lib/libssl/src/crypto/conf/conf_def.c
+++ b/src/lib/libssl/src/crypto/conf/conf_def.c
@@ -613,13 +613,13 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
613 e++; 613 e++;
614 } 614 }
615 /* So at this point we have 615 /* So at this point we have
616 * ns which is the start of the name string which is 616 * np which is the start of the name string which is
617 * '\0' terminated. 617 * '\0' terminated.
618 * cs which is the start of the section string which is 618 * cp which is the start of the section string which is
619 * '\0' terminated. 619 * '\0' terminated.
620 * e is the 'next point after'. 620 * e is the 'next point after'.
621 * r and s are the chars replaced by the '\0' 621 * r and rr are the chars replaced by the '\0'
622 * rp and sp is where 'r' and 's' came from. 622 * rp and rrp is where 'r' and 'rr' came from.
623 */ 623 */
624 p=_CONF_get_string(conf,cp,np); 624 p=_CONF_get_string(conf,cp,np);
625 if (rrp != NULL) *rrp=rr; 625 if (rrp != NULL) *rrp=rr;
@@ -638,6 +638,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
638 points at. /RL */ 638 points at. /RL */
639 len -= e-from; 639 len -= e-from;
640 from=e; 640 from=e;
641
642 /* In case there were no braces or parenthesis around
643 the variable reference, we have to put back the
644 character that was replaced with a '\0'. /RL */
645 *rp = r;
641 } 646 }
642 else 647 else
643 buf->data[to++]= *(from++); 648 buf->data[to++]= *(from++);
diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c
index ee07bfe9d9..f5e2ca4bf0 100644
--- a/src/lib/libssl/src/crypto/conf/conf_err.c
+++ b/src/lib/libssl/src/crypto/conf/conf_err.c
@@ -1,6 +1,6 @@
1/* crypto/conf/conf_err.c */ 1/* crypto/conf/conf_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,47 +64,51 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
70
67static ERR_STRING_DATA CONF_str_functs[]= 71static ERR_STRING_DATA CONF_str_functs[]=
68 { 72 {
69{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"}, 73{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
70{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, 74{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
71{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, 75{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
72{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, 76{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
73{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, 77{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
74{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, 78{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
75{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, 79{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
76{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, 80{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
77{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, 81{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
78{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, 82{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
79{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, 83{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
80{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, 84{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
81{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, 85{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
82{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, 86{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
83{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, 87{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
84{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, 88{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
85{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, 89{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
86{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, 90{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
87{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, 91{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
88{0,NULL} 92{0,NULL}
89 }; 93 };
90 94
91static ERR_STRING_DATA CONF_str_reasons[]= 95static ERR_STRING_DATA CONF_str_reasons[]=
92 { 96 {
93{CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, 97{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"},
94{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, 98{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
95{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, 99{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"},
96{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, 100{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
97{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, 101{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
98{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, 102{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
99{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, 103{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"},
100{CONF_R_NO_CONF ,"no conf"}, 104{ERR_REASON(CONF_R_NO_CONF) ,"no conf"},
101{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, 105{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
102{CONF_R_NO_SECTION ,"no section"}, 106{ERR_REASON(CONF_R_NO_SECTION) ,"no section"},
103{CONF_R_NO_SUCH_FILE ,"no such file"}, 107{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"},
104{CONF_R_NO_VALUE ,"no value"}, 108{ERR_REASON(CONF_R_NO_VALUE) ,"no value"},
105{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, 109{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
106{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, 110{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"},
107{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, 111{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
108{0,NULL} 112{0,NULL}
109 }; 113 };
110 114
@@ -118,8 +122,8 @@ void ERR_load_CONF_strings(void)
118 { 122 {
119 init=0; 123 init=0;
120#ifndef OPENSSL_NO_ERR 124#ifndef OPENSSL_NO_ERR
121 ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); 125 ERR_load_strings(0,CONF_str_functs);
122 ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); 126 ERR_load_strings(0,CONF_str_reasons);
123#endif 127#endif
124 128
125 } 129 }
diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c
index 1b4a1cb4d4..06a6109cce 100644
--- a/src/lib/libssl/src/crypto/cpt_err.c
+++ b/src/lib/libssl/src/crypto/cpt_err.c
@@ -1,6 +1,6 @@
1/* crypto/cpt_err.c */ 1/* crypto/cpt_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,23 +64,27 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
70
67static ERR_STRING_DATA CRYPTO_str_functs[]= 71static ERR_STRING_DATA CRYPTO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, 73{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
70{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"}, 74{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
71{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, 75{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
72{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, 76{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
73{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"}, 77{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
74{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"}, 78{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
75{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"}, 79{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
76{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"}, 80{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
77{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"}, 81{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
78{0,NULL} 82{0,NULL}
79 }; 83 };
80 84
81static ERR_STRING_DATA CRYPTO_str_reasons[]= 85static ERR_STRING_DATA CRYPTO_str_reasons[]=
82 { 86 {
83{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"}, 87{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
84{0,NULL} 88{0,NULL}
85 }; 89 };
86 90
@@ -94,8 +98,8 @@ void ERR_load_CRYPTO_strings(void)
94 { 98 {
95 init=0; 99 init=0;
96#ifndef OPENSSL_NO_ERR 100#ifndef OPENSSL_NO_ERR
97 ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); 101 ERR_load_strings(0,CRYPTO_str_functs);
98 ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons); 102 ERR_load_strings(0,CRYPTO_str_reasons);
99#endif 103#endif
100 104
101 } 105 }
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index fef0afb29f..e63bbe8dba 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -480,6 +480,8 @@ const char *CRYPTO_get_lock_name(int type)
480 return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); 480 return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
481 } 481 }
482 482
483int OPENSSL_NONPIC_relocated=0;
484
483#if defined(_WIN32) && defined(_WINDLL) 485#if defined(_WIN32) && defined(_WINDLL)
484 486
485/* All we really need to do is remove the 'error' state when a thread 487/* All we really need to do is remove the 'error' state when a thread
@@ -491,6 +493,21 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
491 switch(fdwReason) 493 switch(fdwReason)
492 { 494 {
493 case DLL_PROCESS_ATTACH: 495 case DLL_PROCESS_ATTACH:
496#if defined(_WIN32_WINNT)
497 {
498 IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
499 IMAGE_NT_HEADERS *nt_headers;
500
501 if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
502 {
503 nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
504 + dos_header->e_lfanew);
505 if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
506 hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
507 OPENSSL_NONPIC_relocated=1;
508 }
509 }
510#endif
494 break; 511 break;
495 case DLL_THREAD_ATTACH: 512 case DLL_THREAD_ATTACH:
496 break; 513 break;
@@ -504,18 +521,160 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
504 } 521 }
505#endif 522#endif
506 523
524#if defined(_WIN32)
525#include <tchar.h>
526
527#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
528static int IsService(void)
529{ HWINSTA h;
530 DWORD len;
531 WCHAR *name;
532
533 (void)GetDesktopWindow(); /* return value is ignored */
534
535 h = GetProcessWindowStation();
536 if (h==NULL) return -1;
537
538 if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
539 GetLastError() != ERROR_INSUFFICIENT_BUFFER)
540 return -1;
541
542 if (len>512) return -1; /* paranoia */
543 len++,len&=~1; /* paranoia */
544#ifdef _MSC_VER
545 name=(WCHAR *)_alloca(len+sizeof(WCHAR));
546#else
547 name=(WCHAR *)alloca(len+sizeof(WCHAR));
548#endif
549 if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
550 return -1;
551
552 len++,len&=~1; /* paranoia */
553 name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */
554#if 1
555 /* This doesn't cover "interactive" services [working with real
556 * WinSta0's] nor programs started non-interactively by Task
557 * Scheduler [those are working with SAWinSta]. */
558 if (wcsstr(name,L"Service-0x")) return 1;
559#else
560 /* This covers all non-interactive programs such as services. */
561 if (!wcsstr(name,L"WinSta0")) return 1;
562#endif
563 else return 0;
564}
565#endif
566
567void OPENSSL_showfatal (const char *fmta,...)
568{ va_list ap;
569 TCHAR buf[256];
570 const TCHAR *fmt;
571 HANDLE h;
572
573 if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
574 GetFileType(h)!=FILE_TYPE_UNKNOWN)
575 { /* must be console application */
576 va_start (ap,fmta);
577 vfprintf (stderr,fmta,ap);
578 va_end (ap);
579 return;
580 }
581
582 if (sizeof(TCHAR)==sizeof(char))
583 fmt=(const TCHAR *)fmta;
584 else do
585 { int keepgoing;
586 size_t len_0=strlen(fmta)+1,i;
587 WCHAR *fmtw;
588
589#ifdef _MSC_VER
590 fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
591#else
592 fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
593#endif
594 if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
595
596#ifndef OPENSSL_NO_MULTIBYTE
597 if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
598#endif
599 for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
600
601 for (i=0;i<len_0;i++)
602 { if (fmtw[i]==L'%') do
603 { keepgoing=0;
604 switch (fmtw[i+1])
605 { case L'0': case L'1': case L'2': case L'3': case L'4':
606 case L'5': case L'6': case L'7': case L'8': case L'9':
607 case L'.': case L'*':
608 case L'-': i++; keepgoing=1; break;
609 case L's': fmtw[i+1]=L'S'; break;
610 case L'S': fmtw[i+1]=L's'; break;
611 case L'c': fmtw[i+1]=L'C'; break;
612 case L'C': fmtw[i+1]=L'c'; break;
613 }
614 } while (keepgoing);
615 }
616 fmt = (const TCHAR *)fmtw;
617 } while (0);
618
619 va_start (ap,fmta);
620 _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
621 buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
622 va_end (ap);
623
624#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
625 /* this -------------v--- guards NT-specific calls */
626 if (GetVersion() < 0x80000000 && IsService())
627 { HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
628 const TCHAR *pmsg=buf;
629 ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
630 DeregisterEventSource(h);
631 }
632 else
633#endif
634 { MSGBOXPARAMS m;
635
636 m.cbSize = sizeof(m);
637 m.hwndOwner = NULL;
638 m.lpszCaption = _T("OpenSSL: FATAL");
639 m.dwStyle = MB_OK;
640 m.hInstance = NULL;
641 m.lpszIcon = IDI_ERROR;
642 m.dwContextHelpId = 0;
643 m.lpfnMsgBoxCallback = NULL;
644 m.dwLanguageId = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
645 m.lpszText = buf;
646
647 MessageBoxIndirect (&m);
648 }
649}
650#else
651void OPENSSL_showfatal (const char *fmta,...)
652{ va_list ap;
653
654 va_start (ap,fmta);
655 vfprintf (stderr,fmta,ap);
656 va_end (ap);
657}
658#endif
659
507void OpenSSLDie(const char *file,int line,const char *assertion) 660void OpenSSLDie(const char *file,int line,const char *assertion)
508 { 661 {
509 fprintf(stderr, 662 OPENSSL_showfatal(
510 "%s(%d): OpenSSL internal error, assertion failed: %s\n", 663 "%s(%d): OpenSSL internal error, assertion failed: %s\n",
511 file,line,assertion); 664 file,line,assertion);
512 abort(); 665 abort();
513 } 666 }
514 667
668void *OPENSSL_stderr(void) { return stderr; }
669
515#ifdef OPENSSL_FIPS 670#ifdef OPENSSL_FIPS
671
672void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
673void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
674void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
675void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
676
516static int fips_started = 0; 677static int fips_started = 0;
517static int fips_mode = 0;
518static void *fips_rand_check = 0;
519static unsigned long fips_thread = 0; 678static unsigned long fips_thread = 0;
520 679
521void fips_set_started(void) 680void fips_set_started(void)
@@ -576,57 +735,10 @@ int fips_clear_owning_thread(void)
576 return ret; 735 return ret;
577 } 736 }
578 737
579void fips_set_mode(int onoff) 738unsigned char *fips_signature_witness(void)
580 {
581 int owning_thread = fips_is_owning_thread();
582
583 if (fips_is_started())
584 {
585 if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
586 fips_mode = onoff;
587 if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
588 }
589 }
590
591void fips_set_rand_check(void *rand_check)
592 {
593 int owning_thread = fips_is_owning_thread();
594
595 if (fips_is_started())
596 {
597 if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
598 fips_rand_check = rand_check;
599 if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
600 }
601 }
602
603int FIPS_mode(void)
604 {
605 int ret = 0;
606 int owning_thread = fips_is_owning_thread();
607
608 if (fips_is_started())
609 {
610 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
611 ret = fips_mode;
612 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
613 }
614 return ret;
615 }
616
617void *FIPS_rand_check(void)
618 { 739 {
619 void *ret = 0; 740 extern unsigned char FIPS_signature[];
620 int owning_thread = fips_is_owning_thread(); 741 return FIPS_signature;
621
622 if (fips_is_started())
623 {
624 if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
625 ret = fips_rand_check;
626 if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
627 }
628 return ret;
629 } 742 }
630
631#endif /* OPENSSL_FIPS */ 743#endif /* OPENSSL_FIPS */
632 744
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 0d6b9d59f0..6f59e08ca6 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -93,6 +93,10 @@ extern "C" {
93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) 93#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
94#define HEX_SIZE(type) (sizeof(type)*2) 94#define HEX_SIZE(type) (sizeof(type)*2)
95 95
96void OPENSSL_showfatal(const char *,...);
97void *OPENSSL_stderr(void);
98extern int OPENSSL_NONPIC_relocated;
99
96#ifdef __cplusplus 100#ifdef __cplusplus
97} 101}
98#endif 102#endif
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
index c044ce0099..427c321f25 100644
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ b/src/lib/libssl/src/crypto/crypto-lib.com
@@ -184,10 +184,10 @@ $ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
184$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - 184$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
185 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - 185 "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
186 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - 186 "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
187 "bn_recp,bn_mont,bn_mpi,bn_exp2" 187 "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
188$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - 188$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
189 "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - 189 "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
190 "rsa_asn1" 190 "rsa_pss,rsa_x931,rsa_asn1"
191$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ - 191$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
192 "ec_err" 192 "ec_err"
193$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl" 193$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
@@ -265,10 +265,15 @@ $ LIB_KRB5 = "krb5_asn"
265$! 265$!
266$! Setup exceptional compilations 266$! Setup exceptional compilations
267$! 267$!
268$ ! Add definitions for no threads on OpenVMS 7.1 and higher
268$ COMPILEWITH_CC3 = ",bss_rtcp," 269$ COMPILEWITH_CC3 = ",bss_rtcp,"
270$ ! Disable the DOLLARID warning
269$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," 271$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
272$ ! Disable disjoint optimization
270$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - 273$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
271 "sha_dgst,sha1dgst,rmd_dgst,bf_enc," 274 "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
275$ ! Disable the MIXLINKAGE warning
276$ COMPILEWITH_CC6 = ",enc_read,set_key,"
272$! 277$!
273$! Figure Out What Other Modules We Are To Build. 278$! Figure Out What Other Modules We Are To Build.
274$! 279$!
@@ -497,7 +502,12 @@ $ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
497$ THEN 502$ THEN
498$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' 503$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
499$ ELSE 504$ ELSE
500$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' 505$ IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
506$ THEN
507$ CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
508$ ELSE
509$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
510$ ENDIF
501$ ENDIF 511$ ENDIF
502$ ENDIF 512$ ENDIF
503$ ENDIF 513$ ENDIF
@@ -960,7 +970,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
960$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 970$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
961$ CCEXTRAFLAGS = "" 971$ CCEXTRAFLAGS = ""
962$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 972$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
963$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 973$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
964$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 974$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
965 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 975 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
966$! 976$!
@@ -1077,14 +1087,18 @@ $ THEN
1077$ IF CCDISABLEWARNINGS .EQS. "" 1087$ IF CCDISABLEWARNINGS .EQS. ""
1078$ THEN 1088$ THEN
1079$ CC4DISABLEWARNINGS = "DOLLARID" 1089$ CC4DISABLEWARNINGS = "DOLLARID"
1090$ CC6DISABLEWARNINGS = "MIXLINKAGE"
1080$ ELSE 1091$ ELSE
1081$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" 1092$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
1093$ CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
1082$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" 1094$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
1083$ ENDIF 1095$ ENDIF
1084$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" 1096$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
1097$ CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
1085$ ELSE 1098$ ELSE
1086$ CCDISABLEWARNINGS = "" 1099$ CCDISABLEWARNINGS = ""
1087$ CC4DISABLEWARNINGS = "" 1100$ CC4DISABLEWARNINGS = ""
1101$ CC6DISABLEWARNINGS = ""
1088$ ENDIF 1102$ ENDIF
1089$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS 1103$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
1090$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS 1104$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
@@ -1095,6 +1109,7 @@ $ ELSE
1095$ CC5 = CC + "/NOOPTIMIZE" 1109$ CC5 = CC + "/NOOPTIMIZE"
1096$ ENDIF 1110$ ENDIF
1097$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS 1111$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
1112$ CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
1098$! 1113$!
1099$! Show user the result 1114$! Show user the result
1100$! 1115$!
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 4d1dfac7f1..22fd939e65 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -434,12 +434,9 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
434 434
435/* die if we have to */ 435/* die if we have to */
436void OpenSSLDie(const char *file,int line,const char *assertion); 436void OpenSSLDie(const char *file,int line,const char *assertion);
437#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) 437#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
438 438
439#ifdef OPENSSL_FIPS 439#ifdef OPENSSL_FIPS
440int FIPS_mode(void);
441void *FIPS_rand_check(void);
442
443#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ 440#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
444 alg " previous FIPS forbidden algorithm error ignored"); 441 alg " previous FIPS forbidden algorithm error ignored");
445 442
diff --git a/src/lib/libssl/src/crypto/des/des_locl.h b/src/lib/libssl/src/crypto/des/des_locl.h
index e44e8e98b2..8f04b18c50 100644
--- a/src/lib/libssl/src/crypto/des/des_locl.h
+++ b/src/lib/libssl/src/crypto/des/des_locl.h
@@ -421,7 +421,7 @@
421 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ 421 PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
422 } 422 }
423 423
424OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; 424extern const DES_LONG DES_SPtrans[8][64];
425 425
426void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, 426void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
427 DES_LONG Eswap0, DES_LONG Eswap1); 427 DES_LONG Eswap0, DES_LONG Eswap1);
diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h
index 0aff7fe21f..8562d16fb7 100644
--- a/src/lib/libssl/src/crypto/dh/dh.h
+++ b/src/lib/libssl/src/crypto/dh/dh.h
@@ -70,7 +70,14 @@
70#include <openssl/crypto.h> 70#include <openssl/crypto.h>
71#include <openssl/ossl_typ.h> 71#include <openssl/ossl_typ.h>
72 72
73#define DH_FLAG_CACHE_MONT_P 0x01 73#define DH_FLAG_CACHE_MONT_P 0x01
74#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
75 * implementation now uses constant time
76 * modular exponentiation for secret exponents
77 * by default. This flag causes the
78 * faster variable sliding window method to
79 * be used for all exponents.
80 */
74 81
75#ifdef __cplusplus 82#ifdef __cplusplus
76extern "C" { 83extern "C" {
diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c
index 914b8a9c53..9336bfce6b 100644
--- a/src/lib/libssl/src/crypto/dh/dh_err.c
+++ b/src/lib/libssl/src/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
1/* crypto/dh/dh_err.c */ 1/* crypto/dh/dh_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
70
67static ERR_STRING_DATA DH_str_functs[]= 71static ERR_STRING_DATA DH_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, 73{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
70{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, 74{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
71{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, 75{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
72{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, 76{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
73{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, 77{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
74{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, 78{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
75{0,NULL} 79{0,NULL}
76 }; 80 };
77 81
78static ERR_STRING_DATA DH_str_reasons[]= 82static ERR_STRING_DATA DH_str_reasons[]=
79 { 83 {
80{DH_R_BAD_GENERATOR ,"bad generator"}, 84{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
81{DH_R_NO_PRIVATE_VALUE ,"no private value"}, 85{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
82{DH_R_INVALID_PUBKEY ,"invalid public key"}, 86{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_DH_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_DH,DH_str_functs); 100 ERR_load_strings(0,DH_str_functs);
97 ERR_load_strings(ERR_LIB_DH,DH_str_reasons); 101 ERR_load_strings(0,DH_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index 648766a6ec..e3641ec468 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
105 int generate_new_key=0; 105 int generate_new_key=0;
106 unsigned l; 106 unsigned l;
107 BN_CTX *ctx; 107 BN_CTX *ctx;
108 BN_MONT_CTX *mont; 108 BN_MONT_CTX *mont=NULL;
109 BIGNUM *pub_key=NULL,*priv_key=NULL; 109 BIGNUM *pub_key=NULL,*priv_key=NULL;
110 110
111 ctx = BN_CTX_new(); 111 ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
128 else 128 else
129 pub_key=dh->pub_key; 129 pub_key=dh->pub_key;
130 130
131 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) 131
132 if (dh->flags & DH_FLAG_CACHE_MONT_P)
132 { 133 {
133 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 134 mont = BN_MONT_CTX_set_locked(
134 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, 135 (BN_MONT_CTX **)&dh->method_mont_p,
135 dh->p,ctx)) goto err; 136 CRYPTO_LOCK_DH, dh->p, ctx);
137 if (!mont)
138 goto err;
136 } 139 }
137 mont=(BN_MONT_CTX *)dh->method_mont_p;
138 140
139 if (generate_new_key) 141 if (generate_new_key)
140 { 142 {
141 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ 143 l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
142 if (!BN_rand(priv_key, l, 0, 0)) goto err; 144 if (!BN_rand(priv_key, l, 0, 0)) goto err;
143 } 145 }
144 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) 146
145 goto err; 147 {
148 BIGNUM local_prk;
149 BIGNUM *prk;
150
151 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
152 {
153 BN_init(&local_prk);
154 prk = &local_prk;
155 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
156 }
157 else
158 prk = priv_key;
159
160 if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
161 }
146 162
147 dh->pub_key=pub_key; 163 dh->pub_key=pub_key;
148 dh->priv_key=priv_key; 164 dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
160static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) 176static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
161 { 177 {
162 BN_CTX *ctx; 178 BN_CTX *ctx;
163 BN_MONT_CTX *mont; 179 BN_MONT_CTX *mont=NULL;
164 BIGNUM *tmp; 180 BIGNUM *tmp;
165 int ret= -1; 181 int ret= -1;
166 int check_result; 182 int check_result;
@@ -175,15 +191,20 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
175 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); 191 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
176 goto err; 192 goto err;
177 } 193 }
178 if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) 194
195 if (dh->flags & DH_FLAG_CACHE_MONT_P)
179 { 196 {
180 if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 197 mont = BN_MONT_CTX_set_locked(
181 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, 198 (BN_MONT_CTX **)&dh->method_mont_p,
182 dh->p,ctx)) goto err; 199 CRYPTO_LOCK_DH, dh->p, ctx);
200 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
201 {
202 /* XXX */
203 BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
204 }
205 if (!mont)
206 goto err;
183 } 207 }
184
185 mont=(BN_MONT_CTX *)dh->method_mont_p;
186
187 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) 208 if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
188 { 209 {
189 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY); 210 DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
@@ -197,8 +218,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
197 218
198 ret=BN_bn2bin(tmp,key); 219 ret=BN_bn2bin(tmp,key);
199err: 220err:
200 BN_CTX_end(ctx); 221 if (ctx != NULL)
201 BN_CTX_free(ctx); 222 {
223 BN_CTX_end(ctx);
224 BN_CTX_free(ctx);
225 }
202 return(ret); 226 return(ret);
203 } 227 }
204 228
@@ -207,7 +231,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
207 const BIGNUM *m, BN_CTX *ctx, 231 const BIGNUM *m, BN_CTX *ctx,
208 BN_MONT_CTX *m_ctx) 232 BN_MONT_CTX *m_ctx)
209 { 233 {
210 if (a->top == 1) 234 /* If a is only one word long and constant time is false, use the faster
235 * exponenentiation function.
236 */
237 if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
211 { 238 {
212 BN_ULONG A = a->d[0]; 239 BN_ULONG A = a->d[0];
213 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); 240 return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
diff --git a/src/lib/libssl/src/crypto/dh/dhtest.c b/src/lib/libssl/src/crypto/dh/dhtest.c
index d75077f9fa..b76dede771 100644
--- a/src/lib/libssl/src/crypto/dh/dhtest.c
+++ b/src/lib/libssl/src/crypto/dh/dhtest.c
@@ -136,6 +136,10 @@ int main(int argc, char *argv[])
136 b->g=BN_dup(a->g); 136 b->g=BN_dup(a->g);
137 if ((b->p == NULL) || (b->g == NULL)) goto err; 137 if ((b->p == NULL) || (b->g == NULL)) goto err;
138 138
139 /* Set a to run with normal modexp and b to use constant time */
140 a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
141 b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
142
139 if (!DH_generate_key(a)) goto err; 143 if (!DH_generate_key(a)) goto err;
140 BIO_puts(out,"pri 1="); 144 BIO_puts(out,"pri 1=");
141 BN_print(out,a->priv_key); 145 BN_print(out,a->priv_key);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 225ff391f9..851e3f0445 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -80,6 +80,20 @@
80#endif 80#endif
81 81
82#define DSA_FLAG_CACHE_MONT_P 0x01 82#define DSA_FLAG_CACHE_MONT_P 0x01
83#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
84 * implementation now uses constant time
85 * modular exponentiation for secret exponents
86 * by default. This flag causes the
87 * faster variable sliding window method to
88 * be used for all exponents.
89 */
90
91/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
92 * it is then the applications responsibility to ensure the external method
93 * is compliant.
94 */
95
96#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04
83 97
84#if defined(OPENSSL_FIPS) 98#if defined(OPENSSL_FIPS)
85#define FIPS_DSA_SIZE_T int 99#define FIPS_DSA_SIZE_T int
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
index 79aa4ff526..fd42053572 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/dsa/dsa_err.c */ 1/* crypto/dsa/dsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,29 +64,33 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
70
67static ERR_STRING_DATA DSA_str_functs[]= 71static ERR_STRING_DATA DSA_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, 73{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
70{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, 74{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
71{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, 75{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
72{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, 76{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
73{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, 77{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
74{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, 78{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
75{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, 79{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
76{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, 80{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
77{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, 81{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
78{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, 82{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
79{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, 83{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
80{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, 84{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
81{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, 85{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
82{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, 86{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
86static ERR_STRING_DATA DSA_str_reasons[]= 90static ERR_STRING_DATA DSA_str_reasons[]=
87 { 91 {
88{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 92{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
89{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, 93{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
90{0,NULL} 94{0,NULL}
91 }; 95 };
92 96
@@ -100,8 +104,8 @@ void ERR_load_DSA_strings(void)
100 { 104 {
101 init=0; 105 init=0;
102#ifndef OPENSSL_NO_ERR 106#ifndef OPENSSL_NO_ERR
103 ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); 107 ERR_load_strings(0,DSA_str_functs);
104 ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); 108 ERR_load_strings(0,DSA_str_reasons);
105#endif 109#endif
106 110
107 } 111 }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 30607ca579..980b6dc2d3 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -90,8 +90,22 @@ int DSA_generate_key(DSA *dsa)
90 } 90 }
91 else 91 else
92 pub_key=dsa->pub_key; 92 pub_key=dsa->pub_key;
93
94 {
95 BIGNUM local_prk;
96 BIGNUM *prk;
97
98 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
99 {
100 BN_init(&local_prk);
101 prk = &local_prk;
102 BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
103 }
104 else
105 prk = priv_key;
93 106
94 if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err; 107 if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
108 }
95 109
96 dsa->priv_key=priv_key; 110 dsa->priv_key=priv_key;
97 dsa->pub_key=pub_key; 111 dsa->pub_key=pub_key;
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index f1a85afcde..12509a7083 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -172,7 +172,7 @@ err:
172static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 172static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
173 { 173 {
174 BN_CTX *ctx; 174 BN_CTX *ctx;
175 BIGNUM k,*kinv=NULL,*r=NULL; 175 BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
176 int ret=0; 176 int ret=0;
177 177
178 if (!dsa->p || !dsa->q || !dsa->g) 178 if (!dsa->p || !dsa->q || !dsa->g)
@@ -182,6 +182,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
182 } 182 }
183 183
184 BN_init(&k); 184 BN_init(&k);
185 BN_init(&kq);
185 186
186 if (ctx_in == NULL) 187 if (ctx_in == NULL)
187 { 188 {
@@ -191,22 +192,49 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
191 ctx=ctx_in; 192 ctx=ctx_in;
192 193
193 if ((r=BN_new()) == NULL) goto err; 194 if ((r=BN_new()) == NULL) goto err;
194 kinv=NULL;
195 195
196 /* Get random k */ 196 /* Get random k */
197 do 197 do
198 if (!BN_rand_range(&k, dsa->q)) goto err; 198 if (!BN_rand_range(&k, dsa->q)) goto err;
199 while (BN_is_zero(&k)); 199 while (BN_is_zero(&k));
200 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
201 {
202 BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
203 }
200 204
201 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 205 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
202 { 206 {
203 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 207 if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
204 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, 208 CRYPTO_LOCK_DSA,
205 dsa->p,ctx)) goto err; 209 dsa->p, ctx))
210 goto err;
206 } 211 }
207 212
208 /* Compute r = (g^k mod p) mod q */ 213 /* Compute r = (g^k mod p) mod q */
209 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, 214
215 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
216 {
217 if (!BN_copy(&kq, &k)) goto err;
218
219 /* We do not want timing information to leak the length of k,
220 * so we compute g^k using an equivalent exponent of fixed length.
221 *
222 * (This is a kludge that we need because the BN_mod_exp_mont()
223 * does not let us specify the desired timing behaviour.) */
224
225 if (!BN_add(&kq, &kq, dsa->q)) goto err;
226 if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
227 {
228 if (!BN_add(&kq, &kq, dsa->q)) goto err;
229 }
230
231 K = &kq;
232 }
233 else
234 {
235 K = &k;
236 }
237 if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
210 (BN_MONT_CTX *)dsa->method_mont_p)) goto err; 238 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
211 if (!BN_mod(r,r,dsa->q,ctx)) goto err; 239 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
212 240
@@ -229,6 +257,7 @@ err:
229 if (ctx_in == NULL) BN_CTX_free(ctx); 257 if (ctx_in == NULL) BN_CTX_free(ctx);
230 if (kinv != NULL) BN_clear_free(kinv); 258 if (kinv != NULL) BN_clear_free(kinv);
231 BN_clear_free(&k); 259 BN_clear_free(&k);
260 BN_clear_free(&kq);
232 return(ret); 261 return(ret);
233 } 262 }
234 263
@@ -275,13 +304,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
275 /* u2 = r * w mod q */ 304 /* u2 = r * w mod q */
276 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; 305 if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
277 306
278 if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) 307
308 if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
279 { 309 {
280 if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) 310 mont = BN_MONT_CTX_set_locked(
281 if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, 311 (BN_MONT_CTX **)&dsa->method_mont_p,
282 dsa->p,ctx)) goto err; 312 CRYPTO_LOCK_DSA, dsa->p, ctx);
313 if (!mont)
314 goto err;
283 } 315 }
284 mont=(BN_MONT_CTX *)dsa->method_mont_p;
285 316
286#if 0 317#if 0
287 { 318 {
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index 3c9753bac3..37c65efb20 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -72,7 +72,8 @@
72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 72DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
73 { 73 {
74#ifdef OPENSSL_FIPS 74#ifdef OPENSSL_FIPS
75 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 75 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
76 && !FIPS_dsa_check(dsa))
76 return NULL; 77 return NULL;
77#endif 78#endif
78 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 79 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
96int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 97int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
97 { 98 {
98#ifdef OPENSSL_FIPS 99#ifdef OPENSSL_FIPS
99 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 100 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
101 && !FIPS_dsa_check(dsa))
100 return 0; 102 return 0;
101#endif 103#endif
102 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 104 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 8ef0c45025..c9784bed48 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
74 DSA *dsa) 74 DSA *dsa)
75 { 75 {
76#ifdef OPENSSL_FIPS 76#ifdef OPENSSL_FIPS
77 if(FIPS_mode() && !FIPS_dsa_check(dsa)) 77 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
78 && !FIPS_dsa_check(dsa))
78 return -1; 79 return -1;
79#endif 80#endif
80 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 81 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c
index 4734ce4af8..55a3756aff 100644
--- a/src/lib/libssl/src/crypto/dsa/dsatest.c
+++ b/src/lib/libssl/src/crypto/dsa/dsatest.c
@@ -194,10 +194,19 @@ int main(int argc, char **argv)
194 BIO_printf(bio_err,"g value is wrong\n"); 194 BIO_printf(bio_err,"g value is wrong\n");
195 goto end; 195 goto end;
196 } 196 }
197
198 dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
197 DSA_generate_key(dsa); 199 DSA_generate_key(dsa);
198 DSA_sign(0, str1, 20, sig, &siglen, dsa); 200 DSA_sign(0, str1, 20, sig, &siglen, dsa);
199 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) 201 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
200 ret=1; 202 ret=1;
203
204 dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
205 DSA_generate_key(dsa);
206 DSA_sign(0, str1, 20, sig, &siglen, dsa);
207 if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
208 ret=1;
209
201end: 210end:
202 if (!ret) 211 if (!ret)
203 ERR_print_errors(bio_err); 212 ERR_print_errors(bio_err);
diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c
index 79d2cb4d8c..f7b4dfc0c3 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dl.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dl.c
@@ -126,7 +126,8 @@ static int dl_load(DSO *dso)
126 DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); 126 DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
127 goto err; 127 goto err;
128 } 128 }
129 ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); 129 ptr = shl_load(filename, BIND_IMMEDIATE |
130 (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
130 if(ptr == NULL) 131 if(ptr == NULL)
131 { 132 {
132 DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); 133 DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
@@ -281,4 +282,36 @@ static char *dl_name_converter(DSO *dso, const char *filename)
281 return(translated); 282 return(translated);
282 } 283 }
283 284
285#ifdef OPENSSL_FIPS
286static void dl_ref_point(){}
287
288int DSO_pathbyaddr(void *addr,char *path,int sz)
289 {
290 struct shl_descriptor inf;
291 int i,len;
292
293 if (addr == NULL)
294 {
295 union { void(*f)(); void *p; } t = { dl_ref_point };
296 addr = t.p;
297 }
298
299 for (i=-1;shl_get_r(i,&inf)==0;i++)
300 {
301 if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
302 ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
303 {
304 len = (int)strlen(inf.filename);
305 if (sz <= 0) return len+1;
306 if (len >= sz) len=sz-1;
307 memcpy(path,inf.filename,len);
308 path[len++] = 0;
309 return len;
310 }
311 }
312
313 return -1;
314 }
315#endif
316
284#endif /* DSO_DL */ 317#endif /* DSO_DL */
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
index 2e72969431..d48b4202f2 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -56,6 +56,10 @@
56 * 56 *
57 */ 57 */
58 58
59#ifdef __linux
60#define _GNU_SOURCE
61#endif
62
59#include <stdio.h> 63#include <stdio.h>
60#include "cryptlib.h" 64#include "cryptlib.h"
61#include <openssl/dso.h> 65#include <openssl/dso.h>
@@ -228,7 +232,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
228static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) 232static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
229 { 233 {
230 void *ptr; 234 void *ptr;
231 DSO_FUNC_TYPE sym; 235 DSO_FUNC_TYPE sym, *tsym = &sym;
232 236
233 if((dso == NULL) || (symname == NULL)) 237 if((dso == NULL) || (symname == NULL))
234 { 238 {
@@ -246,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
246 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); 250 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
247 return(NULL); 251 return(NULL);
248 } 252 }
249 sym = (DSO_FUNC_TYPE)dlsym(ptr, symname); 253 *(void**)(tsym) = dlsym(ptr, symname);
250 if(sym == NULL) 254 if(sym == NULL)
251 { 255 {
252 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); 256 DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -290,4 +294,32 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
290 return(translated); 294 return(translated);
291 } 295 }
292 296
297#ifdef OPENSSL_FIPS
298static void dlfcn_ref_point(){}
299
300int DSO_pathbyaddr(void *addr,char *path,int sz)
301 {
302 Dl_info dli;
303 int len;
304
305 if (addr == NULL)
306 {
307 union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
308 addr = t.p;
309 }
310
311 if (dladdr(addr,&dli))
312 {
313 len = (int)strlen(dli.dli_fname);
314 if (sz <= 0) return len+1;
315 if (len >= sz) len=sz-1;
316 memcpy(path,dli.dli_fname,len);
317 path[len++]=0;
318 return len;
319 }
320
321 ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
322 return -1;
323 }
324#endif
293#endif /* DSO_DLFCN */ 325#endif /* DSO_DLFCN */
diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c
index cf452de1aa..581677cc36 100644
--- a/src/lib/libssl/src/crypto/dso/dso_err.c
+++ b/src/lib/libssl/src/crypto/dso/dso_err.c
@@ -1,6 +1,6 @@
1/* crypto/dso/dso_err.c */ 1/* crypto/dso/dso_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,56 +64,60 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
70
67static ERR_STRING_DATA DSO_str_functs[]= 71static ERR_STRING_DATA DSO_str_functs[]=
68 { 72 {
69{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, 73{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
70{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, 74{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
71{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, 75{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
72{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, 76{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
73{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, 77{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
74{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, 78{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
75{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, 79{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
76{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, 80{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
77{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, 81{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
78{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, 82{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
79{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, 83{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
80{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, 84{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
81{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, 85{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
82{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, 86{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
83{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, 87{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
84{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, 88{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
85{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, 89{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
86{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, 90{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
87{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, 91{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
88{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, 92{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
89{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, 93{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
90{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"}, 94{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
91{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, 95{ERR_FUNC(DSO_F_VMS_BIND_VAR), "VMS_BIND_VAR"},
92{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, 96{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
93{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, 97{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
94{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, 98{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
95{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, 99{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
96{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, 100{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
97{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, 101{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
98{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, 102{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
99{0,NULL} 103{0,NULL}
100 }; 104 };
101 105
102static ERR_STRING_DATA DSO_str_reasons[]= 106static ERR_STRING_DATA DSO_str_reasons[]=
103 { 107 {
104{DSO_R_CTRL_FAILED ,"control command failed"}, 108{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"},
105{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, 109{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"},
106{DSO_R_FILENAME_TOO_BIG ,"filename too big"}, 110{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"},
107{DSO_R_FINISH_FAILED ,"cleanup method function failed"}, 111{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"},
108{DSO_R_LOAD_FAILED ,"could not load the shared library"}, 112{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"},
109{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, 113{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
110{DSO_R_NO_FILENAME ,"no filename"}, 114{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"},
111{DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, 115{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"},
112{DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, 116{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"},
113{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, 117{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"},
114{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, 118{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"},
115{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, 119{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"},
116{DSO_R_UNSUPPORTED ,"functionality not supported"}, 120{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"},
117{0,NULL} 121{0,NULL}
118 }; 122 };
119 123
@@ -127,8 +131,8 @@ void ERR_load_DSO_strings(void)
127 { 131 {
128 init=0; 132 init=0;
129#ifndef OPENSSL_NO_ERR 133#ifndef OPENSSL_NO_ERR
130 ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); 134 ERR_load_strings(0,DSO_str_functs);
131 ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); 135 ERR_load_strings(0,DSO_str_reasons);
132#endif 136#endif
133 137
134 } 138 }
diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c
index 3fa90eb27c..cc4ac68696 100644
--- a/src/lib/libssl/src/crypto/dso/dso_win32.c
+++ b/src/lib/libssl/src/crypto/dso/dso_win32.c
@@ -68,6 +68,25 @@ DSO_METHOD *DSO_METHOD_win32(void)
68 } 68 }
69#else 69#else
70 70
71#ifdef _WIN32_WCE
72# if _WIN32_WCE < 300
73static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
74 {
75 WCHAR lpProcNameW[64];
76 int i;
77
78 for (i=0;lpProcName[i] && i<64;i++)
79 lpProcNameW[i] = (WCHAR)lpProcName[i];
80 if (i==64) return NULL;
81 lpProcNameW[i] = 0;
82
83 return GetProcAddressW(hModule,lpProcNameW);
84 }
85# endif
86# undef GetProcAddress
87# define GetProcAddress GetProcAddressA
88#endif
89
71/* Part of the hack in "win32_load" ... */ 90/* Part of the hack in "win32_load" ... */
72#define DSO_MAX_TRANSLATED_SIZE 256 91#define DSO_MAX_TRANSLATED_SIZE 256
73 92
@@ -122,7 +141,7 @@ static int win32_load(DSO *dso)
122 DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); 141 DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
123 goto err; 142 goto err;
124 } 143 }
125 h = LoadLibrary(filename); 144 h = LoadLibraryA(filename);
126 if(h == NULL) 145 if(h == NULL)
127 { 146 {
128 DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); 147 DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
diff --git a/src/lib/libssl/src/crypto/ec/ec_err.c b/src/lib/libssl/src/crypto/ec/ec_err.c
index d37b6aba87..5b70f94382 100644
--- a/src/lib/libssl/src/crypto/ec/ec_err.c
+++ b/src/lib/libssl/src/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
1/* crypto/ec/ec_err.c */ 1/* crypto/ec/ec_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,70 +64,74 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
70
67static ERR_STRING_DATA EC_str_functs[]= 71static ERR_STRING_DATA EC_str_functs[]=
68 { 72 {
69{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"}, 73{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
70{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"}, 74{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
71{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, 75{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
72{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, 76{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
73{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, 77{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
74{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, 78{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "ec_GFp_simple_group_set_curve_GFp"},
75{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, 79{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "ec_GFp_simple_group_set_generator"},
76{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, 80{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
77{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"}, 81{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
78{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"}, 82{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
79{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"}, 83{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
80{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, 84{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
81{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, 85{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
82{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, 86{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "ec_GFp_simple_set_compressed_coordinates_GFp"},
83{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, 87{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
84{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, 88{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
85{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, 89{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
86{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, 90{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
87{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, 91{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
88{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, 92{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
89{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, 93{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
90{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"}, 94{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
91{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"}, 95{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_set_extra_data"},
92{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"}, 96{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
93{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"}, 97{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
94{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"}, 98{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
95{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"}, 99{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
96{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"}, 100{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
97{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"}, 101{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
98{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"}, 102{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
99{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"}, 103{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
100{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"}, 104{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
101{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"}, 105{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
102{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"}, 106{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
103{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"}, 107{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
104{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"}, 108{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
105{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"}, 109{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
106{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"}, 110{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
107{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"}, 111{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
108{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, 112{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
109{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, 113{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
110{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, 114{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
111{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"}, 115{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP), "GFP_MONT_GROUP_SET_CURVE_GFP"},
112{0,NULL} 116{0,NULL}
113 }; 117 };
114 118
115static ERR_STRING_DATA EC_str_reasons[]= 119static ERR_STRING_DATA EC_str_reasons[]=
116 { 120 {
117{EC_R_BUFFER_TOO_SMALL ,"buffer too small"}, 121{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
118{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, 122{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
119{EC_R_INVALID_ARGUMENT ,"invalid argument"}, 123{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
120{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, 124{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
121{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, 125{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
122{EC_R_INVALID_ENCODING ,"invalid encoding"}, 126{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
123{EC_R_INVALID_FIELD ,"invalid field"}, 127{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
124{EC_R_INVALID_FORM ,"invalid form"}, 128{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
125{EC_R_NOT_INITIALIZED ,"not initialized"}, 129{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
126{EC_R_POINT_AT_INFINITY ,"point at infinity"}, 130{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
127{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, 131{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
128{EC_R_SLOT_FULL ,"slot full"}, 132{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
129{EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, 133{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
130{EC_R_UNKNOWN_ORDER ,"unknown order"}, 134{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
131{0,NULL} 135{0,NULL}
132 }; 136 };
133 137
@@ -141,8 +145,8 @@ void ERR_load_EC_strings(void)
141 { 145 {
142 init=0; 146 init=0;
143#ifndef OPENSSL_NO_ERR 147#ifndef OPENSSL_NO_ERR
144 ERR_load_strings(ERR_LIB_EC,EC_str_functs); 148 ERR_load_strings(0,EC_str_functs);
145 ERR_load_strings(ERR_LIB_EC,EC_str_reasons); 149 ERR_load_strings(0,EC_str_reasons);
146#endif 150#endif
147 151
148 } 152 }
diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c
index cdf670901a..4225760af1 100644
--- a/src/lib/libssl/src/crypto/engine/eng_cnf.c
+++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c
@@ -158,7 +158,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
158 */ 158 */
159 if (!strcmp(ctrlvalue, "EMPTY")) 159 if (!strcmp(ctrlvalue, "EMPTY"))
160 ctrlvalue = NULL; 160 ctrlvalue = NULL;
161 else if (!strcmp(ctrlname, "init")) 161 if (!strcmp(ctrlname, "init"))
162 { 162 {
163 if (!NCONF_get_number_e(cnf, value, "init", &do_init)) 163 if (!NCONF_get_number_e(cnf, value, "init", &do_init))
164 goto err; 164 goto err;
diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c
index 814d95ee32..fdc0e7be0f 100644
--- a/src/lib/libssl/src/crypto/engine/eng_err.c
+++ b/src/lib/libssl/src/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
1/* crypto/engine/eng_err.c */ 1/* crypto/engine/eng_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,87 +64,91 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
70
67static ERR_STRING_DATA ENGINE_str_functs[]= 71static ERR_STRING_DATA ENGINE_str_functs[]=
68 { 72 {
69{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, 73{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
70{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, 74{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
71{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, 75{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
72{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, 76{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
73{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, 77{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
74{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, 78{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
75{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, 79{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
76{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, 80{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
77{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, 81{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
78{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, 82{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
79{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, 83{ERR_FUNC(ENGINE_F_ENGINE_FREE), "ENGINE_free"},
80{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"}, 84{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
81{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, 85{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
82{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"}, 86{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
83{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, 87{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
84{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, 88{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
85{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, 89{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
86{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, 90{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
87{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, 91{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
88{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, 92{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
89{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, 93{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
90{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"}, 94{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
91{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, 95{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
92{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, 96{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
93{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"}, 97{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
94{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, 98{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
95{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, 99{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
96{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, 100{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
97{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, 101{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
98{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, 102{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
99{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0), "ENGINE_up_ref"}, 103{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
100{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, 104{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
101{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, 105{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
102{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, 106{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
103{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, 107{ERR_FUNC(ENGINE_F_SET_DATA_CTX), "SET_DATA_CTX"},
104{0,NULL} 108{0,NULL}
105 }; 109 };
106 110
107static ERR_STRING_DATA ENGINE_str_reasons[]= 111static ERR_STRING_DATA ENGINE_str_reasons[]=
108 { 112 {
109{ENGINE_R_ALREADY_LOADED ,"already loaded"}, 113{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
110{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, 114{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
111{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, 115{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
112{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, 116{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
113{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, 117{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
114{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, 118{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
115{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, 119{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
116{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, 120{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
117{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, 121{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
118{ENGINE_R_DSO_FAILURE ,"DSO failure"}, 122{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
119{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, 123{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
120{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"}, 124{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
121{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, 125{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
122{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"}, 126{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
123{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, 127{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
124{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, 128{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
125{ENGINE_R_FINISH_FAILED ,"finish failed"}, 129{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
126{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, 130{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
127{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, 131{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
128{ENGINE_R_INIT_FAILED ,"init failed"}, 132{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
129{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, 133{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
130{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, 134{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
131{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, 135{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
132{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, 136{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
133{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"}, 137{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
134{ENGINE_R_INVALID_STRING ,"invalid string"}, 138{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
135{ENGINE_R_NOT_INITIALISED ,"not initialised"}, 139{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
136{ENGINE_R_NOT_LOADED ,"not loaded"}, 140{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
137{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, 141{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
138{ENGINE_R_NO_INDEX ,"no index"}, 142{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
139{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, 143{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
140{ENGINE_R_NO_REFERENCE ,"no reference"}, 144{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
141{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, 145{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
142{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, 146{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
143{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, 147{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
144{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, 148{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
145{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"}, 149{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
146{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"}, 150{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
147{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, 151{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
148{0,NULL} 152{0,NULL}
149 }; 153 };
150 154
@@ -158,8 +162,8 @@ void ERR_load_ENGINE_strings(void)
158 { 162 {
159 init=0; 163 init=0;
160#ifndef OPENSSL_NO_ERR 164#ifndef OPENSSL_NO_ERR
161 ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); 165 ERR_load_strings(0,ENGINE_str_functs);
162 ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); 166 ERR_load_strings(0,ENGINE_str_reasons);
163#endif 167#endif
164 168
165 } 169 }
diff --git a/src/lib/libssl/src/crypto/engine/hw_aep.c b/src/lib/libssl/src/crypto/engine/hw_aep.c
index 8b8380a582..5f1772ea99 100644
--- a/src/lib/libssl/src/crypto/engine/hw_aep.c
+++ b/src/lib/libssl/src/crypto/engine/hw_aep.c
@@ -474,6 +474,7 @@ static int aep_init(ENGINE *e)
474 474
475 if(aep_dso) 475 if(aep_dso)
476 DSO_free(aep_dso); 476 DSO_free(aep_dso);
477 aep_dso = NULL;
477 478
478 p_AEP_OpenConnection = NULL; 479 p_AEP_OpenConnection = NULL;
479 p_AEP_ModExp = NULL; 480 p_AEP_ModExp = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/hw_atalla.c b/src/lib/libssl/src/crypto/engine/hw_atalla.c
index e9eff9fad1..2b8342bbdd 100644
--- a/src/lib/libssl/src/crypto/engine/hw_atalla.c
+++ b/src/lib/libssl/src/crypto/engine/hw_atalla.c
@@ -375,6 +375,7 @@ static int atalla_init(ENGINE *e)
375err: 375err:
376 if(atalla_dso) 376 if(atalla_dso)
377 DSO_free(atalla_dso); 377 DSO_free(atalla_dso);
378 atalla_dso = NULL;
378 p_Atalla_GetHardwareConfig = NULL; 379 p_Atalla_GetHardwareConfig = NULL;
379 p_Atalla_RSAPrivateKeyOpFn = NULL; 380 p_Atalla_RSAPrivateKeyOpFn = NULL;
380 p_Atalla_GetPerformanceStatistics = NULL; 381 p_Atalla_GetPerformanceStatistics = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/hw_cswift.c b/src/lib/libssl/src/crypto/engine/hw_cswift.c
index f128ee5a68..1411fd8333 100644
--- a/src/lib/libssl/src/crypto/engine/hw_cswift.c
+++ b/src/lib/libssl/src/crypto/engine/hw_cswift.c
@@ -90,6 +90,7 @@ static int cswift_destroy(ENGINE *e);
90static int cswift_init(ENGINE *e); 90static int cswift_init(ENGINE *e);
91static int cswift_finish(ENGINE *e); 91static int cswift_finish(ENGINE *e);
92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 92static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
93static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
93 94
94/* BIGNUM stuff */ 95/* BIGNUM stuff */
95static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 96static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -403,7 +404,10 @@ static int cswift_init(ENGINE *e)
403 return 1; 404 return 1;
404err: 405err:
405 if(cswift_dso) 406 if(cswift_dso)
407 {
406 DSO_free(cswift_dso); 408 DSO_free(cswift_dso);
409 cswift_dso = NULL;
410 }
407 p_CSwift_AcquireAccContext = NULL; 411 p_CSwift_AcquireAccContext = NULL;
408 p_CSwift_AttachKeyParam = NULL; 412 p_CSwift_AttachKeyParam = NULL;
409 p_CSwift_SimpleRequest = NULL; 413 p_CSwift_SimpleRequest = NULL;
@@ -553,6 +557,29 @@ err:
553 return to_return; 557 return to_return;
554 } 558 }
555 559
560
561int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
562{
563 int mod;
564 int numbytes = BN_num_bytes(in);
565
566 mod = 0;
567 while( ((out->nbytes = (numbytes+mod)) % 32) )
568 {
569 mod++;
570 }
571 out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
572 if(!out->value)
573 {
574 return 0;
575 }
576 BN_bn2bin(in, &out->value[mod]);
577 if(mod)
578 memset(out->value, 0, mod);
579
580 return 1;
581}
582
556/* Un petit mod_exp chinois */ 583/* Un petit mod_exp chinois */
557static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 584static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
558 const BIGNUM *q, const BIGNUM *dmp1, 585 const BIGNUM *q, const BIGNUM *dmp1,
@@ -562,15 +589,16 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
562 SW_LARGENUMBER arg, res; 589 SW_LARGENUMBER arg, res;
563 SW_PARAM sw_param; 590 SW_PARAM sw_param;
564 SW_CONTEXT_HANDLE hac; 591 SW_CONTEXT_HANDLE hac;
565 BIGNUM *rsa_p = NULL;
566 BIGNUM *rsa_q = NULL;
567 BIGNUM *rsa_dmp1 = NULL;
568 BIGNUM *rsa_dmq1 = NULL;
569 BIGNUM *rsa_iqmp = NULL;
570 BIGNUM *argument = NULL;
571 BIGNUM *result = NULL; 592 BIGNUM *result = NULL;
593 BIGNUM *argument = NULL;
572 int to_return = 0; /* expect failure */ 594 int to_return = 0; /* expect failure */
573 int acquired = 0; 595 int acquired = 0;
596
597 sw_param.up.crt.p.value = NULL;
598 sw_param.up.crt.q.value = NULL;
599 sw_param.up.crt.dmp1.value = NULL;
600 sw_param.up.crt.dmq1.value = NULL;
601 sw_param.up.crt.iqmp.value = NULL;
574 602
575 if(!get_context(&hac)) 603 if(!get_context(&hac))
576 { 604 {
@@ -578,44 +606,55 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
578 goto err; 606 goto err;
579 } 607 }
580 acquired = 1; 608 acquired = 1;
609
581 /* Prepare the params */ 610 /* Prepare the params */
582 BN_CTX_start(ctx); 611 argument = BN_new();
583 rsa_p = BN_CTX_get(ctx); 612 result = BN_new();
584 rsa_q = BN_CTX_get(ctx); 613 if(!result || !argument)
585 rsa_dmp1 = BN_CTX_get(ctx);
586 rsa_dmq1 = BN_CTX_get(ctx);
587 rsa_iqmp = BN_CTX_get(ctx);
588 argument = BN_CTX_get(ctx);
589 result = BN_CTX_get(ctx);
590 if(!result)
591 { 614 {
592 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL); 615 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
593 goto err; 616 goto err;
594 } 617 }
595 if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) || 618
596 !bn_wexpand(rsa_dmp1, dmp1->top) || 619
597 !bn_wexpand(rsa_dmq1, dmq1->top) || 620 sw_param.type = SW_ALG_CRT;
598 !bn_wexpand(rsa_iqmp, iqmp->top) || 621 /************************************************************************/
599 !bn_wexpand(argument, a->top) || 622 /* 04/02/2003 */
623 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
624 /* limitation of cswift with values not a multiple of 32 */
625 /************************************************************************/
626 if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
627 {
628 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
629 goto err;
630 }
631 if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
632 {
633 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
634 goto err;
635 }
636 if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
637 {
638 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
639 goto err;
640 }
641 if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
642 {
643 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
644 goto err;
645 }
646 if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
647 {
648 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
649 goto err;
650 }
651 if( !bn_wexpand(argument, a->top) ||
600 !bn_wexpand(result, p->top + q->top)) 652 !bn_wexpand(result, p->top + q->top))
601 { 653 {
602 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL); 654 CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
603 goto err; 655 goto err;
604 } 656 }
605 sw_param.type = SW_ALG_CRT; 657
606 sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
607 sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
608 sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
609 sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
610 sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
611 (unsigned char *)rsa_dmp1->d);
612 sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
613 sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
614 (unsigned char *)rsa_dmq1->d);
615 sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
616 sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
617 (unsigned char *)rsa_iqmp->d);
618 sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
619 /* Attach the key params */ 658 /* Attach the key params */
620 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); 659 sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
621 switch(sw_status) 660 switch(sw_status)
@@ -654,9 +693,22 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
654 BN_bin2bn((unsigned char *)result->d, res.nbytes, r); 693 BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
655 to_return = 1; 694 to_return = 1;
656err: 695err:
696 if(sw_param.up.crt.p.value)
697 OPENSSL_free(sw_param.up.crt.p.value);
698 if(sw_param.up.crt.q.value)
699 OPENSSL_free(sw_param.up.crt.q.value);
700 if(sw_param.up.crt.dmp1.value)
701 OPENSSL_free(sw_param.up.crt.dmp1.value);
702 if(sw_param.up.crt.dmq1.value)
703 OPENSSL_free(sw_param.up.crt.dmq1.value);
704 if(sw_param.up.crt.iqmp.value)
705 OPENSSL_free(sw_param.up.crt.iqmp.value);
706 if(result)
707 BN_free(result);
708 if(argument)
709 BN_free(argument);
657 if(acquired) 710 if(acquired)
658 release_context(hac); 711 release_context(hac);
659 BN_CTX_end(ctx);
660 return to_return; 712 return to_return;
661 } 713 }
662 714
@@ -665,6 +717,27 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
665 { 717 {
666 BN_CTX *ctx; 718 BN_CTX *ctx;
667 int to_return = 0; 719 int to_return = 0;
720 const RSA_METHOD * def_rsa_method;
721
722 /* Try the limits of RSA (2048 bits) */
723 if(BN_num_bytes(rsa->p) > 128 ||
724 BN_num_bytes(rsa->q) > 128 ||
725 BN_num_bytes(rsa->dmp1) > 128 ||
726 BN_num_bytes(rsa->dmq1) > 128 ||
727 BN_num_bytes(rsa->iqmp) > 128)
728 {
729#ifdef RSA_NULL
730 def_rsa_method=RSA_null_method();
731#else
732#if 0
733 def_rsa_method=RSA_PKCS1_RSAref();
734#else
735 def_rsa_method=RSA_PKCS1_SSLeay();
736#endif
737#endif
738 if(def_rsa_method)
739 return def_rsa_method->rsa_mod_exp(r0, I, rsa);
740 }
668 741
669 if((ctx = BN_CTX_new()) == NULL) 742 if((ctx = BN_CTX_new()) == NULL)
670 goto err; 743 goto err;
@@ -686,6 +759,26 @@ err:
686static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 759static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
687 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 760 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
688 { 761 {
762 const RSA_METHOD * def_rsa_method;
763
764 /* Try the limits of RSA (2048 bits) */
765 if(BN_num_bytes(r) > 256 ||
766 BN_num_bytes(a) > 256 ||
767 BN_num_bytes(m) > 256)
768 {
769#ifdef RSA_NULL
770 def_rsa_method=RSA_null_method();
771#else
772#if 0
773 def_rsa_method=RSA_PKCS1_RSAref();
774#else
775 def_rsa_method=RSA_PKCS1_SSLeay();
776#endif
777#endif
778 if(def_rsa_method)
779 return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
780 }
781
689 return cswift_mod_exp(r, a, p, m, ctx); 782 return cswift_mod_exp(r, a, p, m, ctx);
690 } 783 }
691 784
@@ -930,9 +1023,10 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
930 SW_CONTEXT_HANDLE hac; 1023 SW_CONTEXT_HANDLE hac;
931 SW_STATUS swrc; 1024 SW_STATUS swrc;
932 SW_LARGENUMBER largenum; 1025 SW_LARGENUMBER largenum;
933 size_t nbytes = 0;
934 int acquired = 0; 1026 int acquired = 0;
935 int to_return = 0; /* assume failure */ 1027 int to_return = 0; /* assume failure */
1028 unsigned char buf32[1024];
1029
936 1030
937 if (!get_context(&hac)) 1031 if (!get_context(&hac))
938 { 1032 {
@@ -941,17 +1035,19 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
941 } 1035 }
942 acquired = 1; 1036 acquired = 1;
943 1037
944 while (nbytes < (size_t)num) 1038 /************************************************************************/
1039 /* 04/02/2003 */
1040 /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
1041 /* limitation of cswift with values not a multiple of 32 */
1042 /************************************************************************/
1043
1044 while(num >= sizeof(buf32))
945 { 1045 {
1046 largenum.value = buf;
1047 largenum.nbytes = sizeof(buf32);
946 /* tell CryptoSwift how many bytes we want and where we want it. 1048 /* tell CryptoSwift how many bytes we want and where we want it.
947 * Note: - CryptoSwift cannot do more than 4096 bytes at a time. 1049 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
948 * - CryptoSwift can only do multiple of 32-bits. */ 1050 * - CryptoSwift can only do multiple of 32-bits. */
949 largenum.value = (SW_BYTE *) buf + nbytes;
950 if (4096 > num - nbytes)
951 largenum.nbytes = num - nbytes;
952 else
953 largenum.nbytes = 4096;
954
955 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); 1051 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
956 if (swrc != SW_OK) 1052 if (swrc != SW_OK)
957 { 1053 {
@@ -961,14 +1057,30 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
961 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); 1057 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
962 goto err; 1058 goto err;
963 } 1059 }
964 1060 buf += sizeof(buf32);
965 nbytes += largenum.nbytes; 1061 num -= sizeof(buf32);
1062 }
1063 if(num)
1064 {
1065 largenum.nbytes = sizeof(buf32);
1066 largenum.value = buf32;
1067 swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
1068 if (swrc != SW_OK)
1069 {
1070 char tmpbuf[20];
1071 CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
1072 sprintf(tmpbuf, "%ld", swrc);
1073 ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
1074 goto err;
1075 }
1076 memcpy(buf, largenum.value, num);
966 } 1077 }
967 to_return = 1; /* success */
968 1078
1079 to_return = 1; /* success */
969err: 1080err:
970 if (acquired) 1081 if (acquired)
971 release_context(hac); 1082 release_context(hac);
1083
972 return to_return; 1084 return to_return;
973} 1085}
974 1086
diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
index 5234a08a07..8fb834af31 100644
--- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c
+++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c
@@ -454,6 +454,7 @@ static int ubsec_init(ENGINE *e)
454err: 454err:
455 if(ubsec_dso) 455 if(ubsec_dso)
456 DSO_free(ubsec_dso); 456 DSO_free(ubsec_dso);
457 ubsec_dso = NULL;
457 p_UBSEC_ubsec_bytes_to_bits = NULL; 458 p_UBSEC_ubsec_bytes_to_bits = NULL;
458 p_UBSEC_ubsec_bits_to_bytes = NULL; 459 p_UBSEC_ubsec_bits_to_bytes = NULL;
459 p_UBSEC_ubsec_open = NULL; 460 p_UBSEC_ubsec_open = NULL;
diff --git a/src/lib/libssl/src/crypto/engine/tb_dsa.c b/src/lib/libssl/src/crypto/engine/tb_dsa.c
index 80170591f2..7efe181927 100644
--- a/src/lib/libssl/src/crypto/engine/tb_dsa.c
+++ b/src/lib/libssl/src/crypto/engine/tb_dsa.c
@@ -94,7 +94,7 @@ int ENGINE_set_default_DSA(ENGINE *e)
94 { 94 {
95 if(e->dsa_meth) 95 if(e->dsa_meth)
96 return engine_table_register(&dsa_table, 96 return engine_table_register(&dsa_table,
97 engine_unregister_all_DSA, e, &dummy_nid, 1, 0); 97 engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
98 return 1; 98 return 1;
99 } 99 }
100 100
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index c78790a54c..53687d79ab 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -621,7 +621,8 @@ static void err_load_strings(int lib, ERR_STRING_DATA *str)
621 { 621 {
622 while (str->error) 622 while (str->error)
623 { 623 {
624 str->error|=ERR_PACK(lib,0,0); 624 if (lib)
625 str->error|=ERR_PACK(lib,0,0);
625 ERRFN(err_set_item)(str); 626 ERRFN(err_set_item)(str);
626 str++; 627 str++;
627 } 628 }
@@ -637,7 +638,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
637 { 638 {
638 while (str->error) 639 while (str->error)
639 { 640 {
640 str->error|=ERR_PACK(lib,0,0); 641 if (lib)
642 str->error|=ERR_PACK(lib,0,0);
641 ERRFN(err_del_item)(str); 643 ERRFN(err_del_item)(str);
642 str++; 644 str++;
643 } 645 }
diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec
index 447a7f87ed..f8cd6937e7 100644
--- a/src/lib/libssl/src/crypto/err/openssl.ec
+++ b/src/lib/libssl/src/crypto/err/openssl.ec
@@ -27,7 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c
27L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c 27L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
28L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c 28L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
29L UI crypto/ui/ui.h crypto/ui/ui_err.c 29L UI crypto/ui/ui.h crypto/ui/ui_err.c
30L FIPS fips/fips.h fips/fips_err.h 30L FIPS fips-1.0/fips.h fips-1.0/fips_err.h
31 31
32# additional header files to be scanned for function names 32# additional header files to be scanned for function names
33L NONE crypto/x509/x509_vfy.h NONE 33L NONE crypto/x509/x509_vfy.h NONE
diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c
index ab81851503..b8cda1a9f0 100644
--- a/src/lib/libssl/src/crypto/evp/bio_enc.c
+++ b/src/lib/libssl/src/crypto/evp/bio_enc.c
@@ -71,7 +71,7 @@ static int enc_new(BIO *h);
71static int enc_free(BIO *data); 71static int enc_free(BIO *data);
72static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); 72static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
73#define ENC_BLOCK_SIZE (1024*4) 73#define ENC_BLOCK_SIZE (1024*4)
74#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH 74#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
75 75
76typedef struct enc_struct 76typedef struct enc_struct
77 { 77 {
diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c
index aae7bf7482..929ea56a3e 100644
--- a/src/lib/libssl/src/crypto/evp/c_alld.c
+++ b/src/lib/libssl/src/crypto/evp/c_alld.c
@@ -100,4 +100,14 @@ void OpenSSL_add_all_digests(void)
100 EVP_add_digest_alias(SN_ripemd160,"ripemd"); 100 EVP_add_digest_alias(SN_ripemd160,"ripemd");
101 EVP_add_digest_alias(SN_ripemd160,"rmd160"); 101 EVP_add_digest_alias(SN_ripemd160,"rmd160");
102#endif 102#endif
103#ifdef OPENSSL_FIPS
104#ifndef OPENSSL_NO_SHA256
105 EVP_add_digest(EVP_sha224());
106 EVP_add_digest(EVP_sha256());
107#endif
108#ifndef OPENSSL_NO_SHA512
109 EVP_add_digest(EVP_sha384());
110 EVP_add_digest(EVP_sha512());
111#endif
112#endif
103 } 113 }
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index f35036c9d7..7b67984fa1 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -86,9 +86,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
86 86
87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) 87#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
88 88
89IMPLEMENT_AES_CFBR(128,1,0) 89IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
90IMPLEMENT_AES_CFBR(192,1,0) 90IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
91IMPLEMENT_AES_CFBR(256,1,0) 91IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
92 92
93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) 93IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) 94IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index 08209357ce..33e540087d 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -313,7 +313,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
313 /* There will never be more than two '=' */ 313 /* There will never be more than two '=' */
314 } 314 }
315 315
316 if ((v == B64_EOF) || (n >= 64)) 316 if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
317 { 317 {
318 /* This is needed to work correctly on 64 byte input 318 /* This is needed to work correctly on 64 byte input
319 * lines. We process the line and then need to 319 * lines. We process the line and then need to
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 09e597f631..f29e0ba8f0 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -86,7 +86,7 @@
86#define EVP_CAST5_KEY_SIZE 16 86#define EVP_CAST5_KEY_SIZE 16
87#define EVP_RC5_32_12_16_KEY_SIZE 16 87#define EVP_RC5_32_12_16_KEY_SIZE 16
88*/ 88*/
89#define EVP_MAX_MD_SIZE 64 /* to fit SHA512 */ 89#define EVP_MAX_MD_SIZE 64 /* longest known SHA512 */
90#define EVP_MAX_KEY_LENGTH 32 90#define EVP_MAX_KEY_LENGTH 32
91#define EVP_MAX_IV_LENGTH 16 91#define EVP_MAX_IV_LENGTH 16
92#define EVP_MAX_BLOCK_LENGTH 32 92#define EVP_MAX_BLOCK_LENGTH 32
@@ -589,6 +589,16 @@ const EVP_MD *EVP_sha(void);
589const EVP_MD *EVP_sha1(void); 589const EVP_MD *EVP_sha1(void);
590const EVP_MD *EVP_dss(void); 590const EVP_MD *EVP_dss(void);
591const EVP_MD *EVP_dss1(void); 591const EVP_MD *EVP_dss1(void);
592#ifdef OPENSSL_FIPS
593#ifndef OPENSSL_NO_SHA256
594const EVP_MD *EVP_sha224(void);
595const EVP_MD *EVP_sha256(void);
596#endif
597#ifndef OPENSSL_NO_SHA512
598const EVP_MD *EVP_sha384(void);
599const EVP_MD *EVP_sha512(void);
600#endif
601#endif
592#endif 602#endif
593#ifndef OPENSSL_NO_MDC2 603#ifndef OPENSSL_NO_MDC2
594const EVP_MD *EVP_mdc2(void); 604const EVP_MD *EVP_mdc2(void);
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
index 40135d0729..77eee070d3 100644
--- a/src/lib/libssl/src/crypto/evp/evp_err.c
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -64,88 +64,92 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
70
67static ERR_STRING_DATA EVP_str_functs[]= 71static ERR_STRING_DATA EVP_str_functs[]=
68 { 72 {
69{ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, 73{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
70{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, 74{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
71{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"}, 75{ERR_FUNC(EVP_F_EVP_ADD_CIPHER), "EVP_add_cipher"},
72{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"}, 76{ERR_FUNC(EVP_F_EVP_ADD_DIGEST), "EVP_add_digest"},
73{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, 77{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
74{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, 78{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
75{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, 79{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
76{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, 80{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL), "EVP_DecryptFinal"},
77{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, 81{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
78{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, 82{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL), "EVP_EncryptFinal"},
79{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"}, 83{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME), "EVP_get_cipherbyname"},
80{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"}, 84{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME), "EVP_get_digestbyname"},
81{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, 85{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY), "EVP_MD_CTX_copy"},
82{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, 86{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
83{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, 87{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
84{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, 88{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
85{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, 89{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
86{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, 90{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN), "EVP_PKCS8_SET_BROKEN"},
87{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, 91{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"},
88{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, 92{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
89{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, 93{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
90{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, 94{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
91{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, 95{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
92{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, 96{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
93{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, 97{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
94{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, 98{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
95{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, 99{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
96{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, 100{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
97{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, 101{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
98{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, 102{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
99{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, 103{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
100{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, 104{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
101{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, 105{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
102{0,NULL} 106{0,NULL}
103 }; 107 };
104 108
105static ERR_STRING_DATA EVP_str_reasons[]= 109static ERR_STRING_DATA EVP_str_reasons[]=
106 { 110 {
107{EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, 111{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
108{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, 112{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
109{EVP_R_BAD_DECRYPT ,"bad decrypt"}, 113{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
110{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, 114{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
111{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, 115{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
112{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, 116{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
113{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, 117{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
114{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, 118{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
115{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, 119{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
116{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, 120{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
117{EVP_R_DECODE_ERROR ,"decode error"}, 121{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
118{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, 122{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
119{EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"}, 123{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
120{EVP_R_ENCODE_ERROR ,"encode error"}, 124{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
121{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, 125{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
122{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, 126{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
123{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, 127{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
124{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, 128{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
125{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, 129{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
126{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, 130{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
127{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, 131{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
128{EVP_R_IV_TOO_LARGE ,"iv too large"}, 132{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
129{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, 133{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
130{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, 134{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
131{EVP_R_NO_CIPHER_SET ,"no cipher set"}, 135{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
132{EVP_R_NO_DIGEST_SET ,"no digest set"}, 136{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
133{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, 137{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
134{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, 138{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
135{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, 139{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
136{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, 140{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
137{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, 141{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
138{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, 142{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
139{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, 143{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
140{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 144{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
141{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, 145{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
142{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, 146{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
143{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, 147{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
144{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, 148{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
145{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, 149{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
146{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, 150{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
147{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, 151{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
148{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, 152{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
149{0,NULL} 153{0,NULL}
150 }; 154 };
151 155
@@ -159,8 +163,8 @@ void ERR_load_EVP_strings(void)
159 { 163 {
160 init=0; 164 init=0;
161#ifndef OPENSSL_NO_ERR 165#ifndef OPENSSL_NO_ERR
162 ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); 166 ERR_load_strings(0,EVP_str_functs);
163 ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); 167 ERR_load_strings(0,EVP_str_reasons);
164#endif 168#endif
165 169
166 } 170 }
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
index 5f387a94d3..f8650d5df6 100644
--- a/src/lib/libssl/src/crypto/evp/evp_key.c
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -126,7 +126,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
126 EVP_MD_CTX_init(&c); 126 EVP_MD_CTX_init(&c);
127 for (;;) 127 for (;;)
128 { 128 {
129 EVP_DigestInit_ex(&c,md, NULL); 129 if (!EVP_DigestInit_ex(&c,md, NULL))
130 return 0;
130 if (addmd++) 131 if (addmd++)
131 EVP_DigestUpdate(&c,&(md_buf[0]),mds); 132 EVP_DigestUpdate(&c,&(md_buf[0]),mds);
132 EVP_DigestUpdate(&c,data,datal); 133 EVP_DigestUpdate(&c,data,datal);
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
index f5668ebda0..23b90d0538 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 67 { return SHA1_Init(ctx->md_data); }
68 68
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
70#ifndef OPENSSL_FIPS
70 { return SHA1_Update(ctx->md_data,data,count); } 71 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
71 78
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 79static int final(EVP_MD_CTX *ctx,unsigned char *md)
73 { return SHA1_Final(md,ctx->md_data); } 80 { return SHA1_Final(md,ctx->md_data); }
@@ -77,7 +84,7 @@ static const EVP_MD dss1_md=
77 NID_dsa, 84 NID_dsa,
78 NID_dsaWithSHA1, 85 NID_dsaWithSHA1,
79 SHA_DIGEST_LENGTH, 86 SHA_DIGEST_LENGTH,
80 0, 87 EVP_MD_FLAG_FIPS,
81 init, 88 init,
82 update, 89 update,
83 final, 90 final,
diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c
index d1785e5f74..ed54909b16 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha.c
@@ -59,6 +59,9 @@
59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) 59#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
60#include <stdio.h> 60#include <stdio.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
63 * exactly what we want to achieve here... */
64#include <openssl/sha.h>
62#include <openssl/evp.h> 65#include <openssl/evp.h>
63#include "evp_locl.h" 66#include "evp_locl.h"
64#include <openssl/objects.h> 67#include <openssl/objects.h>
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
index fe4402389a..60da93873c 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -67,7 +67,14 @@ static int init(EVP_MD_CTX *ctx)
67 { return SHA1_Init(ctx->md_data); } 67 { return SHA1_Init(ctx->md_data); }
68 68
69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) 69static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
70#ifndef OPENSSL_FIPS
70 { return SHA1_Update(ctx->md_data,data,count); } 71 { return SHA1_Update(ctx->md_data,data,count); }
72#else
73 {
74 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
75 return SHA1_Update(ctx->md_data,data,count);
76 }
77#endif
71 78
72static int final(EVP_MD_CTX *ctx,unsigned char *md) 79static int final(EVP_MD_CTX *ctx,unsigned char *md)
73 { return SHA1_Final(md,ctx->md_data); } 80 { return SHA1_Final(md,ctx->md_data); }
@@ -93,3 +100,115 @@ const EVP_MD *EVP_sha1(void)
93 return(&sha1_md); 100 return(&sha1_md);
94 } 101 }
95#endif 102#endif
103
104#ifdef OPENSSL_FIPS
105#ifndef OPENSSL_NO_SHA256
106static int init224(EVP_MD_CTX *ctx)
107 { return SHA224_Init(ctx->md_data); }
108static int init256(EVP_MD_CTX *ctx)
109 { return SHA256_Init(ctx->md_data); }
110/*
111 * Even though there're separate SHA224_[Update|Final], we call
112 * SHA256 functions even in SHA224 context. This is what happens
113 * there anyway, so we can spare few CPU cycles:-)
114 */
115static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
116 {
117 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
118 return SHA256_Update(ctx->md_data,data,count);
119 }
120static int final256(EVP_MD_CTX *ctx,unsigned char *md)
121 { return SHA256_Final(md,ctx->md_data); }
122
123static const EVP_MD sha224_md=
124 {
125 NID_sha224,
126 NID_sha224WithRSAEncryption,
127 SHA224_DIGEST_LENGTH,
128 EVP_MD_FLAG_FIPS,
129 init224,
130 update256,
131 final256,
132 NULL,
133 NULL,
134 EVP_PKEY_RSA_method,
135 SHA256_CBLOCK,
136 sizeof(EVP_MD *)+sizeof(SHA256_CTX),
137 };
138
139const EVP_MD *EVP_sha224(void)
140 { return(&sha224_md); }
141
142static const EVP_MD sha256_md=
143 {
144 NID_sha256,
145 NID_sha256WithRSAEncryption,
146 SHA256_DIGEST_LENGTH,
147 EVP_MD_FLAG_FIPS,
148 init256,
149 update256,
150 final256,
151 NULL,
152 NULL,
153 EVP_PKEY_RSA_method,
154 SHA256_CBLOCK,
155 sizeof(EVP_MD *)+sizeof(SHA256_CTX),
156 };
157
158const EVP_MD *EVP_sha256(void)
159 { return(&sha256_md); }
160#endif /* ifndef OPENSSL_NO_SHA256 */
161
162#ifndef OPENSSL_NO_SHA512
163static int init384(EVP_MD_CTX *ctx)
164 { return SHA384_Init(ctx->md_data); }
165static int init512(EVP_MD_CTX *ctx)
166 { return SHA512_Init(ctx->md_data); }
167/* See comment in SHA224/256 section */
168static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
169 {
170 OPENSSL_assert(sizeof(count)<=sizeof(size_t));
171 return SHA512_Update(ctx->md_data,data,count);
172 }
173static int final512(EVP_MD_CTX *ctx,unsigned char *md)
174 { return SHA512_Final(md,ctx->md_data); }
175
176static const EVP_MD sha384_md=
177 {
178 NID_sha384,
179 NID_sha384WithRSAEncryption,
180 SHA384_DIGEST_LENGTH,
181 EVP_MD_FLAG_FIPS,
182 init384,
183 update512,
184 final512,
185 NULL,
186 NULL,
187 EVP_PKEY_RSA_method,
188 SHA512_CBLOCK,
189 sizeof(EVP_MD *)+sizeof(SHA512_CTX),
190 };
191
192const EVP_MD *EVP_sha384(void)
193 { return(&sha384_md); }
194
195static const EVP_MD sha512_md=
196 {
197 NID_sha512,
198 NID_sha512WithRSAEncryption,
199 SHA512_DIGEST_LENGTH,
200 EVP_MD_FLAG_FIPS,
201 init512,
202 update512,
203 final512,
204 NULL,
205 NULL,
206 EVP_PKEY_RSA_method,
207 SHA512_CBLOCK,
208 sizeof(EVP_MD *)+sizeof(SHA512_CTX),
209 };
210
211const EVP_MD *EVP_sha512(void)
212 { return(&sha512_md); }
213#endif /* ifndef OPENSSL_NO_SHA512 */
214#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 1f94e1ef88..1d5fabc4b2 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -194,11 +194,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
194 194
195 /* Now decode key derivation function */ 195 /* Now decode key derivation function */
196 196
197 if(!pbe2->keyfunc->parameter ||
198 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
199 {
200 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
201 goto err;
202 }
203
197 pbuf = pbe2->keyfunc->parameter->value.sequence->data; 204 pbuf = pbe2->keyfunc->parameter->value.sequence->data;
198 plen = pbe2->keyfunc->parameter->value.sequence->length; 205 plen = pbe2->keyfunc->parameter->value.sequence->length;
199 if(!pbe2->keyfunc->parameter || 206 if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
200 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
201 !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
202 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); 207 EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
203 goto err; 208 goto err;
204 } 209 }
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
index 06ee80761f..6c110bd52b 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.c
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -61,6 +61,8 @@
61#include <openssl/hmac.h> 61#include <openssl/hmac.h>
62#include "cryptlib.h" 62#include "cryptlib.h"
63 63
64#ifndef OPENSSL_FIPS
65
64void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, 66void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
65 const EVP_MD *md, ENGINE *impl) 67 const EVP_MD *md, ENGINE *impl)
66 { 68 {
@@ -77,15 +79,6 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
77 79
78 if (key != NULL) 80 if (key != NULL)
79 { 81 {
80#ifdef OPENSSL_FIPS
81 if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
82 && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
83 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
84 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
85 OpenSSLDie(__FILE__,__LINE__,
86 "HMAC: digest not allowed in FIPS mode");
87#endif
88
89 reset=1; 82 reset=1;
90 j=EVP_MD_block_size(md); 83 j=EVP_MD_block_size(md);
91 OPENSSL_assert(j <= sizeof ctx->key); 84 OPENSSL_assert(j <= sizeof ctx->key);
@@ -187,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
187 EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); 180 EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
188 } 181 }
189 182
183#endif
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
index 294ab3b36a..c6489c04c8 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.h
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -64,7 +64,11 @@
64 64
65#include <openssl/evp.h> 65#include <openssl/evp.h>
66 66
67#ifdef OPENSSL_FIPS
68#define HMAC_MAX_MD_CBLOCK 128
69#else
67#define HMAC_MAX_MD_CBLOCK 64 70#define HMAC_MAX_MD_CBLOCK 64
71#endif
68 72
69#ifdef __cplusplus 73#ifdef __cplusplus
70extern "C" { 74extern "C" {
diff --git a/src/lib/libssl/src/crypto/md2/md2_one.c b/src/lib/libssl/src/crypto/md2/md2_one.c
index 835160ef56..8c36ba5779 100644
--- a/src/lib/libssl/src/crypto/md2/md2_one.c
+++ b/src/lib/libssl/src/crypto/md2/md2_one.c
@@ -69,7 +69,8 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
69 static unsigned char m[MD2_DIGEST_LENGTH]; 69 static unsigned char m[MD2_DIGEST_LENGTH];
70 70
71 if (md == NULL) md=m; 71 if (md == NULL) md=m;
72 MD2_Init(&c); 72 if (!MD2_Init(&c))
73 return NULL;
73#ifndef CHARSET_EBCDIC 74#ifndef CHARSET_EBCDIC
74 MD2_Update(&c,d,n); 75 MD2_Update(&c,d,n);
75#else 76#else
diff --git a/src/lib/libssl/src/crypto/md4/md4_one.c b/src/lib/libssl/src/crypto/md4/md4_one.c
index 00565507e4..50f79352f6 100644
--- a/src/lib/libssl/src/crypto/md4/md4_one.c
+++ b/src/lib/libssl/src/crypto/md4/md4_one.c
@@ -71,7 +71,8 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
71 static unsigned char m[MD4_DIGEST_LENGTH]; 71 static unsigned char m[MD4_DIGEST_LENGTH];
72 72
73 if (md == NULL) md=m; 73 if (md == NULL) md=m;
74 MD4_Init(&c); 74 if (!MD4_Init(&c))
75 return NULL;
75#ifndef CHARSET_EBCDIC 76#ifndef CHARSET_EBCDIC
76 MD4_Update(&c,d,n); 77 MD4_Update(&c,d,n);
77#else 78#else
diff --git a/src/lib/libssl/src/crypto/md5/md5_one.c b/src/lib/libssl/src/crypto/md5/md5_one.c
index c5dd2d81db..44c6c455d1 100644
--- a/src/lib/libssl/src/crypto/md5/md5_one.c
+++ b/src/lib/libssl/src/crypto/md5/md5_one.c
@@ -71,7 +71,8 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
71 static unsigned char m[MD5_DIGEST_LENGTH]; 71 static unsigned char m[MD5_DIGEST_LENGTH];
72 72
73 if (md == NULL) md=m; 73 if (md == NULL) md=m;
74 MD5_Init(&c); 74 if (!MD5_Init(&c))
75 return NULL;
75#ifndef CHARSET_EBCDIC 76#ifndef CHARSET_EBCDIC
76 MD5_Update(&c,d,n); 77 MD5_Update(&c,d,n);
77#else 78#else
diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile b/src/lib/libssl/src/crypto/mdc2/Makefile
index 38c785bf95..b8e9a9a4fa 100644
--- a/src/lib/libssl/src/crypto/mdc2/Makefile
+++ b/src/lib/libssl/src/crypto/mdc2/Makefile
@@ -1,5 +1,5 @@
1# 1#
2# SSLeay/crypto/mdc2/Makefile 2# OpenSSL/crypto/mdc2/Makefile
3# 3#
4 4
5DIR= mdc2 5DIR= mdc2
diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c
index 2b5f43e3cc..0682979b38 100644
--- a/src/lib/libssl/src/crypto/objects/obj_err.c
+++ b/src/lib/libssl/src/crypto/objects/obj_err.c
@@ -1,6 +1,6 @@
1/* crypto/objects/obj_err.c */ 1/* crypto/objects/obj_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
70
67static ERR_STRING_DATA OBJ_str_functs[]= 71static ERR_STRING_DATA OBJ_str_functs[]=
68 { 72 {
69{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"}, 73{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
70{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, 74{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
71{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, 75{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
72{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"}, 76{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
73{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, 77{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
74{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, 78{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
75{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, 79{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
76{0,NULL} 80{0,NULL}
77 }; 81 };
78 82
79static ERR_STRING_DATA OBJ_str_reasons[]= 83static ERR_STRING_DATA OBJ_str_reasons[]=
80 { 84 {
81{OBJ_R_MALLOC_FAILURE ,"malloc failure"}, 85{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"},
82{OBJ_R_UNKNOWN_NID ,"unknown nid"}, 86{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_OBJ_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); 100 ERR_load_strings(0,OBJ_str_functs);
97 ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); 101 ERR_load_strings(0,OBJ_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
index 0e64a929ba..84555d936e 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.num
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -287,9 +287,9 @@ qcStatements 286
287ac_auditEntity 287 287ac_auditEntity 287
288ac_targeting 288 288ac_targeting 288
289aaControls 289 289aaControls 289
290sbqp_ipAddrBlock 290 290sbgp_ipAddrBlock 290
291sbqp_autonomousSysNum 291 291sbgp_autonomousSysNum 291
292sbqp_routerIdentifier 292 292sbgp_routerIdentifier 292
293textNotice 293 293textNotice 293
294ipsecEndSystem 294 294ipsecEndSystem 294
295ipsecTunnel 295 295ipsecTunnel 295
@@ -663,5 +663,13 @@ id_ppl 662
663proxyCertInfo 663 663proxyCertInfo 663
664id_ppl_anyLanguage 664 664id_ppl_anyLanguage 664
665id_ppl_inheritAll 665 665id_ppl_inheritAll 665
666id_ppl_independent 666 666name_constraints 666
667Independent 667 667Independent 667
668sha256WithRSAEncryption 668
669sha384WithRSAEncryption 669
670sha512WithRSAEncryption 670
671sha224WithRSAEncryption 671
672sha256 672
673sha384 673
674sha512 674
675sha224 675
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index 50e9031e61..2635c4e667 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -63,6 +63,11 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption
63pkcs1 3 : RSA-MD4 : md4WithRSAEncryption 63pkcs1 3 : RSA-MD4 : md4WithRSAEncryption
64pkcs1 4 : RSA-MD5 : md5WithRSAEncryption 64pkcs1 4 : RSA-MD5 : md5WithRSAEncryption
65pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption 65pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption
66# According to PKCS #1 version 2.1
67pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption
68pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption
69pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption
70pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption
66 71
67pkcs 3 : pkcs3 72pkcs 3 : pkcs3
68pkcs3 1 : : dhKeyAgreement 73pkcs3 1 : : dhKeyAgreement
@@ -341,9 +346,9 @@ id-pe 3 : qcStatements
341id-pe 4 : ac-auditEntity 346id-pe 4 : ac-auditEntity
342id-pe 5 : ac-targeting 347id-pe 5 : ac-targeting
343id-pe 6 : aaControls 348id-pe 6 : aaControls
344id-pe 7 : sbqp-ipAddrBlock 349id-pe 7 : sbgp-ipAddrBlock
345id-pe 8 : sbqp-autonomousSysNum 350id-pe 8 : sbgp-autonomousSysNum
346id-pe 9 : sbqp-routerIdentifier 351id-pe 9 : sbgp-routerIdentifier
347id-pe 10 : ac-proxying 352id-pe 10 : ac-proxying
348!Cname sinfo-access 353!Cname sinfo-access
349id-pe 11 : subjectInfoAccess : Subject Information Access 354id-pe 11 : subjectInfoAccess : Subject Information Access
@@ -584,6 +589,8 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code
584id-ce 24 : invalidityDate : Invalidity Date 589id-ce 24 : invalidityDate : Invalidity Date
585!Cname delta-crl 590!Cname delta-crl
586id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator 591id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator
592!Cname name-constraints
593id-ce 30 : nameConstraints : X509v3 Name Constraints
587!Cname crl-distribution-points 594!Cname crl-distribution-points
588id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points 595id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points
589!Cname certificate-policies 596!Cname certificate-policies
@@ -703,6 +710,13 @@ aes 44 : AES-256-CFB : aes-256-cfb
703 : DES-EDE3-CFB1 : des-ede3-cfb1 710 : DES-EDE3-CFB1 : des-ede3-cfb1
704 : DES-EDE3-CFB8 : des-ede3-cfb8 711 : DES-EDE3-CFB8 : des-ede3-cfb8
705 712
713# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
714!Alias nist_hashalgs nistAlgorithms 2
715nist_hashalgs 1 : SHA256 : sha256
716nist_hashalgs 2 : SHA384 : sha384
717nist_hashalgs 3 : SHA512 : sha512
718nist_hashalgs 4 : SHA224 : sha224
719
706# Hold instruction CRL entry extension 720# Hold instruction CRL entry extension
707!Cname hold-instruction-code 721!Cname hold-instruction-code
708id-ce 23 : holdInstructionCode : Hold Instruction Code 722id-ce 23 : holdInstructionCode : Hold Instruction Code
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
index 4c4d8306f8..65e6093fbc 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
1/* crypto/ocsp/ocsp_err.c */ 1/* crypto/ocsp/ocsp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,60 +64,64 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
70
67static ERR_STRING_DATA OCSP_str_functs[]= 71static ERR_STRING_DATA OCSP_str_functs[]=
68 { 72 {
69{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"}, 73{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
70{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"}, 74{ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"},
71{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"}, 75{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
72{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"}, 76{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
73{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"}, 77{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
74{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"}, 78{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
75{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"}, 79{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
76{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"}, 80{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
77{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"}, 81{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
78{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"}, 82{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
79{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"}, 83{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
80{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"}, 84{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
81{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"}, 85{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
82{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"}, 86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
83{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"}, 87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
84{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"}, 88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
85{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"}, 89{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
86{0,NULL} 90{0,NULL}
87 }; 91 };
88 92
89static ERR_STRING_DATA OCSP_str_reasons[]= 93static ERR_STRING_DATA OCSP_str_reasons[]=
90 { 94 {
91{OCSP_R_BAD_DATA ,"bad data"}, 95{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
92{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, 96{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
93{OCSP_R_DIGEST_ERR ,"digest err"}, 97{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
94{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"}, 98{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
95{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"}, 99{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
96{OCSP_R_ERROR_PARSING_URL ,"error parsing url"}, 100{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
97{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"}, 101{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
98{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"}, 102{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
99{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"}, 103{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
100{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"}, 104{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
101{OCSP_R_NO_CONTENT ,"no content"}, 105{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
102{OCSP_R_NO_PUBLIC_KEY ,"no public key"}, 106{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
103{OCSP_R_NO_RESPONSE_DATA ,"no response data"}, 107{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
104{OCSP_R_NO_REVOKED_TIME ,"no revoked time"}, 108{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
105{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, 109{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
106{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"}, 110{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
107{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"}, 111{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
108{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"}, 112{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
109{OCSP_R_SERVER_READ_ERROR ,"server read error"}, 113{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
110{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"}, 114{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
111{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"}, 115{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
112{OCSP_R_SERVER_WRITE_ERROR ,"server write error"}, 116{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
113{OCSP_R_SIGNATURE_FAILURE ,"signature failure"}, 117{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
114{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, 118{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
115{OCSP_R_STATUS_EXPIRED ,"status expired"}, 119{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
116{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"}, 120{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
117{OCSP_R_STATUS_TOO_OLD ,"status too old"}, 121{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
118{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"}, 122{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
119{OCSP_R_UNKNOWN_NID ,"unknown nid"}, 123{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
120{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"}, 124{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
121{0,NULL} 125{0,NULL}
122 }; 126 };
123 127
@@ -131,8 +135,8 @@ void ERR_load_OCSP_strings(void)
131 { 135 {
132 init=0; 136 init=0;
133#ifndef OPENSSL_NO_ERR 137#ifndef OPENSSL_NO_ERR
134 ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs); 138 ERR_load_strings(0,OCSP_str_functs);
135 ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons); 139 ERR_load_strings(0,OCSP_str_reasons);
136#endif 140#endif
137 141
138 } 142 }
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index 5d5f688edd..e50c1baf00 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,11 +25,11 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090707fL 28#define OPENSSL_VERSION_NUMBER 0x009070afL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips 11 Apr 2005" 30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j-fips 04 May 2006"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g 11 Apr 2005" 32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7j 04 May 2006"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c
index 3b39b84d66..8527028ebc 100644
--- a/src/lib/libssl/src/crypto/pem/pem_err.c
+++ b/src/lib/libssl/src/crypto/pem/pem_err.c
@@ -1,6 +1,6 @@
1/* crypto/pem/pem_err.c */ 1/* crypto/pem/pem_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,52 +64,56 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70
67static ERR_STRING_DATA PEM_str_functs[]= 71static ERR_STRING_DATA PEM_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"}, 73{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
70{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"}, 74{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
71{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, 75{ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"},
72{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, 76{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
73{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, 77{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
74{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"}, 78{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
75{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, 79{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
76{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, 80{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
77{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, 81{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
78{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"}, 82{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"},
79{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, 83{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
80{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, 84{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
81{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, 85{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
82{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, 86{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
83{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"}, 87{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
84{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"}, 88{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
85{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, 89{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
86{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, 90{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
87{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, 91{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
88{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"}, 92{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
89{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, 93{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
90{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, 94{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
91{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, 95{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
92{0,NULL} 96{0,NULL}
93 }; 97 };
94 98
95static ERR_STRING_DATA PEM_str_reasons[]= 99static ERR_STRING_DATA PEM_str_reasons[]=
96 { 100 {
97{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"}, 101{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
98{PEM_R_BAD_DECRYPT ,"bad decrypt"}, 102{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
99{PEM_R_BAD_END_LINE ,"bad end line"}, 103{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
100{PEM_R_BAD_IV_CHARS ,"bad iv chars"}, 104{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
101{PEM_R_BAD_PASSWORD_READ ,"bad password read"}, 105{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
102{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"}, 106{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
103{PEM_R_NOT_DEK_INFO ,"not dek info"}, 107{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
104{PEM_R_NOT_ENCRYPTED ,"not encrypted"}, 108{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
105{PEM_R_NOT_PROC_TYPE ,"not proc type"}, 109{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
106{PEM_R_NO_START_LINE ,"no start line"}, 110{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
107{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"}, 111{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
108{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"}, 112{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
109{PEM_R_READ_KEY ,"read key"}, 113{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
110{PEM_R_SHORT_HEADER ,"short header"}, 114{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
111{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 115{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
112{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, 116{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
113{0,NULL} 117{0,NULL}
114 }; 118 };
115 119
@@ -123,8 +127,8 @@ void ERR_load_PEM_strings(void)
123 { 127 {
124 init=0; 128 init=0;
125#ifndef OPENSSL_NO_ERR 129#ifndef OPENSSL_NO_ERR
126 ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); 130 ERR_load_strings(0,PEM_str_functs);
127 ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); 131 ERR_load_strings(0,PEM_str_reasons);
128#endif 132#endif
129 133
130 } 134 }
diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
index 60233f80e8..c3de90c65d 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl
@@ -96,7 +96,7 @@ $tmp
96#ifdef OUT 96#ifdef OUT
97#define OK 1 97#define OK 1
98#define ALIGN 4 98#define ALIGN 4
99#if defined(__CYGWIN__) || defined(__DJGPP__) 99#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
100#undef SIZE 100#undef SIZE
101#undef TYPE 101#undef TYPE
102#define SIZE(a,b) 102#define SIZE(a,b)
diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
index 5009acb4b3..4bdb3fe180 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl
@@ -221,7 +221,15 @@ sub using486
221 221
222sub main'file 222sub main'file
223 { 223 {
224 push(@out, "segment .text use32\n"); 224 local $tmp;
225 $tmp=<<___;
226%ifdef __omf__
227section code use32 class=code
228%else
229section .text
230%endif
231___
232 push(@out,$tmp);
225 } 233 }
226 234
227sub main'function_begin 235sub main'function_begin
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
index 1909f28506..27015dd8c3 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c
@@ -148,7 +148,11 @@ PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ 148/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) 149STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
150{ 150{
151 if(!PKCS7_type_is_data(p7)) return NULL; 151 if(!PKCS7_type_is_data(p7))
152 {
153 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
154 return NULL;
155 }
152 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); 156 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
153} 157}
154 158
@@ -211,5 +215,10 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
211 215
212STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) 216STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
213{ 217{
218 if (!PKCS7_type_is_data(p12->authsafes))
219 {
220 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
221 return NULL;
222 }
214 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); 223 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
215} 224}
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index 4c36c643ce..40340a7bef 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -76,7 +76,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
76 unsigned int keyidlen; 76 unsigned int keyidlen;
77 77
78 /* Set defaults */ 78 /* Set defaults */
79 if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; 79 if(!nid_cert)
80 {
81#ifdef OPENSSL_FIPS
82 if (FIPS_mode())
83 nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
84 else
85#endif
86 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
87 }
80 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 88 if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
81 if(!iter) iter = PKCS12_DEFAULT_ITER; 89 if(!iter) iter = PKCS12_DEFAULT_ITER;
82 if(!mac_iter) mac_iter = 1; 90 if(!mac_iter) mac_iter = 1;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
index 4886b9b289..140d21155e 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c
@@ -72,6 +72,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; 72 unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
73 int saltlen, iter; 73 int saltlen, iter;
74 74
75 if (!PKCS7_type_is_data(p12->authsafes))
76 {
77 PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
78 return 0;
79 }
80
75 salt = p12->mac->salt->data; 81 salt = p12->mac->salt->data;
76 saltlen = p12->mac->salt->length; 82 saltlen = p12->mac->salt->length;
77 if (!p12->mac->iter) iter = 1; 83 if (!p12->mac->iter) iter = 1;
diff --git a/src/lib/libssl/src/crypto/pkcs12/pk12err.c b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
index 10ab80502c..a33b37b1c7 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pk12err.c
+++ b/src/lib/libssl/src/crypto/pkcs12/pk12err.c
@@ -1,6 +1,6 @@
1/* crypto/pkcs12/pk12err.c */ 1/* crypto/pkcs12/pk12err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,60 +64,67 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
70
67static ERR_STRING_DATA PKCS12_str_functs[]= 71static ERR_STRING_DATA PKCS12_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, 73{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
70{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"}, 74{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
71{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"}, 75{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
72{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"}, 76{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
73{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"}, 77{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
74{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"}, 78{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
75{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"}, 79{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
76{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"}, 80{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
77{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"}, 81{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
78{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"}, 82{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
79{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"}, 83{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
80{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, 84{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
81{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, 85{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
82{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, 86{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
83{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, 87{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
84{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, 88{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
85{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, 89{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
86{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, 90{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG), "PKCS12_PACK_SAFEBAG"},
87{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"}, 91{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
88{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"}, 92{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
89{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"}, 93{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
90{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"}, 94{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
91{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"}, 95{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
92{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"}, 96{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
93{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"}, 97{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
94{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"}, 98{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
99{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
100{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
95{0,NULL} 101{0,NULL}
96 }; 102 };
97 103
98static ERR_STRING_DATA PKCS12_str_reasons[]= 104static ERR_STRING_DATA PKCS12_str_reasons[]=
99 { 105 {
100{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"}, 106{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
101{PKCS12_R_DECODE_ERROR ,"decode error"}, 107{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
102{PKCS12_R_ENCODE_ERROR ,"encode error"}, 108{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
103{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, 109{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
104{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, 110{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
105{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 111{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
106{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, 112{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
107{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, 113{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
108{PKCS12_R_KEY_GEN_ERROR ,"key gen error"}, 114{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
109{PKCS12_R_MAC_ABSENT ,"mac absent"}, 115{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
110{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"}, 116{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
111{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"}, 117{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
112{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"}, 118{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
113{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"}, 119{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
114{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"}, 120{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
115{PKCS12_R_PARSE_ERROR ,"parse error"}, 121{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
116{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"}, 122{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
117{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"}, 123{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
118{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"}, 124{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
119{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"}, 125{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
120{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"}, 126{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
127{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
121{0,NULL} 128{0,NULL}
122 }; 129 };
123 130
@@ -131,8 +138,8 @@ void ERR_load_PKCS12_strings(void)
131 { 138 {
132 init=0; 139 init=0;
133#ifndef OPENSSL_NO_ERR 140#ifndef OPENSSL_NO_ERR
134 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); 141 ERR_load_strings(0,PKCS12_str_functs);
135 ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); 142 ERR_load_strings(0,PKCS12_str_reasons);
136#endif 143#endif
137 144
138 } 145 }
diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
index dd338f266c..fb8af82d4f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
+++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h
@@ -287,12 +287,15 @@ void ERR_load_PKCS12_strings(void);
287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 287#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
288#define PKCS12_F_PKCS12_SETUP_MAC 122 288#define PKCS12_F_PKCS12_SETUP_MAC 122
289#define PKCS12_F_PKCS12_SET_MAC 123 289#define PKCS12_F_PKCS12_SET_MAC 123
290#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 129
291#define PKCS12_F_PKCS12_UNPACK_P7DATA 130
290#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 292#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
291#define PKCS12_F_PKCS8_ENCRYPT 125 293#define PKCS12_F_PKCS8_ENCRYPT 125
292#define PKCS12_F_VERIFY_MAC 126 294#define PKCS12_F_VERIFY_MAC 126
293 295
294/* Reason codes. */ 296/* Reason codes. */
295#define PKCS12_R_CANT_PACK_STRUCTURE 100 297#define PKCS12_R_CANT_PACK_STRUCTURE 100
298#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
296#define PKCS12_R_DECODE_ERROR 101 299#define PKCS12_R_DECODE_ERROR 101
297#define PKCS12_R_ENCODE_ERROR 102 300#define PKCS12_R_ENCODE_ERROR 102
298#define PKCS12_R_ENCRYPT_ERROR 103 301#define PKCS12_R_ENCRYPT_ERROR 103
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 5d2a97839d..927b88c3e7 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -3,7 +3,7 @@
3 * project 1999. 3 * project 1999.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -152,11 +152,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
152{ 152{
153 char bound[33], c; 153 char bound[33], c;
154 int i; 154 int i;
155 char *mime_prefix, *mime_eol; 155 char *mime_prefix, *mime_eol, *msg_type=NULL;
156 if (flags & PKCS7_NOOLDMIMETYPE) 156 if (flags & PKCS7_NOOLDMIMETYPE)
157 mime_prefix = "application/pkcs7-"; 157 mime_prefix = "application/pkcs7-";
158 else 158 else
159 mime_prefix = "application/x-pkcs7-"; 159 mime_prefix = "application/x-pkcs7-";
160
160 if (flags & PKCS7_CRLFEOL) 161 if (flags & PKCS7_CRLFEOL)
161 mime_eol = "\r\n"; 162 mime_eol = "\r\n";
162 else 163 else
@@ -198,11 +199,30 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
198 mime_eol, mime_eol); 199 mime_eol, mime_eol);
199 return 1; 200 return 1;
200 } 201 }
202
203 /* Determine smime-type header */
204
205 if (PKCS7_type_is_enveloped(p7))
206 msg_type = "enveloped-data";
207 else if (PKCS7_type_is_signed(p7))
208 {
209 /* If we have any signers it is signed-data othewise
210 * certs-only.
211 */
212 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
213 sinfos = PKCS7_get_signer_info(p7);
214 if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0)
215 msg_type = "signed-data";
216 else
217 msg_type = "certs-only";
218 }
201 /* MIME headers */ 219 /* MIME headers */
202 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); 220 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
203 BIO_printf(bio, "Content-Disposition: attachment;"); 221 BIO_printf(bio, "Content-Disposition: attachment;");
204 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); 222 BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol);
205 BIO_printf(bio, "Content-Type: %smime;", mime_prefix); 223 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
224 if (msg_type)
225 BIO_printf(bio, " smime-type=%s;", msg_type);
206 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); 226 BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol);
207 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", 227 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
208 mime_eol, mime_eol); 228 mime_eol, mime_eol);
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index a852b49235..99a0d63f38 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -296,11 +296,9 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
296 296
297 if (tmpin == indata) 297 if (tmpin == indata)
298 { 298 {
299 if(indata) BIO_pop(p7bio); 299 if (indata) BIO_pop(p7bio);
300 BIO_free_all(p7bio);
301 } 300 }
302 else 301 BIO_free_all(p7bio);
303 BIO_free_all(tmpin);
304 302
305 sk_X509_free(signers); 303 sk_X509_free(signers);
306 304
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index 5e51527a40..19894c80a4 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
1/* crypto/pkcs7/pkcs7err.c */ 1/* crypto/pkcs7/pkcs7err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,81 +64,85 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
70
67static ERR_STRING_DATA PKCS7_str_functs[]= 71static ERR_STRING_DATA PKCS7_str_functs[]=
68 { 72 {
69{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, 73{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
70{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, 74{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
71{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, 75{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
72{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, 76{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
73{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, 77{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
74{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, 78{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
75{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, 79{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
76{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, 80{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
77{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, 81{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
78{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, 82{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
79{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, 83{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
80{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, 84{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
81{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, 85{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
82{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, 86{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
83{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, 87{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
84{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, 88{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
85{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, 89{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
86{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, 90{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
87{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, 91{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
88{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, 92{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
89{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, 93{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
90{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, 94{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
91{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, 95{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
92{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, 96{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
93{0,NULL} 97{0,NULL}
94 }; 98 };
95 99
96static ERR_STRING_DATA PKCS7_str_reasons[]= 100static ERR_STRING_DATA PKCS7_str_reasons[]=
97 { 101 {
98{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, 102{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
99{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, 103{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
100{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, 104{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
101{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, 105{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
102{PKCS7_R_DECODE_ERROR ,"decode error"}, 106{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"},
103{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, 107{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
104{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, 108{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"},
105{PKCS7_R_DIGEST_FAILURE ,"digest failure"}, 109{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"},
106{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, 110{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
107{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, 111{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
108{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, 112{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"},
109{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, 113{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
110{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, 114{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
111{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, 115{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"},
112{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, 116{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
113{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, 117{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
114{PKCS7_R_NO_CONTENT ,"no content"}, 118{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"},
115{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, 119{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"},
116{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, 120{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
117{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, 121{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
118{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, 122{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
119{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, 123{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
120{PKCS7_R_NO_SIGNERS ,"no signers"}, 124{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
121{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, 125{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
122{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, 126{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
123{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, 127{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
124{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, 128{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
125{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, 129{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
126{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, 130{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
127{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, 131{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
128{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, 132{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
129{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, 133{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"},
130{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, 134{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
131{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, 135{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
132{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, 136{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"},
133{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, 137{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
134{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, 138{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
135{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, 139{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
136{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, 140{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
137{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, 141{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"},
138{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, 142{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
139{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, 143{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
140{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, 144{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"},
141{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, 145{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"},
142{0,NULL} 146{0,NULL}
143 }; 147 };
144 148
@@ -152,8 +156,8 @@ void ERR_load_PKCS7_strings(void)
152 { 156 {
153 init=0; 157 init=0;
154#ifndef OPENSSL_NO_ERR 158#ifndef OPENSSL_NO_ERR
155 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); 159 ERR_load_strings(0,PKCS7_str_functs);
156 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); 160 ERR_load_strings(0,PKCS7_str_reasons);
157#endif 161#endif
158 162
159 } 163 }
diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c
index 95574659ac..97f96e1aee 100644
--- a/src/lib/libssl/src/crypto/rand/rand_err.c
+++ b/src/lib/libssl/src/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1/* crypto/rand/rand_err.c */ 1/* crypto/rand/rand_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,22 +64,26 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
70
67static ERR_STRING_DATA RAND_str_functs[]= 71static ERR_STRING_DATA RAND_str_functs[]=
68 { 72 {
69{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"}, 73{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
70{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, 74{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
71{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, 75{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
72{0,NULL} 76{0,NULL}
73 }; 77 };
74 78
75static ERR_STRING_DATA RAND_str_reasons[]= 79static ERR_STRING_DATA RAND_str_reasons[]=
76 { 80 {
77{RAND_R_NON_FIPS_METHOD ,"non fips method"}, 81{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
78{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"}, 82{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
79{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"}, 83{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
80{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"}, 84{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
81{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, 85{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
82{RAND_R_PRNG_STUCK ,"prng stuck"}, 86{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
83{0,NULL} 87{0,NULL}
84 }; 88 };
85 89
@@ -93,8 +97,8 @@ void ERR_load_RAND_strings(void)
93 { 97 {
94 init=0; 98 init=0;
95#ifndef OPENSSL_NO_ERR 99#ifndef OPENSSL_NO_ERR
96 ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); 100 ERR_load_strings(0,RAND_str_functs);
97 ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); 101 ERR_load_strings(0,RAND_str_reasons);
98#endif 102#endif
99 103
100 } 104 }
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index 88f1b56d91..a21bde79de 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -87,16 +87,6 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
87 87
88const RAND_METHOD *RAND_get_rand_method(void) 88const RAND_METHOD *RAND_get_rand_method(void)
89 { 89 {
90#ifdef OPENSSL_FIPS
91 if(FIPS_mode()
92 && default_RAND_meth != FIPS_rand_check())
93 {
94 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
95 return 0;
96 }
97#endif
98
99
100 if (!default_RAND_meth) 90 if (!default_RAND_meth)
101 { 91 {
102#ifndef OPENSSL_NO_ENGINE 92#ifndef OPENSSL_NO_ENGINE
@@ -114,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
114 funct_ref = e; 104 funct_ref = e;
115 else 105 else
116#endif 106#endif
117 default_RAND_meth = RAND_SSLeay(); 107#ifdef OPENSSL_FIPS
108 if(FIPS_mode())
109 default_RAND_meth=FIPS_rand_method();
110 else
111#endif
112 default_RAND_meth = RAND_SSLeay();
118 } 113 }
114
115#ifdef OPENSSL_FIPS
116 if(FIPS_mode()
117 && default_RAND_meth != FIPS_rand_check())
118 {
119 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
120 return 0;
121 }
122#endif
119 return default_RAND_meth; 123 return default_RAND_meth;
120 } 124 }
121 125
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index 9bd89ba495..d847d8ebdf 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -57,7 +57,7 @@
57 */ 57 */
58 58
59/* We need to define this to get macros like S_IFBLK and S_IFCHR */ 59/* We need to define this to get macros like S_IFBLK and S_IFCHR */
60#define _XOPEN_SOURCE 1 60#define _XOPEN_SOURCE 500
61 61
62#include <errno.h> 62#include <errno.h>
63#include <stdio.h> 63#include <stdio.h>
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
index 22f372f85c..9652865188 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -58,6 +58,7 @@
58 58
59#include <openssl/rc2.h> 59#include <openssl/rc2.h>
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include <openssl/fips.h>
61#include "rc2_locl.h" 62#include "rc2_locl.h"
62 63
63static unsigned char key_table[256]={ 64static unsigned char key_table[256]={
diff --git a/src/lib/libssl/src/crypto/rc2/rc2speed.c b/src/lib/libssl/src/crypto/rc2/rc2speed.c
index 47d34b444e..4d0e1242ea 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2speed.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2speed.c
@@ -102,10 +102,10 @@ OPENSSL_DECLARE_EXIT
102#ifndef HZ 102#ifndef HZ
103#ifndef CLK_TCK 103#ifndef CLK_TCK
104#define HZ 100.0 104#define HZ 100.0
105#endif 105#else /* CLK_TCK */
106#else /* CLK_TCK */
107#define HZ ((double)CLK_TCK) 106#define HZ ((double)CLK_TCK)
108#endif 107#endif /* CLK_TCK */
108#endif /* HZ */
109 109
110#define BUFSIZE ((long)1024) 110#define BUFSIZE ((long)1024)
111long run=0; 111long run=0;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h
index dd90d9fde0..ae0cea75b8 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4.h
+++ b/src/lib/libssl/src/crypto/rc4/rc4.h
@@ -73,10 +73,6 @@ typedef struct rc4_key_st
73 { 73 {
74 RC4_INT x,y; 74 RC4_INT x,y;
75 RC4_INT data[256]; 75 RC4_INT data[256];
76#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
77 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
78 RC4_INT pad[512-256-2];
79#endif
80 } RC4_KEY; 76 } RC4_KEY;
81 77
82 78
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
index 81a97ea3b7..d5f18a3a70 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_enc.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c
@@ -77,10 +77,6 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
77 x=key->x; 77 x=key->x;
78 y=key->y; 78 y=key->y;
79 d=key->data; 79 d=key->data;
80#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
81 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
82 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
83#endif
84 80
85#if defined(RC4_CHUNK) 81#if defined(RC4_CHUNK)
86 /* 82 /*
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
index 07234f061a..60510624fd 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_skey.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c
@@ -58,6 +58,7 @@
58 58
59#include <openssl/rc4.h> 59#include <openssl/rc4.h>
60#include <openssl/crypto.h> 60#include <openssl/crypto.h>
61#include <openssl/fips.h>
61#include "rc4_locl.h" 62#include "rc4_locl.h"
62#include <openssl/opensslv.h> 63#include <openssl/opensslv.h>
63 64
@@ -94,10 +95,6 @@ FIPS_NON_FIPS_VCIPHER_Init(RC4)
94 unsigned int i; 95 unsigned int i;
95 96
96 d= &(key->data[0]); 97 d= &(key->data[0]);
97#if defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
98 /* see crypto/rc4/asm/rc4-ia64.S for further details... */
99 d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1));
100#endif
101 98
102 for (i=0; i<256; i++) 99 for (i=0; i<256; i++)
103 d[i]=i; 100 d[i]=i;
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_one.c b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
index f8b580c33a..b88446b267 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_one.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_one.c
@@ -68,7 +68,8 @@ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
68 static unsigned char m[RIPEMD160_DIGEST_LENGTH]; 68 static unsigned char m[RIPEMD160_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 RIPEMD160_Init(&c); 71 if (!RIPEMD160_Init(&c))
72 return NULL;
72 RIPEMD160_Update(&c,d,n); 73 RIPEMD160_Update(&c,d,n);
73 RIPEMD160_Final(md,&c); 74 RIPEMD160_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ 75 OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index fc3bb5f86d..0b639cd37f 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -157,33 +157,41 @@ struct rsa_st
157#define RSA_3 0x3L 157#define RSA_3 0x3L
158#define RSA_F4 0x10001L 158#define RSA_F4 0x10001L
159 159
160#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ 160#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
161 161
162#define RSA_FLAG_CACHE_PUBLIC 0x02 162#define RSA_FLAG_CACHE_PUBLIC 0x0002
163#define RSA_FLAG_CACHE_PRIVATE 0x04 163#define RSA_FLAG_CACHE_PRIVATE 0x0004
164#define RSA_FLAG_BLINDING 0x08 164#define RSA_FLAG_BLINDING 0x0008
165#define RSA_FLAG_THREAD_SAFE 0x10 165#define RSA_FLAG_THREAD_SAFE 0x0010
166/* This flag means the private key operations will be handled by rsa_mod_exp 166/* This flag means the private key operations will be handled by rsa_mod_exp
167 * and that they do not depend on the private key components being present: 167 * and that they do not depend on the private key components being present:
168 * for example a key stored in external hardware. Without this flag bn_mod_exp 168 * for example a key stored in external hardware. Without this flag bn_mod_exp
169 * gets called when private key components are absent. 169 * gets called when private key components are absent.
170 */ 170 */
171#define RSA_FLAG_EXT_PKEY 0x20 171#define RSA_FLAG_EXT_PKEY 0x0020
172 172
173/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. 173/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
174 */ 174 */
175#define RSA_FLAG_SIGN_VER 0x40 175#define RSA_FLAG_SIGN_VER 0x0040
176 176
177#define RSA_FLAG_NO_BLINDING 0x80 /* new with 0.9.6j and 0.9.7b; the built-in 177#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
178 * RSA implementation now uses blinding by 178 * RSA implementation now uses blinding by
179 * default (ignoring RSA_FLAG_BLINDING), 179 * default (ignoring RSA_FLAG_BLINDING),
180 * but other engines might not need it 180 * but other engines might not need it
181 */ 181 */
182#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
183 * implementation now uses constant time
184 * modular exponentiation for secret exponents
185 * by default. This flag causes the
186 * faster variable sliding window method to
187 * be used for all exponents.
188 */
182 189
183#define RSA_PKCS1_PADDING 1 190#define RSA_PKCS1_PADDING 1
184#define RSA_SSLV23_PADDING 2 191#define RSA_SSLV23_PADDING 2
185#define RSA_NO_PADDING 3 192#define RSA_NO_PADDING 3
186#define RSA_PKCS1_OAEP_PADDING 4 193#define RSA_PKCS1_OAEP_PADDING 4
194#define RSA_X931_PADDING 5
187 195
188#define RSA_PKCS1_PADDING_SIZE 11 196#define RSA_PKCS1_PADDING_SIZE 11
189 197
@@ -196,6 +204,15 @@ int RSA_size(const RSA *);
196RSA * RSA_generate_key(int bits, unsigned long e,void 204RSA * RSA_generate_key(int bits, unsigned long e,void
197 (*callback)(int,int,void *),void *cb_arg); 205 (*callback)(int,int,void *),void *cb_arg);
198int RSA_check_key(const RSA *); 206int RSA_check_key(const RSA *);
207#ifdef OPENSSL_FIPS
208int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
209 void (*cb)(int, int, void *), void *cb_arg,
210 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
211 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
212 const BIGNUM *e);
213RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
214 void (*cb)(int,int,void *), void *cb_arg);
215#endif
199 /* next 4 return -1 on error */ 216 /* next 4 return -1 on error */
200int RSA_public_encrypt(int flen, const unsigned char *from, 217int RSA_public_encrypt(int flen, const unsigned char *from,
201 unsigned char *to, RSA *rsa,int padding); 218 unsigned char *to, RSA *rsa,int padding);
@@ -268,6 +285,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
268 const unsigned char *f,int fl); 285 const unsigned char *f,int fl);
269int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, 286int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
270 const unsigned char *f,int fl,int rsa_len); 287 const unsigned char *f,int fl,int rsa_len);
288int PKCS1_MGF1(unsigned char *mask, long len,
289 const unsigned char *seed, long seedlen, const EVP_MD *dgst);
271int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, 290int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
272 const unsigned char *f,int fl, 291 const unsigned char *f,int fl,
273 const unsigned char *p,int pl); 292 const unsigned char *p,int pl);
@@ -282,6 +301,17 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
282 const unsigned char *f,int fl); 301 const unsigned char *f,int fl);
283int RSA_padding_check_none(unsigned char *to,int tlen, 302int RSA_padding_check_none(unsigned char *to,int tlen,
284 const unsigned char *f,int fl,int rsa_len); 303 const unsigned char *f,int fl,int rsa_len);
304int RSA_padding_add_X931(unsigned char *to,int tlen,
305 const unsigned char *f,int fl);
306int RSA_padding_check_X931(unsigned char *to,int tlen,
307 const unsigned char *f,int fl,int rsa_len);
308int RSA_X931_hash_id(int nid);
309
310int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
311 const EVP_MD *Hash, const unsigned char *EM, int sLen);
312int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
313 const unsigned char *mHash,
314 const EVP_MD *Hash, int sLen);
285 315
286int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 316int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
287 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 317 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -311,20 +341,24 @@ void ERR_load_RSA_strings(void);
311#define RSA_F_RSA_NULL 124 341#define RSA_F_RSA_NULL 124
312#define RSA_F_RSA_PADDING_ADD_NONE 107 342#define RSA_F_RSA_PADDING_ADD_NONE 107
313#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 343#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
344#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
314#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 345#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
315#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 346#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
316#define RSA_F_RSA_PADDING_ADD_SSLV23 110 347#define RSA_F_RSA_PADDING_ADD_SSLV23 110
348#define RSA_F_RSA_PADDING_ADD_X931 127
317#define RSA_F_RSA_PADDING_CHECK_NONE 111 349#define RSA_F_RSA_PADDING_CHECK_NONE 111
318#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 350#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
319#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 351#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
320#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 352#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
321#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 353#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
354#define RSA_F_RSA_PADDING_CHECK_X931 128
322#define RSA_F_RSA_PRINT 115 355#define RSA_F_RSA_PRINT 115
323#define RSA_F_RSA_PRINT_FP 116 356#define RSA_F_RSA_PRINT_FP 116
324#define RSA_F_RSA_SIGN 117 357#define RSA_F_RSA_SIGN 117
325#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 358#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
326#define RSA_F_RSA_VERIFY 119 359#define RSA_F_RSA_VERIFY 119
327#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 360#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
361#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
328 362
329/* Reason codes. */ 363/* Reason codes. */
330#define RSA_R_ALGORITHM_MISMATCH 100 364#define RSA_R_ALGORITHM_MISMATCH 100
@@ -344,9 +378,14 @@ void ERR_load_RSA_strings(void);
344#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 378#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
345#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 379#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
346#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 380#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
381#define RSA_R_FIRST_OCTET_INVALID 133
382#define RSA_R_INVALID_HEADER 137
347#define RSA_R_INVALID_MESSAGE_LENGTH 131 383#define RSA_R_INVALID_MESSAGE_LENGTH 131
384#define RSA_R_INVALID_PADDING 138
385#define RSA_R_INVALID_TRAILER 139
348#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 386#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
349#define RSA_R_KEY_SIZE_TOO_SMALL 120 387#define RSA_R_KEY_SIZE_TOO_SMALL 120
388#define RSA_R_LAST_OCTET_INVALID 134
350#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 389#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
351#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 390#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
352#define RSA_R_OAEP_DECODING_ERROR 121 391#define RSA_R_OAEP_DECODING_ERROR 121
@@ -354,6 +393,8 @@ void ERR_load_RSA_strings(void);
354#define RSA_R_P_NOT_PRIME 128 393#define RSA_R_P_NOT_PRIME 128
355#define RSA_R_Q_NOT_PRIME 129 394#define RSA_R_Q_NOT_PRIME 129
356#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 395#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
396#define RSA_R_SLEN_CHECK_FAILED 136
397#define RSA_R_SLEN_RECOVERY_FAILED 135
357#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 398#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
358#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 399#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
359#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 400#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index d4caab3f95..be4ac96ce3 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -55,6 +55,59 @@
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ====================================================================
59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
58 111
59#include <stdio.h> 112#include <stdio.h>
60#include "cryptlib.h" 113#include "cryptlib.h"
@@ -145,30 +198,13 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
145 goto err; 198 goto err;
146 } 199 }
147 200
148 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 201 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
149 { 202 {
150 BN_MONT_CTX* bn_mont_ctx; 203 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
151 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 204 CRYPTO_LOCK_RSA, rsa->n, ctx))
152 goto err;
153 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
154 {
155 BN_MONT_CTX_free(bn_mont_ctx);
156 goto err; 205 goto err;
157 }
158 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
159 {
160 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
161 if (rsa->_method_mod_n == NULL)
162 {
163 rsa->_method_mod_n = bn_mont_ctx;
164 bn_mont_ctx = NULL;
165 }
166 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
167 }
168 if (bn_mont_ctx)
169 BN_MONT_CTX_free(bn_mont_ctx);
170 } 206 }
171 207
172 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 208 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
173 rsa->_method_mod_n)) goto err; 209 rsa->_method_mod_n)) goto err;
174 210
@@ -249,7 +285,7 @@ err:
249static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 285static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
250 unsigned char *to, RSA *rsa, int padding) 286 unsigned char *to, RSA *rsa, int padding)
251 { 287 {
252 BIGNUM f,ret; 288 BIGNUM f,ret, *res;
253 int i,j,k,num=0,r= -1; 289 int i,j,k,num=0,r= -1;
254 unsigned char *buf=NULL; 290 unsigned char *buf=NULL;
255 BN_CTX *ctx=NULL; 291 BN_CTX *ctx=NULL;
@@ -331,19 +367,43 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
331 (rsa->dmp1 != NULL) && 367 (rsa->dmp1 != NULL) &&
332 (rsa->dmq1 != NULL) && 368 (rsa->dmq1 != NULL) &&
333 (rsa->iqmp != NULL)) ) 369 (rsa->iqmp != NULL)) )
334 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } 370 {
371 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
372 }
335 else 373 else
336 { 374 {
337 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; 375 BIGNUM local_d;
376 BIGNUM *d = NULL;
377
378 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
379 {
380 BN_init(&local_d);
381 d = &local_d;
382 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
383 }
384 else
385 d = rsa->d;
386 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
338 } 387 }
339 388
340 if (blinding) 389 if (blinding)
341 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err; 390 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
342 391
392 if (padding == RSA_X931_PADDING)
393 {
394 BN_sub(&f, rsa->n, &ret);
395 if (BN_cmp(&ret, &f))
396 res = &f;
397 else
398 res = &ret;
399 }
400 else
401 res = &ret;
402
343 /* put in leading 0 bytes if the number is less than the 403 /* put in leading 0 bytes if the number is less than the
344 * length of the modulus */ 404 * length of the modulus */
345 j=BN_num_bytes(&ret); 405 j=BN_num_bytes(res);
346 i=BN_bn2bin(&ret,&(to[num-j])); 406 i=BN_bn2bin(res,&(to[num-j]));
347 for (k=0; k<(num-i); k++) 407 for (k=0; k<(num-i); k++)
348 to[k]=0; 408 to[k]=0;
349 409
@@ -444,10 +504,22 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
444 (rsa->dmp1 != NULL) && 504 (rsa->dmp1 != NULL) &&
445 (rsa->dmq1 != NULL) && 505 (rsa->dmq1 != NULL) &&
446 (rsa->iqmp != NULL)) ) 506 (rsa->iqmp != NULL)) )
447 { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } 507 {
508 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
509 }
448 else 510 else
449 { 511 {
450 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) 512 BIGNUM local_d;
513 BIGNUM *d = NULL;
514
515 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
516 {
517 d = &local_d;
518 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
519 }
520 else
521 d = rsa->d;
522 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
451 goto err; 523 goto err;
452 } 524 }
453 525
@@ -534,33 +606,20 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
534 } 606 }
535 607
536 /* do the decrypt */ 608 /* do the decrypt */
537 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) 609
610 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
538 { 611 {
539 BN_MONT_CTX* bn_mont_ctx; 612 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
540 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 613 CRYPTO_LOCK_RSA, rsa->n, ctx))
541 goto err;
542 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
543 {
544 BN_MONT_CTX_free(bn_mont_ctx);
545 goto err; 614 goto err;
546 }
547 if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
548 {
549 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
550 if (rsa->_method_mod_n == NULL)
551 {
552 rsa->_method_mod_n = bn_mont_ctx;
553 bn_mont_ctx = NULL;
554 }
555 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
556 }
557 if (bn_mont_ctx)
558 BN_MONT_CTX_free(bn_mont_ctx);
559 } 615 }
560 616
561 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, 617 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
562 rsa->_method_mod_n)) goto err; 618 rsa->_method_mod_n)) goto err;
563 619
620 if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
621 BN_sub(&ret, rsa->n, &ret);
622
564 p=buf; 623 p=buf;
565 i=BN_bn2bin(&ret,p); 624 i=BN_bn2bin(&ret,p);
566 625
@@ -594,6 +653,8 @@ err:
594static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) 653static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
595 { 654 {
596 BIGNUM r1,m1,vrfy; 655 BIGNUM r1,m1,vrfy;
656 BIGNUM local_dmp1, local_dmq1;
657 BIGNUM *dmp1, *dmq1;
597 int ret=0; 658 int ret=0;
598 BN_CTX *ctx; 659 BN_CTX *ctx;
599 660
@@ -604,61 +665,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
604 665
605 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) 666 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
606 { 667 {
607 if (rsa->_method_mod_p == NULL) 668 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
608 { 669 CRYPTO_LOCK_RSA, rsa->p, ctx))
609 BN_MONT_CTX* bn_mont_ctx; 670 goto err;
610 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) 671 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
611 goto err; 672 CRYPTO_LOCK_RSA, rsa->q, ctx))
612 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) 673 goto err;
613 {
614 BN_MONT_CTX_free(bn_mont_ctx);
615 goto err;
616 }
617 if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
618 {
619 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
620 if (rsa->_method_mod_p == NULL)
621 {
622 rsa->_method_mod_p = bn_mont_ctx;
623 bn_mont_ctx = NULL;
624 }
625 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
626 }
627 if (bn_mont_ctx)
628 BN_MONT_CTX_free(bn_mont_ctx);
629 }
630
631 if (rsa->_method_mod_q == NULL)
632 {
633 BN_MONT_CTX* bn_mont_ctx;
634 if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
635 goto err;
636 if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
637 {
638 BN_MONT_CTX_free(bn_mont_ctx);
639 goto err;
640 }
641 if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
642 {
643 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
644 if (rsa->_method_mod_q == NULL)
645 {
646 rsa->_method_mod_q = bn_mont_ctx;
647 bn_mont_ctx = NULL;
648 }
649 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
650 }
651 if (bn_mont_ctx)
652 BN_MONT_CTX_free(bn_mont_ctx);
653 }
654 } 674 }
655 675
656 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; 676 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
657 if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, 677 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
678 {
679 dmq1 = &local_dmq1;
680 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
681 }
682 else
683 dmq1 = rsa->dmq1;
684 if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
658 rsa->_method_mod_q)) goto err; 685 rsa->_method_mod_q)) goto err;
659 686
660 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; 687 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
661 if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, 688 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
689 {
690 dmp1 = &local_dmp1;
691 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
692 }
693 else
694 dmp1 = rsa->dmp1;
695 if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
662 rsa->_method_mod_p)) goto err; 696 rsa->_method_mod_p)) goto err;
663 697
664 if (!BN_sub(r0,r0,&m1)) goto err; 698 if (!BN_sub(r0,r0,&m1)) goto err;
@@ -693,10 +727,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
693 if (vrfy.neg) 727 if (vrfy.neg)
694 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; 728 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
695 if (!BN_is_zero(&vrfy)) 729 if (!BN_is_zero(&vrfy))
730 {
696 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak 731 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
697 * miscalculated CRT output, just do a raw (slower) 732 * miscalculated CRT output, just do a raw (slower)
698 * mod_exp and return that instead. */ 733 * mod_exp and return that instead. */
699 if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; 734
735 BIGNUM local_d;
736 BIGNUM *d = NULL;
737
738 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
739 {
740 d = &local_d;
741 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
742 }
743 else
744 d = rsa->d;
745 if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
746 }
700 } 747 }
701 ret=1; 748 ret=1;
702err: 749err:
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
index a7766c3b76..2ec4b30ff7 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,70 +64,85 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
70
67static ERR_STRING_DATA RSA_str_functs[]= 71static ERR_STRING_DATA RSA_str_functs[]=
68 { 72 {
69{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, 73{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
70{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, 74{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
71{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, 75{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
72{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, 76{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
73{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, 77{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
74{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, 78{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
75{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, 79{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
76{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, 80{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
77{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, 81{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
78{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, 82{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
79{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, 83{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
80{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, 84{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
81{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, 85{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
82{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, 86{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
83{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, 87{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
84{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, 88{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
85{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, 89{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
86{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, 90{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
87{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, 91{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
88{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, 92{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
89{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, 93{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
90{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, 94{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
91{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, 95{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
92{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, 96{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
93{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, 97{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
98{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
99{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
100{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
101{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
94{0,NULL} 102{0,NULL}
95 }; 103 };
96 104
97static ERR_STRING_DATA RSA_str_reasons[]= 105static ERR_STRING_DATA RSA_str_reasons[]=
98 { 106 {
99{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, 107{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"},
100{RSA_R_BAD_E_VALUE ,"bad e value"}, 108{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"},
101{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, 109{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
102{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, 110{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"},
103{RSA_R_BAD_SIGNATURE ,"bad signature"}, 111{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"},
104{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, 112{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"},
105{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, 113{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"},
106{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, 114{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
107{RSA_R_DATA_TOO_LARGE ,"data too large"}, 115{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"},
108{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 116{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
109{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, 117{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
110{RSA_R_DATA_TOO_SMALL ,"data too small"}, 118{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"},
111{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, 119{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
112{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, 120{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
113{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, 121{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
114{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, 122{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
115{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, 123{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
116{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, 124{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
117{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, 125{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
118{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, 126{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
119{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, 127{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
120{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, 128{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
121{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, 129{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
122{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, 130{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
123{RSA_R_P_NOT_PRIME ,"p not prime"}, 131{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
124{RSA_R_Q_NOT_PRIME ,"q not prime"}, 132{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
125{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, 133{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
126{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, 134{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
127{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 135{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
128{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, 136{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
129{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, 137{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
130{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, 138{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
139{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
140{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
141{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
142{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
143{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
144{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
145{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
131{0,NULL} 146{0,NULL}
132 }; 147 };
133 148
@@ -141,8 +156,8 @@ void ERR_load_RSA_strings(void)
141 { 156 {
142 init=0; 157 init=0;
143#ifndef OPENSSL_NO_ERR 158#ifndef OPENSSL_NO_ERR
144 ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); 159 ERR_load_strings(0,RSA_str_functs);
145 ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); 160 ERR_load_strings(0,RSA_str_reasons);
146#endif 161#endif
147 162
148 } 163 }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index adb5e34da5..dd1422cc98 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -184,7 +184,8 @@ err:
184 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); 184 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
185 ok=0; 185 ok=0;
186 } 186 }
187 BN_CTX_end(ctx); 187 if (ctx != NULL)
188 BN_CTX_end(ctx);
188 BN_CTX_free(ctx); 189 BN_CTX_free(ctx);
189 BN_CTX_free(ctx2); 190 BN_CTX_free(ctx2);
190 191
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index e3f7c608ec..d43ecaca63 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/sha.h> 29#include <openssl/sha.h>
30 30
31int MGF1(unsigned char *mask, long len,
32 const unsigned char *seed, long seedlen);
33
34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 31int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
35 const unsigned char *from, int flen, 32 const unsigned char *from, int flen,
36 const unsigned char *param, int plen) 33 const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
76 20); 73 20);
77#endif 74#endif
78 75
79 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); 76 PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
77 EVP_sha1());
80 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) 78 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
81 db[i] ^= dbmask[i]; 79 db[i] ^= dbmask[i];
82 80
83 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); 81 PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
82 EVP_sha1());
84 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 83 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
85 seed[i] ^= seedmask[i]; 84 seed[i] ^= seedmask[i];
86 85
@@ -126,11 +125,11 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
126 return -1; 125 return -1;
127 } 126 }
128 127
129 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); 128 PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
130 for (i = lzero; i < SHA_DIGEST_LENGTH; i++) 129 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
131 seed[i] ^= from[i - lzero]; 130 seed[i] ^= from[i - lzero];
132 131
133 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); 132 PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
134 for (i = 0; i < dblen; i++) 133 for (i = 0; i < dblen; i++)
135 db[i] ^= maskeddb[i]; 134 db[i] ^= maskeddb[i];
136 135
@@ -170,28 +169,30 @@ decoding_err:
170 return -1; 169 return -1;
171 } 170 }
172 171
173int MGF1(unsigned char *mask, long len, 172int PKCS1_MGF1(unsigned char *mask, long len,
174 const unsigned char *seed, long seedlen) 173 const unsigned char *seed, long seedlen, const EVP_MD *dgst)
175 { 174 {
176 long i, outlen = 0; 175 long i, outlen = 0;
177 unsigned char cnt[4]; 176 unsigned char cnt[4];
178 EVP_MD_CTX c; 177 EVP_MD_CTX c;
179 unsigned char md[SHA_DIGEST_LENGTH]; 178 unsigned char md[EVP_MAX_MD_SIZE];
179 int mdlen;
180 180
181 EVP_MD_CTX_init(&c); 181 EVP_MD_CTX_init(&c);
182 mdlen = EVP_MD_size(dgst);
182 for (i = 0; outlen < len; i++) 183 for (i = 0; outlen < len; i++)
183 { 184 {
184 cnt[0] = (unsigned char)((i >> 24) & 255); 185 cnt[0] = (unsigned char)((i >> 24) & 255);
185 cnt[1] = (unsigned char)((i >> 16) & 255); 186 cnt[1] = (unsigned char)((i >> 16) & 255);
186 cnt[2] = (unsigned char)((i >> 8)) & 255; 187 cnt[2] = (unsigned char)((i >> 8)) & 255;
187 cnt[3] = (unsigned char)(i & 255); 188 cnt[3] = (unsigned char)(i & 255);
188 EVP_DigestInit_ex(&c,EVP_sha1(), NULL); 189 EVP_DigestInit_ex(&c,dgst, NULL);
189 EVP_DigestUpdate(&c, seed, seedlen); 190 EVP_DigestUpdate(&c, seed, seedlen);
190 EVP_DigestUpdate(&c, cnt, 4); 191 EVP_DigestUpdate(&c, cnt, 4);
191 if (outlen + SHA_DIGEST_LENGTH <= len) 192 if (outlen + mdlen <= len)
192 { 193 {
193 EVP_DigestFinal_ex(&c, mask + outlen, NULL); 194 EVP_DigestFinal_ex(&c, mask + outlen, NULL);
194 outlen += SHA_DIGEST_LENGTH; 195 outlen += mdlen;
195 } 196 }
196 else 197 else
197 { 198 {
@@ -203,4 +204,9 @@ int MGF1(unsigned char *mask, long len,
203 EVP_MD_CTX_cleanup(&c); 204 EVP_MD_CTX_cleanup(&c);
204 return 0; 205 return 0;
205 } 206 }
207
208int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
209 {
210 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
211 }
206#endif 212#endif
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_test.c b/src/lib/libssl/src/crypto/rsa/rsa_test.c
index 924e9ad1f6..218bb2a39b 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_test.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_test.c
@@ -227,10 +227,10 @@ int main(int argc, char *argv[])
227 227
228 plen = sizeof(ptext_ex) - 1; 228 plen = sizeof(ptext_ex) - 1;
229 229
230 for (v = 0; v < 3; v++) 230 for (v = 0; v < 6; v++)
231 { 231 {
232 key = RSA_new(); 232 key = RSA_new();
233 switch (v) { 233 switch (v%3) {
234 case 0: 234 case 0:
235 clen = key1(key, ctext_ex); 235 clen = key1(key, ctext_ex);
236 break; 236 break;
@@ -241,6 +241,7 @@ int main(int argc, char *argv[])
241 clen = key3(key, ctext_ex); 241 clen = key3(key, ctext_ex);
242 break; 242 break;
243 } 243 }
244 if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
244 245
245 num = RSA_public_encrypt(plen, ptext_ex, ctext, key, 246 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
246 RSA_PKCS1_PADDING); 247 RSA_PKCS1_PADDING);
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c
index 20e660c71d..f4694b701b 100644
--- a/src/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha1_one.c
@@ -61,14 +61,15 @@
61#include <openssl/sha.h> 61#include <openssl/sha.h>
62#include <openssl/crypto.h> 62#include <openssl/crypto.h>
63 63
64#ifndef OPENSSL_NO_SHA1 64#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
65unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) 65unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
66 { 66 {
67 SHA_CTX c; 67 SHA_CTX c;
68 static unsigned char m[SHA_DIGEST_LENGTH]; 68 static unsigned char m[SHA_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 SHA1_Init(&c); 71 if (!SHA1_Init(&c))
72 return NULL;
72 SHA1_Update(&c,d,n); 73 SHA1_Update(&c,d,n);
73 SHA1_Final(md,&c); 74 SHA1_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); 75 OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libssl/src/crypto/sha/sha_one.c b/src/lib/libssl/src/crypto/sha/sha_one.c
index e61c63f3e9..d4f4d344df 100644
--- a/src/lib/libssl/src/crypto/sha/sha_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha_one.c
@@ -68,7 +68,8 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
68 static unsigned char m[SHA_DIGEST_LENGTH]; 68 static unsigned char m[SHA_DIGEST_LENGTH];
69 69
70 if (md == NULL) md=m; 70 if (md == NULL) md=m;
71 SHA_Init(&c); 71 if (!SHA_Init(&c))
72 return NULL;
72 SHA_Update(&c,d,n); 73 SHA_Update(&c,d,n);
73 SHA_Final(md,&c); 74 SHA_Final(md,&c);
74 OPENSSL_cleanse(&c,sizeof(c)); 75 OPENSSL_cleanse(&c,sizeof(c));
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h
index bd1121c279..6010b7f122 100644
--- a/src/lib/libssl/src/crypto/stack/safestack.h
+++ b/src/lib/libssl/src/crypto/stack/safestack.h
@@ -55,6 +55,9 @@
55#ifndef HEADER_SAFESTACK_H 55#ifndef HEADER_SAFESTACK_H
56#define HEADER_SAFESTACK_H 56#define HEADER_SAFESTACK_H
57 57
58typedef void (*openssl_fptr)(void);
59#define openssl_fcast(f) ((openssl_fptr)f)
60
58#include <openssl/stack.h> 61#include <openssl/stack.h>
59 62
60#ifdef DEBUG_SAFESTACK 63#ifdef DEBUG_SAFESTACK
@@ -73,74 +76,74 @@ STACK_OF(type) \
73/* SKM_sk_... stack macros are internal to safestack.h: 76/* SKM_sk_... stack macros are internal to safestack.h:
74 * never use them directly, use sk_<type>_... instead */ 77 * never use them directly, use sk_<type>_... instead */
75#define SKM_sk_new(type, cmp) \ 78#define SKM_sk_new(type, cmp) \
76 ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp) 79 ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
77#define SKM_sk_new_null(type) \ 80#define SKM_sk_new_null(type) \
78 ((STACK_OF(type) * (*)(void))sk_new_null)() 81 ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
79#define SKM_sk_free(type, st) \ 82#define SKM_sk_free(type, st) \
80 ((void (*)(STACK_OF(type) *))sk_free)(st) 83 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
81#define SKM_sk_num(type, st) \ 84#define SKM_sk_num(type, st) \
82 ((int (*)(const STACK_OF(type) *))sk_num)(st) 85 ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
83#define SKM_sk_value(type, st,i) \ 86#define SKM_sk_value(type, st,i) \
84 ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i) 87 ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
85#define SKM_sk_set(type, st,i,val) \ 88#define SKM_sk_set(type, st,i,val) \
86 ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val) 89 ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
87#define SKM_sk_zero(type, st) \ 90#define SKM_sk_zero(type, st) \
88 ((void (*)(STACK_OF(type) *))sk_zero)(st) 91 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
89#define SKM_sk_push(type, st,val) \ 92#define SKM_sk_push(type, st,val) \
90 ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val) 93 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
91#define SKM_sk_unshift(type, st,val) \ 94#define SKM_sk_unshift(type, st,val) \
92 ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val) 95 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
93#define SKM_sk_find(type, st,val) \ 96#define SKM_sk_find(type, st,val) \
94 ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val) 97 ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
95#define SKM_sk_delete(type, st,i) \ 98#define SKM_sk_delete(type, st,i) \
96 ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i) 99 ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
97#define SKM_sk_delete_ptr(type, st,ptr) \ 100#define SKM_sk_delete_ptr(type, st,ptr) \
98 ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr) 101 ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
99#define SKM_sk_insert(type, st,val,i) \ 102#define SKM_sk_insert(type, st,val,i) \
100 ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i) 103 ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
101#define SKM_sk_set_cmp_func(type, st,cmp) \ 104#define SKM_sk_set_cmp_func(type, st,cmp) \
102 ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ 105 ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
103 (const type * const *, const type * const *))sk_set_cmp_func)\ 106 (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
104 (st, cmp) 107 (st, cmp)
105#define SKM_sk_dup(type, st) \ 108#define SKM_sk_dup(type, st) \
106 ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st) 109 ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
107#define SKM_sk_pop_free(type, st,free_func) \ 110#define SKM_sk_pop_free(type, st,free_func) \
108 ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\ 111 ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
109 (st, free_func) 112 (st, free_func)
110#define SKM_sk_shift(type, st) \ 113#define SKM_sk_shift(type, st) \
111 ((type * (*)(STACK_OF(type) *))sk_shift)(st) 114 ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
112#define SKM_sk_pop(type, st) \ 115#define SKM_sk_pop(type, st) \
113 ((type * (*)(STACK_OF(type) *))sk_pop)(st) 116 ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
114#define SKM_sk_sort(type, st) \ 117#define SKM_sk_sort(type, st) \
115 ((void (*)(STACK_OF(type) *))sk_sort)(st) 118 ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
116#define SKM_sk_is_sorted(type, st) \ 119#define SKM_sk_is_sorted(type, st) \
117 ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st) 120 ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
118 121
119#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ 122#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
120 ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ 123 ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
121 type *(*)(type **, unsigned char **,long), \ 124 type *(*)(type **, unsigned char **,long), \
122 void (*)(type *), int ,int )) d2i_ASN1_SET) \ 125 void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
123 (st,pp,length, d2i_func, free_func, ex_tag,ex_class) 126 (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
124#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ 127#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
125 ((int (*)(STACK_OF(type) *,unsigned char **, \ 128 ((int (*)(STACK_OF(type) *,unsigned char **, \
126 int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \ 129 int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
127 (st,pp,i2d_func,ex_tag,ex_class,is_set) 130 (st,pp,i2d_func,ex_tag,ex_class,is_set)
128 131
129#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ 132#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
130 ((unsigned char *(*)(STACK_OF(type) *, \ 133 ((unsigned char *(*)(STACK_OF(type) *, \
131 int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \ 134 int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
132 (st, i2d_func, buf, len) 135 (st, i2d_func, buf, len)
133#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ 136#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
134 ((STACK_OF(type) * (*)(unsigned char *,int, \ 137 ((STACK_OF(type) * (*)(unsigned char *,int, \
135 type *(*)(type **,unsigned char **, long), \ 138 type *(*)(type **,unsigned char **, long), \
136 void (*)(type *)))ASN1_seq_unpack) \ 139 void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
137 (buf,len,d2i_func, free_func) 140 (buf,len,d2i_func, free_func)
138 141
139#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ 142#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
140 ((STACK_OF(type) * (*)(X509_ALGOR *, \ 143 ((STACK_OF(type) * (*)(X509_ALGOR *, \
141 type *(*)(type **, unsigned char **, long), void (*)(type *), \ 144 type *(*)(type **, unsigned char **, long), void (*)(type *), \
142 const char *, int, \ 145 const char *, int, \
143 ASN1_STRING *, int))PKCS12_decrypt_d2i) \ 146 ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
144 (algor,d2i_func,free_func,pass,passlen,oct,seq) 147 (algor,d2i_func,free_func,pass,passlen,oct,seq)
145 148
146#else 149#else
diff --git a/src/lib/libssl/src/crypto/ui/ui_err.c b/src/lib/libssl/src/crypto/ui/ui_err.c
index 39a62ae737..d983cdd66f 100644
--- a/src/lib/libssl/src/crypto/ui/ui_err.c
+++ b/src/lib/libssl/src/crypto/ui/ui_err.c
@@ -1,6 +1,6 @@
1/* crypto/ui/ui_err.c */ 1/* crypto/ui/ui_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,32 +64,36 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
70
67static ERR_STRING_DATA UI_str_functs[]= 71static ERR_STRING_DATA UI_str_functs[]=
68 { 72 {
69{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"}, 73{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
70{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"}, 74{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
71{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"}, 75{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
72{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"}, 76{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
73{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"}, 77{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
74{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"}, 78{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
75{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"}, 79{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
76{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"}, 80{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
77{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"}, 81{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
78{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"}, 82{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
79{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"}, 83{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
80{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"}, 84{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
81{0,NULL} 85{0,NULL}
82 }; 86 };
83 87
84static ERR_STRING_DATA UI_str_reasons[]= 88static ERR_STRING_DATA UI_str_reasons[]=
85 { 89 {
86{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"}, 90{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
87{UI_R_INDEX_TOO_LARGE ,"index too large"}, 91{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"},
88{UI_R_INDEX_TOO_SMALL ,"index too small"}, 92{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"},
89{UI_R_NO_RESULT_BUFFER ,"no result buffer"}, 93{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"},
90{UI_R_RESULT_TOO_LARGE ,"result too large"}, 94{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"},
91{UI_R_RESULT_TOO_SMALL ,"result too small"}, 95{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"},
92{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"}, 96{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
93{0,NULL} 97{0,NULL}
94 }; 98 };
95 99
@@ -103,8 +107,8 @@ void ERR_load_UI_strings(void)
103 { 107 {
104 init=0; 108 init=0;
105#ifndef OPENSSL_NO_ERR 109#ifndef OPENSSL_NO_ERR
106 ERR_load_strings(ERR_LIB_UI,UI_str_functs); 110 ERR_load_strings(0,UI_str_functs);
107 ERR_load_strings(ERR_LIB_UI,UI_str_reasons); 111 ERR_load_strings(0,UI_str_reasons);
108#endif 112#endif
109 113
110 } 114 }
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 6207340472..ea689aed1a 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -114,7 +114,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
114 { 114 {
115 int ret=0; 115 int ret=0;
116 BY_DIR *ld; 116 BY_DIR *ld;
117 char *dir; 117 char *dir = NULL;
118 118
119 ld=(BY_DIR *)ctx->method_data; 119 ld=(BY_DIR *)ctx->method_data;
120 120
@@ -123,17 +123,16 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
123 case X509_L_ADD_DIR: 123 case X509_L_ADD_DIR:
124 if (argl == X509_FILETYPE_DEFAULT) 124 if (argl == X509_FILETYPE_DEFAULT)
125 { 125 {
126 ret=add_cert_dir(ld,X509_get_default_cert_dir(), 126 dir=(char *)Getenv(X509_get_default_cert_dir_env());
127 X509_FILETYPE_PEM); 127 if (dir)
128 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
129 else
130 ret=add_cert_dir(ld,X509_get_default_cert_dir(),
131 X509_FILETYPE_PEM);
128 if (!ret) 132 if (!ret)
129 { 133 {
130 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); 134 X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
131 } 135 }
132 else
133 {
134 dir=(char *)Getenv(X509_get_default_cert_dir_env());
135 ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
136 }
137 } 136 }
138 else 137 else
139 ret=add_cert_dir(ld,argp,(int)argl); 138 ret=add_cert_dir(ld,argp,(int)argl);
diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c
index 5bbf4acf76..d44d046027 100644
--- a/src/lib/libssl/src/crypto/x509/x509_err.c
+++ b/src/lib/libssl/src/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
1/* crypto/x509/x509_err.c */ 1/* crypto/x509/x509_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -64,77 +64,81 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
70
67static ERR_STRING_DATA X509_str_functs[]= 71static ERR_STRING_DATA X509_str_functs[]=
68 { 72 {
69{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, 73{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
70{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, 74{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
71{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, 75{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
72{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, 76{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
73{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"}, 77{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
74{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"}, 78{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
75{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, 79{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
76{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"}, 80{ERR_FUNC(X509_F_X509_ADD_ATTR), "X509_ADD_ATTR"},
77{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"}, 81{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
78{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"}, 82{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
79{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"}, 83{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
80{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"}, 84{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
81{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"}, 85{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
82{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, 86{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
83{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, 87{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
84{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, 88{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
85{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, 89{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
86{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, 90{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
87{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, 91{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
88{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, 92{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
89{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, 93{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
90{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, 94{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
91{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"}, 95{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
92{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, 96{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
93{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, 97{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
94{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, 98{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
95{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, 99{ERR_FUNC(X509_F_X509_PRINT_FP), "X509_print_fp"},
96{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, 100{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
97{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, 101{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
98{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, 102{ERR_FUNC(X509_F_X509_REQ_PRINT), "X509_REQ_print"},
99{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, 103{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
100{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, 104{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
101{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, 105{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
102{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, 106{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
103{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, 107{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
104{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, 108{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
105{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, 109{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
106{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, 110{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
107{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, 111{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
108{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"}, 112{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
109{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, 113{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
110{0,NULL} 114{0,NULL}
111 }; 115 };
112 116
113static ERR_STRING_DATA X509_str_reasons[]= 117static ERR_STRING_DATA X509_str_reasons[]=
114 { 118 {
115{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, 119{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
116{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"}, 120{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
117{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, 121{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
118{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, 122{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
119{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, 123{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
120{X509_R_INVALID_DIRECTORY ,"invalid directory"}, 124{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
121{X509_R_INVALID_FIELD_NAME ,"invalid field name"}, 125{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
122{X509_R_INVALID_TRUST ,"invalid trust"}, 126{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
123{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, 127{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
124{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, 128{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
125{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, 129{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
126{X509_R_LOADING_DEFAULTS ,"loading defaults"}, 130{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
127{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, 131{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
128{X509_R_SHOULD_RETRY ,"should retry"}, 132{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
129{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, 133{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
130{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, 134{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
131{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, 135{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
132{X509_R_UNKNOWN_NID ,"unknown nid"}, 136{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
133{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"}, 137{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
134{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"}, 138{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
135{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, 139{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
136{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, 140{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
137{X509_R_WRONG_TYPE ,"wrong type"}, 141{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
138{0,NULL} 142{0,NULL}
139 }; 143 };
140 144
@@ -148,8 +152,8 @@ void ERR_load_X509_strings(void)
148 { 152 {
149 init=0; 153 init=0;
150#ifndef OPENSSL_NO_ERR 154#ifndef OPENSSL_NO_ERR
151 ERR_load_strings(ERR_LIB_X509,X509_str_functs); 155 ERR_load_strings(0,X509_str_functs);
152 ERR_load_strings(ERR_LIB_X509,X509_str_reasons); 156 ERR_load_strings(0,X509_str_reasons);
153#endif 157#endif
154 158
155 } 159 }
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index e43c861ee7..383e082aba 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -944,7 +944,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
944 offset=0; 944 offset=0;
945 else 945 else
946 { 946 {
947 if ((*str != '+') && (str[5] != '-')) 947 if ((*str != '+') && (*str != '-'))
948 return 0; 948 return 0;
949 offset=((str[1]-'0')*10+(str[2]-'0'))*60; 949 offset=((str[1]-'0')*10+(str[2]-'0'))*60;
950 offset+=(str[3]-'0')*10+(str[4]-'0'); 950 offset+=(str[3]-'0')*10+(str[4]-'0');
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
index 0d554f3a2c..867525f336 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c
@@ -137,7 +137,15 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
137 CONF_VALUE *cnf; 137 CONF_VALUE *cnf;
138 int i, ia5org; 138 int i, ia5org;
139 pols = sk_POLICYINFO_new_null(); 139 pols = sk_POLICYINFO_new_null();
140 if (pols == NULL) {
141 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
142 return NULL;
143 }
140 vals = X509V3_parse_list(value); 144 vals = X509V3_parse_list(value);
145 if (vals == NULL) {
146 X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
147 goto err;
148 }
141 ia5org = 0; 149 ia5org = 0;
142 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { 150 for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
143 cnf = sk_CONF_VALUE_value(vals, i); 151 cnf = sk_CONF_VALUE_value(vals, i);
@@ -176,6 +184,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
176 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); 184 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
177 return pols; 185 return pols;
178 err: 186 err:
187 sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
179 sk_POLICYINFO_pop_free(pols, POLICYINFO_free); 188 sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
180 return NULL; 189 return NULL;
181} 190}
diff --git a/src/lib/libssl/src/crypto/x509v3/v3err.c b/src/lib/libssl/src/crypto/x509v3/v3err.c
index 2df0c3ef01..e1edaf5248 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3err.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3err.c
@@ -64,114 +64,118 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
70
67static ERR_STRING_DATA X509V3_str_functs[]= 71static ERR_STRING_DATA X509V3_str_functs[]=
68 { 72 {
69{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, 73{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
70{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, 74{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
71{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, 75{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
72{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, 76{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
73{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, 77{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
74{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, 78{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
75{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"}, 79{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
76{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, 80{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
77{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, 81{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
78{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, 82{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
79{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, 83{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
80{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, 84{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
81{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, 85{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
82{ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"}, 86{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
83{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, 87{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
84{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, 88{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
85{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, 89{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
86{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, 90{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
87{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"}, 91{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID), "S2I_S2I_SKEY_ID"},
88{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"}, 92{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
89{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"}, 93{ERR_FUNC(X509V3_F_SXNET_ADD_ASC), "SXNET_ADD_ASC"},
90{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"}, 94{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
91{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, 95{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
92{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, 96{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
93{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, 97{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
94{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, 98{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION), "V2I_ACCESS_DESCRIPTION"},
95{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, 99{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "V2I_ASN1_BIT_STRING"},
96{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, 100{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
97{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, 101{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
98{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"}, 102{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
99{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, 103{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
100{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, 104{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME), "v2i_GENERAL_NAME"},
101{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, 105{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
102{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, 106{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
103{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, 107{ERR_FUNC(X509V3_F_X509V3_ADD_I2D), "X509V3_ADD_I2D"},
104{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, 108{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
105{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, 109{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
106{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, 110{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
107{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, 111{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
108{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, 112{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
109{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, 113{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
110{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, 114{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
111{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, 115{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
112{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"}, 116{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
113{0,NULL} 117{0,NULL}
114 }; 118 };
115 119
116static ERR_STRING_DATA X509V3_str_reasons[]= 120static ERR_STRING_DATA X509V3_str_reasons[]=
117 { 121 {
118{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"}, 122{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
119{X509V3_R_BAD_OBJECT ,"bad object"}, 123{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
120{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, 124{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
121{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, 125{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
122{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, 126{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
123{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, 127{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
124{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, 128{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
125{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, 129{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
126{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, 130{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
127{X509V3_R_EXTENSION_EXISTS ,"extension exists"}, 131{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
128{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, 132{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
129{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, 133{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
130{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, 134{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
131{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, 135{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
132{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, 136{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
133{X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"}, 137{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
134{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, 138{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
135{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, 139{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
136{X509V3_R_INVALID_NAME ,"invalid name"}, 140{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
137{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, 141{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
138{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, 142{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
139{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, 143{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
140{X509V3_R_INVALID_NUMBER ,"invalid number"}, 144{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
141{X509V3_R_INVALID_NUMBERS ,"invalid numbers"}, 145{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
142{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, 146{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
143{X509V3_R_INVALID_OPTION ,"invalid option"}, 147{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
144{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, 148{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
145{X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"}, 149{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
146{X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"}, 150{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
147{X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, 151{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
148{X509V3_R_INVALID_SECTION ,"invalid section"}, 152{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
149{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, 153{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
150{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, 154{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
151{X509V3_R_MISSING_VALUE ,"missing value"}, 155{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
152{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, 156{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
153{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, 157{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
154{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, 158{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
155{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, 159{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
156{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, 160{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
157{X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"}, 161{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
158{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, 162{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
159{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, 163{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
160{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, 164{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
161{X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"}, 165{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
162{X509V3_R_POLICY_PATH_LENGTH ,"policy path length"}, 166{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
163{X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"}, 167{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
164{X509V3_R_POLICY_SYNTAX_NOT ,"policy syntax not"}, 168{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT) ,"policy syntax not"},
165{X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"}, 169{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
166{X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"}, 170{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
167{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, 171{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
168{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, 172{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
169{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, 173{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
170{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"}, 174{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
171{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"}, 175{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
172{X509V3_R_UNKNOWN_OPTION ,"unknown option"}, 176{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
173{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"}, 177{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
174{X509V3_R_USER_TOO_LONG ,"user too long"}, 178{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
175{0,NULL} 179{0,NULL}
176 }; 180 };
177 181
@@ -185,8 +189,8 @@ void ERR_load_X509V3_strings(void)
185 { 189 {
186 init=0; 190 init=0;
187#ifndef OPENSSL_NO_ERR 191#ifndef OPENSSL_NO_ERR
188 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); 192 ERR_load_strings(0,X509V3_str_functs);
189 ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); 193 ERR_load_strings(0,X509V3_str_reasons);
190#endif 194#endif
191 195
192 } 196 }
diff --git a/src/lib/libssl/src/doc/apps/CA.pl.pod b/src/lib/libssl/src/doc/apps/CA.pl.pod
index 58e0f52001..ed69952f37 100644
--- a/src/lib/libssl/src/doc/apps/CA.pl.pod
+++ b/src/lib/libssl/src/doc/apps/CA.pl.pod
@@ -47,7 +47,7 @@ written to the file "newreq.pem".
47creates a new certificate request. The private key and request are 47creates a new certificate request. The private key and request are
48written to the file "newreq.pem". 48written to the file "newreq.pem".
49 49
50=item B<-newreq-nowdes> 50=item B<-newreq-nodes>
51 51
52is like B<-newreq> except that the private key will not be encrypted. 52is like B<-newreq> except that the private key will not be encrypted.
53 53
diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod
index 74f45ca2f9..f15df49d4f 100644
--- a/src/lib/libssl/src/doc/apps/ca.pod
+++ b/src/lib/libssl/src/doc/apps/ca.pod
@@ -391,7 +391,7 @@ the same as B<-msie_hack>
391the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section 391the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
392for more information. 392for more information.
393 393
394=item B<nameopt>, B<certopt> 394=item B<name_opt>, B<cert_opt>
395 395
396these options allow the format used to display the certificate details 396these options allow the format used to display the certificate details
397when asking the user to confirm signing. All the options supported by 397when asking the user to confirm signing. All the options supported by
@@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>:
513 policy = policy_any # default policy 513 policy = policy_any # default policy
514 email_in_dn = no # Don't add the email into cert DN 514 email_in_dn = no # Don't add the email into cert DN
515 515
516 nameopt = ca_default # Subject name display option 516 name_opt = ca_default # Subject name display option
517 certopt = ca_default # Certificate display option 517 cert_opt = ca_default # Certificate display option
518 copy_extensions = none # Don't copy extensions from request 518 copy_extensions = none # Don't copy extensions from request
519 519
520 [ policy_any ] 520 [ policy_any ]
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index 18fe7c81c7..c43da5b3f1 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -191,12 +191,12 @@ Blowfish and RC5 algorithms use a 128 bit key.
191 des-ecb DES in ECB mode 191 des-ecb DES in ECB mode
192 192
193 des-ede-cbc Two key triple DES EDE in CBC mode 193 des-ede-cbc Two key triple DES EDE in CBC mode
194 des-ede Alias for des-ede 194 des-ede Two key triple DES EDE in ECB mode
195 des-ede-cfb Two key triple DES EDE in CFB mode 195 des-ede-cfb Two key triple DES EDE in CFB mode
196 des-ede-ofb Two key triple DES EDE in OFB mode 196 des-ede-ofb Two key triple DES EDE in OFB mode
197 197
198 des-ede3-cbc Three key triple DES EDE in CBC mode 198 des-ede3-cbc Three key triple DES EDE in CBC mode
199 des-ede3 Alias for des-ede3-cbc 199 des-ede3 Three key triple DES EDE in ECB mode
200 des3 Alias for des-ede3-cbc 200 des3 Alias for des-ede3-cbc
201 des-ede3-cfb Three key triple DES EDE CFB mode 201 des-ede3-cfb Three key triple DES EDE CFB mode
202 des-ede3-ofb Three key triple DES EDE in OFB mode 202 des-ede3-ofb Three key triple DES EDE in OFB mode
@@ -211,9 +211,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
211 211
212 rc2-cbc 128 bit RC2 in CBC mode 212 rc2-cbc 128 bit RC2 in CBC mode
213 rc2 Alias for rc2-cbc 213 rc2 Alias for rc2-cbc
214 rc2-cfb 128 bit RC2 in CBC mode 214 rc2-cfb 128 bit RC2 in CFB mode
215 rc2-ecb 128 bit RC2 in CBC mode 215 rc2-ecb 128 bit RC2 in ECB mode
216 rc2-ofb 128 bit RC2 in CBC mode 216 rc2-ofb 128 bit RC2 in OFB mode
217 rc2-64-cbc 64 bit RC2 in CBC mode 217 rc2-64-cbc 64 bit RC2 in CBC mode
218 rc2-40-cbc 40 bit RC2 in CBC mode 218 rc2-40-cbc 40 bit RC2 in CBC mode
219 219
@@ -223,9 +223,9 @@ Blowfish and RC5 algorithms use a 128 bit key.
223 223
224 rc5-cbc RC5 cipher in CBC mode 224 rc5-cbc RC5 cipher in CBC mode
225 rc5 Alias for rc5-cbc 225 rc5 Alias for rc5-cbc
226 rc5-cfb RC5 cipher in CBC mode 226 rc5-cfb RC5 cipher in CFB mode
227 rc5-ecb RC5 cipher in CBC mode 227 rc5-ecb RC5 cipher in ECB mode
228 rc5-ofb RC5 cipher in CBC mode 228 rc5-ofb RC5 cipher in OFB mode
229 229
230=head1 EXAMPLES 230=head1 EXAMPLES
231 231
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 40e525dd56..8271d3dfc4 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -22,7 +22,7 @@ EVP_CIPHER_CTX_set_padding - EVP cipher routines
22 22
23 #include <openssl/evp.h> 23 #include <openssl/evp.h>
24 24
25 int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); 25 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
26 26
27 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 27 int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
28 ENGINE *impl, unsigned char *key, unsigned char *iv); 28 ENGINE *impl, unsigned char *key, unsigned char *iv);
@@ -236,8 +236,8 @@ RC5 can be set.
236 236
237=head1 RETURN VALUES 237=head1 RETURN VALUES
238 238
239EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and 239EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
240EVP_EncryptFinal_ex() return 1 for success and 0 for failure. 240return 1 for success and 0 for failure.
241 241
242EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. 242EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
243EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. 243EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index b1f5f368ed..bd27817182 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -18,7 +18,7 @@ authentication code
18 void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, 18 void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
19 const EVP_MD *md); 19 const EVP_MD *md);
20 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, 20 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
21 const EVP_MD *md); 21 const EVP_MD *md, ENGINE *impl);
22 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); 22 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
23 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); 23 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
24 24
diff --git a/src/lib/libssl/src/doc/crypto/threads.pod b/src/lib/libssl/src/doc/crypto/threads.pod
index afa45cd76c..3df4ecd776 100644
--- a/src/lib/libssl/src/doc/crypto/threads.pod
+++ b/src/lib/libssl/src/doc/crypto/threads.pod
@@ -65,9 +65,10 @@ B<CRYPTO_LOCK>, and releases it otherwise.
65B<file> and B<line> are the file number of the function setting the 65B<file> and B<line> are the file number of the function setting the
66lock. They can be useful for debugging. 66lock. They can be useful for debugging.
67 67
68id_function(void) is a function that returns a thread ID. It is not 68id_function(void) is a function that returns a thread ID, for example
69pthread_self() if it returns an integer (see NOTES below). It isn't
69needed on Windows nor on platforms where getpid() returns a different 70needed on Windows nor on platforms where getpid() returns a different
70ID for each thread (most notably Linux). 71ID for each thread (see NOTES below).
71 72
72Additionally, OpenSSL supports dynamic locks, and sometimes, some parts 73Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
73of OpenSSL need it for better performance. To enable this, the following 74of OpenSSL need it for better performance. To enable this, the following
@@ -124,13 +125,13 @@ CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
124 125
125The other functions return no values. 126The other functions return no values.
126 127
127=head1 NOTE 128=head1 NOTES
128 129
129You can find out if OpenSSL was configured with thread support: 130You can find out if OpenSSL was configured with thread support:
130 131
131 #define OPENSSL_THREAD_DEFINES 132 #define OPENSSL_THREAD_DEFINES
132 #include <openssl/opensslconf.h> 133 #include <openssl/opensslconf.h>
133 #if defined(THREADS) 134 #if defined(OPENSSL_THREADS)
134 // thread support enabled 135 // thread support enabled
135 #else 136 #else
136 // no thread support 137 // no thread support
@@ -139,6 +140,22 @@ You can find out if OpenSSL was configured with thread support:
139Also, dynamic locks are currently not used internally by OpenSSL, but 140Also, dynamic locks are currently not used internally by OpenSSL, but
140may do so in the future. 141may do so in the future.
141 142
143Defining id_function(void) has it's own issues. Generally speaking,
144pthread_self() should be used, even on platforms where getpid() gives
145different answers in each thread, since that may depend on the machine
146the program is run on, not the machine where the program is being
147compiled. For instance, Red Hat 8 Linux and earlier used
148LinuxThreads, whose getpid() returns a different value for each
149thread. Red Hat 9 Linux and later use NPTL, which is
150Posix-conformant, and has a getpid() that returns the same value for
151all threads in a process. A program compiled on Red Hat 8 and run on
152Red Hat 9 will therefore see getpid() returning the same value for
153all threads.
154
155There is still the issue of platforms where pthread_self() returns
156something other than an integer. This is a bit unusual, and this
157manual has no cookbook solution for that case.
158
142=head1 EXAMPLES 159=head1 EXAMPLES
143 160
144B<crypto/threads/mttest.c> shows examples of the callback functions on 161B<crypto/threads/mttest.c> shows examples of the callback functions on
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index 5ab1b32f93..fa63263601 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -86,7 +86,7 @@ doing a re-connect, always takes the first cipher in the cipher list.
86 86
87=item SSL_OP_MSIE_SSLV2_RSA_PADDING 87=item SSL_OP_MSIE_SSLV2_RSA_PADDING
88 88
89... 89As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
90 90
91=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG 91=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
92 92
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 5a328b7fa8..e2b6561066 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -214,6 +214,8 @@ extern "C" {
214# define _setmode setmode 214# define _setmode setmode
215# define _O_TEXT O_TEXT 215# define _O_TEXT O_TEXT
216# define _O_BINARY O_BINARY 216# define _O_BINARY O_BINARY
217# undef DEVRANDOM
218# define DEVRANDOM "/dev/urandom\x24"
217# endif /* __DJGPP__ */ 219# endif /* __DJGPP__ */
218 220
219# ifndef S_IFDIR 221# ifndef S_IFDIR
diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h
index 4ca79a4d65..d8de8beead 100644
--- a/src/lib/libssl/src/e_os2.h
+++ b/src/lib/libssl/src/e_os2.h
@@ -237,8 +237,8 @@ extern "C" {
237# define OPENSSL_IMPORT globalref 237# define OPENSSL_IMPORT globalref
238# define OPENSSL_GLOBAL globaldef 238# define OPENSSL_GLOBAL globaldef
239#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) 239#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
240# define OPENSSL_EXPORT extern _declspec(dllexport) 240# define OPENSSL_EXPORT extern __declspec(dllexport)
241# define OPENSSL_IMPORT extern _declspec(dllimport) 241# define OPENSSL_IMPORT extern __declspec(dllimport)
242# define OPENSSL_GLOBAL 242# define OPENSSL_GLOBAL
243#else 243#else
244# define OPENSSL_EXPORT extern 244# define OPENSSL_EXPORT extern
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
index d892fe9f0d..a739625302 100644
--- a/src/lib/libssl/src/makevms.com
+++ b/src/lib/libssl/src/makevms.com
@@ -480,16 +480,18 @@ $!
480$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h 480$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
481$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL] 481$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
482$! 482$!
483$! Copy All The ".H" Files From The [.FIPS] Directories. 483$! Copy All The ".H" Files From The [.FIPS-1_0] Directories.
484$! 484$!
485$ FDIRS := ,SHA1,RAND,DES,AES,DSA,RSA 485$ FDIRS := ,SHA,RAND,DES,AES,DSA,RSA,DH,HMAC
486$ EXHEADER_ := fips.h 486$ EXHEADER_ := fips.h
487$ EXHEADER_SHA1 := 487$ EXHEADER_SHA := fips_sha.h
488$ EXHEADER_RAND := fips_rand.h 488$ EXHEADER_RAND := fips_rand.h
489$ EXHEADER_DES := 489$ EXHEADER_DES :=
490$ EXHEADER_AES := 490$ EXHEADER_AES :=
491$ EXHEADER_DSA := 491$ EXHEADER_DSA :=
492$ EXHEADER_RSA := 492$ EXHEADER_RSA :=
493$ EXHEADER_DH :=
494$ EXHEADER_HMAC :=
493$ 495$
494$ I = 0 496$ I = 0
495$ LOOP_FDIRS: 497$ LOOP_FDIRS:
@@ -500,9 +502,9 @@ $ tmp = EXHEADER_'D'
500$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS 502$ IF tmp .EQS. "" THEN GOTO LOOP_FDIRS
501$ IF D .EQS. "" 503$ IF D .EQS. ""
502$ THEN 504$ THEN
503$ COPY [.FIPS]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG 505$ COPY [.FIPS-1_0]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
504$ ELSE 506$ ELSE
505$ COPY [.FIPS.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG 507$ COPY [.FIPS-1_0.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
506$ ENDIF 508$ ENDIF
507$ GOTO LOOP_FDIRS 509$ GOTO LOOP_FDIRS
508$ LOOP_FDIRS_END: 510$ LOOP_FDIRS_END:
@@ -536,9 +538,9 @@ $! Go Back To The Main Directory.
536$! 538$!
537$ SET DEFAULT [-] 539$ SET DEFAULT [-]
538$! 540$!
539$! Go To The [.FIPS] Directory. 541$! Go To The [.FIPS-1_0] Directory.
540$! 542$!
541$ SET DEFAULT SYS$DISK:[.FIPS] 543$ SET DEFAULT SYS$DISK:[.FIPS-1_0]
542$! 544$!
543$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. 545$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
544$! 546$!
diff --git a/src/lib/libssl/src/ms/do_masm.bat b/src/lib/libssl/src/ms/do_masm.bat
index 61c52562f7..ce22a44305 100644
--- a/src/lib/libssl/src/ms/do_masm.bat
+++ b/src/lib/libssl/src/ms/do_masm.bat
@@ -1,4 +1,3 @@
1rem use "fips" as the first argument to make a proper FIPS build.
2 1
3@echo off 2@echo off
4echo Generating x86 for MASM assember 3echo Generating x86 for MASM assember
@@ -60,7 +59,7 @@ echo on
60perl util\mkfiles.pl >MINFO 59perl util\mkfiles.pl >MINFO
61rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak 60rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak
62rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak 61rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak
63perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak 62rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
64perl util\mk1mf.pl %1 VC-WIN32 >ms\nt.mak 63perl util\mk1mf.pl %1 VC-WIN32 >ms\nt.mak
65perl util\mk1mf.pl dll %1 VC-WIN32 >ms\ntdll.mak 64perl util\mk1mf.pl dll %1 VC-WIN32 >ms\ntdll.mak
66 65
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat
index 72179708bf..4a76921298 100644
--- a/src/lib/libssl/src/ms/do_ms.bat
+++ b/src/lib/libssl/src/ms/do_ms.bat
@@ -2,7 +2,7 @@
2perl util\mkfiles.pl >MINFO 2perl util\mkfiles.pl >MINFO
3rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak 3rem perl util\mk1mf.pl no-sock %1 VC-MSDOS >ms\msdos.mak
4rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak 4rem perl util\mk1mf.pl %1 VC-W31-32 >ms\w31.mak
5perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak 5rem perl util\mk1mf.pl dll %1 VC-W31-32 >ms\w31dll.mak
6perl util\mk1mf.pl no-asm %1 VC-WIN32 >ms\nt.mak 6perl util\mk1mf.pl no-asm %1 VC-WIN32 >ms\nt.mak
7perl util\mk1mf.pl dll no-asm %1 VC-WIN32 >ms\ntdll.mak 7perl util\mk1mf.pl dll no-asm %1 VC-WIN32 >ms\ntdll.mak
8perl util\mk1mf.pl no-asm %1 VC-CE >ms\ce.mak 8perl util\mk1mf.pl no-asm %1 VC-CE >ms\ce.mak
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 98ef153e3b..3dad37d49b 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,8 +1,8 @@
1%define libmaj 0 1%define libmaj 0
2%define libmin 9 2%define libmin 9
3%define librel 7 3%define librel 7
4%define librev g 4%define librev j
5Release: 1 5Release: 2
6 6
7%define openssldir /var/ssl 7%define openssldir /var/ssl
8 8
@@ -121,7 +121,6 @@ rm -rf $RPM_BUILD_ROOT
121 121
122%config %attr(0644,root,root) %{openssldir}/openssl.cnf 122%config %attr(0644,root,root) %{openssldir}/openssl.cnf
123%dir %attr(0755,root,root) %{openssldir}/certs 123%dir %attr(0755,root,root) %{openssldir}/certs
124%dir %attr(0755,root,root) %{openssldir}/lib
125%dir %attr(0755,root,root) %{openssldir}/misc 124%dir %attr(0755,root,root) %{openssldir}/misc
126%dir %attr(0750,root,root) %{openssldir}/private 125%dir %attr(0750,root,root) %{openssldir}/private
127 126
@@ -146,6 +145,8 @@ ldconfig
146ldconfig 145ldconfig
147 146
148%changelog 147%changelog
148* Sun Jun 6 2005 Richard Levitte <richard@levitte.org>
149- Remove the incorrect installation of '%{openssldir}/lib'.
149* Wed May 7 2003 Richard Levitte <richard@levitte.org> 150* Wed May 7 2003 Richard Levitte <richard@levitte.org>
150- Add /usr/lib/pkgconfig/openssl.pc to the development section. 151- Add /usr/lib/pkgconfig/openssl.pc to the development section.
151* Thu Mar 22 2001 Richard Levitte <richard@levitte.org> 152* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
diff --git a/src/lib/libssl/src/ssl/kssl.c b/src/lib/libssl/src/ssl/kssl.c
index 3afa95f3fa..9a41769e75 100644
--- a/src/lib/libssl/src/ssl/kssl.c
+++ b/src/lib/libssl/src/ssl/kssl.c
@@ -68,9 +68,11 @@
68 68
69#include <openssl/opensslconf.h> 69#include <openssl/opensslconf.h>
70 70
71#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */ 71#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
72#include <time.h> 72#include <time.h>
73#if 0 /* Experimental */
73#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */ 74#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
75#endif
74#include <string.h> 76#include <string.h>
75 77
76#define KRB5_PRIVATE 1 78#define KRB5_PRIVATE 1
@@ -295,7 +297,7 @@ load_krb5_dll(void)
295 HANDLE hKRB5_32; 297 HANDLE hKRB5_32;
296 298
297 krb5_loaded++; 299 krb5_loaded++;
298 hKRB5_32 = LoadLibrary("KRB5_32"); 300 hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
299 if (!hKRB5_32) 301 if (!hKRB5_32)
300 return; 302 return;
301 303
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 779e94a35c..86356731ea 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -106,7 +106,7 @@ SSL_METHOD *SSLv23_client_method(void)
106int ssl23_connect(SSL *s) 106int ssl23_connect(SSL *s)
107 { 107 {
108 BUF_MEM *buf=NULL; 108 BUF_MEM *buf=NULL;
109 unsigned long Time=time(NULL); 109 unsigned long Time=(unsigned long)time(NULL);
110 void (*cb)(const SSL *ssl,int type,int val)=NULL; 110 void (*cb)(const SSL *ssl,int type,int val)=NULL;
111 int ret= -1; 111 int ret= -1;
112 int new_state,state; 112 int new_state,state;
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
220 { 220 {
221 unsigned char *buf; 221 unsigned char *buf;
222 unsigned char *p,*d; 222 unsigned char *p,*d;
223 int i,ch_len; 223 int i,j,ch_len;
224 unsigned long Time,l;
225 int ssl2_compat;
226 int version = 0, version_major, version_minor;
227 SSL_COMP *comp;
224 int ret; 228 int ret;
225 229
230 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
231
232 if (!(s->options & SSL_OP_NO_TLSv1))
233 {
234 version = TLS1_VERSION;
235 }
236 else if (!(s->options & SSL_OP_NO_SSLv3))
237 {
238 version = SSL3_VERSION;
239 }
240 else if (!(s->options & SSL_OP_NO_SSLv2))
241 {
242 version = SSL2_VERSION;
243 }
244
226 buf=(unsigned char *)s->init_buf->data; 245 buf=(unsigned char *)s->init_buf->data;
227 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 246 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
228 { 247 {
@@ -235,19 +254,15 @@ static int ssl23_client_hello(SSL *s)
235#endif 254#endif
236 255
237 p=s->s3->client_random; 256 p=s->s3->client_random;
238 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) 257 Time=(unsigned long)time(NULL); /* Time */
239 return -1; 258 l2n(Time,p);
240 259 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
241 /* Do the message type and length last */ 260 return -1;
242 d= &(buf[2]);
243 p=d+9;
244 261
245 *(d++)=SSL2_MT_CLIENT_HELLO; 262 if (version == TLS1_VERSION)
246 if (!(s->options & SSL_OP_NO_TLSv1))
247 { 263 {
248 *(d++)=TLS1_VERSION_MAJOR; 264 version_major = TLS1_VERSION_MAJOR;
249 *(d++)=TLS1_VERSION_MINOR; 265 version_minor = TLS1_VERSION_MINOR;
250 s->client_version=TLS1_VERSION;
251 } 266 }
252#ifdef OPENSSL_FIPS 267#ifdef OPENSSL_FIPS
253 else if(FIPS_mode()) 268 else if(FIPS_mode())
@@ -257,17 +272,15 @@ static int ssl23_client_hello(SSL *s)
257 return -1; 272 return -1;
258 } 273 }
259#endif 274#endif
260 else if (!(s->options & SSL_OP_NO_SSLv3)) 275 else if (version == SSL3_VERSION)
261 { 276 {
262 *(d++)=SSL3_VERSION_MAJOR; 277 version_major = SSL3_VERSION_MAJOR;
263 *(d++)=SSL3_VERSION_MINOR; 278 version_minor = SSL3_VERSION_MINOR;
264 s->client_version=SSL3_VERSION;
265 } 279 }
266 else if (!(s->options & SSL_OP_NO_SSLv2)) 280 else if (version == SSL2_VERSION)
267 { 281 {
268 *(d++)=SSL2_VERSION_MAJOR; 282 version_major = SSL2_VERSION_MAJOR;
269 *(d++)=SSL2_VERSION_MINOR; 283 version_minor = SSL2_VERSION_MINOR;
270 s->client_version=SSL2_VERSION;
271 } 284 }
272 else 285 else
273 { 286 {
@@ -275,59 +288,153 @@ static int ssl23_client_hello(SSL *s)
275 return(-1); 288 return(-1);
276 } 289 }
277 290
278 /* Ciphers supported */ 291 s->client_version = version;
279 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); 292
280 if (i == 0) 293 if (ssl2_compat)
281 { 294 {
282 /* no ciphers */ 295 /* create SSL 2.0 compatible Client Hello */
283 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 296
284 return(-1); 297 /* two byte record header will be written last */
285 } 298 d = &(buf[2]);
286 s2n(i,d); 299 p = d + 9; /* leave space for message type, version, individual length fields */
287 p+=i;
288 300
289 /* put in the session-id, zero since there is no 301 *(d++) = SSL2_MT_CLIENT_HELLO;
290 * reuse. */ 302 *(d++) = version_major;
303 *(d++) = version_minor;
304
305 /* Ciphers supported */
306 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
307 if (i == 0)
308 {
309 /* no ciphers */
310 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
311 return -1;
312 }
313 s2n(i,d);
314 p+=i;
315
316 /* put in the session-id length (zero since there is no reuse) */
291#if 0 317#if 0
292 s->session->session_id_length=0; 318 s->session->session_id_length=0;
293#endif 319#endif
294 s2n(0,d); 320 s2n(0,d);
295 321
296 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 322 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
297 ch_len=SSL2_CHALLENGE_LENGTH; 323 ch_len=SSL2_CHALLENGE_LENGTH;
324 else
325 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
326
327 /* write out sslv2 challenge */
328 if (SSL3_RANDOM_SIZE < ch_len)
329 i=SSL3_RANDOM_SIZE;
330 else
331 i=ch_len;
332 s2n(i,d);
333 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
334 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
335 return -1;
336
337 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
338 p+=i;
339
340 i= p- &(buf[2]);
341 buf[0]=((i>>8)&0xff)|0x80;
342 buf[1]=(i&0xff);
343
344 /* number of bytes to write */
345 s->init_num=i+2;
346 s->init_off=0;
347
348 ssl3_finish_mac(s,&(buf[2]),i);
349 }
298 else 350 else
299 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 351 {
352 /* create Client Hello in SSL 3.0/TLS 1.0 format */
300 353
301 /* write out sslv2 challenge */ 354 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
302 if (SSL3_RANDOM_SIZE < ch_len) 355 d = p = &(buf[9]);
303 i=SSL3_RANDOM_SIZE; 356
304 else 357 *(p++) = version_major;
305 i=ch_len; 358 *(p++) = version_minor;
306 s2n(i,d); 359
307 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 360 /* Random stuff */
308 if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 361 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
309 return -1; 362 p += SSL3_RANDOM_SIZE;
363
364 /* Session ID (zero since there is no reuse) */
365 *(p++) = 0;
366
367 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
368 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
369 if (i == 0)
370 {
371 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
372 return -1;
373 }
374 s2n(i,p);
375 p+=i;
376
377 /* COMPRESSION */
378 if (s->ctx->comp_methods == NULL)
379 j=0;
380 else
381 j=sk_SSL_COMP_num(s->ctx->comp_methods);
382 *(p++)=1+j;
383 for (i=0; i<j; i++)
384 {
385 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
386 *(p++)=comp->id;
387 }
388 *(p++)=0; /* Add the NULL method */
389
390 l = p-d;
391 *p = 42;
310 392
311 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 393 /* fill in 4-byte handshake header */
312 p+=i; 394 d=&(buf[5]);
395 *(d++)=SSL3_MT_CLIENT_HELLO;
396 l2n3(l,d);
313 397
314 i= p- &(buf[2]); 398 l += 4;
315 buf[0]=((i>>8)&0xff)|0x80; 399
316 buf[1]=(i&0xff); 400 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
401 {
402 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
403 return -1;
404 }
405
406 /* fill in 5-byte record header */
407 d=buf;
408 *(d++) = SSL3_RT_HANDSHAKE;
409 *(d++) = version_major;
410 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
411 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
412 s2n((int)l,d);
413
414 /* number of bytes to write */
415 s->init_num=p-buf;
416 s->init_off=0;
417
418 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
419 }
317 420
318 s->state=SSL23_ST_CW_CLNT_HELLO_B; 421 s->state=SSL23_ST_CW_CLNT_HELLO_B;
319 /* number of bytes to write */
320 s->init_num=i+2;
321 s->init_off=0; 422 s->init_off=0;
322
323 ssl3_finish_mac(s,&(buf[2]),i);
324 } 423 }
325 424
326 /* SSL3_ST_CW_CLNT_HELLO_B */ 425 /* SSL3_ST_CW_CLNT_HELLO_B */
327 ret = ssl23_write_bytes(s); 426 ret = ssl23_write_bytes(s);
328 if (ret >= 2) 427
329 if (s->msg_callback) 428 if ((ret >= 2) && s->msg_callback)
330 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 429 {
430 /* Client Hello has been sent; tell msg_callback */
431
432 if (ssl2_compat)
433 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
434 else
435 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
436 }
437
331 return ret; 438 return ret;
332 } 439 }
333 440
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index e9edc34328..b73abc448f 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -158,7 +158,7 @@ SSL_METHOD *SSLv23_server_method(void)
158int ssl23_accept(SSL *s) 158int ssl23_accept(SSL *s)
159 { 159 {
160 BUF_MEM *buf; 160 BUF_MEM *buf;
161 unsigned long Time=time(NULL); 161 unsigned long Time=(unsigned long)time(NULL);
162 void (*cb)(const SSL *ssl,int type,int val)=NULL; 162 void (*cb)(const SSL *ssl,int type,int val)=NULL;
163 int ret= -1; 163 int ret= -1;
164 int new_state,state; 164 int new_state,state;
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
268 int n=0,j; 268 int n=0,j;
269 int type=0; 269 int type=0;
270 int v[2]; 270 int v[2];
271#ifndef OPENSSL_NO_RSA
272 int use_sslv2_strong=0;
273#endif
274 271
275 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 272 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
276 { 273 {
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index c67829f495..eba04c715b 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -162,7 +162,7 @@ SSL_METHOD *SSLv2_client_method(void)
162 162
163int ssl2_connect(SSL *s) 163int ssl2_connect(SSL *s)
164 { 164 {
165 unsigned long l=time(NULL); 165 unsigned long l=(unsigned long)time(NULL);
166 BUF_MEM *buf=NULL; 166 BUF_MEM *buf=NULL;
167 int ret= -1; 167 int ret= -1;
168 void (*cb)(const SSL *ssl,int type,int val)=NULL; 168 void (*cb)(const SSL *ssl,int type,int val)=NULL;
@@ -584,7 +584,7 @@ static int client_hello(SSL *s)
584 s2n(SSL2_VERSION,p); /* version */ 584 s2n(SSL2_VERSION,p); /* version */
585 n=j=0; 585 n=j=0;
586 586
587 n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d); 587 n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
588 d+=n; 588 d+=n;
589 589
590 if (n == 0) 590 if (n == 0)
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 853871f28c..7a4992b7aa 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -162,7 +162,7 @@ SSL_METHOD *SSLv2_server_method(void)
162 162
163int ssl2_accept(SSL *s) 163int ssl2_accept(SSL *s)
164 { 164 {
165 unsigned long l=time(NULL); 165 unsigned long l=(unsigned long)time(NULL);
166 BUF_MEM *buf=NULL; 166 BUF_MEM *buf=NULL;
167 int ret= -1; 167 int ret= -1;
168 long num1; 168 long num1;
@@ -797,7 +797,7 @@ static int server_hello(SSL *s)
797 /* lets send out the ciphers we like in the 797 /* lets send out the ciphers we like in the
798 * prefered order */ 798 * prefered order */
799 sk= s->session->ciphers; 799 sk= s->session->ciphers;
800 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d); 800 n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
801 d+=n; 801 d+=n;
802 s2n(n,p); /* add cipher length */ 802 s2n(n,p); /* add cipher length */
803 } 803 }
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index ebf83b0322..4163d97944 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -165,7 +165,7 @@ SSL_METHOD *SSLv3_client_method(void)
165int ssl3_connect(SSL *s) 165int ssl3_connect(SSL *s)
166 { 166 {
167 BUF_MEM *buf=NULL; 167 BUF_MEM *buf=NULL;
168 unsigned long Time=time(NULL),l; 168 unsigned long Time=(unsigned long)time(NULL),l;
169 long num1; 169 long num1;
170 void (*cb)(const SSL *ssl,int type,int val)=NULL; 170 void (*cb)(const SSL *ssl,int type,int val)=NULL;
171 int ret= -1; 171 int ret= -1;
@@ -533,7 +533,7 @@ static int ssl3_client_hello(SSL *s)
533 /* else use the pre-loaded session */ 533 /* else use the pre-loaded session */
534 534
535 p=s->s3->client_random; 535 p=s->s3->client_random;
536 Time=time(NULL); /* Time */ 536 Time=(unsigned long)time(NULL); /* Time */
537 l2n(Time,p); 537 l2n(Time,p);
538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
539 goto err; 539 goto err;
@@ -567,7 +567,7 @@ static int ssl3_client_hello(SSL *s)
567 } 567 }
568 568
569 /* Ciphers supported */ 569 /* Ciphers supported */
570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); 570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
571 if (i == 0) 571 if (i == 0)
572 { 572 {
573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index 9bf1dbec06..a77588e725 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -835,7 +835,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
835 TLS1_TXT_RSA_WITH_AES_128_SHA, 835 TLS1_TXT_RSA_WITH_AES_128_SHA,
836 TLS1_CK_RSA_WITH_AES_128_SHA, 836 TLS1_CK_RSA_WITH_AES_128_SHA,
837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
838 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
839 0, 839 0,
840 128, 840 128,
841 128, 841 128,
@@ -848,7 +848,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
849 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 849 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
851 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 851 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
852 0, 852 0,
853 128, 853 128,
854 128, 854 128,
@@ -861,7 +861,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
862 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 862 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
864 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 864 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
865 0, 865 0,
866 128, 866 128,
867 128, 867 128,
@@ -874,7 +874,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
877 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 877 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
878 0, 878 0,
879 128, 879 128,
880 128, 880 128,
@@ -887,7 +887,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
890 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 890 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
891 0, 891 0,
892 128, 892 128,
893 128, 893 128,
@@ -900,7 +900,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
900 TLS1_TXT_ADH_WITH_AES_128_SHA, 900 TLS1_TXT_ADH_WITH_AES_128_SHA,
901 TLS1_CK_ADH_WITH_AES_128_SHA, 901 TLS1_CK_ADH_WITH_AES_128_SHA,
902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
903 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
904 0, 904 0,
905 128, 905 128,
906 128, 906 128,
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index c4a1a71523..36fc39d7f8 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -173,7 +173,7 @@ SSL_METHOD *SSLv3_server_method(void)
173int ssl3_accept(SSL *s) 173int ssl3_accept(SSL *s)
174 { 174 {
175 BUF_MEM *buf; 175 BUF_MEM *buf;
176 unsigned long l,Time=time(NULL); 176 unsigned long l,Time=(unsigned long)time(NULL);
177 void (*cb)(const SSL *ssl,int type,int val)=NULL; 177 void (*cb)(const SSL *ssl,int type,int val)=NULL;
178 long num1; 178 long num1;
179 int ret= -1; 179 int ret= -1;
@@ -954,7 +954,7 @@ static int ssl3_send_server_hello(SSL *s)
954 { 954 {
955 buf=(unsigned char *)s->init_buf->data; 955 buf=(unsigned char *)s->init_buf->data;
956 p=s->s3->server_random; 956 p=s->s3->server_random;
957 Time=time(NULL); /* Time */ 957 Time=(unsigned long)time(NULL); /* Time */
958 l2n(Time,p); 958 l2n(Time,p);
959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
960 return -1; 960 return -1;
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
index 163ade9f7a..f0665c6b86 100644
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ b/src/lib/libssl/src/ssl/ssl-lib.com
@@ -749,7 +749,7 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
749$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 749$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
750$ CCEXTRAFLAGS = "" 750$ CCEXTRAFLAGS = ""
751$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 751$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
752$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 752$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
753$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 753$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
754 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 754 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
755$! 755$!
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 3161f532cf..99e188086b 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -467,7 +467,7 @@ typedef struct ssl_session_st
467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L 470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
472#define SSL_OP_TLS_D5_BUG 0x00000100L 472#define SSL_OP_TLS_D5_BUG 0x00000100L
473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
@@ -1567,6 +1567,7 @@ void ERR_load_SSL_strings(void);
1567#define SSL_F_SSL_CTRL 232 1567#define SSL_F_SSL_CTRL 232
1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1569#define SSL_F_SSL_CTX_NEW 169 1569#define SSL_F_SSL_CTX_NEW 169
1570#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1570#define SSL_F_SSL_CTX_SET_PURPOSE 226 1571#define SSL_F_SSL_CTX_SET_PURPOSE 226
1571#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1572#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1572#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1573#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1596,6 +1597,7 @@ void ERR_load_SSL_strings(void);
1596#define SSL_F_SSL_SESSION_PRINT_FP 190 1597#define SSL_F_SSL_SESSION_PRINT_FP 190
1597#define SSL_F_SSL_SESS_CERT_NEW 225 1598#define SSL_F_SSL_SESS_CERT_NEW 225
1598#define SSL_F_SSL_SET_CERT 191 1599#define SSL_F_SSL_SET_CERT 191
1600#define SSL_F_SSL_SET_CIPHER_LIST 271
1599#define SSL_F_SSL_SET_FD 192 1601#define SSL_F_SSL_SET_FD 192
1600#define SSL_F_SSL_SET_PKEY 193 1602#define SSL_F_SSL_SET_PKEY 193
1601#define SSL_F_SSL_SET_PURPOSE 227 1603#define SSL_F_SSL_SET_PURPOSE 227
@@ -1674,40 +1676,39 @@ void ERR_load_SSL_strings(void);
1674#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 1676#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1675#define SSL_R_DATA_LENGTH_TOO_LONG 146 1677#define SSL_R_DATA_LENGTH_TOO_LONG 146
1676#define SSL_R_DECRYPTION_FAILED 147 1678#define SSL_R_DECRYPTION_FAILED 147
1677#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 1679#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1678#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 1680#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1679#define SSL_R_DIGEST_CHECK_FAILED 149 1681#define SSL_R_DIGEST_CHECK_FAILED 149
1680#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 1682#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1681#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 1683#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
1682#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 1684#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1683#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 1685#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1684#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 1686#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1685#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 1687#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1686#define SSL_R_HTTPS_PROXY_REQUEST 155 1688#define SSL_R_HTTPS_PROXY_REQUEST 155
1687#define SSL_R_HTTP_REQUEST 156 1689#define SSL_R_HTTP_REQUEST 156
1688#define SSL_R_ILLEGAL_PADDING 1110 1690#define SSL_R_ILLEGAL_PADDING 283
1689#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1691#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1690#define SSL_R_INVALID_COMMAND 280 1692#define SSL_R_INVALID_COMMAND 280
1691#define SSL_R_INVALID_PURPOSE 278 1693#define SSL_R_INVALID_PURPOSE 278
1692#define SSL_R_INVALID_TRUST 279 1694#define SSL_R_INVALID_TRUST 279
1693#define SSL_R_KEY_ARG_TOO_LONG 1112 1695#define SSL_R_KEY_ARG_TOO_LONG 284
1694#define SSL_R_KRB5 1104 1696#define SSL_R_KRB5 285
1695#define SSL_R_KRB5_C_CC_PRINC 1094 1697#define SSL_R_KRB5_C_CC_PRINC 286
1696#define SSL_R_KRB5_C_GET_CRED 1095 1698#define SSL_R_KRB5_C_GET_CRED 287
1697#define SSL_R_KRB5_C_INIT 1096 1699#define SSL_R_KRB5_C_INIT 288
1698#define SSL_R_KRB5_C_MK_REQ 1097 1700#define SSL_R_KRB5_C_MK_REQ 289
1699#define SSL_R_KRB5_S_BAD_TICKET 1098 1701#define SSL_R_KRB5_S_BAD_TICKET 290
1700#define SSL_R_KRB5_S_INIT 1099 1702#define SSL_R_KRB5_S_INIT 291
1701#define SSL_R_KRB5_S_RD_REQ 1108 1703#define SSL_R_KRB5_S_RD_REQ 292
1702#define SSL_R_KRB5_S_TKT_EXPIRED 1105 1704#define SSL_R_KRB5_S_TKT_EXPIRED 293
1703#define SSL_R_KRB5_S_TKT_NYV 1106 1705#define SSL_R_KRB5_S_TKT_NYV 294
1704#define SSL_R_KRB5_S_TKT_SKEW 1107 1706#define SSL_R_KRB5_S_TKT_SKEW 295
1705#define SSL_R_LENGTH_MISMATCH 159 1707#define SSL_R_LENGTH_MISMATCH 159
1706#define SSL_R_LENGTH_TOO_SHORT 160 1708#define SSL_R_LENGTH_TOO_SHORT 160
1707#define SSL_R_LIBRARY_BUG 274 1709#define SSL_R_LIBRARY_BUG 274
1708#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 1710#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1709#define SSL_R_MASTER_KEY_TOO_LONG 1112 1711#define SSL_R_MESSAGE_TOO_LONG 296
1710#define SSL_R_MESSAGE_TOO_LONG 1111
1711#define SSL_R_MISSING_DH_DSA_CERT 162 1712#define SSL_R_MISSING_DH_DSA_CERT 162
1712#define SSL_R_MISSING_DH_KEY 163 1713#define SSL_R_MISSING_DH_KEY 163
1713#define SSL_R_MISSING_DH_RSA_CERT 164 1714#define SSL_R_MISSING_DH_RSA_CERT 164
@@ -1744,7 +1745,7 @@ void ERR_load_SSL_strings(void);
1744#define SSL_R_NULL_SSL_CTX 195 1745#define SSL_R_NULL_SSL_CTX 195
1745#define SSL_R_NULL_SSL_METHOD_PASSED 196 1746#define SSL_R_NULL_SSL_METHOD_PASSED 196
1746#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 1747#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1747#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 1115 1748#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
1748#define SSL_R_PACKET_LENGTH_TOO_LONG 198 1749#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1749#define SSL_R_PATH_TOO_LONG 270 1750#define SSL_R_PATH_TOO_LONG 270
1750#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 1751#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
@@ -1763,7 +1764,7 @@ void ERR_load_SSL_strings(void);
1763#define SSL_R_READ_WRONG_PACKET_TYPE 212 1764#define SSL_R_READ_WRONG_PACKET_TYPE 212
1764#define SSL_R_RECORD_LENGTH_MISMATCH 213 1765#define SSL_R_RECORD_LENGTH_MISMATCH 213
1765#define SSL_R_RECORD_TOO_LARGE 214 1766#define SSL_R_RECORD_TOO_LARGE 214
1766#define SSL_R_RECORD_TOO_SMALL 1093 1767#define SSL_R_RECORD_TOO_SMALL 298
1767#define SSL_R_REQUIRED_CIPHER_MISSING 215 1768#define SSL_R_REQUIRED_CIPHER_MISSING 215
1768#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 1769#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1769#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 1770#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
@@ -1772,8 +1773,8 @@ void ERR_load_SSL_strings(void);
1772#define SSL_R_SHORT_READ 219 1773#define SSL_R_SHORT_READ 219
1773#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1774#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1774#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1775#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1775#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 1776#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1776#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 1777#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1777#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1778#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1778#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1779#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1779#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1780#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -1784,20 +1785,15 @@ void ERR_load_SSL_strings(void);
1784#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 1785#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
1785#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 1786#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
1786#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 1787#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
1787#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
1788#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
1789#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
1790#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
1791#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 1788#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
1792#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
1793#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 1789#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
1794#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 1790#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
1795#define SSL_R_SSL_HANDSHAKE_FAILURE 229 1791#define SSL_R_SSL_HANDSHAKE_FAILURE 229
1796#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 1792#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
1797#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 1793#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
1798#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 1794#define SSL_R_SSL_SESSION_ID_CONFLICT 302
1799#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 1795#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
1800#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 1796#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
1801#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 1797#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
1802#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 1798#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
1803#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 1799#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
@@ -1838,7 +1834,6 @@ void ERR_load_SSL_strings(void);
1838#define SSL_R_UNKNOWN_STATE 255 1834#define SSL_R_UNKNOWN_STATE 255
1839#define SSL_R_UNSUPPORTED_CIPHER 256 1835#define SSL_R_UNSUPPORTED_CIPHER 256
1840#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 1836#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1841#define SSL_R_UNSUPPORTED_OPTION 1091
1842#define SSL_R_UNSUPPORTED_PROTOCOL 258 1837#define SSL_R_UNSUPPORTED_PROTOCOL 258
1843#define SSL_R_UNSUPPORTED_SSL_VERSION 259 1838#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1844#define SSL_R_WRITE_BIO_NOT_SET 260 1839#define SSL_R_WRITE_BIO_NOT_SET 260
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 4d5900ad2f..fc5fcce108 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; 344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
345 } 345 }
346 else 346 else
347 ret->time=time(NULL); 347 ret->time=(unsigned long)time(NULL);
348 348
349 ai.length=0; 349 ai.length=0;
350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); 350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index b8b9bc2390..b779e6bb4d 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -616,14 +616,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
616 BIO *in; 616 BIO *in;
617 X509 *x=NULL; 617 X509 *x=NULL;
618 X509_NAME *xn=NULL; 618 X509_NAME *xn=NULL;
619 STACK_OF(X509_NAME) *ret,*sk; 619 STACK_OF(X509_NAME) *ret = NULL,*sk;
620 620
621 ret=sk_X509_NAME_new_null();
622 sk=sk_X509_NAME_new(xname_cmp); 621 sk=sk_X509_NAME_new(xname_cmp);
623 622
624 in=BIO_new(BIO_s_file_internal()); 623 in=BIO_new(BIO_s_file_internal());
625 624
626 if ((ret == NULL) || (sk == NULL) || (in == NULL)) 625 if ((sk == NULL) || (in == NULL))
627 { 626 {
628 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 627 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
629 goto err; 628 goto err;
@@ -636,6 +635,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
636 { 635 {
637 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 636 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
638 break; 637 break;
638 if (ret == NULL)
639 {
640 ret = sk_X509_NAME_new_null();
641 if (ret == NULL)
642 {
643 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
644 goto err;
645 }
646 }
639 if ((xn=X509_get_subject_name(x)) == NULL) goto err; 647 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
640 /* check for duplicates */ 648 /* check for duplicates */
641 xn=X509_NAME_dup(xn); 649 xn=X509_NAME_dup(xn);
@@ -658,6 +666,8 @@ err:
658 if (sk != NULL) sk_X509_NAME_free(sk); 666 if (sk != NULL) sk_X509_NAME_free(sk);
659 if (in != NULL) BIO_free(in); 667 if (in != NULL) BIO_free(in);
660 if (x != NULL) X509_free(x); 668 if (x != NULL) X509_free(x);
669 if (ret != NULL)
670 ERR_clear_error();
661 return(ret); 671 return(ret);
662 } 672 }
663#endif 673#endif
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index a7ccefa30c..f622180c69 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -700,9 +700,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
700 if (!found) 700 if (!found)
701 break; /* ignore this entry */ 701 break; /* ignore this entry */
702 702
703 algorithms |= ca_list[j]->algorithms; 703 /* New algorithms:
704 * 1 - any old restrictions apply outside new mask
705 * 2 - any new restrictions apply outside old mask
706 * 3 - enforce old & new where masks intersect
707 */
708 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
709 (ca_list[j]->algorithms & ~mask) | /* 2 */
710 (algorithms & ca_list[j]->algorithms); /* 3 */
704 mask |= ca_list[j]->mask; 711 mask |= ca_list[j]->mask;
705 algo_strength |= ca_list[j]->algo_strength; 712 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
713 (ca_list[j]->algo_strength & ~mask_strength) |
714 (algo_strength & ca_list[j]->algo_strength);
706 mask_strength |= ca_list[j]->mask_strength; 715 mask_strength |= ca_list[j]->mask_strength;
707 716
708 if (!multi) break; 717 if (!multi) break;
@@ -756,7 +765,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
756 { 765 {
757 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 766 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
758 unsigned long disabled_mask; 767 unsigned long disabled_mask;
759 STACK_OF(SSL_CIPHER) *cipherstack; 768 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
760 const char *rule_p; 769 const char *rule_p;
761 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 770 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
762 SSL_CIPHER **ca_list = NULL; 771 SSL_CIPHER **ca_list = NULL;
@@ -764,7 +773,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
764 /* 773 /*
765 * Return with error if nothing to do. 774 * Return with error if nothing to do.
766 */ 775 */
767 if (rule_str == NULL) return(NULL); 776 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
777 return NULL;
768 778
769 if (init_ciphers) 779 if (init_ciphers)
770 { 780 {
@@ -875,46 +885,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
875 } 885 }
876 OPENSSL_free(co_list); /* Not needed any longer */ 886 OPENSSL_free(co_list); /* Not needed any longer */
877 887
878 /* 888 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
879 * The following passage is a little bit odd. If pointer variables 889 if (tmp_cipher_list == NULL)
880 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
881 * the old memory pointed to is free()ed. Then, however, the
882 * cipher_list entry will be assigned just a copy of the returned
883 * cipher stack. For cipher_list_by_id a copy of the cipher stack
884 * will be created. See next comment...
885 */
886 if (cipher_list != NULL)
887 {
888 if (*cipher_list != NULL)
889 sk_SSL_CIPHER_free(*cipher_list);
890 *cipher_list = cipherstack;
891 }
892
893 if (cipher_list_by_id != NULL)
894 {
895 if (*cipher_list_by_id != NULL)
896 sk_SSL_CIPHER_free(*cipher_list_by_id);
897 *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
898 }
899
900 /*
901 * Now it is getting really strange. If something failed during
902 * the previous pointer assignment or if one of the pointers was
903 * not requested, the error condition is met. That might be
904 * discussable. The strange thing is however that in this case
905 * the memory "ret" pointed to is "free()ed" and hence the pointer
906 * cipher_list becomes wild. The memory reserved for
907 * cipher_list_by_id however is not "free()ed" and stays intact.
908 */
909 if ( (cipher_list_by_id == NULL) ||
910 (*cipher_list_by_id == NULL) ||
911 (cipher_list == NULL) ||
912 (*cipher_list == NULL))
913 { 890 {
914 sk_SSL_CIPHER_free(cipherstack); 891 sk_SSL_CIPHER_free(cipherstack);
915 return(NULL); 892 return NULL;
916 } 893 }
917 894 if (*cipher_list != NULL)
895 sk_SSL_CIPHER_free(*cipher_list);
896 *cipher_list = cipherstack;
897 if (*cipher_list_by_id != NULL)
898 sk_SSL_CIPHER_free(*cipher_list_by_id);
899 *cipher_list_by_id = tmp_cipher_list;
918 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 900 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
919 901
920 return(cipherstack); 902 return(cipherstack);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 29b8ff4788..4bcf591298 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -64,384 +64,383 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
67static ERR_STRING_DATA SSL_str_functs[]= 71static ERR_STRING_DATA SSL_str_functs[]=
68 { 72 {
69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, 73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
70{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, 74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
71{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, 75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
72{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, 76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
73{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, 77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
74{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"}, 78{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
75{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"}, 79{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
76{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"}, 80{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
77{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"}, 81{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
78{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"}, 82{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
79{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"}, 83{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
80{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"}, 84{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
81{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, 85{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
82{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, 86{ERR_FUNC(SSL_F_READ_N), "READ_N"},
83{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, 87{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
84{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, 88{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
85{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, 89{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
86{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, 90{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
87{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, 91{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
88{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, 92{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 93{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
90{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, 94{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
91{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, 95{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
92{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"}, 96{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
93{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, 97{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
94{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, 98{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
95{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 99{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
96{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 100{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
97{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 101{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
98{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, 102{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
99{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, 103{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
100{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 104{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
101{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, 105{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
102{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, 106{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
103{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, 107{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
104{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, 108{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
105{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"}, 109{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
106{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, 110{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
107{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, 111{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
108{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, 112{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
109{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, 113{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
110{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"}, 114{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
111{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, 115{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
112{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, 116{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
113{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"}, 117{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
114{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, 118{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
115{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, 119{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
116{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, 120{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"}, 121{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
118{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, 122{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
119{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"}, 123{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
120{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"}, 124{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
121{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"}, 125{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
122{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"}, 126{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
123{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"}, 127{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
124{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, 128{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
125{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, 129{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
126{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, 130{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
127{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"}, 131{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
128{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, 132{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
129{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, 133{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
130{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, 134{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
131{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"}, 135{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
132{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, 136{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
133{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, 137{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
134{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, 138{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
135{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, 139{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
136{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, 140{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
137{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, 141{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
138{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, 142{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
139{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, 143{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
140{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, 144{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
141{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"}, 145{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
142{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"}, 146{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
143{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, 147{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
144{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, 148{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
145{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"}, 149{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
146{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"}, 150{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
147{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"}, 151{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
148{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, 152{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
149{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, 153{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
150{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"}, 154{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
151{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"}, 155{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
152{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"}, 156{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
153{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"}, 157{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
154{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, 158{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
155{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"}, 159{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
156{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, 160{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
157{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, 161{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
158{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"}, 162{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
159{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"}, 163{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
160{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, 164{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
161{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"}, 165{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
162{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, 166{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
163{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, 167{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
164{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"}, 168{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
165{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, 169{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
166{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, 170{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
167{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, 171{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
168{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"}, 172{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
169{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"}, 173{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
170{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, 174{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
171{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, 175{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
172{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, 176{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
173{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, 177{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
174{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"}, 178{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
175{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, 179{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
176{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, 180{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
177{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, 181{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
178{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, 182{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
179{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, 183{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
180{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"}, 184{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
181{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, 185{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
182{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, 186{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
183{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, 187{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
184{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, 188{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
185{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"}, 189{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
186{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"}, 190{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
187{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, 191{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
188{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, 192{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
189{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"}, 193{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
190{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, 194{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
191{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, 195{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
192{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"}, 196{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
193{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, 197{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
194{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, 198{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
195{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, 199{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
196{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"}, 200{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
197{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, 201{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
198{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, 202{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
199{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, 203{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
200{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"}, 204{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
201{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"}, 205{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
202{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"}, 206{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
203{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"}, 207{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
204{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, 208{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
205{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, 209{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
206{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, 210{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
207{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"}, 211{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
208{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, 212{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
209{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"}, 213{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
210{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"}, 214{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
211{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"}, 215{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
212{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, 216{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
217{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
218{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
213{0,NULL} 219{0,NULL}
214 }; 220 };
215 221
216static ERR_STRING_DATA SSL_str_reasons[]= 222static ERR_STRING_DATA SSL_str_reasons[]=
217 { 223 {
218{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, 224{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
219{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"}, 225{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
220{SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, 226{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
221{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, 227{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
222{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, 228{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
223{SSL_R_BAD_CHECKSUM ,"bad checksum"}, 229{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
224{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, 230{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
225{SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, 231{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
226{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, 232{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
227{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"}, 233{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
228{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, 234{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
229{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, 235{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
230{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, 236{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
231{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"}, 237{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
232{SSL_R_BAD_LENGTH ,"bad length"}, 238{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
233{SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, 239{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
234{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, 240{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
235{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, 241{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
236{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"}, 242{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
237{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"}, 243{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
238{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"}, 244{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
239{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"}, 245{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
240{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"}, 246{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
241{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"}, 247{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
242{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"}, 248{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
243{SSL_R_BAD_SIGNATURE ,"bad signature"}, 249{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
244{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"}, 250{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
245{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"}, 251{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
246{SSL_R_BAD_STATE ,"bad state"}, 252{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
247{SSL_R_BAD_WRITE_RETRY ,"bad write retry"}, 253{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
248{SSL_R_BIO_NOT_SET ,"bio not set"}, 254{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
249{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"}, 255{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
250{SSL_R_BN_LIB ,"bn lib"}, 256{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
251{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"}, 257{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
252{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"}, 258{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
253{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"}, 259{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
254{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"}, 260{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
255{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"}, 261{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
256{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"}, 262{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
257{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"}, 263{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
258{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"}, 264{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
259{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, 265{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
260{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, 266{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
261{SSL_R_COMPRESSION_FAILURE ,"compression failure"}, 267{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
262{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"}, 268{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
263{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, 269{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
264{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"}, 270{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
265{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, 271{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
266{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, 272{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
267{SSL_R_DECRYPTION_FAILED ,"decryption failed"}, 273{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
268{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, 274{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
269{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, 275{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
270{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, 276{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
271{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, 277{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
272{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, 278{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
273{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, 279{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
274{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, 280{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
275{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, 281{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
276{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, 282{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
277{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, 283{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
278{SSL_R_HTTP_REQUEST ,"http request"}, 284{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
279{SSL_R_ILLEGAL_PADDING ,"illegal padding"}, 285{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
280{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, 286{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
281{SSL_R_INVALID_COMMAND ,"invalid command"}, 287{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
282{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 288{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
283{SSL_R_INVALID_TRUST ,"invalid trust"}, 289{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
284{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, 290{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
285{SSL_R_KRB5 ,"krb5"}, 291{ERR_REASON(SSL_R_KRB5) ,"krb5"},
286{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, 292{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
287{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, 293{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
288{SSL_R_KRB5_C_INIT ,"krb5 client init"}, 294{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
289{SSL_R_KRB5_C_MK_REQ ,"krb5 client mk_req (expired tkt?)"}, 295{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
290{SSL_R_KRB5_S_BAD_TICKET ,"krb5 server bad ticket"}, 296{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
291{SSL_R_KRB5_S_INIT ,"krb5 server init"}, 297{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
292{SSL_R_KRB5_S_RD_REQ ,"krb5 server rd_req (keytab perms?)"}, 298{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
293{SSL_R_KRB5_S_TKT_EXPIRED ,"krb5 server tkt expired"}, 299{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
294{SSL_R_KRB5_S_TKT_NYV ,"krb5 server tkt not yet valid"}, 300{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
295{SSL_R_KRB5_S_TKT_SKEW ,"krb5 server tkt skew"}, 301{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
296{SSL_R_LENGTH_MISMATCH ,"length mismatch"}, 302{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
297{SSL_R_LENGTH_TOO_SHORT ,"length too short"}, 303{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
298{SSL_R_LIBRARY_BUG ,"library bug"}, 304{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
299{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, 305{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
300{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, 306{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
301{SSL_R_MESSAGE_TOO_LONG ,"message too long"}, 307{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
302{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, 308{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
303{SSL_R_MISSING_DH_KEY ,"missing dh key"}, 309{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
304{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, 310{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
305{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"}, 311{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
306{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"}, 312{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
307{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"}, 313{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
308{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"}, 314{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
309{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"}, 315{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
310{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"}, 316{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
311{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"}, 317{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
312{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"}, 318{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
313{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"}, 319{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
314{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"}, 320{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
315{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"}, 321{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
316{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"}, 322{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
317{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"}, 323{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
318{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"}, 324{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
319{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"}, 325{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
320{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"}, 326{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
321{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"}, 327{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
322{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"}, 328{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
323{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"}, 329{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
324{SSL_R_NO_CIPHER_LIST ,"no cipher list"}, 330{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
325{SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, 331{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
326{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, 332{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
327{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, 333{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
328{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"}, 334{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
329{SSL_R_NO_PRIVATEKEY ,"no privatekey"}, 335{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
330{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, 336{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
331{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, 337{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
332{SSL_R_NO_PUBLICKEY ,"no publickey"}, 338{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
333{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, 339{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
334{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, 340{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
335{SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, 341{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
336{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, 342{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
337{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, 343{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
338{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE ,"only tls allowed in fips mode"}, 344{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
339{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, 345{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
340{SSL_R_PATH_TOO_LONG ,"path too long"}, 346{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
341{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, 347{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
342{SSL_R_PEER_ERROR ,"peer error"}, 348{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
343{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, 349{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
344{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"}, 350{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
345{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"}, 351{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
346{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"}, 352{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
347{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"}, 353{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
348{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"}, 354{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
349{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"}, 355{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
350{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"}, 356{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
351{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"}, 357{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
352{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, 358{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
353{SSL_R_READ_BIO_NOT_SET ,"read bio not set"}, 359{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
354{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, 360{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
355{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, 361{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
356{SSL_R_RECORD_TOO_LARGE ,"record too large"}, 362{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
357{SSL_R_RECORD_TOO_SMALL ,"record too small"}, 363{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
358{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, 364{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
359{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, 365{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
360{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, 366{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
361{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, 367{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
362{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"}, 368{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
363{SSL_R_SHORT_READ ,"short read"}, 369{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
364{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 370{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
365{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 371{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
366{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, 372{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
367{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, 373{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
368{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 374{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
369{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 375{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
370{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 376{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
371{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"}, 377{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
372{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"}, 378{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
373{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"}, 379{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
374{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"}, 380{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
375{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"}, 381{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
376{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"}, 382{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
377{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"}, 383{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
378{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"}, 384{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
379{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"}, 385{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
380{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"}, 386{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
381{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"}, 387{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
382{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"}, 388{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
383{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"}, 389{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
384{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"}, 390{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
385{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, 391{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
386{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, 392{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
387{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, 393{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
388{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ,"ssl session id callback failed"}, 394{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
389{SSL_R_SSL_SESSION_ID_CONFLICT ,"ssl session id conflict"}, 395{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
390{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"}, 396{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
391{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ,"ssl session id has bad length"}, 397{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
392{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, 398{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
393{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"}, 399{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
394{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"}, 400{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
395{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"}, 401{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
396{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"}, 402{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
397{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"}, 403{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
398{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"}, 404{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
399{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"}, 405{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
400{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"}, 406{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
401{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"}, 407{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
402{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"}, 408{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
403{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"}, 409{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
404{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"}, 410{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
405{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"}, 411{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
406{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"}, 412{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
407{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"}, 413{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
408{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"}, 414{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
409{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"}, 415{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
410{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"}, 416{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
411{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"}, 417{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
412{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"}, 418{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
413{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"}, 419{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
414{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"}, 420{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
415{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"}, 421{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
416{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"}, 422{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
417{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, 423{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
418{SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, 424{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
419{SSL_R_UNINITIALIZED ,"uninitialized"}, 425{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
420{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, 426{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
421{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, 427{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
422{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, 428{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
423{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"}, 429{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
424{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"}, 430{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
425{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"}, 431{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
426{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"}, 432{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
427{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"}, 433{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
428{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"}, 434{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
429{SSL_R_UNKNOWN_STATE ,"unknown state"}, 435{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
430{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 436{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
431{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, 437{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
432{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"}, 438{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
433{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"}, 439{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
434{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, 440{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
435{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, 441{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
436{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"}, 442{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
437{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"}, 443{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
438{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
439{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
440{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
441{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
442{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
443{SSL_R_X509_LIB ,"x509 lib"},
444{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
445{0,NULL} 444{0,NULL}
446 }; 445 };
447 446
@@ -455,8 +454,8 @@ void ERR_load_SSL_strings(void)
455 { 454 {
456 init=0; 455 init=0;
457#ifndef OPENSSL_NO_ERR 456#ifndef OPENSSL_NO_ERR
458 ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); 457 ERR_load_strings(0,SSL_str_functs);
459 ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); 458 ERR_load_strings(0,SSL_str_reasons);
460#endif 459#endif
461 460
462 } 461 }
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 631229558f..2bd9a5af86 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -125,7 +125,7 @@
125 125
126const char *SSL_version_str=OPENSSL_VERSION_TEXT; 126const char *SSL_version_str=OPENSSL_VERSION_TEXT;
127 127
128OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ 128SSL3_ENC_METHOD ssl3_undef_enc_method={
129 /* evil casts, but these functions are only called if there's a library bug */ 129 /* evil casts, but these functions are only called if there's a library bug */
130 (int (*)(SSL *,int))ssl_undefined_function, 130 (int (*)(SSL *,int))ssl_undefined_function,
131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
@@ -1130,8 +1130,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1130 1130
1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1132 &ctx->cipher_list_by_id,str); 1132 &ctx->cipher_list_by_id,str);
1133/* XXXX */ 1133 /* ssl_create_cipher_list may return an empty stack if it
1134 return((sk == NULL)?0:1); 1134 * was unable to find a cipher matching the given rule string
1135 * (for example if the rule string specifies a cipher which
1136 * has been disabled). This is not an error as far as
1137 * ssl_create_cipher_list is concerned, and hence
1138 * ctx->cipher_list and ctx->cipher_list_by_id has been
1139 * updated. */
1140 if (sk == NULL)
1141 return 0;
1142 else if (sk_SSL_CIPHER_num(sk) == 0)
1143 {
1144 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1145 return 0;
1146 }
1147 return 1;
1135 } 1148 }
1136 1149
1137/** specify the ciphers to be used by the SSL */ 1150/** specify the ciphers to be used by the SSL */
@@ -1141,8 +1154,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
1141 1154
1142 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1155 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1143 &s->cipher_list_by_id,str); 1156 &s->cipher_list_by_id,str);
1144/* XXXX */ 1157 /* see comment in SSL_CTX_set_cipher_list */
1145 return((sk == NULL)?0:1); 1158 if (sk == NULL)
1159 return 0;
1160 else if (sk_SSL_CIPHER_num(sk) == 0)
1161 {
1162 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1163 return 0;
1164 }
1165 return 1;
1146 } 1166 }
1147 1167
1148/* works well for SSLv2, not so good for SSLv3 */ 1168/* works well for SSLv2, not so good for SSLv3 */
@@ -1181,7 +1201,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1181 return(buf); 1201 return(buf);
1182 } 1202 }
1183 1203
1184int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) 1204int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1205 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1185 { 1206 {
1186 int i,j=0; 1207 int i,j=0;
1187 SSL_CIPHER *c; 1208 SSL_CIPHER *c;
@@ -1200,7 +1221,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1200 if ((c->algorithms & SSL_KRB5) && nokrb5) 1221 if ((c->algorithms & SSL_KRB5) && nokrb5)
1201 continue; 1222 continue;
1202#endif /* OPENSSL_NO_KRB5 */ 1223#endif /* OPENSSL_NO_KRB5 */
1203 j=ssl_put_cipher_by_char(s,c,p); 1224
1225 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1204 p+=j; 1226 p+=j;
1205 } 1227 }
1206 return(p-q); 1228 return(p-q);
@@ -1694,7 +1716,7 @@ void ssl_update_cache(SSL *s,int mode)
1694 ?s->ctx->stats.sess_connect_good 1716 ?s->ctx->stats.sess_connect_good
1695 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) 1717 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1696 { 1718 {
1697 SSL_CTX_flush_sessions(s->ctx,time(NULL)); 1719 SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
1698 } 1720 }
1699 } 1721 }
1700 } 1722 }
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 25a144a0d0..6a0b7595f4 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -462,7 +462,7 @@ typedef struct ssl3_comp_st
462 COMP_METHOD *method; /* The method :-) */ 462 COMP_METHOD *method; /* The method :-) */
463 } SSL3_COMP; 463 } SSL3_COMP;
464 464
465OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method; 465extern SSL3_ENC_METHOD ssl3_undef_enc_method;
466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; 466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
468 468
@@ -493,7 +493,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
493 const SSL_CIPHER * const *bp); 493 const SSL_CIPHER * const *bp);
494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
495 STACK_OF(SSL_CIPHER) **skp); 495 STACK_OF(SSL_CIPHER) **skp);
496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); 496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
497 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
497STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, 498STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
498 STACK_OF(SSL_CIPHER) **pref, 499 STACK_OF(SSL_CIPHER) **pref,
499 STACK_OF(SSL_CIPHER) **sorted, 500 STACK_OF(SSL_CIPHER) **sorted,
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 5f12aa361c..2ba8b9612e 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
119 ss->references=1; 119 ss->references=1;
120 ss->timeout=60*5+4; /* 5 minute timeout by default */ 120 ss->timeout=60*5+4; /* 5 minute timeout by default */
121 ss->time=time(NULL); 121 ss->time=(unsigned long)time(NULL);
122 ss->prev=NULL; 122 ss->prev=NULL;
123 ss->next=NULL; 123 ss->next=NULL;
124 ss->compress_meth=0; 124 ss->compress_meth=0;
@@ -377,7 +377,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
378#endif 378#endif
379 379
380 if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ 380 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
381 { 381 {
382 s->ctx->stats.sess_timeout++; 382 s->ctx->stats.sess_timeout++;
383 /* remove it from the cache */ 383 /* remove it from the cache */
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 3a0db0cb51..9381c435d5 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -125,6 +125,10 @@
125#define USE_SOCKETS 125#define USE_SOCKETS
126#include "e_os.h" 126#include "e_os.h"
127 127
128#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
129 VMS (at least with DECompHP C). */
130#include <ctype.h>
131
128#include <openssl/bio.h> 132#include <openssl/bio.h>
129#include <openssl/crypto.h> 133#include <openssl/crypto.h>
130#include <openssl/evp.h> 134#include <openssl/evp.h>
@@ -389,7 +393,6 @@ int main(int argc, char *argv[])
389 COMP_METHOD *cm = NULL; 393 COMP_METHOD *cm = NULL;
390#ifdef OPENSSL_FIPS 394#ifdef OPENSSL_FIPS
391 int fips_mode=0; 395 int fips_mode=0;
392 const char *path=argv[0];
393#endif 396#endif
394 397
395 verbose = 0; 398 verbose = 0;
@@ -592,7 +595,7 @@ bad:
592#ifdef OPENSSL_FIPS 595#ifdef OPENSSL_FIPS
593 if(fips_mode) 596 if(fips_mode)
594 { 597 {
595 if(!FIPS_mode_set(1,path)) 598 if(!FIPS_mode_set(1))
596 { 599 {
597 ERR_load_crypto_strings(); 600 ERR_load_crypto_strings();
598 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); 601 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
@@ -1927,8 +1930,8 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1927 1930
1928 fprintf(stderr, "In app_verify_callback, allowing cert. "); 1931 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1929 fprintf(stderr, "Arg is: %s\n", cb_arg->string); 1932 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1930 fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n", 1933 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1931 (unsigned int)ctx, (unsigned int)ctx->cert); 1934 (void *)ctx, (void *)ctx->cert);
1932 if (ctx->cert) 1935 if (ctx->cert)
1933 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); 1936 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
1934 if (s != NULL) 1937 if (s != NULL)
@@ -1976,15 +1979,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1976 } 1979 }
1977 1980
1978#ifndef OPENSSL_NO_X509_VERIFY 1981#ifndef OPENSSL_NO_X509_VERIFY
1979# ifdef OPENSSL_FIPS
1980 if(s->version == TLS1_VERSION)
1981 FIPS_allow_md5(1);
1982# endif
1983 ok = X509_verify_cert(ctx); 1982 ok = X509_verify_cert(ctx);
1984# ifdef OPENSSL_FIPS
1985 if(s->version == TLS1_VERSION)
1986 FIPS_allow_md5(0);
1987# endif
1988#endif 1983#endif
1989 1984
1990 if (cb_arg->proxy_auth) 1985 if (cb_arg->proxy_auth)
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
index dfbfef7b1b..94621a655b 100644
--- a/src/lib/libssl/src/test/maketests.com
+++ b/src/lib/libssl/src/test/maketests.com
@@ -586,7 +586,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
586$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 586$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
587$ CCEXTRAFLAGS = "" 587$ CCEXTRAFLAGS = ""
588$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 588$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
589$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 589$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
590$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 590$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
591 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 591 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
592$! 592$!
diff --git a/src/lib/libssl/src/test/tverify.com b/src/lib/libssl/src/test/tverify.com
index 2060184d1e..021d701d79 100644
--- a/src/lib/libssl/src/test/tverify.com
+++ b/src/lib/libssl/src/test/tverify.com
@@ -8,22 +8,22 @@ $ copy/concatenate [-.certs]*.pem certs.tmp
8$ 8$
9$ old_f := 9$ old_f :=
10$ loop_certs: 10$ loop_certs:
11$ c := NO 11$ verify := NO
12$ more := YES
12$ certs := 13$ certs :=
13$ loop_certs2: 14$ loop_certs2:
14$ f = f$search("[-.certs]*.pem") 15$ f = f$search("[-.certs]*.pem")
15$ if f .nes. "" .and. f .nes. old_f 16$ if f .nes. "" .and. f .nes. old_f
16$ then 17$ then
17$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem" 18$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
18$ c := YES 19$ verify := YES
19$ if f$length(certs) .lt. 180 then goto loop_certs2 20$ if f$length(certs) .lt. 180 then goto loop_certs2
21$ else
22$ more := NO
20$ endif 23$ endif
21$ certs = certs - " " 24$ certs = certs - " "
22$ 25$
23$ if c 26$ if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
24$ then 27$ if more then goto loop_certs
25$ mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
26$ goto loop_certs
27$ endif
28$ 28$
29$ delete certs.tmp;* 29$ delete certs.tmp;*
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 56fb7446e0..4222bef6d6 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -2811,7 +2811,7 @@ EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
2811FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: 2811FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
2812FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: 2812FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
2813EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES 2813EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
2814FIPS_allow_md5 3256 EXIST:OPENSSL_FIPS:FUNCTION: 2814FIPS_allow_md5 3256 NOEXIST::FUNCTION:
2815DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES 2815DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
2816EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES 2816EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
2817FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION: 2817FIPS_rand_seeded 3259 EXIST:OPENSSL_FIPS:FUNCTION:
@@ -2837,7 +2837,7 @@ FIPS_dsa_check 3278 EXIST:OPENSSL_FIPS:FUNCTION:
2837AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES 2837AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
2838EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES 2838EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
2839FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: 2839FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
2840FIPS_md5_allowed 3282 EXIST:OPENSSL_FIPS:FUNCTION: 2840FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
2841FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: 2841FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
2842FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: 2842FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
2843sk_is_sorted 3285 EXIST::FUNCTION: 2843sk_is_sorted 3285 EXIST::FUNCTION:
@@ -2867,3 +2867,41 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
2867PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: 2867PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
2868PROXY_POLICY_free 3308 EXIST::FUNCTION: 2868PROXY_POLICY_free 3308 EXIST::FUNCTION:
2869PROXY_POLICY_new 3309 EXIST::FUNCTION: 2869PROXY_POLICY_new 3309 EXIST::FUNCTION:
2870BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
2871FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
2872EVP_sha384 3312 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2873EVP_sha512 3313 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2874EVP_sha224 3314 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2875EVP_sha256 3315 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2876FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
2877FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
2878BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
2879RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
2880RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
2881RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
2882RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
2883RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
2884PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
2885BN_X931_generate_Xpq 3325 EXIST:OPENSSL_FIPS:FUNCTION:
2886RSA_X931_generate_key 3326 EXIST:OPENSSL_FIPS:FUNCTION:RSA
2887BN_X931_derive_prime 3327 EXIST:OPENSSL_FIPS:FUNCTION:
2888BN_X931_generate_prime 3328 EXIST:OPENSSL_FIPS:FUNCTION:
2889RSA_X931_derive 3329 EXIST:OPENSSL_FIPS:FUNCTION:RSA
2890SHA512_Update 3356 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2891SHA256_Init 3479 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2892SHA224 3510 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2893SHA384_Update 3551 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2894SHA224_Final 3560 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2895SHA224_Update 3562 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2896SHA512_Final 3581 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2897SHA224_Init 3631 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2898SHA512_Init 3633 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2899SHA256 3654 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2900SHA256_Transform 3664 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2901SHA512 3669 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2902SHA512_Transform 3675 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2903SHA256_Final 3712 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
2904SHA384_Init 3737 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2905SHA384_Final 3740 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2906SHA384 3745 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
2907SHA256_Update 3765 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 957264c6b5..05a6086164 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -10,6 +10,20 @@ $OPTIONS="";
10$ssl_version=""; 10$ssl_version="";
11$banner="\t\@echo Building OpenSSL"; 11$banner="\t\@echo Building OpenSSL";
12 12
13local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
14local $zlib_lib = "";
15
16my $fips_canister_path = "";
17my $fips_premain_dso_exe_path = "";
18my $fips_premain_c_path = "";
19my $fips_sha1_exe_path = "";
20
21my $fipslibdir = "";
22my $baseaddr = "";
23
24my $ex_l_libs = "";
25
26
13open(IN,"<Makefile") || die "unable to open Makefile!\n"; 27open(IN,"<Makefile") || die "unable to open Makefile!\n";
14while(<IN>) { 28while(<IN>) {
15 $ssl_version=$1 if (/^VERSION=(.*)$/); 29 $ssl_version=$1 if (/^VERSION=(.*)$/);
@@ -24,6 +38,7 @@ $infile="MINFO";
24 38
25%ops=( 39%ops=(
26 "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", 40 "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
41 "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
27 "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", 42 "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
28 "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", 43 "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
29 "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", 44 "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
@@ -43,6 +58,7 @@ $infile="MINFO";
43 ); 58 );
44 59
45$platform=""; 60$platform="";
61my $xcflags="";
46foreach (@ARGV) 62foreach (@ARGV)
47 { 63 {
48 if (!&read_options && !defined($ops{$_})) 64 if (!&read_options && !defined($ops{$_}))
@@ -104,8 +120,12 @@ $inc_def="outinc";
104$tmp_def="tmp"; 120$tmp_def="tmp";
105 121
106$mkdir="-mkdir"; 122$mkdir="-mkdir";
123$mkcanister="ld -r -o";
124
125$ex_build_targets = "";
107 126
108($ssl,$crypto)=("ssl","crypto"); 127($ssl,$crypto)=("ssl","crypto");
128$cryptocompat = "";
109$ranlib="echo ranlib"; 129$ranlib="echo ranlib";
110 130
111$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; 131$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -140,6 +160,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
140 $NT = 1 if $platform eq "VC-NT"; 160 $NT = 1 if $platform eq "VC-NT";
141 require 'VC-32.pl'; 161 require 'VC-32.pl';
142 } 162 }
163elsif ($platform eq "VC-WIN32-GMAKE")
164 {
165 require 'VC-32-GMAKE.pl';
166 }
143elsif ($platform eq "VC-CE") 167elsif ($platform eq "VC-CE")
144 { 168 {
145 require 'VC-CE.pl'; 169 require 'VC-CE.pl';
@@ -210,6 +234,8 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
210 234
211$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); 235$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
212 236
237$cflags= "$xcflags$cflags" if $xcflags ne "";
238
213$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; 239$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
214$cflags.=" -DOPENSSL_NO_AES" if $no_aes; 240$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
215$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; 241$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
@@ -239,6 +265,9 @@ $cflags.=" -DOPENSSL_NO_HW" if $no_hw;
239$cflags.=" -DOPENSSL_FIPS" if $fips; 265$cflags.=" -DOPENSSL_FIPS" if $fips;
240#$cflags.=" -DRSAref" if $rsaref ne ""; 266#$cflags.=" -DRSAref" if $rsaref ne "";
241 267
268$cflags.= " -DZLIB" if $zlib_opt;
269$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
270
242## if ($unix) 271## if ($unix)
243## { $cflags="$c_flags" if ($c_flags ne ""); } 272## { $cflags="$c_flags" if ($c_flags ne ""); }
244##else 273##else
@@ -246,6 +275,7 @@ $cflags.=" -DOPENSSL_FIPS" if $fips;
246 275
247$ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); 276$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
248 277
278
249%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", 279%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
250 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); 280 "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
251 281
@@ -262,6 +292,135 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
262 292
263$INSTALLTOP =~ s|/|$o|g; 293$INSTALLTOP =~ s|/|$o|g;
264 294
295#############################################
296# We parse in input file and 'store' info for later printing.
297open(IN,"<$infile") || die "unable to open $infile:$!\n";
298$_=<IN>;
299for (;;)
300 {
301 chop;
302
303 ($key,$val)=/^([^=]+)=(.*)/;
304 if ($key eq "RELATIVE_DIRECTORY")
305 {
306 if ($lib ne "")
307 {
308 if ($fips && $dir =~ /^fips/)
309 {
310 $uc = "FIPS";
311 }
312 else
313 {
314 $uc=$lib;
315 $uc =~ s/^lib(.*)\.a/$1/;
316 $uc =~ tr/a-z/A-Z/;
317 }
318 if (($uc ne "FIPS") || $fips_canister_build)
319 {
320 $lib_nam{$uc}=$uc;
321 $lib_obj{$uc}.=$libobj." ";
322 }
323 }
324 last if ($val eq "FINISHED");
325 $lib="";
326 $libobj="";
327 $dir=$val;
328 }
329
330 if ($key eq "KRB5_INCLUDES")
331 { $cflags .= " $val";}
332
333 if ($key eq "ZLIB_INCLUDE")
334 { $cflags .= " $val" if $val ne "";}
335
336 if ($key eq "LIBZLIB")
337 { $zlib_lib = "$val" if $val ne "";}
338
339 if ($key eq "LIBKRB5")
340 { $ex_libs .= " $val" if $val ne "";}
341
342 if ($key eq "TEST")
343 { $test.=&var_add($dir,$val); }
344
345 if (($key eq "PROGS") || ($key eq "E_OBJ"))
346 { $e_exe.=&var_add($dir,$val); }
347
348 if ($key eq "LIB")
349 {
350 $lib=$val;
351 $lib =~ s/^.*\/([^\/]+)$/$1/;
352 }
353
354 if ($key eq "EXHEADER")
355 { $exheader.=&var_add($dir,$val); }
356
357 if ($key eq "HEADER")
358 { $header.=&var_add($dir,$val); }
359
360 if ($key eq "LIBOBJ")
361 { $libobj=&var_add($dir,$val); }
362
363 if ($key eq "FIPSLIBDIR")
364 { $fipslibdir=$val;}
365
366 if ($key eq "BASEADDR")
367 { $baseaddr=$val;}
368
369 if (!($_=<IN>))
370 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
371 }
372close(IN);
373
374if ($fips_canister_path eq "")
375 {
376 $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
377 }
378
379if ($fips_premain_c_path eq "")
380 {
381 $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
382 }
383
384if ($fips)
385 {
386 if ($fips_sha1_exe_path eq "")
387 {
388 $fips_sha1_exe_path =
389 "\$(BIN_D)${o}fips_standalone_sha1$exep";
390 }
391 }
392 else
393 {
394 $fips_sha1_exe_path = "";
395 }
396
397if ($fips_premain_dso_exe_path eq "")
398 {
399 $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
400 }
401
402# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
403
404if ($fips)
405 {
406 if (!$shlib)
407 {
408 $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
409 $ex_l_libs .= " \$(O_FIPSCANISTER)";
410 }
411 if ($fipslibdir eq "")
412 {
413 open (IN, "util/fipslib_path.txt") || fipslib_error();
414 $fipslibdir = <IN>;
415 chomp $fipslibdir;
416 close IN;
417 }
418 fips_check_files($fipslibdir,
419 "fipscanister.o", "fipscanister.o.sha1",
420 "fips_premain.c", "fips_premain.c.sha1");
421 }
422
423
265$defs= <<"EOF"; 424$defs= <<"EOF";
266# This makefile has been automatically generated from the OpenSSL distribution. 425# This makefile has been automatically generated from the OpenSSL distribution.
267# This single makefile will build the complete OpenSSL distribution and 426# This single makefile will build the complete OpenSSL distribution and
@@ -286,6 +445,7 @@ if ($platform eq "VC-CE")
286!INCLUDE <\$(WCECOMPAT)/wcedefs.mak> 445!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
287 446
288EOF 447EOF
448 $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
289 } 449 }
290 450
291$defs.= <<"EOF"; 451$defs.= <<"EOF";
@@ -308,6 +468,8 @@ EX_LIBS=$ex_libs
308SRC_D=$src_dir 468SRC_D=$src_dir
309 469
310LINK=$link 470LINK=$link
471PERL=perl
472FIPSLINK=\$(PERL) util${o}fipslink.pl
311LFLAGS=$lflags 473LFLAGS=$lflags
312 474
313BN_ASM_OBJ=$bn_asm_obj 475BN_ASM_OBJ=$bn_asm_obj
@@ -339,6 +501,9 @@ TMP_D=$tmp_dir
339INC_D=$inc_dir 501INC_D=$inc_dir
340INCO_D=$inc_dir${o}openssl 502INCO_D=$inc_dir${o}openssl
341 503
504# Directory containing FIPS module
505
506
342CP=$cp 507CP=$cp
343RM=$rm 508RM=$rm
344RANLIB=$ranlib 509RANLIB=$ranlib
@@ -346,6 +511,18 @@ MKDIR=$mkdir
346MKLIB=$bin_dir$mklib 511MKLIB=$bin_dir$mklib
347MLFLAGS=$mlflags 512MLFLAGS=$mlflags
348ASM=$bin_dir$asm 513ASM=$bin_dir$asm
514MKCANISTER=$mkcanister
515
516# FIPS validated module and support file locations
517
518E_PREMAIN_DSO=fips_premain_dso
519
520FIPSLIB_D=$fipslibdir
521BASEADDR=$baseaddr
522FIPS_PREMAIN_SRC=$fips_premain_c_path
523O_FIPSCANISTER=$fips_canister_path
524FIPS_SHA1_EXE=$fips_sha1_exe_path
525PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
349 526
350###################################################### 527######################################################
351# You should not need to touch anything below this point 528# You should not need to touch anything below this point
@@ -377,7 +554,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
377L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp 554L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
378L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp 555L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
379 556
380L_LIBS= \$(L_SSL) \$(L_CRYPTO) 557L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
381 558
382###################################################### 559######################################################
383# Don't touch anything below this point 560# Don't touch anything below this point
@@ -387,13 +564,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
387APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) 564APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
388LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) 565LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
389SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) 566SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
390LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) 567LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
391 568
392############################################# 569#############################################
393EOF 570EOF
394 571
395$rules=<<"EOF"; 572$rules=<<"EOF";
396all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe 573all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
397 574
398banner: 575banner:
399$banner 576$banner
@@ -479,57 +656,6 @@ printf OUT " #define DATE \"%s\"\n", scalar gmtime();
479printf OUT "#endif\n"; 656printf OUT "#endif\n";
480close(OUT); 657close(OUT);
481 658
482#############################################
483# We parse in input file and 'store' info for later printing.
484open(IN,"<$infile") || die "unable to open $infile:$!\n";
485$_=<IN>;
486for (;;)
487 {
488 chop;
489
490 ($key,$val)=/^([^=]+)=(.*)/;
491 if ($key eq "RELATIVE_DIRECTORY")
492 {
493 if ($lib ne "")
494 {
495 $uc=$lib;
496 $uc =~ s/^lib(.*)\.a/$1/;
497 $uc =~ tr/a-z/A-Z/;
498 $lib_nam{$uc}=$uc;
499 $lib_obj{$uc}.=$libobj." ";
500 }
501 last if ($val eq "FINISHED");
502 $lib="";
503 $libobj="";
504 $dir=$val;
505 }
506
507 if ($key eq "TEST")
508 { $test.=&var_add($dir,$val); }
509
510 if (($key eq "PROGS") || ($key eq "E_OBJ"))
511 { $e_exe.=&var_add($dir,$val); }
512
513 if ($key eq "LIB")
514 {
515 $lib=$val;
516 $lib =~ s/^.*\/([^\/]+)$/$1/;
517 }
518
519 if ($key eq "EXHEADER")
520 { $exheader.=&var_add($dir,$val); }
521
522 if ($key eq "HEADER")
523 { $header.=&var_add($dir,$val); }
524
525 if ($key eq "LIBOBJ")
526 { $libobj=&var_add($dir,$val); }
527
528 if (!($_=<IN>))
529 { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
530 }
531close(IN);
532
533# Strip of trailing ' ' 659# Strip of trailing ' '
534foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } 660foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
535$test=&clean_up_ws($test); 661$test=&clean_up_ws($test);
@@ -554,6 +680,29 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
554$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); 680$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
555$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); 681$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
556 682
683# Special case rules for fips_start and fips_end fips_premain_dso
684
685if ($fips)
686 {
687 if ($fips_canister_build)
688 {
689 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
690 "fips-1.0${o}fips_canister.c",
691 "-DFIPS_START \$(SHLIB_CFLAGS)");
692 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
693 "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
694 }
695 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
696 "fips-1.0${o}sha${o}fips_standalone_sha1.c",
697 "\$(SHLIB_CFLAGS)");
698 $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
699 "fips-1.0${o}sha${o}fips_sha1dgst.c",
700 "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
701 $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
702 "fips-1.0${o}fips_premain.c",
703 "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
704 }
705
557foreach (values %lib_nam) 706foreach (values %lib_nam)
558 { 707 {
559 $lib_obj=$lib_obj{$_}; 708 $lib_obj=$lib_obj{$_};
@@ -630,16 +779,42 @@ foreach (split(/\s+/,$test))
630 } 779 }
631 780
632$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); 781$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
633$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); 782
634 783
635if ($fips) 784if ($fips)
636 { 785 {
637 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)","\$(BIN_D)$o.sha1","\$(BIN_D)$o\$(E_EXE)$exep"); 786 if ($shlib)
787 {
788 $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
789 "\$(O_CRYPTO)",
790 "$crypto",
791 $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
792 }
793 else
794 {
795 $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
796 "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
797 $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
798 "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
799 }
638 } 800 }
639else 801 else
640 { 802 {
641 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); 803 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
804 "\$(SO_CRYPTO)");
642 } 805 }
806
807
808if ($fips)
809 {
810 $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
811 $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
812
813 $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
814 }
815
816 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
817
643print $defs; 818print $defs;
644 819
645if ($platform eq "linux-elf") { 820if ($platform eq "linux-elf") {
@@ -935,6 +1110,24 @@ sub read_options
935 elsif (/^shlib$/) { $shlib=1; } 1110 elsif (/^shlib$/) { $shlib=1; }
936 elsif (/^dll$/) { $shlib=1; } 1111 elsif (/^dll$/) { $shlib=1; }
937 elsif (/^shared$/) { } # We just need to ignore it for now... 1112 elsif (/^shared$/) { } # We just need to ignore it for now...
1113 elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
1114 elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
1115 elsif (/^--with-krb5-flavor=(.*)$/)
1116 {
1117 my $krb5_flavor = $1;
1118 if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
1119 {
1120 $xcflags="-DKRB5_HEIMDAL $xcflags";
1121 }
1122 elsif ($krb5_flavor =~ /^MIT/i)
1123 {
1124 $xcflags="-DKRB5_MIT $xcflags";
1125 if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
1126 {
1127 $xcflags="-DKRB5_MIT_OLD11 $xcflags"
1128 }
1129 }
1130 }
938 elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } 1131 elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
939 elsif (/^-[lL].*$/) { $l_flags.="$_ "; } 1132 elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
940 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) 1133 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
@@ -942,3 +1135,31 @@ sub read_options
942 else { return(0); } 1135 else { return(0); }
943 return(1); 1136 return(1);
944 } 1137 }
1138
1139sub fipslib_error
1140 {
1141 print STDERR "***FIPS module directory sanity check failed***\n";
1142 print STDERR "FIPS module build failed, or was deleted\n";
1143 print STDERR "Please rebuild FIPS module.\n";
1144 exit 1;
1145 }
1146
1147sub fips_check_files
1148 {
1149 my $dir = shift @_;
1150 my $ret = 1;
1151 if (!-d $dir)
1152 {
1153 print STDERR "FIPS module directory $dir does not exist\n";
1154 fipslib_error();
1155 }
1156 foreach (@_)
1157 {
1158 if (!-f "$dir${o}$_")
1159 {
1160 print STDERR "FIPS module file $_ does not exist!\n";
1161 $ret = 0;
1162 }
1163 }
1164 fipslib_error() if ($ret == 0);
1165 }
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index 9918c3d549..6c1e53bb14 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
83my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); 83my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
84my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", 84my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
85 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", 85 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
86 "RIPEMD", 86 "SHA256", "SHA512", "RIPEMD",
87 "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES", 87 "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
88 # Envelope "algorithms" 88 # Envelope "algorithms"
89 "EVP", "X509", "ASN1_TYPEDEFS", 89 "EVP", "X509", "ASN1_TYPEDEFS",
@@ -267,7 +267,7 @@ $crypto.=" crypto/ocsp/ocsp.h";
267$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; 267$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
268$crypto.=" crypto/krb5/krb5_asn.h"; 268$crypto.=" crypto/krb5/krb5_asn.h";
269$crypto.=" crypto/tmdiff.h"; 269$crypto.=" crypto/tmdiff.h";
270$crypto.=" fips/fips.h fips/rand/fips_rand.h"; 270$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
271 271
272my $symhacks="crypto/symhacks.h"; 272my $symhacks="crypto/symhacks.h";
273 273
@@ -864,6 +864,9 @@ sub do_defs
864 $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); 864 $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
865 $a .= ",RSA" if($s =~ /RSAPrivateKey/); 865 $a .= ",RSA" if($s =~ /RSAPrivateKey/);
866 $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); 866 $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
867 # SHA2 algorithms only defined in FIPS mode for
868 # OpenSSL 0.9.7
869 $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
867 870
868 $platform{$s} = 871 $platform{$s} =
869 &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); 872 &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
@@ -1011,7 +1014,7 @@ sub is_valid
1011{ 1014{
1012 my ($keywords_txt,$platforms) = @_; 1015 my ($keywords_txt,$platforms) = @_;
1013 my (@keywords) = split /,/,$keywords_txt; 1016 my (@keywords) = split /,/,$keywords_txt;
1014 my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords)); 1017 my ($falsesum, $truesum) = (0, 1);
1015 1018
1016 # Param: one keyword 1019 # Param: one keyword
1017 sub recognise 1020 sub recognise
@@ -1079,7 +1082,7 @@ sub is_valid
1079 if ($k =~ /^!(.*)$/) { 1082 if ($k =~ /^!(.*)$/) {
1080 $falsesum += &recognise($1,$platforms); 1083 $falsesum += &recognise($1,$platforms);
1081 } else { 1084 } else {
1082 $truesum += &recognise($k,$platforms); 1085 $truesum *= &recognise($k,$platforms);
1083 } 1086 }
1084 } 1087 }
1085 print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug; 1088 print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
diff --git a/src/lib/libssl/src/util/mkerr.pl b/src/lib/libssl/src/util/mkerr.pl
index 60e534807e..9678514604 100644
--- a/src/lib/libssl/src/util/mkerr.pl
+++ b/src/lib/libssl/src/util/mkerr.pl
@@ -9,6 +9,9 @@ my $reindex = 0;
9my $dowrite = 0; 9my $dowrite = 0;
10my $staticloader = ""; 10my $staticloader = "";
11 11
12my $pack_errcode;
13my $load_errcode;
14
12while (@ARGV) { 15while (@ARGV) {
13 my $arg = $ARGV[0]; 16 my $arg = $ARGV[0];
14 if($arg eq "-conf") { 17 if($arg eq "-conf") {
@@ -41,8 +44,8 @@ while (@ARGV) {
41} 44}
42 45
43if($recurse) { 46if($recurse) {
44 @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>, 47 @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
45 <fips/*/*.c>); 48 <fips-1.0/*/*.c>);
46} else { 49} else {
47 @source = @ARGV; 50 @source = @ARGV;
48} 51}
@@ -399,6 +402,20 @@ EOF
399 $hincf = "\"$hfile\""; 402 $hincf = "\"$hfile\"";
400 } 403 }
401 404
405 # If static we know the error code at compile time so use it
406 # in error definitions.
407
408 if ($static)
409 {
410 $pack_errcode = "ERR_LIB_${lib}";
411 $load_errcode = "0";
412 }
413 else
414 {
415 $pack_errcode = "0";
416 $load_errcode = "ERR_LIB_${lib}";
417 }
418
402 419
403 open (OUT,">$cfile") || die "Can't open $cfile for writing"; 420 open (OUT,">$cfile") || die "Can't open $cfile for writing";
404 421
@@ -469,6 +486,10 @@ EOF
469 486
470/* BEGIN ERROR CODES */ 487/* BEGIN ERROR CODES */
471#ifndef OPENSSL_NO_ERR 488#ifndef OPENSSL_NO_ERR
489
490#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
491#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
492
472static ERR_STRING_DATA ${lib}_str_functs[]= 493static ERR_STRING_DATA ${lib}_str_functs[]=
473 { 494 {
474EOF 495EOF
@@ -480,7 +501,8 @@ EOF
480 if(exists $ftrans{$fn}) { 501 if(exists $ftrans{$fn}) {
481 $fn = $ftrans{$fn}; 502 $fn = $ftrans{$fn};
482 } 503 }
483 print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n"; 504# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
505 print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
484 } 506 }
485 print OUT <<"EOF"; 507 print OUT <<"EOF";
486{0,NULL} 508{0,NULL}
@@ -492,6 +514,7 @@ EOF
492 # Add each reason code. 514 # Add each reason code.
493 foreach $i (@reasons) { 515 foreach $i (@reasons) {
494 my $rn; 516 my $rn;
517 my $rstr = "ERR_REASON($i)";
495 my $nspc = 0; 518 my $nspc = 0;
496 if (exists $err_reason_strings{$i}) { 519 if (exists $err_reason_strings{$i}) {
497 $rn = $err_reason_strings{$i}; 520 $rn = $err_reason_strings{$i};
@@ -500,9 +523,9 @@ EOF
500 $rn = $1; 523 $rn = $1;
501 $rn =~ tr/_[A-Z]/ [a-z]/; 524 $rn =~ tr/_[A-Z]/ [a-z]/;
502 } 525 }
503 $nspc = 40 - length($i) unless length($i) > 40; 526 $nspc = 40 - length($rstr) unless length($rstr) > 40;
504 $nspc = " " x $nspc; 527 $nspc = " " x $nspc;
505 print OUT "{${i}${nspc},\"$rn\"},\n"; 528 print OUT "{${rstr}${nspc},\"$rn\"},\n";
506 } 529 }
507if($static) { 530if($static) {
508 print OUT <<"EOF"; 531 print OUT <<"EOF";
@@ -519,8 +542,8 @@ ${staticloader}void ERR_load_${lib}_strings(void)
519 { 542 {
520 init=0; 543 init=0;
521#ifndef OPENSSL_NO_ERR 544#ifndef OPENSSL_NO_ERR
522 ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs); 545 ERR_load_strings($load_errcode,${lib}_str_functs);
523 ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons); 546 ERR_load_strings($load_errcode,${lib}_str_reasons);
524#endif 547#endif
525 548
526 } 549 }
diff --git a/src/lib/libssl/src/util/mkfiles.pl b/src/lib/libssl/src/util/mkfiles.pl
index 928a274303..bc78510f56 100644
--- a/src/lib/libssl/src/util/mkfiles.pl
+++ b/src/lib/libssl/src/util/mkfiles.pl
@@ -51,14 +51,15 @@ my @dirs = (
51"crypto/ocsp", 51"crypto/ocsp",
52"crypto/ui", 52"crypto/ui",
53"crypto/krb5", 53"crypto/krb5",
54"fips", 54"fips-1.0",
55"fips/aes", 55"fips-1.0/aes",
56"fips/des", 56"fips-1.0/des",
57"fips/dsa", 57"fips-1.0/dsa",
58"fips/dh", 58"fips-1.0/dh",
59"fips/rand", 59"fips-1.0/hmac",
60"fips/rsa", 60"fips-1.0/rand",
61"fips/sha1", 61"fips-1.0/rsa",
62"fips-1.0/sha",
62"ssl", 63"ssl",
63"apps", 64"apps",
64"test", 65"test",
diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl
index c8653cecc3..182732d959 100644
--- a/src/lib/libssl/src/util/mklink.pl
+++ b/src/lib/libssl/src/util/mklink.pl
@@ -14,13 +14,16 @@
14# not contain symbolic links and that the parent of / is never referenced. 14# not contain symbolic links and that the parent of / is never referenced.
15# Apart from this, this script should be able to handle even the most 15# Apart from this, this script should be able to handle even the most
16# pathological cases. 16# pathological cases.
17#
18
19use Cwd;
17 20
18my $from = shift; 21my $from = shift;
19my @files = @ARGV; 22my @files = @ARGV;
20 23
21my @from_path = split(/[\\\/]/, $from); 24my @from_path = split(/[\\\/]/, $from);
22my $pwd = `pwd`; 25my $pwd = getcwd();
23chop($pwd); 26chomp($pwd);
24my @pwd_path = split(/[\\\/]/, $pwd); 27my @pwd_path = split(/[\\\/]/, $pwd);
25 28
26my @to_path = (); 29my @to_path = ();
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
index 897ae9d824..28869c868d 100644
--- a/src/lib/libssl/src/util/pl/BC-32.pl
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
18$tmp_def="tmp32"; 18$tmp_def="tmp32";
19$inc_def="inc32"; 19$inc_def="inc32";
20#enable max error messages, disable most common warnings 20#enable max error messages, disable most common warnings
21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp "; 21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
22if ($debug) 22if ($debug)
23{ 23{
24 $cflags.="-Od -y -v -vi- -D_DEBUG"; 24 $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -51,7 +51,7 @@ $lfile='';
51$shlib_ex_obj=""; 51$shlib_ex_obj="";
52$app_ex_obj="c0x32.obj"; 52$app_ex_obj="c0x32.obj";
53 53
54$asm='nasmw -f obj'; 54$asm='nasmw -f obj -d__omf__';
55$asm.=" /Zi" if $debug; 55$asm.=" /Zi" if $debug;
56$afile='-o'; 56$afile='-o';
57 57
@@ -106,9 +106,13 @@ sub do_lib_rule
106 $ret.="$target: $objs\n"; 106 $ret.="$target: $objs\n";
107 if (!$shlib) 107 if (!$shlib)
108 { 108 {
109 # $ret.="\t\$(RM) \$(O_$Name)\n"; 109 $ret.=<<___;
110 $ret.="\techo LIB $<\n"; 110 -\$(RM) $lfile$target
111 $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n"; 111 \$(MKLIB) $lfile$target \@&&!
112+\$(**: = &^
113+)
114!
115___
112 } 116 }
113 else 117 else
114 { 118 {
diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl
index 75d72ebbcb..8dbeaa7a08 100644
--- a/src/lib/libssl/src/util/pl/OS2-EMX.pl
+++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl
@@ -68,6 +68,7 @@ if (!$no_asm && !$fips)
68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm"; 68 $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj"; 69 $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm"; 70 $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
71 $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
71 } 72 }
72 73
73if ($shlib) 74if ($shlib)
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index cf689b9feb..4e97dfa9af 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -3,15 +3,28 @@
3# 3#
4 4
5$ssl= "ssleay32"; 5$ssl= "ssleay32";
6$crypto="libeay32"; 6
7if ($fips && !$shlib)
8 {
9 $crypto="libeayfips32";
10 $crypto_compat = "libeaycompat32.lib";
11 }
12else
13 {
14 $crypto="libeay32";
15 }
7 16
8$o='\\'; 17$o='\\';
9$cp='copy nul+'; # Timestamps get stuffed otherwise 18$cp='copy nul+'; # Timestamps get stuffed otherwise
10$rm='del'; 19$rm='del';
11 20
21$zlib_lib="zlib1.lib";
22
12# C compiler stuff 23# C compiler stuff
13$cc='cl'; 24$cc='cl';
14$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; 25$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
26$cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
27$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
15$lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; 28$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
16$mlflags=''; 29$mlflags='';
17 30
@@ -100,25 +113,56 @@ $cflags.=" /Fd$out_def";
100 113
101sub do_lib_rule 114sub do_lib_rule
102 { 115 {
103 local($objs,$target,$name,$shlib)=@_; 116 local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
104 local($ret,$Name); 117 local($ret,$Name);
105 118
106 $taget =~ s/\//$o/g if $o ne '/'; 119 $taget =~ s/\//$o/g if $o ne '/';
107 ($Name=$name) =~ tr/a-z/A-Z/; 120 ($Name=$name) =~ tr/a-z/A-Z/;
121 my $base_arg;
122 if ($base_addr ne "")
123 {
124 $base_arg= " /base:$base_addr";
125 }
126 else
127 {
128 $base_arg = "";
129 }
130
108 131
109# $target="\$(LIB_D)$o$target"; 132# $target="\$(LIB_D)$o$target";
110 $ret.="$target: $objs\n";
111 if (!$shlib) 133 if (!$shlib)
112 { 134 {
113# $ret.="\t\$(RM) \$(O_$Name)\n"; 135# $ret.="\t\$(RM) \$(O_$Name)\n";
136 $ret.="$target: $objs\n";
114 $ex =' advapi32.lib'; 137 $ex =' advapi32.lib';
138 $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
115 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; 139 $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
116 } 140 }
117 else 141 else
118 { 142 {
119 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; 143 local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
120 $ex.=' wsock32.lib gdi32.lib advapi32.lib'; 144 $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
121 $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; 145 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
146 if ($fips && $target =~ /O_CRYPTO/)
147 {
148 $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
149 $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
150 $ret.="\tSET FIPS_LINK=\$(LINK)\n";
151 $ret.="\tSET FIPS_CC=\$(CC)\n";
152 $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
153 $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
154 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
155 $ret.="\tSET FIPS_TARGET=$target\n";
156 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
157 $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
158 $ret.="/def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs ";
159 $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
160 }
161 else
162 {
163 $ret.="$target: $objs\n";
164 $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
165 }
122 } 166 }
123 $ret.="\n"; 167 $ret.="\n";
124 return($ret); 168 return($ret);
@@ -126,20 +170,51 @@ sub do_lib_rule
126 170
127sub do_link_rule 171sub do_link_rule
128 { 172 {
129 local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_; 173 local($target,$files,$dep_libs,$libs,$standalone)=@_;
130 local($ret,$_); 174 local($ret,$_);
131
132 $file =~ s/\//$o/g if $o ne '/'; 175 $file =~ s/\//$o/g if $o ne '/';
133 $n=&bname($targer); 176 $n=&bname($targer);
134 $ret.="$target: $files $dep_libs\n"; 177 $ret.="$target: $files $dep_libs\n";
135 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; 178 if ($standalone)
136 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; 179 {
137 if (defined $sha1file) 180 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
181 $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
182 $ret.="$files $libs\n<<\n";
183 }
184 elsif ($fips && !$shlib)
138 { 185 {
139 $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file"; 186 $ret.="\tSET FIPS_LINK=\$(LINK)\n";
187 $ret.="\tSET FIPS_CC=\$(CC)\n";
188 $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
189 $ret.="\tSET PREMAIN_DSO_EXE=\n";
190 $ret.="\tSET FIPS_TARGET=$target\n";
191 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
192 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
193 $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
194 $ret.=" \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
140 } 195 }
196 else
197 {
198 $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
199 $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
200 }
201 $ret.="\n";
202 return($ret);
203 }
204
205sub do_rlink_rule
206 {
207 local($target,$files,$dep_libs,$libs)=@_;
208 local($ret,$_);
209
210 $file =~ s/\//$o/g if $o ne '/';
211 $n=&bname($targer);
212 $ret.="$target: $files $dep_libs\n";
213 $ret.=" \$(MKCANISTER) $target <<\n";
214 $ret.="INPUT($files)\n<<\n";
141 $ret.="\n"; 215 $ret.="\n";
142 return($ret); 216 return($ret);
143 } 217 }
144 218
219
1451; 2201;
diff --git a/src/lib/libssl/src/util/pod2man.pl b/src/lib/libssl/src/util/pod2man.pl
index 657e4e264e..546d1ec186 100644
--- a/src/lib/libssl/src/util/pod2man.pl
+++ b/src/lib/libssl/src/util/pod2man.pl
@@ -425,6 +425,7 @@ if ($name ne 'something') {
425 } 425 }
426 next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME 426 next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
427 next if /^=pod\b/; # It is OK to have =pod before NAME 427 next if /^=pod\b/; # It is OK to have =pod before NAME
428 next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
428 die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; 429 die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
429 } 430 }
430 die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; 431 die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
diff --git a/src/lib/libssl/src/util/selftest.pl b/src/lib/libssl/src/util/selftest.pl
index e9d5aa8938..4778c5ab01 100644
--- a/src/lib/libssl/src/util/selftest.pl
+++ b/src/lib/libssl/src/util/selftest.pl
@@ -49,7 +49,7 @@ if (open(IN,"<Makefile")) {
49} 49}
50 50
51$cversion=`$cc -v 2>&1`; 51$cversion=`$cc -v 2>&1`;
52$cversion=`$cc -V 2>&1` if $cversion =~ "usage"; 52$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
53$cversion=`$cc -V |head -1` if $cversion =~ "Error"; 53$cversion=`$cc -V |head -1` if $cversion =~ "Error";
54$cversion=`$cc --version` if $cversion eq ""; 54$cversion=`$cc --version` if $cversion eq "";
55$cversion =~ s/Reading specs.*\n//; 55$cversion =~ s/Reading specs.*\n//;
@@ -130,15 +130,21 @@ if (system("make 2>&1 | tee make.log") > 255) {
130 goto err; 130 goto err;
131} 131}
132 132
133$_=$options; 133# Not sure why this is here. The tests themselves can detect if their
134s/no-asm//; 134# particular feature isn't included, and should therefore skip themselves.
135s/no-shared//; 135# To skip *all* tests just because one algorithm isn't included is like
136s/no-krb5//; 136# shooting mosquito with an elephant gun...
137if (/no-/) 137# -- Richard Levitte, inspired by problem report 1089
138{ 138#
139 print OUT "Test skipped.\n"; 139#$_=$options;
140 goto err; 140#s/no-asm//;
141} 141#s/no-shared//;
142#s/no-krb5//;
143#if (/no-/)
144#{
145# print OUT "Test skipped.\n";
146# goto err;
147#}
142 148
143print "Running make test...\n"; 149print "Running make test...\n";
144if (system("make test 2>&1 | tee maketest.log") > 255) 150if (system("make test 2>&1 | tee maketest.log") > 255)
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3161f532cf..99e188086b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -467,7 +467,7 @@ typedef struct ssl_session_st
467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L 470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
472#define SSL_OP_TLS_D5_BUG 0x00000100L 472#define SSL_OP_TLS_D5_BUG 0x00000100L
473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
@@ -1567,6 +1567,7 @@ void ERR_load_SSL_strings(void);
1567#define SSL_F_SSL_CTRL 232 1567#define SSL_F_SSL_CTRL 232
1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1569#define SSL_F_SSL_CTX_NEW 169 1569#define SSL_F_SSL_CTX_NEW 169
1570#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1570#define SSL_F_SSL_CTX_SET_PURPOSE 226 1571#define SSL_F_SSL_CTX_SET_PURPOSE 226
1571#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1572#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1572#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1573#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1596,6 +1597,7 @@ void ERR_load_SSL_strings(void);
1596#define SSL_F_SSL_SESSION_PRINT_FP 190 1597#define SSL_F_SSL_SESSION_PRINT_FP 190
1597#define SSL_F_SSL_SESS_CERT_NEW 225 1598#define SSL_F_SSL_SESS_CERT_NEW 225
1598#define SSL_F_SSL_SET_CERT 191 1599#define SSL_F_SSL_SET_CERT 191
1600#define SSL_F_SSL_SET_CIPHER_LIST 271
1599#define SSL_F_SSL_SET_FD 192 1601#define SSL_F_SSL_SET_FD 192
1600#define SSL_F_SSL_SET_PKEY 193 1602#define SSL_F_SSL_SET_PKEY 193
1601#define SSL_F_SSL_SET_PURPOSE 227 1603#define SSL_F_SSL_SET_PURPOSE 227
@@ -1674,40 +1676,39 @@ void ERR_load_SSL_strings(void);
1674#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 1676#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1675#define SSL_R_DATA_LENGTH_TOO_LONG 146 1677#define SSL_R_DATA_LENGTH_TOO_LONG 146
1676#define SSL_R_DECRYPTION_FAILED 147 1678#define SSL_R_DECRYPTION_FAILED 147
1677#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 1679#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1678#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 1680#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1679#define SSL_R_DIGEST_CHECK_FAILED 149 1681#define SSL_R_DIGEST_CHECK_FAILED 149
1680#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 1682#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1681#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 1683#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
1682#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 1684#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1683#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 1685#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1684#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 1686#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1685#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 1687#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1686#define SSL_R_HTTPS_PROXY_REQUEST 155 1688#define SSL_R_HTTPS_PROXY_REQUEST 155
1687#define SSL_R_HTTP_REQUEST 156 1689#define SSL_R_HTTP_REQUEST 156
1688#define SSL_R_ILLEGAL_PADDING 1110 1690#define SSL_R_ILLEGAL_PADDING 283
1689#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1691#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1690#define SSL_R_INVALID_COMMAND 280 1692#define SSL_R_INVALID_COMMAND 280
1691#define SSL_R_INVALID_PURPOSE 278 1693#define SSL_R_INVALID_PURPOSE 278
1692#define SSL_R_INVALID_TRUST 279 1694#define SSL_R_INVALID_TRUST 279
1693#define SSL_R_KEY_ARG_TOO_LONG 1112 1695#define SSL_R_KEY_ARG_TOO_LONG 284
1694#define SSL_R_KRB5 1104 1696#define SSL_R_KRB5 285
1695#define SSL_R_KRB5_C_CC_PRINC 1094 1697#define SSL_R_KRB5_C_CC_PRINC 286
1696#define SSL_R_KRB5_C_GET_CRED 1095 1698#define SSL_R_KRB5_C_GET_CRED 287
1697#define SSL_R_KRB5_C_INIT 1096 1699#define SSL_R_KRB5_C_INIT 288
1698#define SSL_R_KRB5_C_MK_REQ 1097 1700#define SSL_R_KRB5_C_MK_REQ 289
1699#define SSL_R_KRB5_S_BAD_TICKET 1098 1701#define SSL_R_KRB5_S_BAD_TICKET 290
1700#define SSL_R_KRB5_S_INIT 1099 1702#define SSL_R_KRB5_S_INIT 291
1701#define SSL_R_KRB5_S_RD_REQ 1108 1703#define SSL_R_KRB5_S_RD_REQ 292
1702#define SSL_R_KRB5_S_TKT_EXPIRED 1105 1704#define SSL_R_KRB5_S_TKT_EXPIRED 293
1703#define SSL_R_KRB5_S_TKT_NYV 1106 1705#define SSL_R_KRB5_S_TKT_NYV 294
1704#define SSL_R_KRB5_S_TKT_SKEW 1107 1706#define SSL_R_KRB5_S_TKT_SKEW 295
1705#define SSL_R_LENGTH_MISMATCH 159 1707#define SSL_R_LENGTH_MISMATCH 159
1706#define SSL_R_LENGTH_TOO_SHORT 160 1708#define SSL_R_LENGTH_TOO_SHORT 160
1707#define SSL_R_LIBRARY_BUG 274 1709#define SSL_R_LIBRARY_BUG 274
1708#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 1710#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1709#define SSL_R_MASTER_KEY_TOO_LONG 1112 1711#define SSL_R_MESSAGE_TOO_LONG 296
1710#define SSL_R_MESSAGE_TOO_LONG 1111
1711#define SSL_R_MISSING_DH_DSA_CERT 162 1712#define SSL_R_MISSING_DH_DSA_CERT 162
1712#define SSL_R_MISSING_DH_KEY 163 1713#define SSL_R_MISSING_DH_KEY 163
1713#define SSL_R_MISSING_DH_RSA_CERT 164 1714#define SSL_R_MISSING_DH_RSA_CERT 164
@@ -1744,7 +1745,7 @@ void ERR_load_SSL_strings(void);
1744#define SSL_R_NULL_SSL_CTX 195 1745#define SSL_R_NULL_SSL_CTX 195
1745#define SSL_R_NULL_SSL_METHOD_PASSED 196 1746#define SSL_R_NULL_SSL_METHOD_PASSED 196
1746#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 1747#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1747#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 1115 1748#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
1748#define SSL_R_PACKET_LENGTH_TOO_LONG 198 1749#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1749#define SSL_R_PATH_TOO_LONG 270 1750#define SSL_R_PATH_TOO_LONG 270
1750#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 1751#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
@@ -1763,7 +1764,7 @@ void ERR_load_SSL_strings(void);
1763#define SSL_R_READ_WRONG_PACKET_TYPE 212 1764#define SSL_R_READ_WRONG_PACKET_TYPE 212
1764#define SSL_R_RECORD_LENGTH_MISMATCH 213 1765#define SSL_R_RECORD_LENGTH_MISMATCH 213
1765#define SSL_R_RECORD_TOO_LARGE 214 1766#define SSL_R_RECORD_TOO_LARGE 214
1766#define SSL_R_RECORD_TOO_SMALL 1093 1767#define SSL_R_RECORD_TOO_SMALL 298
1767#define SSL_R_REQUIRED_CIPHER_MISSING 215 1768#define SSL_R_REQUIRED_CIPHER_MISSING 215
1768#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 1769#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1769#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 1770#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
@@ -1772,8 +1773,8 @@ void ERR_load_SSL_strings(void);
1772#define SSL_R_SHORT_READ 219 1773#define SSL_R_SHORT_READ 219
1773#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1774#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1774#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1775#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1775#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 1776#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1776#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 1777#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1777#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1778#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1778#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1779#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1779#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1780#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -1784,20 +1785,15 @@ void ERR_load_SSL_strings(void);
1784#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 1785#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
1785#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 1786#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
1786#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 1787#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
1787#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
1788#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
1789#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
1790#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
1791#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 1788#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
1792#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
1793#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 1789#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
1794#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 1790#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
1795#define SSL_R_SSL_HANDSHAKE_FAILURE 229 1791#define SSL_R_SSL_HANDSHAKE_FAILURE 229
1796#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 1792#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
1797#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 1793#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
1798#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 1794#define SSL_R_SSL_SESSION_ID_CONFLICT 302
1799#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 1795#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
1800#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 1796#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
1801#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 1797#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
1802#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 1798#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
1803#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 1799#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
@@ -1838,7 +1834,6 @@ void ERR_load_SSL_strings(void);
1838#define SSL_R_UNKNOWN_STATE 255 1834#define SSL_R_UNKNOWN_STATE 255
1839#define SSL_R_UNSUPPORTED_CIPHER 256 1835#define SSL_R_UNSUPPORTED_CIPHER 256
1840#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 1836#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1841#define SSL_R_UNSUPPORTED_OPTION 1091
1842#define SSL_R_UNSUPPORTED_PROTOCOL 258 1837#define SSL_R_UNSUPPORTED_PROTOCOL 258
1843#define SSL_R_UNSUPPORTED_SSL_VERSION 259 1838#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1844#define SSL_R_WRITE_BIO_NOT_SET 260 1839#define SSL_R_WRITE_BIO_NOT_SET 260
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 4d5900ad2f..fc5fcce108 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; 344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
345 } 345 }
346 else 346 else
347 ret->time=time(NULL); 347 ret->time=(unsigned long)time(NULL);
348 348
349 ai.length=0; 349 ai.length=0;
350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); 350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index b8b9bc2390..b779e6bb4d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -616,14 +616,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
616 BIO *in; 616 BIO *in;
617 X509 *x=NULL; 617 X509 *x=NULL;
618 X509_NAME *xn=NULL; 618 X509_NAME *xn=NULL;
619 STACK_OF(X509_NAME) *ret,*sk; 619 STACK_OF(X509_NAME) *ret = NULL,*sk;
620 620
621 ret=sk_X509_NAME_new_null();
622 sk=sk_X509_NAME_new(xname_cmp); 621 sk=sk_X509_NAME_new(xname_cmp);
623 622
624 in=BIO_new(BIO_s_file_internal()); 623 in=BIO_new(BIO_s_file_internal());
625 624
626 if ((ret == NULL) || (sk == NULL) || (in == NULL)) 625 if ((sk == NULL) || (in == NULL))
627 { 626 {
628 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 627 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
629 goto err; 628 goto err;
@@ -636,6 +635,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
636 { 635 {
637 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 636 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
638 break; 637 break;
638 if (ret == NULL)
639 {
640 ret = sk_X509_NAME_new_null();
641 if (ret == NULL)
642 {
643 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
644 goto err;
645 }
646 }
639 if ((xn=X509_get_subject_name(x)) == NULL) goto err; 647 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
640 /* check for duplicates */ 648 /* check for duplicates */
641 xn=X509_NAME_dup(xn); 649 xn=X509_NAME_dup(xn);
@@ -658,6 +666,8 @@ err:
658 if (sk != NULL) sk_X509_NAME_free(sk); 666 if (sk != NULL) sk_X509_NAME_free(sk);
659 if (in != NULL) BIO_free(in); 667 if (in != NULL) BIO_free(in);
660 if (x != NULL) X509_free(x); 668 if (x != NULL) X509_free(x);
669 if (ret != NULL)
670 ERR_clear_error();
661 return(ret); 671 return(ret);
662 } 672 }
663#endif 673#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index a7ccefa30c..f622180c69 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -700,9 +700,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
700 if (!found) 700 if (!found)
701 break; /* ignore this entry */ 701 break; /* ignore this entry */
702 702
703 algorithms |= ca_list[j]->algorithms; 703 /* New algorithms:
704 * 1 - any old restrictions apply outside new mask
705 * 2 - any new restrictions apply outside old mask
706 * 3 - enforce old & new where masks intersect
707 */
708 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
709 (ca_list[j]->algorithms & ~mask) | /* 2 */
710 (algorithms & ca_list[j]->algorithms); /* 3 */
704 mask |= ca_list[j]->mask; 711 mask |= ca_list[j]->mask;
705 algo_strength |= ca_list[j]->algo_strength; 712 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
713 (ca_list[j]->algo_strength & ~mask_strength) |
714 (algo_strength & ca_list[j]->algo_strength);
706 mask_strength |= ca_list[j]->mask_strength; 715 mask_strength |= ca_list[j]->mask_strength;
707 716
708 if (!multi) break; 717 if (!multi) break;
@@ -756,7 +765,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
756 { 765 {
757 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 766 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
758 unsigned long disabled_mask; 767 unsigned long disabled_mask;
759 STACK_OF(SSL_CIPHER) *cipherstack; 768 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
760 const char *rule_p; 769 const char *rule_p;
761 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 770 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
762 SSL_CIPHER **ca_list = NULL; 771 SSL_CIPHER **ca_list = NULL;
@@ -764,7 +773,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
764 /* 773 /*
765 * Return with error if nothing to do. 774 * Return with error if nothing to do.
766 */ 775 */
767 if (rule_str == NULL) return(NULL); 776 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
777 return NULL;
768 778
769 if (init_ciphers) 779 if (init_ciphers)
770 { 780 {
@@ -875,46 +885,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
875 } 885 }
876 OPENSSL_free(co_list); /* Not needed any longer */ 886 OPENSSL_free(co_list); /* Not needed any longer */
877 887
878 /* 888 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
879 * The following passage is a little bit odd. If pointer variables 889 if (tmp_cipher_list == NULL)
880 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
881 * the old memory pointed to is free()ed. Then, however, the
882 * cipher_list entry will be assigned just a copy of the returned
883 * cipher stack. For cipher_list_by_id a copy of the cipher stack
884 * will be created. See next comment...
885 */
886 if (cipher_list != NULL)
887 {
888 if (*cipher_list != NULL)
889 sk_SSL_CIPHER_free(*cipher_list);
890 *cipher_list = cipherstack;
891 }
892
893 if (cipher_list_by_id != NULL)
894 {
895 if (*cipher_list_by_id != NULL)
896 sk_SSL_CIPHER_free(*cipher_list_by_id);
897 *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
898 }
899
900 /*
901 * Now it is getting really strange. If something failed during
902 * the previous pointer assignment or if one of the pointers was
903 * not requested, the error condition is met. That might be
904 * discussable. The strange thing is however that in this case
905 * the memory "ret" pointed to is "free()ed" and hence the pointer
906 * cipher_list becomes wild. The memory reserved for
907 * cipher_list_by_id however is not "free()ed" and stays intact.
908 */
909 if ( (cipher_list_by_id == NULL) ||
910 (*cipher_list_by_id == NULL) ||
911 (cipher_list == NULL) ||
912 (*cipher_list == NULL))
913 { 890 {
914 sk_SSL_CIPHER_free(cipherstack); 891 sk_SSL_CIPHER_free(cipherstack);
915 return(NULL); 892 return NULL;
916 } 893 }
917 894 if (*cipher_list != NULL)
895 sk_SSL_CIPHER_free(*cipher_list);
896 *cipher_list = cipherstack;
897 if (*cipher_list_by_id != NULL)
898 sk_SSL_CIPHER_free(*cipher_list_by_id);
899 *cipher_list_by_id = tmp_cipher_list;
918 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 900 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
919 901
920 return(cipherstack); 902 return(cipherstack);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 29b8ff4788..4bcf591298 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -64,384 +64,383 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
67static ERR_STRING_DATA SSL_str_functs[]= 71static ERR_STRING_DATA SSL_str_functs[]=
68 { 72 {
69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, 73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
70{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, 74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
71{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, 75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
72{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, 76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
73{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, 77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
74{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"}, 78{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
75{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"}, 79{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
76{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"}, 80{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
77{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"}, 81{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
78{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"}, 82{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
79{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"}, 83{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
80{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"}, 84{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
81{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, 85{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
82{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, 86{ERR_FUNC(SSL_F_READ_N), "READ_N"},
83{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, 87{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
84{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, 88{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
85{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, 89{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
86{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, 90{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
87{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, 91{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
88{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, 92{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 93{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
90{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, 94{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
91{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, 95{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
92{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"}, 96{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
93{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, 97{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
94{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, 98{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
95{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 99{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
96{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 100{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
97{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 101{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
98{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, 102{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
99{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, 103{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
100{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 104{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
101{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, 105{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
102{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, 106{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
103{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, 107{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
104{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, 108{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
105{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"}, 109{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
106{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, 110{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
107{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, 111{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
108{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, 112{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
109{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, 113{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
110{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"}, 114{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
111{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, 115{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
112{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, 116{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
113{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"}, 117{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
114{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, 118{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
115{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, 119{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
116{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, 120{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"}, 121{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
118{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, 122{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
119{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"}, 123{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
120{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"}, 124{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
121{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"}, 125{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
122{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"}, 126{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
123{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"}, 127{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
124{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, 128{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
125{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, 129{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
126{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, 130{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
127{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"}, 131{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
128{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, 132{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
129{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, 133{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
130{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, 134{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
131{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"}, 135{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
132{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, 136{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
133{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, 137{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
134{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, 138{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
135{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, 139{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
136{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, 140{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
137{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, 141{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
138{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, 142{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
139{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, 143{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
140{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, 144{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
141{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"}, 145{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
142{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"}, 146{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
143{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, 147{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
144{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, 148{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
145{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"}, 149{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
146{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"}, 150{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
147{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"}, 151{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
148{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, 152{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
149{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, 153{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
150{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"}, 154{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
151{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"}, 155{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
152{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"}, 156{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
153{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"}, 157{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
154{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, 158{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
155{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"}, 159{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
156{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, 160{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
157{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, 161{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
158{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"}, 162{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
159{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"}, 163{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
160{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, 164{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
161{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"}, 165{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
162{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, 166{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
163{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, 167{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
164{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"}, 168{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
165{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, 169{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
166{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, 170{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
167{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, 171{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
168{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"}, 172{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
169{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"}, 173{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
170{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, 174{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
171{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, 175{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
172{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, 176{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
173{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, 177{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
174{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"}, 178{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
175{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, 179{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
176{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, 180{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
177{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, 181{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
178{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, 182{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
179{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, 183{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
180{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"}, 184{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
181{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, 185{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
182{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, 186{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
183{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, 187{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
184{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, 188{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
185{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"}, 189{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
186{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"}, 190{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
187{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, 191{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
188{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, 192{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
189{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"}, 193{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
190{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, 194{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
191{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, 195{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
192{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"}, 196{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
193{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, 197{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
194{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, 198{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
195{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, 199{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
196{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"}, 200{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
197{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, 201{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
198{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, 202{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
199{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, 203{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
200{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"}, 204{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
201{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"}, 205{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
202{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"}, 206{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
203{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"}, 207{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
204{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, 208{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
205{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, 209{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
206{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, 210{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
207{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"}, 211{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
208{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, 212{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
209{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"}, 213{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
210{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"}, 214{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
211{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"}, 215{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
212{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, 216{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
217{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
218{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
213{0,NULL} 219{0,NULL}
214 }; 220 };
215 221
216static ERR_STRING_DATA SSL_str_reasons[]= 222static ERR_STRING_DATA SSL_str_reasons[]=
217 { 223 {
218{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, 224{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
219{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"}, 225{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
220{SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, 226{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
221{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, 227{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
222{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, 228{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
223{SSL_R_BAD_CHECKSUM ,"bad checksum"}, 229{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
224{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, 230{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
225{SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, 231{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
226{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, 232{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
227{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"}, 233{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
228{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, 234{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
229{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, 235{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
230{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, 236{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
231{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"}, 237{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
232{SSL_R_BAD_LENGTH ,"bad length"}, 238{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
233{SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, 239{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
234{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, 240{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
235{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, 241{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
236{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"}, 242{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
237{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"}, 243{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
238{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"}, 244{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
239{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"}, 245{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
240{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"}, 246{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
241{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"}, 247{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
242{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"}, 248{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
243{SSL_R_BAD_SIGNATURE ,"bad signature"}, 249{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
244{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"}, 250{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
245{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"}, 251{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
246{SSL_R_BAD_STATE ,"bad state"}, 252{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
247{SSL_R_BAD_WRITE_RETRY ,"bad write retry"}, 253{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
248{SSL_R_BIO_NOT_SET ,"bio not set"}, 254{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
249{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"}, 255{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
250{SSL_R_BN_LIB ,"bn lib"}, 256{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
251{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"}, 257{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
252{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"}, 258{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
253{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"}, 259{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
254{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"}, 260{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
255{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"}, 261{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
256{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"}, 262{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
257{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"}, 263{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
258{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"}, 264{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
259{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, 265{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
260{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, 266{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
261{SSL_R_COMPRESSION_FAILURE ,"compression failure"}, 267{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
262{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"}, 268{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
263{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, 269{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
264{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"}, 270{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
265{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, 271{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
266{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, 272{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
267{SSL_R_DECRYPTION_FAILED ,"decryption failed"}, 273{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
268{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, 274{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
269{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, 275{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
270{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, 276{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
271{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, 277{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
272{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, 278{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
273{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, 279{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
274{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, 280{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
275{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, 281{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
276{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, 282{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
277{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, 283{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
278{SSL_R_HTTP_REQUEST ,"http request"}, 284{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
279{SSL_R_ILLEGAL_PADDING ,"illegal padding"}, 285{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
280{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, 286{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
281{SSL_R_INVALID_COMMAND ,"invalid command"}, 287{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
282{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 288{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
283{SSL_R_INVALID_TRUST ,"invalid trust"}, 289{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
284{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, 290{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
285{SSL_R_KRB5 ,"krb5"}, 291{ERR_REASON(SSL_R_KRB5) ,"krb5"},
286{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, 292{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
287{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, 293{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
288{SSL_R_KRB5_C_INIT ,"krb5 client init"}, 294{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
289{SSL_R_KRB5_C_MK_REQ ,"krb5 client mk_req (expired tkt?)"}, 295{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
290{SSL_R_KRB5_S_BAD_TICKET ,"krb5 server bad ticket"}, 296{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
291{SSL_R_KRB5_S_INIT ,"krb5 server init"}, 297{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
292{SSL_R_KRB5_S_RD_REQ ,"krb5 server rd_req (keytab perms?)"}, 298{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
293{SSL_R_KRB5_S_TKT_EXPIRED ,"krb5 server tkt expired"}, 299{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
294{SSL_R_KRB5_S_TKT_NYV ,"krb5 server tkt not yet valid"}, 300{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
295{SSL_R_KRB5_S_TKT_SKEW ,"krb5 server tkt skew"}, 301{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
296{SSL_R_LENGTH_MISMATCH ,"length mismatch"}, 302{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
297{SSL_R_LENGTH_TOO_SHORT ,"length too short"}, 303{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
298{SSL_R_LIBRARY_BUG ,"library bug"}, 304{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
299{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, 305{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
300{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, 306{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
301{SSL_R_MESSAGE_TOO_LONG ,"message too long"}, 307{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
302{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, 308{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
303{SSL_R_MISSING_DH_KEY ,"missing dh key"}, 309{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
304{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, 310{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
305{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"}, 311{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
306{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"}, 312{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
307{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"}, 313{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
308{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"}, 314{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
309{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"}, 315{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
310{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"}, 316{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
311{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"}, 317{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
312{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"}, 318{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
313{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"}, 319{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
314{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"}, 320{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
315{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"}, 321{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
316{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"}, 322{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
317{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"}, 323{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
318{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"}, 324{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
319{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"}, 325{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
320{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"}, 326{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
321{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"}, 327{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
322{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"}, 328{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
323{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"}, 329{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
324{SSL_R_NO_CIPHER_LIST ,"no cipher list"}, 330{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
325{SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, 331{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
326{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, 332{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
327{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, 333{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
328{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"}, 334{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
329{SSL_R_NO_PRIVATEKEY ,"no privatekey"}, 335{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
330{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, 336{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
331{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, 337{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
332{SSL_R_NO_PUBLICKEY ,"no publickey"}, 338{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
333{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, 339{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
334{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, 340{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
335{SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, 341{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
336{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, 342{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
337{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, 343{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
338{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE ,"only tls allowed in fips mode"}, 344{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
339{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, 345{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
340{SSL_R_PATH_TOO_LONG ,"path too long"}, 346{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
341{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, 347{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
342{SSL_R_PEER_ERROR ,"peer error"}, 348{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
343{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, 349{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
344{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"}, 350{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
345{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"}, 351{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
346{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"}, 352{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
347{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"}, 353{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
348{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"}, 354{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
349{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"}, 355{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
350{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"}, 356{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
351{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"}, 357{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
352{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, 358{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
353{SSL_R_READ_BIO_NOT_SET ,"read bio not set"}, 359{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
354{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, 360{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
355{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, 361{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
356{SSL_R_RECORD_TOO_LARGE ,"record too large"}, 362{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
357{SSL_R_RECORD_TOO_SMALL ,"record too small"}, 363{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
358{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, 364{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
359{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, 365{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
360{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, 366{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
361{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, 367{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
362{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"}, 368{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
363{SSL_R_SHORT_READ ,"short read"}, 369{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
364{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 370{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
365{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 371{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
366{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, 372{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
367{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, 373{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
368{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 374{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
369{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 375{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
370{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 376{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
371{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"}, 377{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
372{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"}, 378{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
373{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"}, 379{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
374{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"}, 380{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
375{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"}, 381{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
376{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"}, 382{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
377{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"}, 383{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
378{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"}, 384{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
379{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"}, 385{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
380{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"}, 386{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
381{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"}, 387{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
382{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"}, 388{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
383{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"}, 389{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
384{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"}, 390{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
385{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, 391{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
386{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, 392{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
387{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, 393{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
388{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ,"ssl session id callback failed"}, 394{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
389{SSL_R_SSL_SESSION_ID_CONFLICT ,"ssl session id conflict"}, 395{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
390{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"}, 396{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
391{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ,"ssl session id has bad length"}, 397{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
392{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, 398{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
393{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"}, 399{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
394{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"}, 400{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
395{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"}, 401{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
396{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"}, 402{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
397{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"}, 403{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
398{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"}, 404{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
399{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"}, 405{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
400{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"}, 406{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
401{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"}, 407{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
402{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"}, 408{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
403{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"}, 409{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
404{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"}, 410{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
405{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"}, 411{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
406{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"}, 412{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
407{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"}, 413{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
408{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"}, 414{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
409{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"}, 415{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
410{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"}, 416{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
411{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"}, 417{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
412{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"}, 418{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
413{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"}, 419{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
414{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"}, 420{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
415{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"}, 421{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
416{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"}, 422{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
417{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, 423{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
418{SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, 424{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
419{SSL_R_UNINITIALIZED ,"uninitialized"}, 425{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
420{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, 426{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
421{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, 427{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
422{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, 428{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
423{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"}, 429{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
424{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"}, 430{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
425{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"}, 431{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
426{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"}, 432{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
427{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"}, 433{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
428{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"}, 434{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
429{SSL_R_UNKNOWN_STATE ,"unknown state"}, 435{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
430{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 436{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
431{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, 437{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
432{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"}, 438{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
433{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"}, 439{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
434{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, 440{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
435{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, 441{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
436{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"}, 442{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
437{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"}, 443{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
438{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
439{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
440{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
441{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
442{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
443{SSL_R_X509_LIB ,"x509 lib"},
444{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
445{0,NULL} 444{0,NULL}
446 }; 445 };
447 446
@@ -455,8 +454,8 @@ void ERR_load_SSL_strings(void)
455 { 454 {
456 init=0; 455 init=0;
457#ifndef OPENSSL_NO_ERR 456#ifndef OPENSSL_NO_ERR
458 ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); 457 ERR_load_strings(0,SSL_str_functs);
459 ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); 458 ERR_load_strings(0,SSL_str_reasons);
460#endif 459#endif
461 460
462 } 461 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 631229558f..2bd9a5af86 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -125,7 +125,7 @@
125 125
126const char *SSL_version_str=OPENSSL_VERSION_TEXT; 126const char *SSL_version_str=OPENSSL_VERSION_TEXT;
127 127
128OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ 128SSL3_ENC_METHOD ssl3_undef_enc_method={
129 /* evil casts, but these functions are only called if there's a library bug */ 129 /* evil casts, but these functions are only called if there's a library bug */
130 (int (*)(SSL *,int))ssl_undefined_function, 130 (int (*)(SSL *,int))ssl_undefined_function,
131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
@@ -1130,8 +1130,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1130 1130
1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1132 &ctx->cipher_list_by_id,str); 1132 &ctx->cipher_list_by_id,str);
1133/* XXXX */ 1133 /* ssl_create_cipher_list may return an empty stack if it
1134 return((sk == NULL)?0:1); 1134 * was unable to find a cipher matching the given rule string
1135 * (for example if the rule string specifies a cipher which
1136 * has been disabled). This is not an error as far as
1137 * ssl_create_cipher_list is concerned, and hence
1138 * ctx->cipher_list and ctx->cipher_list_by_id has been
1139 * updated. */
1140 if (sk == NULL)
1141 return 0;
1142 else if (sk_SSL_CIPHER_num(sk) == 0)
1143 {
1144 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1145 return 0;
1146 }
1147 return 1;
1135 } 1148 }
1136 1149
1137/** specify the ciphers to be used by the SSL */ 1150/** specify the ciphers to be used by the SSL */
@@ -1141,8 +1154,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
1141 1154
1142 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1155 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1143 &s->cipher_list_by_id,str); 1156 &s->cipher_list_by_id,str);
1144/* XXXX */ 1157 /* see comment in SSL_CTX_set_cipher_list */
1145 return((sk == NULL)?0:1); 1158 if (sk == NULL)
1159 return 0;
1160 else if (sk_SSL_CIPHER_num(sk) == 0)
1161 {
1162 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1163 return 0;
1164 }
1165 return 1;
1146 } 1166 }
1147 1167
1148/* works well for SSLv2, not so good for SSLv3 */ 1168/* works well for SSLv2, not so good for SSLv3 */
@@ -1181,7 +1201,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1181 return(buf); 1201 return(buf);
1182 } 1202 }
1183 1203
1184int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) 1204int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1205 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1185 { 1206 {
1186 int i,j=0; 1207 int i,j=0;
1187 SSL_CIPHER *c; 1208 SSL_CIPHER *c;
@@ -1200,7 +1221,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1200 if ((c->algorithms & SSL_KRB5) && nokrb5) 1221 if ((c->algorithms & SSL_KRB5) && nokrb5)
1201 continue; 1222 continue;
1202#endif /* OPENSSL_NO_KRB5 */ 1223#endif /* OPENSSL_NO_KRB5 */
1203 j=ssl_put_cipher_by_char(s,c,p); 1224
1225 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1204 p+=j; 1226 p+=j;
1205 } 1227 }
1206 return(p-q); 1228 return(p-q);
@@ -1694,7 +1716,7 @@ void ssl_update_cache(SSL *s,int mode)
1694 ?s->ctx->stats.sess_connect_good 1716 ?s->ctx->stats.sess_connect_good
1695 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) 1717 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1696 { 1718 {
1697 SSL_CTX_flush_sessions(s->ctx,time(NULL)); 1719 SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
1698 } 1720 }
1699 } 1721 }
1700 } 1722 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 25a144a0d0..6a0b7595f4 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -462,7 +462,7 @@ typedef struct ssl3_comp_st
462 COMP_METHOD *method; /* The method :-) */ 462 COMP_METHOD *method; /* The method :-) */
463 } SSL3_COMP; 463 } SSL3_COMP;
464 464
465OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method; 465extern SSL3_ENC_METHOD ssl3_undef_enc_method;
466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; 466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
468 468
@@ -493,7 +493,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
493 const SSL_CIPHER * const *bp); 493 const SSL_CIPHER * const *bp);
494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
495 STACK_OF(SSL_CIPHER) **skp); 495 STACK_OF(SSL_CIPHER) **skp);
496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); 496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
497 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
497STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, 498STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
498 STACK_OF(SSL_CIPHER) **pref, 499 STACK_OF(SSL_CIPHER) **pref,
499 STACK_OF(SSL_CIPHER) **sorted, 500 STACK_OF(SSL_CIPHER) **sorted,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5f12aa361c..2ba8b9612e 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
119 ss->references=1; 119 ss->references=1;
120 ss->timeout=60*5+4; /* 5 minute timeout by default */ 120 ss->timeout=60*5+4; /* 5 minute timeout by default */
121 ss->time=time(NULL); 121 ss->time=(unsigned long)time(NULL);
122 ss->prev=NULL; 122 ss->prev=NULL;
123 ss->next=NULL; 123 ss->next=NULL;
124 ss->compress_meth=0; 124 ss->compress_meth=0;
@@ -377,7 +377,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
378#endif 378#endif
379 379
380 if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ 380 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
381 { 381 {
382 s->ctx->stats.sess_timeout++; 382 s->ctx->stats.sess_timeout++;
383 /* remove it from the cache */ 383 /* remove it from the cache */
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
index dfbfef7b1b..94621a655b 100644
--- a/src/lib/libssl/test/maketests.com
+++ b/src/lib/libssl/test/maketests.com
@@ -586,7 +586,7 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
586$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS 586$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
587$ CCEXTRAFLAGS = "" 587$ CCEXTRAFLAGS = ""
588$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS 588$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
589$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" 589$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
590$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - 590$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
591 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS 591 CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
592$! 592$!
diff --git a/src/lib/libssl/test/tverify.com b/src/lib/libssl/test/tverify.com
index 2060184d1e..021d701d79 100644
--- a/src/lib/libssl/test/tverify.com
+++ b/src/lib/libssl/test/tverify.com
@@ -8,22 +8,22 @@ $ copy/concatenate [-.certs]*.pem certs.tmp
8$ 8$
9$ old_f := 9$ old_f :=
10$ loop_certs: 10$ loop_certs:
11$ c := NO 11$ verify := NO
12$ more := YES
12$ certs := 13$ certs :=
13$ loop_certs2: 14$ loop_certs2:
14$ f = f$search("[-.certs]*.pem") 15$ f = f$search("[-.certs]*.pem")
15$ if f .nes. "" .and. f .nes. old_f 16$ if f .nes. "" .and. f .nes. old_f
16$ then 17$ then
17$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem" 18$ certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
18$ c := YES 19$ verify := YES
19$ if f$length(certs) .lt. 180 then goto loop_certs2 20$ if f$length(certs) .lt. 180 then goto loop_certs2
21$ else
22$ more := NO
20$ endif 23$ endif
21$ certs = certs - " " 24$ certs = certs - " "
22$ 25$
23$ if c 26$ if verify then mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
24$ then 27$ if more then goto loop_certs
25$ mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
26$ goto loop_certs
27$ endif
28$ 28$
29$ delete certs.tmp;* 29$ delete certs.tmp;*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 00:41:56 +0000