diff options
Diffstat (limited to '')
163 files changed, 5529 insertions, 634 deletions
| diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h index da067f4a8f..8a3ea0b883 100644 --- a/src/lib/libcrypto/aes/aes.h +++ b/src/lib/libcrypto/aes/aes.h | |||
| @@ -52,6 +52,8 @@ | |||
| 52 | #ifndef HEADER_AES_H | 52 | #ifndef HEADER_AES_H | 
| 53 | #define HEADER_AES_H | 53 | #define HEADER_AES_H | 
| 54 | 54 | ||
| 55 | #include <openssl/e_os2.h> | ||
| 56 | |||
| 55 | #ifdef OPENSSL_NO_AES | 57 | #ifdef OPENSSL_NO_AES | 
| 56 | #error AES is disabled. | 58 | #error AES is disabled. | 
| 57 | #endif | 59 | #endif | 
| @@ -64,6 +66,10 @@ | |||
| 64 | #define AES_MAXNR 14 | 66 | #define AES_MAXNR 14 | 
| 65 | #define AES_BLOCK_SIZE 16 | 67 | #define AES_BLOCK_SIZE 16 | 
| 66 | 68 | ||
| 69 | #if defined(OPENSSL_FIPS) | ||
| 70 | #define FIPS_AES_SIZE_T int | ||
| 71 | #endif | ||
| 72 | |||
| 67 | #ifdef __cplusplus | 73 | #ifdef __cplusplus | 
| 68 | extern "C" { | 74 | extern "C" { | 
| 69 | #endif | 75 | #endif | 
| @@ -95,6 +101,15 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 95 | void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, | 101 | void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, | 
| 96 | const unsigned long length, const AES_KEY *key, | 102 | const unsigned long length, const AES_KEY *key, | 
| 97 | unsigned char *ivec, int *num, const int enc); | 103 | unsigned char *ivec, int *num, const int enc); | 
| 104 | void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, | ||
| 105 | const unsigned long length, const AES_KEY *key, | ||
| 106 | unsigned char *ivec, int *num, const int enc); | ||
| 107 | void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, | ||
| 108 | const unsigned long length, const AES_KEY *key, | ||
| 109 | unsigned char *ivec, int *num, const int enc); | ||
| 110 | void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, | ||
| 111 | const int nbits,const AES_KEY *key, | ||
| 112 | unsigned char *ivec,const int enc); | ||
| 98 | void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, | 113 | void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, | 
| 99 | const unsigned long length, const AES_KEY *key, | 114 | const unsigned long length, const AES_KEY *key, | 
| 100 | unsigned char *ivec, int *num); | 115 | unsigned char *ivec, int *num); | 
| diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c index 1222a21002..d2ba6bcdb4 100644 --- a/src/lib/libcrypto/aes/aes_cbc.c +++ b/src/lib/libcrypto/aes/aes_cbc.c | |||
| @@ -66,6 +66,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 66 | unsigned long n; | 66 | unsigned long n; | 
| 67 | unsigned long len = length; | 67 | unsigned long len = length; | 
| 68 | unsigned char tmp[AES_BLOCK_SIZE]; | 68 | unsigned char tmp[AES_BLOCK_SIZE]; | 
| 69 | const unsigned char *iv = ivec; | ||
| 69 | 70 | ||
| 70 | assert(in && out && key && ivec); | 71 | assert(in && out && key && ivec); | 
| 71 | assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); | 72 | assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); | 
| @@ -73,22 +74,39 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 73 | if (AES_ENCRYPT == enc) { | 74 | if (AES_ENCRYPT == enc) { | 
| 74 | while (len >= AES_BLOCK_SIZE) { | 75 | while (len >= AES_BLOCK_SIZE) { | 
| 75 | for(n=0; n < AES_BLOCK_SIZE; ++n) | 76 | for(n=0; n < AES_BLOCK_SIZE; ++n) | 
| 76 | tmp[n] = in[n] ^ ivec[n]; | 77 | out[n] = in[n] ^ iv[n]; | 
| 77 | AES_encrypt(tmp, out, key); | 78 | AES_encrypt(out, out, key); | 
| 78 | memcpy(ivec, out, AES_BLOCK_SIZE); | 79 | iv = out; | 
| 79 | len -= AES_BLOCK_SIZE; | 80 | len -= AES_BLOCK_SIZE; | 
| 80 | in += AES_BLOCK_SIZE; | 81 | in += AES_BLOCK_SIZE; | 
| 81 | out += AES_BLOCK_SIZE; | 82 | out += AES_BLOCK_SIZE; | 
| 82 | } | 83 | } | 
| 83 | if (len) { | 84 | if (len) { | 
| 84 | for(n=0; n < len; ++n) | 85 | for(n=0; n < len; ++n) | 
| 85 | tmp[n] = in[n] ^ ivec[n]; | 86 | out[n] = in[n] ^ iv[n]; | 
| 86 | for(n=len; n < AES_BLOCK_SIZE; ++n) | 87 | for(n=len; n < AES_BLOCK_SIZE; ++n) | 
| 87 | tmp[n] = ivec[n]; | 88 | out[n] = iv[n]; | 
| 88 | AES_encrypt(tmp, tmp, key); | 89 | AES_encrypt(out, out, key); | 
| 89 | memcpy(out, tmp, AES_BLOCK_SIZE); | 90 | iv = out; | 
| 90 | memcpy(ivec, tmp, AES_BLOCK_SIZE); | 91 | } | 
| 91 | } | 92 | memcpy(ivec,iv,AES_BLOCK_SIZE); | 
| 93 | } else if (in != out) { | ||
| 94 | while (len >= AES_BLOCK_SIZE) { | ||
| 95 | AES_decrypt(in, out, key); | ||
| 96 | for(n=0; n < AES_BLOCK_SIZE; ++n) | ||
| 97 | out[n] ^= iv[n]; | ||
| 98 | iv = in; | ||
| 99 | len -= AES_BLOCK_SIZE; | ||
| 100 | in += AES_BLOCK_SIZE; | ||
| 101 | out += AES_BLOCK_SIZE; | ||
| 102 | } | ||
| 103 | if (len) { | ||
| 104 | AES_decrypt(in,tmp,key); | ||
| 105 | for(n=0; n < len; ++n) | ||
| 106 | out[n] = tmp[n] ^ iv[n]; | ||
| 107 | iv = in; | ||
| 108 | } | ||
| 109 | memcpy(ivec,iv,AES_BLOCK_SIZE); | ||
| 92 | } else { | 110 | } else { | 
| 93 | while (len >= AES_BLOCK_SIZE) { | 111 | while (len >= AES_BLOCK_SIZE) { | 
| 94 | memcpy(tmp, in, AES_BLOCK_SIZE); | 112 | memcpy(tmp, in, AES_BLOCK_SIZE); | 
| @@ -102,10 +120,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 102 | } | 120 | } | 
| 103 | if (len) { | 121 | if (len) { | 
| 104 | memcpy(tmp, in, AES_BLOCK_SIZE); | 122 | memcpy(tmp, in, AES_BLOCK_SIZE); | 
| 105 | AES_decrypt(tmp, tmp, key); | 123 | AES_decrypt(tmp, out, key); | 
| 106 | for(n=0; n < len; ++n) | 124 | for(n=0; n < len; ++n) | 
| 107 | out[n] = tmp[n] ^ ivec[n]; | 125 | out[n] ^= ivec[n]; | 
| 126 | for(n=len; n < AES_BLOCK_SIZE; ++n) | ||
| 127 | out[n] = tmp[n]; | ||
| 108 | memcpy(ivec, tmp, AES_BLOCK_SIZE); | 128 | memcpy(ivec, tmp, AES_BLOCK_SIZE); | 
| 109 | } | 129 | } | 
| 110 | } | 130 | } | 
| 111 | } | 131 | } | 
| diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c index 9b569dda90..49f0411010 100644 --- a/src/lib/libcrypto/aes/aes_cfb.c +++ b/src/lib/libcrypto/aes/aes_cfb.c | |||
| @@ -114,6 +114,7 @@ | |||
| 114 | 114 | ||
| 115 | #include <openssl/aes.h> | 115 | #include <openssl/aes.h> | 
| 116 | #include "aes_locl.h" | 116 | #include "aes_locl.h" | 
| 117 | #include "e_os.h" | ||
| 117 | 118 | ||
| 118 | /* The input and output encrypted as though 128bit cfb mode is being | 119 | /* The input and output encrypted as though 128bit cfb mode is being | 
| 119 | * used. The extra state information to record how much of the | 120 | * used. The extra state information to record how much of the | 
| @@ -155,3 +156,70 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, | |||
| 155 | *num=n; | 156 | *num=n; | 
| 156 | } | 157 | } | 
| 157 | 158 | ||
| 159 | /* This expects a single block of size nbits for both in and out. Note that | ||
| 160 | it corrupts any extra bits in the last byte of out */ | ||
| 161 | void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, | ||
| 162 | const int nbits,const AES_KEY *key, | ||
| 163 | unsigned char *ivec,const int enc) | ||
| 164 | { | ||
| 165 | int n,rem,num; | ||
| 166 | unsigned char ovec[AES_BLOCK_SIZE*2]; | ||
| 167 | |||
| 168 | if (nbits<=0 || nbits>128) return; | ||
| 169 | |||
| 170 | /* fill in the first half of the new IV with the current IV */ | ||
| 171 | memcpy(ovec,ivec,AES_BLOCK_SIZE); | ||
| 172 | /* construct the new IV */ | ||
| 173 | AES_encrypt(ivec,ivec,key); | ||
| 174 | num = (nbits+7)/8; | ||
| 175 | if (enc) /* encrypt the input */ | ||
| 176 | for(n=0 ; n < num ; ++n) | ||
| 177 | out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); | ||
| 178 | else /* decrypt the input */ | ||
| 179 | for(n=0 ; n < num ; ++n) | ||
| 180 | out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; | ||
| 181 | /* shift ovec left... */ | ||
| 182 | rem = nbits%8; | ||
| 183 | num = nbits/8; | ||
| 184 | if(rem==0) | ||
| 185 | memcpy(ivec,ovec+num,AES_BLOCK_SIZE); | ||
| 186 | else | ||
| 187 | for(n=0 ; n < AES_BLOCK_SIZE ; ++n) | ||
| 188 | ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem); | ||
| 189 | |||
| 190 | /* it is not necessary to cleanse ovec, since the IV is not secret */ | ||
| 191 | } | ||
| 192 | |||
| 193 | /* N.B. This expects the input to be packed, MS bit first */ | ||
| 194 | void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, | ||
| 195 | const unsigned long length, const AES_KEY *key, | ||
| 196 | unsigned char *ivec, int *num, const int enc) | ||
| 197 | { | ||
| 198 | unsigned int n; | ||
| 199 | unsigned char c[1],d[1]; | ||
| 200 | |||
| 201 | assert(in && out && key && ivec && num); | ||
| 202 | assert(*num == 0); | ||
| 203 | |||
| 204 | memset(out,0,(length+7)/8); | ||
| 205 | for(n=0 ; n < length ; ++n) | ||
| 206 | { | ||
| 207 | c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; | ||
| 208 | AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); | ||
| 209 | out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); | ||
| 210 | } | ||
| 211 | } | ||
| 212 | |||
| 213 | void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, | ||
| 214 | const unsigned long length, const AES_KEY *key, | ||
| 215 | unsigned char *ivec, int *num, const int enc) | ||
| 216 | { | ||
| 217 | unsigned int n; | ||
| 218 | |||
| 219 | assert(in && out && key && ivec && num); | ||
| 220 | assert(*num == 0); | ||
| 221 | |||
| 222 | for(n=0 ; n < length ; ++n) | ||
| 223 | AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); | ||
| 224 | } | ||
| 225 | |||
| diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c index 2f41a825f8..ed566a8123 100644 --- a/src/lib/libcrypto/aes/aes_core.c +++ b/src/lib/libcrypto/aes/aes_core.c | |||
| @@ -37,8 +37,11 @@ | |||
| 37 | 37 | ||
| 38 | #include <stdlib.h> | 38 | #include <stdlib.h> | 
| 39 | #include <openssl/aes.h> | 39 | #include <openssl/aes.h> | 
| 40 | #include <openssl/fips.h> | ||
| 40 | #include "aes_locl.h" | 41 | #include "aes_locl.h" | 
| 41 | 42 | ||
| 43 | #ifndef OPENSSL_FIPS | ||
| 44 | |||
| 42 | /* | 45 | /* | 
| 43 | Te0[x] = S [x].[02, 01, 01, 03]; | 46 | Te0[x] = S [x].[02, 01, 01, 03]; | 
| 44 | Te1[x] = S [x].[03, 02, 01, 01]; | 47 | Te1[x] = S [x].[03, 02, 01, 01]; | 
| @@ -1255,3 +1258,4 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, | |||
| 1255 | PUTU32(out + 12, s3); | 1258 | PUTU32(out + 12, s3); | 
| 1256 | } | 1259 | } | 
| 1257 | 1260 | ||
| 1261 | #endif /* ndef OPENSSL_FIPS */ | ||
| diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c index 79e1c18f19..f36982be1e 100644 --- a/src/lib/libcrypto/aes/aes_ctr.c +++ b/src/lib/libcrypto/aes/aes_ctr.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <openssl/aes.h> | 59 | #include <openssl/aes.h> | 
| 60 | #include "aes_locl.h" | 60 | #include "aes_locl.h" | 
| 61 | 61 | ||
| 62 | /* NOTE: CTR mode is big-endian. The rest of the AES code | 62 | /* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code | 
| 63 | * is endian-neutral. */ | 63 | * is endian-neutral. */ | 
| 64 | 64 | ||
| 65 | /* increment counter (128-bit int) by 1 */ | 65 | /* increment counter (128-bit int) by 1 */ | 
| @@ -67,61 +67,36 @@ static void AES_ctr128_inc(unsigned char *counter) { | |||
| 67 | unsigned long c; | 67 | unsigned long c; | 
| 68 | 68 | ||
| 69 | /* Grab bottom dword of counter and increment */ | 69 | /* Grab bottom dword of counter and increment */ | 
| 70 | #ifdef L_ENDIAN | ||
| 71 | c = GETU32(counter + 0); | ||
| 72 | c++; | ||
| 73 | PUTU32(counter + 0, c); | ||
| 74 | #else | ||
| 75 | c = GETU32(counter + 12); | 70 | c = GETU32(counter + 12); | 
| 76 | c++; | 71 | c++; c &= 0xFFFFFFFF; | 
| 77 | PUTU32(counter + 12, c); | 72 | PUTU32(counter + 12, c); | 
| 78 | #endif | ||
| 79 | 73 | ||
| 80 | /* if no overflow, we're done */ | 74 | /* if no overflow, we're done */ | 
| 81 | if (c) | 75 | if (c) | 
| 82 | return; | 76 | return; | 
| 83 | 77 | ||
| 84 | /* Grab 1st dword of counter and increment */ | 78 | /* Grab 1st dword of counter and increment */ | 
| 85 | #ifdef L_ENDIAN | ||
| 86 | c = GETU32(counter + 4); | ||
| 87 | c++; | ||
| 88 | PUTU32(counter + 4, c); | ||
| 89 | #else | ||
| 90 | c = GETU32(counter + 8); | 79 | c = GETU32(counter + 8); | 
| 91 | c++; | 80 | c++; c &= 0xFFFFFFFF; | 
| 92 | PUTU32(counter + 8, c); | 81 | PUTU32(counter + 8, c); | 
| 93 | #endif | ||
| 94 | 82 | ||
| 95 | /* if no overflow, we're done */ | 83 | /* if no overflow, we're done */ | 
| 96 | if (c) | 84 | if (c) | 
| 97 | return; | 85 | return; | 
| 98 | 86 | ||
| 99 | /* Grab 2nd dword of counter and increment */ | 87 | /* Grab 2nd dword of counter and increment */ | 
| 100 | #ifdef L_ENDIAN | ||
| 101 | c = GETU32(counter + 8); | ||
| 102 | c++; | ||
| 103 | PUTU32(counter + 8, c); | ||
| 104 | #else | ||
| 105 | c = GETU32(counter + 4); | 88 | c = GETU32(counter + 4); | 
| 106 | c++; | 89 | c++; c &= 0xFFFFFFFF; | 
| 107 | PUTU32(counter + 4, c); | 90 | PUTU32(counter + 4, c); | 
| 108 | #endif | ||
| 109 | 91 | ||
| 110 | /* if no overflow, we're done */ | 92 | /* if no overflow, we're done */ | 
| 111 | if (c) | 93 | if (c) | 
| 112 | return; | 94 | return; | 
| 113 | 95 | ||
| 114 | /* Grab top dword of counter and increment */ | 96 | /* Grab top dword of counter and increment */ | 
| 115 | #ifdef L_ENDIAN | ||
| 116 | c = GETU32(counter + 12); | ||
| 117 | c++; | ||
| 118 | PUTU32(counter + 12, c); | ||
| 119 | #else | ||
| 120 | c = GETU32(counter + 0); | 97 | c = GETU32(counter + 0); | 
| 121 | c++; | 98 | c++; c &= 0xFFFFFFFF; | 
| 122 | PUTU32(counter + 0, c); | 99 | PUTU32(counter + 0, c); | 
| 123 | #endif | ||
| 124 | |||
| 125 | } | 100 | } | 
| 126 | 101 | ||
| 127 | /* The input encrypted as though 128bit counter mode is being | 102 | /* The input encrypted as though 128bit counter mode is being | 
| diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h index f290946058..4184729e34 100644 --- a/src/lib/libcrypto/aes/aes_locl.h +++ b/src/lib/libcrypto/aes/aes_locl.h | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <stdlib.h> | 62 | #include <stdlib.h> | 
| 63 | #include <string.h> | 63 | #include <string.h> | 
| 64 | 64 | ||
| 65 | #if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) | 65 | #if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE) | 
| 66 | # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) | 66 | # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) | 
| 67 | # define GETU32(p) SWAP(*((u32 *)(p))) | 67 | # define GETU32(p) SWAP(*((u32 *)(p))) | 
| 68 | # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } | 68 | # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } | 
| diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c index f4ea96cd54..b81bf4fc81 100644 --- a/src/lib/libcrypto/asn1/a_bitstr.c +++ b/src/lib/libcrypto/asn1/a_bitstr.c | |||
| @@ -194,8 +194,12 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) | |||
| 194 | c=(unsigned char *)OPENSSL_realloc_clean(a->data, | 194 | c=(unsigned char *)OPENSSL_realloc_clean(a->data, | 
| 195 | a->length, | 195 | a->length, | 
| 196 | w+1); | 196 | w+1); | 
| 197 | if (c == NULL) return(0); | 197 | if (c == NULL) | 
| 198 | if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); | 198 | { | 
| 199 | ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); | ||
| 200 | return 0; | ||
| 201 | } | ||
| 202 | if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); | ||
| 199 | a->data=c; | 203 | a->data=c; | 
| 200 | a->length=w+1; | 204 | a->length=w+1; | 
| 201 | } | 205 | } | 
| diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c index 4931e222a0..7182e9fa5d 100644 --- a/src/lib/libcrypto/asn1/a_digest.c +++ b/src/lib/libcrypto/asn1/a_digest.c | |||
| @@ -65,6 +65,7 @@ | |||
| 65 | # include <sys/types.h> | 65 | # include <sys/types.h> | 
| 66 | #endif | 66 | #endif | 
| 67 | 67 | ||
| 68 | #include <openssl/err.h> | ||
| 68 | #include <openssl/evp.h> | 69 | #include <openssl/evp.h> | 
| 69 | #include <openssl/buffer.h> | 70 | #include <openssl/buffer.h> | 
| 70 | #include <openssl/x509.h> | 71 | #include <openssl/x509.h> | 
| @@ -78,7 +79,11 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, | |||
| 78 | unsigned char *str,*p; | 79 | unsigned char *str,*p; | 
| 79 | 80 | ||
| 80 | i=i2d(data,NULL); | 81 | i=i2d(data,NULL); | 
| 81 | if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0); | 82 | if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) | 
| 83 | { | ||
| 84 | ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); | ||
| 85 | return(0); | ||
| 86 | } | ||
| 82 | p=str; | 87 | p=str; | 
| 83 | i2d(data,&p); | 88 | i2d(data,&p); | 
| 84 | 89 | ||
| diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c index ad8f0ffd1a..03ede68d1c 100644 --- a/src/lib/libcrypto/asn1/a_enum.c +++ b/src/lib/libcrypto/asn1/a_enum.c | |||
| @@ -156,7 +156,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) | |||
| 156 | unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); | 156 | unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); | 
| 157 | if (!new_data) | 157 | if (!new_data) | 
| 158 | { | 158 | { | 
| 159 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | 159 | ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); | 
| 160 | goto err; | 160 | goto err; | 
| 161 | } | 161 | } | 
| 162 | ret->data=new_data; | 162 | ret->data=new_data; | 
| diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c index edb243c021..21cc64bb23 100644 --- a/src/lib/libcrypto/asn1/a_int.c +++ b/src/lib/libcrypto/asn1/a_int.c | |||
| @@ -64,7 +64,26 @@ ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) | |||
| 64 | { return M_ASN1_INTEGER_dup(x);} | 64 | { return M_ASN1_INTEGER_dup(x);} | 
| 65 | 65 | ||
| 66 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) | 66 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) | 
| 67 | { return M_ASN1_INTEGER_cmp(x,y);} | 67 | { | 
| 68 | int neg, ret; | ||
| 69 | /* Compare signs */ | ||
| 70 | neg = x->type & V_ASN1_NEG; | ||
| 71 | if (neg != (y->type & V_ASN1_NEG)) | ||
| 72 | { | ||
| 73 | if (neg) | ||
| 74 | return -1; | ||
| 75 | else | ||
| 76 | return 1; | ||
| 77 | } | ||
| 78 | |||
| 79 | ret = ASN1_STRING_cmp(x, y); | ||
| 80 | |||
| 81 | if (neg) | ||
| 82 | return -ret; | ||
| 83 | else | ||
| 84 | return ret; | ||
| 85 | } | ||
| 86 | |||
| 68 | 87 | ||
| 69 | /* | 88 | /* | 
| 70 | * This converts an ASN1 INTEGER into its content encoding. | 89 | * This converts an ASN1 INTEGER into its content encoding. | 
| diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c index 8035513f04..d18e772320 100644 --- a/src/lib/libcrypto/asn1/a_print.c +++ b/src/lib/libcrypto/asn1/a_print.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" | 
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> | 
| 62 | 62 | ||
| 63 | int ASN1_PRINTABLE_type(unsigned char *s, int len) | 63 | int ASN1_PRINTABLE_type(const unsigned char *s, int len) | 
| 64 | { | 64 | { | 
| 65 | int c; | 65 | int c; | 
| 66 | int ia5=0; | 66 | int ia5=0; | 
| diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c index 0f839822ff..e24061c545 100644 --- a/src/lib/libcrypto/asn1/a_set.c +++ b/src/lib/libcrypto/asn1/a_set.c | |||
| @@ -118,8 +118,13 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, | |||
| 118 | } | 118 | } | 
| 119 | 119 | ||
| 120 | pStart = p; /* Catch the beg of Setblobs*/ | 120 | pStart = p; /* Catch the beg of Setblobs*/ | 
| 121 | if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array | 121 | /* In this array we will store the SET blobs */ | 
| 122 | we will store the SET blobs */ | 122 | rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); | 
| 123 | if (rgSetBlob == NULL) | ||
| 124 | { | ||
| 125 | ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); | ||
| 126 | return(0); | ||
| 127 | } | ||
| 123 | 128 | ||
| 124 | for (i=0; i<sk_num(a); i++) | 129 | for (i=0; i<sk_num(a); i++) | 
| 125 | { | 130 | { | 
| @@ -135,7 +140,11 @@ SetBlob | |||
| 135 | /* Now we have to sort the blobs. I am using a simple algo. | 140 | /* Now we have to sort the blobs. I am using a simple algo. | 
| 136 | *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ | 141 | *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ | 
| 137 | qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); | 142 | qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); | 
| 138 | if (!(pTempMem = OPENSSL_malloc(totSize))) return 0; | 143 | if (!(pTempMem = OPENSSL_malloc(totSize))) | 
| 144 | { | ||
| 145 | ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); | ||
| 146 | return(0); | ||
| 147 | } | ||
| 139 | 148 | ||
| 140 | /* Copy to temp mem */ | 149 | /* Copy to temp mem */ | 
| 141 | p = pTempMem; | 150 | p = pTempMem; | 
| @@ -160,7 +169,13 @@ STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | |||
| 160 | STACK *ret=NULL; | 169 | STACK *ret=NULL; | 
| 161 | 170 | ||
| 162 | if ((a == NULL) || ((*a) == NULL)) | 171 | if ((a == NULL) || ((*a) == NULL)) | 
| 163 | { if ((ret=sk_new_null()) == NULL) goto err; } | 172 | { | 
| 173 | if ((ret=sk_new_null()) == NULL) | ||
| 174 | { | ||
| 175 | ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE); | ||
| 176 | goto err; | ||
| 177 | } | ||
| 178 | } | ||
| 164 | else | 179 | else | 
| 165 | ret=(*a); | 180 | ret=(*a); | 
| 166 | 181 | ||
| diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index bde666a6ff..a07122ba47 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. | 
| 4 | */ | 4 | */ | 
| 5 | /* ==================================================================== | 5 | /* ==================================================================== | 
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. | 
| 7 | * | 7 | * | 
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | 
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | 
| @@ -553,7 +553,12 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) | |||
| 553 | if((type < 0) || (type > 30)) return -1; | 553 | if((type < 0) || (type > 30)) return -1; | 
| 554 | mbflag = tag2nbyte[type]; | 554 | mbflag = tag2nbyte[type]; | 
| 555 | if(mbflag == -1) return -1; | 555 | if(mbflag == -1) return -1; | 
| 556 | mbflag |= MBSTRING_FLAG; | 556 | if (mbflag == 0) | 
| 557 | mbflag = MBSTRING_UTF8; | ||
| 558 | else if (mbflag == 4) | ||
| 559 | mbflag = MBSTRING_UNIV; | ||
| 560 | else | ||
| 561 | mbflag |= MBSTRING_FLAG; | ||
| 557 | stmp.data = NULL; | 562 | stmp.data = NULL; | 
| 558 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); | 563 | ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); | 
| 559 | if(ret < 0) return ret; | 564 | if(ret < 0) return ret; | 
| diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c index fe3fcd40b0..2292d49b93 100644 --- a/src/lib/libcrypto/asn1/a_type.c +++ b/src/lib/libcrypto/asn1/a_type.c | |||
| @@ -71,7 +71,10 @@ int ASN1_TYPE_get(ASN1_TYPE *a) | |||
| 71 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) | 71 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) | 
| 72 | { | 72 | { | 
| 73 | if (a->value.ptr != NULL) | 73 | if (a->value.ptr != NULL) | 
| 74 | ASN1_primitive_free((ASN1_VALUE **)&a, NULL); | 74 | { | 
| 75 | ASN1_TYPE **tmp_a = &a; | ||
| 76 | ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); | ||
| 77 | } | ||
| 75 | a->type=type; | 78 | a->type=type; | 
| 76 | a->value.ptr=value; | 79 | a->value.ptr=value; | 
| 77 | } | 80 | } | 
| diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index da2a0a6d69..18ef0acf00 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c | |||
| @@ -142,6 +142,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 142 | goto err; | 142 | goto err; | 
| 143 | } | 143 | } | 
| 144 | 144 | ||
| 145 | if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | ||
| 146 | { | ||
| 147 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | ||
| 148 | ret=0; | ||
| 149 | goto err; | ||
| 150 | } | ||
| 151 | |||
| 145 | inl = ASN1_item_i2d(asn, &buf_in, it); | 152 | inl = ASN1_item_i2d(asn, &buf_in, it); | 
| 146 | 153 | ||
| 147 | if (buf_in == NULL) | 154 | if (buf_in == NULL) | 
| @@ -150,7 +157,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
| 150 | goto err; | 157 | goto err; | 
| 151 | } | 158 | } | 
| 152 | 159 | ||
| 153 | EVP_VerifyInit_ex(&ctx,type, NULL); | ||
| 154 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 160 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 
| 155 | 161 | ||
| 156 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 162 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 
| diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 3414509f1b..ceaeb4cbe3 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h | |||
| @@ -829,7 +829,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); | |||
| 829 | 829 | ||
| 830 | /* General */ | 830 | /* General */ | 
| 831 | /* given a string, return the correct type, max is the maximum length */ | 831 | /* given a string, return the correct type, max is the maximum length */ | 
| 832 | int ASN1_PRINTABLE_type(unsigned char *s, int max); | 832 | int ASN1_PRINTABLE_type(const unsigned char *s, int max); | 
| 833 | 833 | ||
| 834 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); | 834 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); | 
| 835 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, | 835 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, | 
| @@ -950,16 +950,19 @@ void ERR_load_ASN1_strings(void); | |||
| 950 | #define ASN1_F_A2I_ASN1_ENUMERATED 101 | 950 | #define ASN1_F_A2I_ASN1_ENUMERATED 101 | 
| 951 | #define ASN1_F_A2I_ASN1_INTEGER 102 | 951 | #define ASN1_F_A2I_ASN1_INTEGER 102 | 
| 952 | #define ASN1_F_A2I_ASN1_STRING 103 | 952 | #define ASN1_F_A2I_ASN1_STRING 103 | 
| 953 | #define ASN1_F_ASN1_BIT_STRING_SET_BIT 176 | ||
| 953 | #define ASN1_F_ASN1_CHECK_TLEN 104 | 954 | #define ASN1_F_ASN1_CHECK_TLEN 104 | 
| 954 | #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 | 955 | #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 | 
| 955 | #define ASN1_F_ASN1_COLLECT 106 | 956 | #define ASN1_F_ASN1_COLLECT 106 | 
| 956 | #define ASN1_F_ASN1_D2I_BIO 107 | 957 | #define ASN1_F_ASN1_D2I_BIO 107 | 
| 957 | #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 | 958 | #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 | 
| 958 | #define ASN1_F_ASN1_D2I_FP 109 | 959 | #define ASN1_F_ASN1_D2I_FP 109 | 
| 960 | #define ASN1_F_ASN1_DIGEST 177 | ||
| 959 | #define ASN1_F_ASN1_DO_ADB 110 | 961 | #define ASN1_F_ASN1_DO_ADB 110 | 
| 960 | #define ASN1_F_ASN1_DUP 111 | 962 | #define ASN1_F_ASN1_DUP 111 | 
| 961 | #define ASN1_F_ASN1_ENUMERATED_SET 112 | 963 | #define ASN1_F_ASN1_ENUMERATED_SET 112 | 
| 962 | #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 | 964 | #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 | 
| 965 | #define ASN1_F_ASN1_GENERALIZEDTIME_SET 178 | ||
| 963 | #define ASN1_F_ASN1_GET_OBJECT 114 | 966 | #define ASN1_F_ASN1_GET_OBJECT 114 | 
| 964 | #define ASN1_F_ASN1_HEADER_NEW 115 | 967 | #define ASN1_F_ASN1_HEADER_NEW 115 | 
| 965 | #define ASN1_F_ASN1_I2D_BIO 116 | 968 | #define ASN1_F_ASN1_I2D_BIO 116 | 
| @@ -975,6 +978,7 @@ void ERR_load_ASN1_strings(void); | |||
| 975 | #define ASN1_F_ASN1_SEQ_PACK 126 | 978 | #define ASN1_F_ASN1_SEQ_PACK 126 | 
| 976 | #define ASN1_F_ASN1_SEQ_UNPACK 127 | 979 | #define ASN1_F_ASN1_SEQ_UNPACK 127 | 
| 977 | #define ASN1_F_ASN1_SIGN 128 | 980 | #define ASN1_F_ASN1_SIGN 128 | 
| 981 | #define ASN1_F_ASN1_STRING_SET 179 | ||
| 978 | #define ASN1_F_ASN1_STRING_TABLE_ADD 129 | 982 | #define ASN1_F_ASN1_STRING_TABLE_ADD 129 | 
| 979 | #define ASN1_F_ASN1_STRING_TYPE_NEW 130 | 983 | #define ASN1_F_ASN1_STRING_TYPE_NEW 130 | 
| 980 | #define ASN1_F_ASN1_TEMPLATE_D2I 131 | 984 | #define ASN1_F_ASN1_TEMPLATE_D2I 131 | 
| @@ -984,6 +988,7 @@ void ERR_load_ASN1_strings(void); | |||
| 984 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 | 988 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 | 
| 985 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 | 989 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 | 
| 986 | #define ASN1_F_ASN1_UNPACK_STRING 136 | 990 | #define ASN1_F_ASN1_UNPACK_STRING 136 | 
| 991 | #define ASN1_F_ASN1_UTCTIME_SET 180 | ||
| 987 | #define ASN1_F_ASN1_VERIFY 137 | 992 | #define ASN1_F_ASN1_VERIFY 137 | 
| 988 | #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 | 993 | #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 | 
| 989 | #define ASN1_F_BN_TO_ASN1_INTEGER 139 | 994 | #define ASN1_F_BN_TO_ASN1_INTEGER 139 | 
| @@ -1007,6 +1012,7 @@ void ERR_load_ASN1_strings(void); | |||
| 1007 | #define ASN1_F_D2I_X509_CINF 157 | 1012 | #define ASN1_F_D2I_X509_CINF 157 | 
| 1008 | #define ASN1_F_D2I_X509_NAME 158 | 1013 | #define ASN1_F_D2I_X509_NAME 158 | 
| 1009 | #define ASN1_F_D2I_X509_PKEY 159 | 1014 | #define ASN1_F_D2I_X509_PKEY 159 | 
| 1015 | #define ASN1_F_I2D_ASN1_SET 181 | ||
| 1010 | #define ASN1_F_I2D_ASN1_TIME 160 | 1016 | #define ASN1_F_I2D_ASN1_TIME 160 | 
| 1011 | #define ASN1_F_I2D_DSA_PUBKEY 161 | 1017 | #define ASN1_F_I2D_DSA_PUBKEY 161 | 
| 1012 | #define ASN1_F_I2D_NETSCAPE_RSA 162 | 1018 | #define ASN1_F_I2D_NETSCAPE_RSA 162 | 
| diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index 094ec06fda..3b57c8fbae 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/asn1/asn1_err.c */ | 1 | /* crypto/asn1/asn1_err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| @@ -70,16 +70,19 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 70 | {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, | 70 | {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, | 
| 71 | {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, | 71 | {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, | 
| 72 | {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, | 72 | {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, | 
| 73 | {ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"}, | ||
| 73 | {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, | 74 | {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, | 
| 74 | {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, | 75 | {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, | 
| 75 | {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, | 76 | {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, | 
| 76 | {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, | 77 | {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, | 
| 77 | {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, | 78 | {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, | 
| 78 | {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, | 79 | {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, | 
| 80 | {ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"}, | ||
| 79 | {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, | 81 | {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, | 
| 80 | {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, | 82 | {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, | 
| 81 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, | 83 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, | 
| 82 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, | 84 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, | 
| 85 | {ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"}, | ||
| 83 | {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, | 86 | {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, | 
| 84 | {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, | 87 | {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, | 
| 85 | {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, | 88 | {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, | 
| @@ -95,6 +98,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 95 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, | 98 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, | 
| 96 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, | 99 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, | 
| 97 | {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, | 100 | {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, | 
| 101 | {ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"}, | ||
| 98 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, | 102 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, | 
| 99 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, | 103 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, | 
| 100 | {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, | 104 | {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, | 
| @@ -104,6 +108,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 104 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, | 108 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, | 
| 105 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, | 109 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, | 
| 106 | {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, | 110 | {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, | 
| 111 | {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"}, | ||
| 107 | {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, | 112 | {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, | 
| 108 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, | 113 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, | 
| 109 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, | 114 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, | 
| @@ -127,6 +132,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
| 127 | {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, | 132 | {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, | 
| 128 | {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, | 133 | {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, | 
| 129 | {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, | 134 | {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, | 
| 135 | {ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"}, | ||
| 130 | {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, | 136 | {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, | 
| 131 | {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, | 137 | {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, | 
| 132 | {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, | 138 | {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, | 
| diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index a74f1368d3..97b9b35f4b 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c | |||
| @@ -349,6 +349,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) | |||
| 349 | 349 | ||
| 350 | if (str->data == NULL) | 350 | if (str->data == NULL) | 
| 351 | { | 351 | { | 
| 352 | ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE); | ||
| 352 | str->data=c; | 353 | str->data=c; | 
| 353 | return(0); | 354 | return(0); | 
| 354 | } | 355 | } | 
| diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c index 3506005a71..f92ce6cb5d 100644 --- a/src/lib/libcrypto/asn1/evp_asn1.c +++ b/src/lib/libcrypto/asn1/evp_asn1.c | |||
| @@ -115,7 +115,11 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, | |||
| 115 | 115 | ||
| 116 | if ((osp=ASN1_STRING_new()) == NULL) return(0); | 116 | if ((osp=ASN1_STRING_new()) == NULL) return(0); | 
| 117 | /* Grow the 'string' */ | 117 | /* Grow the 'string' */ | 
| 118 | ASN1_STRING_set(osp,NULL,size); | 118 | if (!ASN1_STRING_set(osp,NULL,size)) | 
| 119 | { | ||
| 120 | ASN1_STRING_free(osp); | ||
| 121 | return(0); | ||
| 122 | } | ||
| 119 | 123 | ||
| 120 | M_ASN1_STRING_length_set(osp, size); | 124 | M_ASN1_STRING_length_set(osp, size); | 
| 121 | p=M_ASN1_STRING_data(osp); | 125 | p=M_ASN1_STRING_data(osp); | 
| diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index 891150638e..ec788267e0 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c | |||
| @@ -76,47 +76,55 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) | |||
| 76 | X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | 76 | X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | 
| 77 | int saltlen) | 77 | int saltlen) | 
| 78 | { | 78 | { | 
| 79 | PBEPARAM *pbe; | 79 | PBEPARAM *pbe=NULL; | 
| 80 | ASN1_OBJECT *al; | 80 | ASN1_OBJECT *al; | 
| 81 | X509_ALGOR *algor; | 81 | X509_ALGOR *algor; | 
| 82 | ASN1_TYPE *astype; | 82 | ASN1_TYPE *astype=NULL; | 
| 83 | 83 | ||
| 84 | if (!(pbe = PBEPARAM_new ())) { | 84 | if (!(pbe = PBEPARAM_new ())) { | 
| 85 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 85 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 
| 86 | return NULL; | 86 | goto err; | 
| 87 | } | 87 | } | 
| 88 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | 88 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | 
| 89 | ASN1_INTEGER_set (pbe->iter, iter); | 89 | if (!ASN1_INTEGER_set(pbe->iter, iter)) { | 
| 90 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | ||
| 91 | goto err; | ||
| 92 | } | ||
| 90 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | 93 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | 
| 91 | if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { | 94 | if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { | 
| 92 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 95 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 
| 93 | return NULL; | 96 | goto err; | 
| 94 | } | 97 | } | 
| 95 | pbe->salt->length = saltlen; | 98 | pbe->salt->length = saltlen; | 
| 96 | if (salt) memcpy (pbe->salt->data, salt, saltlen); | 99 | if (salt) memcpy (pbe->salt->data, salt, saltlen); | 
| 97 | else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) | 100 | else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) | 
| 98 | return NULL; | 101 | goto err; | 
| 99 | 102 | ||
| 100 | if (!(astype = ASN1_TYPE_new())) { | 103 | if (!(astype = ASN1_TYPE_new())) { | 
| 101 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 104 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 
| 102 | return NULL; | 105 | goto err; | 
| 103 | } | 106 | } | 
| 104 | 107 | ||
| 105 | astype->type = V_ASN1_SEQUENCE; | 108 | astype->type = V_ASN1_SEQUENCE; | 
| 106 | if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { | 109 | if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { | 
| 107 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 110 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 
| 108 | return NULL; | 111 | goto err; | 
| 109 | } | 112 | } | 
| 110 | PBEPARAM_free (pbe); | 113 | PBEPARAM_free (pbe); | 
| 114 | pbe = NULL; | ||
| 111 | 115 | ||
| 112 | al = OBJ_nid2obj(alg); /* never need to free al */ | 116 | al = OBJ_nid2obj(alg); /* never need to free al */ | 
| 113 | if (!(algor = X509_ALGOR_new())) { | 117 | if (!(algor = X509_ALGOR_new())) { | 
| 114 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 118 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 
| 115 | return NULL; | 119 | goto err; | 
| 116 | } | 120 | } | 
| 117 | ASN1_OBJECT_free(algor->algorithm); | 121 | ASN1_OBJECT_free(algor->algorithm); | 
| 118 | algor->algorithm = al; | 122 | algor->algorithm = al; | 
| 119 | algor->parameter = astype; | 123 | algor->parameter = astype; | 
| 120 | 124 | ||
| 121 | return (algor); | 125 | return (algor); | 
| 126 | err: | ||
| 127 | if (pbe != NULL) PBEPARAM_free(pbe); | ||
| 128 | if (astype != NULL) ASN1_TYPE_free(astype); | ||
| 129 | return NULL; | ||
| 122 | } | 130 | } | 
| diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 91e1c8987d..e0dc0ec4ee 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* p5_pbev2.c */ | 1 | /* p5_pbev2.c */ | 
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 
| 3 | * project 1999. | 3 | * project 1999-2004. | 
| 4 | */ | 4 | */ | 
| 5 | /* ==================================================================== | 5 | /* ==================================================================== | 
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 
| @@ -113,7 +113,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 113 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; | 113 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; | 
| 114 | 114 | ||
| 115 | /* Create random IV */ | 115 | /* Create random IV */ | 
| 116 | if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) | 116 | if (EVP_CIPHER_iv_length(cipher) && | 
| 117 | RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) | ||
| 117 | goto err; | 118 | goto err; | 
| 118 | 119 | ||
| 119 | EVP_CIPHER_CTX_init(&ctx); | 120 | EVP_CIPHER_CTX_init(&ctx); | 
| @@ -123,6 +124,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 123 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { | 124 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { | 
| 124 | ASN1err(ASN1_F_PKCS5_PBE2_SET, | 125 | ASN1err(ASN1_F_PKCS5_PBE2_SET, | 
| 125 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); | 126 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); | 
| 127 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 126 | goto err; | 128 | goto err; | 
| 127 | } | 129 | } | 
| 128 | EVP_CIPHER_CTX_cleanup(&ctx); | 130 | EVP_CIPHER_CTX_cleanup(&ctx); | 
| diff --git a/src/lib/libcrypto/asn1/t_bitst.c b/src/lib/libcrypto/asn1/t_bitst.c index 8ee789f082..397332d9b8 100644 --- a/src/lib/libcrypto/asn1/t_bitst.c +++ b/src/lib/libcrypto/asn1/t_bitst.c | |||
| @@ -84,7 +84,10 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, | |||
| 84 | int bitnum; | 84 | int bitnum; | 
| 85 | bitnum = ASN1_BIT_STRING_num_asc(name, tbl); | 85 | bitnum = ASN1_BIT_STRING_num_asc(name, tbl); | 
| 86 | if(bitnum < 0) return 0; | 86 | if(bitnum < 0) return 0; | 
| 87 | if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); | 87 | if(bs) { | 
| 88 | if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) | ||
| 89 | return 0; | ||
| 90 | } | ||
| 88 | return 1; | 91 | return 1; | 
| 89 | } | 92 | } | 
| 90 | 93 | ||
| diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 11fce96825..b99f8fc522 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c | |||
| @@ -63,8 +63,6 @@ | |||
| 63 | 63 | ||
| 64 | static int X509_REVOKED_cmp(const X509_REVOKED * const *a, | 64 | static int X509_REVOKED_cmp(const X509_REVOKED * const *a, | 
| 65 | const X509_REVOKED * const *b); | 65 | const X509_REVOKED * const *b); | 
| 66 | static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, | ||
| 67 | const X509_REVOKED * const *b); | ||
| 68 | 66 | ||
| 69 | ASN1_SEQUENCE(X509_REVOKED) = { | 67 | ASN1_SEQUENCE(X509_REVOKED) = { | 
| 70 | ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), | 68 | ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), | 
| @@ -72,43 +70,28 @@ ASN1_SEQUENCE(X509_REVOKED) = { | |||
| 72 | ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) | 70 | ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) | 
| 73 | } ASN1_SEQUENCE_END(X509_REVOKED) | 71 | } ASN1_SEQUENCE_END(X509_REVOKED) | 
| 74 | 72 | ||
| 75 | /* The X509_CRL_INFO structure needs a bit of customisation. This is actually | 73 | /* The X509_CRL_INFO structure needs a bit of customisation. | 
| 76 | * mirroring the old behaviour: its purpose is to allow the use of | 74 | * Since we cache the original encoding the signature wont be affected by | 
| 77 | * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately | 75 | * reordering of the revoked field. | 
| 78 | * this will zap the original order and the signature so we keep a copy | ||
| 79 | * of the original positions and reorder appropriately before encoding. | ||
| 80 | * | ||
| 81 | * Might want to see if there's a better way of doing this later... | ||
| 82 | */ | 76 | */ | 
| 83 | static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 77 | static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | 
| 84 | { | 78 | { | 
| 85 | X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; | 79 | X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; | 
| 86 | int i; | ||
| 87 | int (*old_cmp)(const X509_REVOKED * const *, | ||
| 88 | const X509_REVOKED * const *); | ||
| 89 | 80 | ||
| 90 | if(!a || !a->revoked) return 1; | 81 | if(!a || !a->revoked) return 1; | 
| 91 | switch(operation) { | 82 | switch(operation) { | 
| 92 | 83 | /* Just set cmp function here. We don't sort because that | |
| 93 | /* Save original order */ | 84 | * would affect the output of X509_CRL_print(). | 
| 85 | */ | ||
| 94 | case ASN1_OP_D2I_POST: | 86 | case ASN1_OP_D2I_POST: | 
| 95 | for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++) | ||
| 96 | sk_X509_REVOKED_value(a->revoked,i)->sequence=i; | ||
| 97 | sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); | 87 | sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); | 
| 98 | break; | 88 | break; | 
| 99 | |||
| 100 | /* Restore original order */ | ||
| 101 | case ASN1_OP_I2D_PRE: | ||
| 102 | old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); | ||
| 103 | sk_X509_REVOKED_sort(a->revoked); | ||
| 104 | sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); | ||
| 105 | break; | ||
| 106 | } | 89 | } | 
| 107 | return 1; | 90 | return 1; | 
| 108 | } | 91 | } | 
| 109 | 92 | ||
| 110 | 93 | ||
| 111 | ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { | 94 | ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { | 
| 112 | ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), | 95 | ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), | 
| 113 | ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), | 96 | ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), | 
| 114 | ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), | 97 | ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), | 
| @@ -116,7 +99,7 @@ ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { | |||
| 116 | ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), | 99 | ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), | 
| 117 | ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), | 100 | ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), | 
| 118 | ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) | 101 | ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) | 
| 119 | } ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO) | 102 | } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) | 
| 120 | 103 | ||
| 121 | ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { | 104 | ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { | 
| 122 | ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), | 105 | ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), | 
| @@ -137,12 +120,6 @@ static int X509_REVOKED_cmp(const X509_REVOKED * const *a, | |||
| 137 | (ASN1_STRING *)(*b)->serialNumber)); | 120 | (ASN1_STRING *)(*b)->serialNumber)); | 
| 138 | } | 121 | } | 
| 139 | 122 | ||
| 140 | static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, | ||
| 141 | const X509_REVOKED * const *b) | ||
| 142 | { | ||
| 143 | return((*a)->sequence-(*b)->sequence); | ||
| 144 | } | ||
| 145 | |||
| 146 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) | 123 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) | 
| 147 | { | 124 | { | 
| 148 | X509_CRL_INFO *inf; | 125 | X509_CRL_INFO *inf; | 
| @@ -153,6 +130,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) | |||
| 153 | ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); | 130 | ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); | 
| 154 | return 0; | 131 | return 0; | 
| 155 | } | 132 | } | 
| 133 | inf->enc.modified = 1; | ||
| 156 | return 1; | 134 | return 1; | 
| 157 | } | 135 | } | 
| 158 | 136 | ||
| diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index caece0f158..31f3377b64 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c | |||
| @@ -160,21 +160,22 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons | |||
| 160 | int tag, int aclass, char opt, ASN1_TLC *ctx) | 160 | int tag, int aclass, char opt, ASN1_TLC *ctx) | 
| 161 | { | 161 | { | 
| 162 | unsigned char *p = *in, *q; | 162 | unsigned char *p = *in, *q; | 
| 163 | STACK *intname = NULL; | 163 | STACK *intname = NULL, **intname_pp = &intname; | 
| 164 | int i, j, ret; | 164 | int i, j, ret; | 
| 165 | X509_NAME *nm = NULL; | 165 | X509_NAME *nm = NULL, **nm_pp = &nm; | 
| 166 | STACK_OF(X509_NAME_ENTRY) *entries; | 166 | STACK_OF(X509_NAME_ENTRY) *entries; | 
| 167 | X509_NAME_ENTRY *entry; | 167 | X509_NAME_ENTRY *entry; | 
| 168 | q = p; | 168 | q = p; | 
| 169 | 169 | ||
| 170 | /* Get internal representation of Name */ | 170 | /* Get internal representation of Name */ | 
| 171 | ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), | 171 | ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp, | 
| 172 | tag, aclass, opt, ctx); | 172 | &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), | 
| 173 | tag, aclass, opt, ctx); | ||
| 173 | 174 | ||
| 174 | if(ret <= 0) return ret; | 175 | if(ret <= 0) return ret; | 
| 175 | 176 | ||
| 176 | if(*val) x509_name_ex_free(val, NULL); | 177 | if(*val) x509_name_ex_free(val, NULL); | 
| 177 | if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err; | 178 | if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err; | 
| 178 | /* We've decoded it: now cache encoding */ | 179 | /* We've decoded it: now cache encoding */ | 
| 179 | if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; | 180 | if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; | 
| 180 | memcpy(nm->bytes->data, q, p - q); | 181 | memcpy(nm->bytes->data, q, p - q); | 
| @@ -218,7 +219,7 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT | |||
| 218 | 219 | ||
| 219 | static int x509_name_encode(X509_NAME *a) | 220 | static int x509_name_encode(X509_NAME *a) | 
| 220 | { | 221 | { | 
| 221 | STACK *intname = NULL; | 222 | STACK *intname = NULL, **intname_pp = &intname; | 
| 222 | int len; | 223 | int len; | 
| 223 | unsigned char *p; | 224 | unsigned char *p; | 
| 224 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; | 225 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; | 
| @@ -236,10 +237,12 @@ static int x509_name_encode(X509_NAME *a) | |||
| 236 | } | 237 | } | 
| 237 | if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; | 238 | if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; | 
| 238 | } | 239 | } | 
| 239 | len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | 240 | len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL, | 
| 241 | ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | ||
| 240 | if (!BUF_MEM_grow(a->bytes,len)) goto memerr; | 242 | if (!BUF_MEM_grow(a->bytes,len)) goto memerr; | 
| 241 | p=(unsigned char *)a->bytes->data; | 243 | p=(unsigned char *)a->bytes->data; | 
| 242 | ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | 244 | ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, | 
| 245 | &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | ||
| 243 | sk_pop_free(intname, sk_internal_free); | 246 | sk_pop_free(intname, sk_internal_free); | 
| 244 | a->modified = 0; | 247 | a->modified = 0; | 
| 245 | return len; | 248 | return len; | 
| diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c index d958540120..7d6d71af88 100644 --- a/src/lib/libcrypto/asn1/x_pubkey.c +++ b/src/lib/libcrypto/asn1/x_pubkey.c | |||
| @@ -80,8 +80,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) | |||
| 80 | 80 | ||
| 81 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | 81 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | 
| 82 | { | 82 | { | 
| 83 | int ok=0; | 83 | X509_PUBKEY *pk=NULL; | 
| 84 | X509_PUBKEY *pk; | ||
| 85 | X509_ALGOR *a; | 84 | X509_ALGOR *a; | 
| 86 | ASN1_OBJECT *o; | 85 | ASN1_OBJECT *o; | 
| 87 | unsigned char *s,*p = NULL; | 86 | unsigned char *s,*p = NULL; | 
| @@ -104,7 +103,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 104 | (a->parameter->type != V_ASN1_NULL)) | 103 | (a->parameter->type != V_ASN1_NULL)) | 
| 105 | { | 104 | { | 
| 106 | ASN1_TYPE_free(a->parameter); | 105 | ASN1_TYPE_free(a->parameter); | 
| 107 | a->parameter=ASN1_TYPE_new(); | 106 | if (!(a->parameter=ASN1_TYPE_new())) | 
| 107 | { | ||
| 108 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 109 | goto err; | ||
| 110 | } | ||
| 108 | a->parameter->type=V_ASN1_NULL; | 111 | a->parameter->type=V_ASN1_NULL; | 
| 109 | } | 112 | } | 
| 110 | } | 113 | } | 
| @@ -118,14 +121,34 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 118 | dsa=pkey->pkey.dsa; | 121 | dsa=pkey->pkey.dsa; | 
| 119 | dsa->write_params=0; | 122 | dsa->write_params=0; | 
| 120 | ASN1_TYPE_free(a->parameter); | 123 | ASN1_TYPE_free(a->parameter); | 
| 121 | i=i2d_DSAparams(dsa,NULL); | 124 | if ((i=i2d_DSAparams(dsa,NULL)) <= 0) | 
| 122 | if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; | 125 | goto err; | 
| 126 | if (!(p=(unsigned char *)OPENSSL_malloc(i))) | ||
| 127 | { | ||
| 128 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 129 | goto err; | ||
| 130 | } | ||
| 123 | pp=p; | 131 | pp=p; | 
| 124 | i2d_DSAparams(dsa,&pp); | 132 | i2d_DSAparams(dsa,&pp); | 
| 125 | a->parameter=ASN1_TYPE_new(); | 133 | if (!(a->parameter=ASN1_TYPE_new())) | 
| 134 | { | ||
| 135 | OPENSSL_free(p); | ||
| 136 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 137 | goto err; | ||
| 138 | } | ||
| 126 | a->parameter->type=V_ASN1_SEQUENCE; | 139 | a->parameter->type=V_ASN1_SEQUENCE; | 
| 127 | a->parameter->value.sequence=ASN1_STRING_new(); | 140 | if (!(a->parameter->value.sequence=ASN1_STRING_new())) | 
| 128 | ASN1_STRING_set(a->parameter->value.sequence,p,i); | 141 | { | 
| 142 | OPENSSL_free(p); | ||
| 143 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 144 | goto err; | ||
| 145 | } | ||
| 146 | if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) | ||
| 147 | { | ||
| 148 | OPENSSL_free(p); | ||
| 149 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 150 | goto err; | ||
| 151 | } | ||
| 129 | OPENSSL_free(p); | 152 | OPENSSL_free(p); | 
| 130 | } | 153 | } | 
| 131 | else | 154 | else | 
| @@ -143,7 +166,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 143 | } | 166 | } | 
| 144 | p=s; | 167 | p=s; | 
| 145 | i2d_PublicKey(pkey,&p); | 168 | i2d_PublicKey(pkey,&p); | 
| 146 | if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; | 169 | if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) | 
| 170 | { | ||
| 171 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 172 | goto err; | ||
| 173 | } | ||
| 147 | /* Set number of unused bits to zero */ | 174 | /* Set number of unused bits to zero */ | 
| 148 | pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | 175 | pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | 
| 149 | pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; | 176 | pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; | 
| @@ -159,12 +186,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) | |||
| 159 | X509_PUBKEY_free(*x); | 186 | X509_PUBKEY_free(*x); | 
| 160 | 187 | ||
| 161 | *x=pk; | 188 | *x=pk; | 
| 162 | pk=NULL; | ||
| 163 | 189 | ||
| 164 | ok=1; | 190 | return 1; | 
| 165 | err: | 191 | err: | 
| 166 | if (pk != NULL) X509_PUBKEY_free(pk); | 192 | if (pk != NULL) X509_PUBKEY_free(pk); | 
| 167 | return(ok); | 193 | return 0; | 
| 168 | } | 194 | } | 
| 169 | 195 | ||
| 170 | EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | 196 | EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | 
| diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c index 3673cdee6e..fc5bebefce 100644 --- a/src/lib/libcrypto/bf/bf_skey.c +++ b/src/lib/libcrypto/bf/bf_skey.c | |||
| @@ -58,11 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 60 | #include <string.h> | 60 | #include <string.h> | 
| 61 | #include <openssl/crypto.h> | ||
| 61 | #include <openssl/blowfish.h> | 62 | #include <openssl/blowfish.h> | 
| 62 | #include "bf_locl.h" | 63 | #include "bf_locl.h" | 
| 63 | #include "bf_pi.h" | 64 | #include "bf_pi.h" | 
| 64 | 65 | ||
| 65 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data) | 66 | FIPS_NON_FIPS_VCIPHER_Init(BF) | 
| 66 | { | 67 | { | 
| 67 | int i; | 68 | int i; | 
| 68 | BF_LONG *p,ri,in[2]; | 69 | BF_LONG *p,ri,in[2]; | 
| diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h index cd49e85ab2..b4d8774961 100644 --- a/src/lib/libcrypto/bf/blowfish.h +++ b/src/lib/libcrypto/bf/blowfish.h | |||
| @@ -104,7 +104,10 @@ typedef struct bf_key_st | |||
| 104 | BF_LONG S[4*256]; | 104 | BF_LONG S[4*256]; | 
| 105 | } BF_KEY; | 105 | } BF_KEY; | 
| 106 | 106 | ||
| 107 | 107 | ||
| 108 | #ifdef OPENSSL_FIPS | ||
| 109 | void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); | ||
| 110 | #endif | ||
| 108 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); | 111 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); | 
| 109 | 112 | ||
| 110 | void BF_encrypt(BF_LONG *data,const BF_KEY *key); | 113 | void BF_encrypt(BF_LONG *data,const BF_KEY *key); | 
| diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c index fbff331796..c2bb357b4c 100644 --- a/src/lib/libcrypto/bio/b_print.c +++ b/src/lib/libcrypto/bio/b_print.c | |||
| @@ -641,7 +641,7 @@ fmtfp( | |||
| 641 | multiplying by a factor of 10 */ | 641 | multiplying by a factor of 10 */ | 
| 642 | fracpart = roundv((pow10(max)) * (ufvalue - intpart)); | 642 | fracpart = roundv((pow10(max)) * (ufvalue - intpart)); | 
| 643 | 643 | ||
| 644 | if (fracpart >= pow10(max)) { | 644 | if (fracpart >= (long)pow10(max)) { | 
| 645 | intpart++; | 645 | intpart++; | 
| 646 | fracpart -= (long)pow10(max); | 646 | fracpart -= (long)pow10(max); | 
| 647 | } | 647 | } | 
| diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h index fbbc16d00c..2eb703830f 100644 --- a/src/lib/libcrypto/bio/bio.h +++ b/src/lib/libcrypto/bio/bio.h | |||
| @@ -347,6 +347,7 @@ typedef struct bio_f_buffer_ctx_struct | |||
| 347 | #define BIO_C_NWRITE0 145 | 347 | #define BIO_C_NWRITE0 145 | 
| 348 | #define BIO_C_NWRITE 146 | 348 | #define BIO_C_NWRITE 146 | 
| 349 | #define BIO_C_RESET_READ_REQUEST 147 | 349 | #define BIO_C_RESET_READ_REQUEST 147 | 
| 350 | #define BIO_C_SET_MD_CTX 148 | ||
| 350 | 351 | ||
| 351 | 352 | ||
| 352 | #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) | 353 | #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) | 
| diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c index 9cdf159f82..8034ac93f9 100644 --- a/src/lib/libcrypto/bio/bss_file.c +++ b/src/lib/libcrypto/bio/bss_file.c | |||
| @@ -213,13 +213,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 213 | b->shutdown=(int)num&BIO_CLOSE; | 213 | b->shutdown=(int)num&BIO_CLOSE; | 
| 214 | b->ptr=(char *)ptr; | 214 | b->ptr=(char *)ptr; | 
| 215 | b->init=1; | 215 | b->init=1; | 
| 216 | { | ||
| 216 | #if defined(OPENSSL_SYS_WINDOWS) | 217 | #if defined(OPENSSL_SYS_WINDOWS) | 
| 218 | int fd = fileno((FILE*)ptr); | ||
| 217 | if (num & BIO_FP_TEXT) | 219 | if (num & BIO_FP_TEXT) | 
| 218 | _setmode(fileno((FILE *)ptr),_O_TEXT); | 220 | _setmode(fd,_O_TEXT); | 
| 219 | else | 221 | else | 
| 220 | _setmode(fileno((FILE *)ptr),_O_BINARY); | 222 | _setmode(fd,_O_BINARY); | 
| 221 | #elif defined(OPENSSL_SYS_MSDOS) | 223 | #elif defined(OPENSSL_SYS_MSDOS) | 
| 222 | { | ||
| 223 | int fd = fileno((FILE*)ptr); | 224 | int fd = fileno((FILE*)ptr); | 
| 224 | /* Set correct text/binary mode */ | 225 | /* Set correct text/binary mode */ | 
| 225 | if (num & BIO_FP_TEXT) | 226 | if (num & BIO_FP_TEXT) | 
| @@ -235,13 +236,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 235 | else | 236 | else | 
| 236 | _setmode(fd,_O_BINARY); | 237 | _setmode(fd,_O_BINARY); | 
| 237 | } | 238 | } | 
| 238 | } | ||
| 239 | #elif defined(OPENSSL_SYS_OS2) | 239 | #elif defined(OPENSSL_SYS_OS2) | 
| 240 | int fd = fileno((FILE*)ptr); | ||
| 240 | if (num & BIO_FP_TEXT) | 241 | if (num & BIO_FP_TEXT) | 
| 241 | setmode(fileno((FILE *)ptr), O_TEXT); | 242 | setmode(fd, O_TEXT); | 
| 242 | else | 243 | else | 
| 243 | setmode(fileno((FILE *)ptr), O_BINARY); | 244 | setmode(fd, O_BINARY); | 
| 244 | #endif | 245 | #endif | 
| 246 | } | ||
| 245 | break; | 247 | break; | 
| 246 | case BIO_C_SET_FILENAME: | 248 | case BIO_C_SET_FILENAME: | 
| 247 | file_free(b); | 249 | file_free(b); | 
| @@ -264,7 +266,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 264 | ret=0; | 266 | ret=0; | 
| 265 | break; | 267 | break; | 
| 266 | } | 268 | } | 
| 267 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) | 269 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) | 
| 268 | if (!(num & BIO_FP_TEXT)) | 270 | if (!(num & BIO_FP_TEXT)) | 
| 269 | strcat(p,"b"); | 271 | strcat(p,"b"); | 
| 270 | else | 272 | else | 
| diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S index 7dfda85566..7b82b820e6 100644 --- a/src/lib/libcrypto/bn/asm/ia64.S +++ b/src/lib/libcrypto/bn/asm/ia64.S | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | .explicit | 1 | .explicit | 
| 2 | .text | 2 | .text | 
| 3 | .ident "ia64.S, Version 2.0" | 3 | .ident "ia64.S, Version 2.1" | 
| 4 | .ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" | 4 | .ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" | 
| 5 | 5 | ||
| 6 | // | 6 | // | 
| @@ -35,7 +35,7 @@ | |||
| 35 | // What does it mean? You might ratiocinate that the original code | 35 | // What does it mean? You might ratiocinate that the original code | 
| 36 | // should run just faster... Because sum of latencies is smaller... | 36 | // should run just faster... Because sum of latencies is smaller... | 
| 37 | // Wrong! Note that getf latency increased. This means that if a loop is | 37 | // Wrong! Note that getf latency increased. This means that if a loop is | 
| 38 | // scheduled for lower latency (and they are), then it will suffer from | 38 | // scheduled for lower latency (as they were), then it will suffer from | 
| 39 | // stall condition and the code will therefore turn anti-scalable, e.g. | 39 | // stall condition and the code will therefore turn anti-scalable, e.g. | 
| 40 | // original bn_mul_words spun at 5*n or 2.5 times slower than expected | 40 | // original bn_mul_words spun at 5*n or 2.5 times slower than expected | 
| 41 | // on Itanium2! What to do? Reschedule loops for Itanium2? But then | 41 | // on Itanium2! What to do? Reschedule loops for Itanium2? But then | 
| @@ -145,6 +145,12 @@ | |||
| 145 | // -Drum=nop.m in command line. | 145 | // -Drum=nop.m in command line. | 
| 146 | // | 146 | // | 
| 147 | 147 | ||
| 148 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | ||
| 149 | #define ADDP addp4 | ||
| 150 | #else | ||
| 151 | #define ADDP add | ||
| 152 | #endif | ||
| 153 | |||
| 148 | #if 1 | 154 | #if 1 | 
| 149 | // | 155 | // | 
| 150 | // bn_[add|sub]_words routines. | 156 | // bn_[add|sub]_words routines. | 
| @@ -178,27 +184,12 @@ bn_add_words: | |||
| 178 | brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 | 184 | brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 | 
| 179 | } | 185 | } | 
| 180 | .body | 186 | .body | 
| 181 | { .mib; | 187 | { .mib; ADDP r14=0,r32 // rp | 
| 182 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 183 | addp4 r14=0,r32 // rp | ||
| 184 | #else | ||
| 185 | mov r14=r32 // rp | ||
| 186 | #endif | ||
| 187 | mov r9=pr };; | 188 | mov r9=pr };; | 
| 188 | { .mii; | 189 | { .mii; ADDP r15=0,r33 // ap | 
| 189 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 190 | addp4 r15=0,r33 // ap | ||
| 191 | #else | ||
| 192 | mov r15=r33 // ap | ||
| 193 | #endif | ||
| 194 | mov ar.lc=r10 | 190 | mov ar.lc=r10 | 
| 195 | mov ar.ec=6 } | 191 | mov ar.ec=6 } | 
| 196 | { .mib; | 192 | { .mib; ADDP r16=0,r34 // bp | 
| 197 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 198 | addp4 r16=0,r34 // bp | ||
| 199 | #else | ||
| 200 | mov r16=r34 // bp | ||
| 201 | #endif | ||
| 202 | mov pr.rot=1<<16 };; | 193 | mov pr.rot=1<<16 };; | 
| 203 | 194 | ||
| 204 | .L_bn_add_words_ctop: | 195 | .L_bn_add_words_ctop: | 
| @@ -246,27 +237,12 @@ bn_sub_words: | |||
| 246 | brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 | 237 | brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 | 
| 247 | } | 238 | } | 
| 248 | .body | 239 | .body | 
| 249 | { .mib; | 240 | { .mib; ADDP r14=0,r32 // rp | 
| 250 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 251 | addp4 r14=0,r32 // rp | ||
| 252 | #else | ||
| 253 | mov r14=r32 // rp | ||
| 254 | #endif | ||
| 255 | mov r9=pr };; | 241 | mov r9=pr };; | 
| 256 | { .mii; | 242 | { .mii; ADDP r15=0,r33 // ap | 
| 257 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 258 | addp4 r15=0,r33 // ap | ||
| 259 | #else | ||
| 260 | mov r15=r33 // ap | ||
| 261 | #endif | ||
| 262 | mov ar.lc=r10 | 243 | mov ar.lc=r10 | 
| 263 | mov ar.ec=6 } | 244 | mov ar.ec=6 } | 
| 264 | { .mib; | 245 | { .mib; ADDP r16=0,r34 // bp | 
| 265 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | ||
| 266 | addp4 r16=0,r34 // bp | ||
| 267 | #else | ||
| 268 | mov r16=r34 // bp | ||
| 269 | #endif | ||
| 270 | mov pr.rot=1<<16 };; | 246 | mov pr.rot=1<<16 };; | 
| 271 | 247 | ||
| 272 | .L_bn_sub_words_ctop: | 248 | .L_bn_sub_words_ctop: | 
| @@ -332,16 +308,10 @@ bn_mul_words: | |||
| 332 | 308 | ||
| 333 | #ifndef XMA_TEMPTATION | 309 | #ifndef XMA_TEMPTATION | 
| 334 | 310 | ||
| 335 | { .mii; | 311 | { .mmi; ADDP r14=0,r32 // rp | 
| 336 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 312 | ADDP r15=0,r33 // ap | 
| 337 | addp4 r14=0,r32 // rp | ||
| 338 | addp4 r15=0,r33 // ap | ||
| 339 | #else | ||
| 340 | mov r14=r32 // rp | ||
| 341 | mov r15=r33 // ap | ||
| 342 | #endif | ||
| 343 | mov ar.lc=r10 } | 313 | mov ar.lc=r10 } | 
| 344 | { .mii; mov r40=0 // serves as r35 at first (p27) | 314 | { .mmi; mov r40=0 // serves as r35 at first (p27) | 
| 345 | mov ar.ec=13 };; | 315 | mov ar.ec=13 };; | 
| 346 | 316 | ||
| 347 | // This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium | 317 | // This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium | 
| @@ -424,89 +394,64 @@ bn_mul_words: | |||
| 424 | .global bn_mul_add_words# | 394 | .global bn_mul_add_words# | 
| 425 | .proc bn_mul_add_words# | 395 | .proc bn_mul_add_words# | 
| 426 | .align 64 | 396 | .align 64 | 
| 427 | //.skip 0 // makes the loop split at 64-byte boundary | 397 | .skip 48 // makes the loop body aligned at 64-byte boundary | 
| 428 | bn_mul_add_words: | 398 | bn_mul_add_words: | 
| 429 | .prologue | 399 | .prologue | 
| 430 | .fframe 0 | 400 | .fframe 0 | 
| 431 | .save ar.pfs,r2 | 401 | .save ar.pfs,r2 | 
| 432 | { .mii; alloc r2=ar.pfs,4,12,0,16 | ||
| 433 | cmp4.le p6,p0=r34,r0 };; | ||
| 434 | { .mfb; mov r8=r0 // return value | ||
| 435 | (p6) br.ret.spnt.many b0 };; | ||
| 436 | |||
| 437 | .save ar.lc,r3 | 402 | .save ar.lc,r3 | 
| 438 | { .mii; sub r10=r34,r0,1 | 403 | .save pr,r9 | 
| 439 | mov r3=ar.lc | 404 | { .mmi; alloc r2=ar.pfs,4,4,0,8 | 
| 440 | mov r9=pr };; | 405 | cmp4.le p6,p0=r34,r0 | 
| 406 | mov r3=ar.lc };; | ||
| 407 | { .mib; mov r8=r0 // return value | ||
| 408 | sub r10=r34,r0,1 | ||
| 409 | (p6) br.ret.spnt.many b0 };; | ||
| 441 | 410 | ||
| 442 | .body | 411 | .body | 
| 443 | { .mib; setf.sig f8=r35 // w | 412 | { .mib; setf.sig f8=r35 // w | 
| 444 | mov pr.rot=0x800001<<16 | 413 | mov r9=pr | 
| 445 | // ------^----- serves as (p50) at first (p27) | ||
| 446 | brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 | 414 | brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 | 
| 447 | } | 415 | } | 
| 448 | { .mii; | 416 | { .mmi; ADDP r14=0,r32 // rp | 
| 449 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 417 | ADDP r15=0,r33 // ap | 
| 450 | addp4 r14=0,r32 // rp | ||
| 451 | addp4 r15=0,r33 // ap | ||
| 452 | #else | ||
| 453 | mov r14=r32 // rp | ||
| 454 | mov r15=r33 // ap | ||
| 455 | #endif | ||
| 456 | mov ar.lc=r10 } | 418 | mov ar.lc=r10 } | 
| 457 | { .mii; mov r40=0 // serves as r35 at first (p27) | 419 | { .mii; ADDP r16=0,r32 // rp copy | 
| 458 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 420 | mov pr.rot=0x2001<<16 | 
| 459 | addp4 r18=0,r32 // rp copy | 421 | // ------^----- serves as (p40) at first (p27) | 
| 460 | #else | 422 | mov ar.ec=11 };; | 
| 461 | mov r18=r32 // rp copy | 423 | |
| 462 | #endif | 424 | // This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on | 
| 463 | mov ar.ec=15 };; | 425 | // Itanium 2. Yes, unlike previous versions it scales:-) Previous | 
| 464 | 426 | // version was peforming *all* additions in IALU and was starving | |
| 465 | // This loop spins in 3*(n+14) ticks on Itanium and should spin in | 427 | // for those even on Itanium 2. In this version one addition is | 
| 466 | // 2*(n+14) on "wider" IA-64 implementations (to be verified with new | 428 | // moved to FPU and is folded with multiplication. This is at cost | 
| 467 | // µ-architecture manuals as they become available). As usual it's | 429 | // of propogating the result from previous call to this subroutine | 
| 468 | // possible to compress the epilogue, down to 10 in this case, at the | 430 | // to L2 cache... In other words negligible even for shorter keys. | 
| 469 | // cost of scalability. Compressed (and therefore non-scalable) loop | 431 | // *Overall* performance improvement [over previous version] varies | 
| 470 | // running at 3*(n+11) would buy you ~10% on Itanium but take ~35% | 432 | // from 11 to 22 percent depending on key length. | 
| 471 | // from "wider" IA-64 so let it be scalable! Special attention was | ||
| 472 | // paid for having the loop body split at 64-byte boundary. ld8 is | ||
| 473 | // scheduled for L1 cache as the data is more than likely there. | ||
| 474 | // Indeed, bn_mul_words has put it there a moment ago:-) | ||
| 475 | .L_bn_mul_add_words_ctop: | 433 | .L_bn_mul_add_words_ctop: | 
| 476 | { .mfi; (p25) getf.sig r36=f52 // low | 434 | .pred.rel "mutex",p40,p42 | 
| 477 | (p21) xmpy.lu f48=f37,f8 | 435 | { .mfi; (p23) getf.sig r36=f45 // low | 
| 478 | (p28) cmp.ltu p54,p50=r41,r39 } | 436 | (p20) xma.lu f42=f36,f8,f50 // low | 
| 479 | { .mfi; (p16) ldf8 f32=[r15],8 | 437 | (p40) add r39=r39,r35 } // (p27) | 
| 480 | (p21) xmpy.hu f40=f37,f8 | 438 | { .mfi; (p16) ldf8 f32=[r15],8 // *(ap++) | 
| 481 | (p28) add r45=r45,r41 };; | 439 | (p20) xma.hu f36=f36,f8,f50 // high | 
| 482 | { .mii; (p25) getf.sig r32=f44 // high | 440 | (p42) add r39=r39,r35,1 };; // (p27) | 
| 483 | .pred.rel "mutex",p50,p54 | 441 | { .mmi; (p24) getf.sig r32=f40 // high | 
| 484 | (p50) add r40=r38,r35 // (p27) | 442 | (p16) ldf8 f46=[r16],8 // *(rp1++) | 
| 485 | (p54) add r40=r38,r35,1 } // (p27) | 443 | (p40) cmp.ltu p41,p39=r39,r35 } // (p27) | 
| 486 | { .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41 | 444 | { .mib; (p26) st8 [r14]=r39,8 // *(rp2++) | 
| 487 | (p0) nop.f 0x0 | 445 | (p42) cmp.leu p41,p39=r39,r35 // (p27) | 
| 488 | (p0) nop.b 0x0 } | ||
| 489 | { .mii; (p27) ld8 r44=[r18],8 | ||
| 490 | (p62) cmp.eq.or p61,p0=-1,r46 | ||
| 491 | (p62) add r46=1,r46 } | ||
| 492 | { .mfb; (p30) st8 [r14]=r47,8 | ||
| 493 | (p0) nop.f 0x0 | ||
| 494 | br.ctop.sptk .L_bn_mul_add_words_ctop};; | 446 | br.ctop.sptk .L_bn_mul_add_words_ctop};; | 
| 495 | .L_bn_mul_add_words_cend: | 447 | .L_bn_mul_add_words_cend: | 
| 496 | 448 | ||
| 497 | { .mii; nop.m 0x0 | 449 | { .mmi; .pred.rel "mutex",p40,p42 | 
| 498 | .pred.rel "mutex",p53,p57 | 450 | (p40) add r8=r35,r0 | 
| 499 | (p53) add r8=r38,r0 | 451 | (p42) add r8=r35,r0,1 | 
| 500 | (p57) add r8=r38,r0,1 } | 452 | mov pr=r9,0x1ffff } | 
| 501 | { .mfb; nop.m 0x0 | 453 | { .mib; rum 1<<5 // clear um.mfh | 
| 502 | nop.f 0x0 | 454 | mov ar.lc=r3 | 
| 503 | nop.b 0x0 };; | ||
| 504 | { .mii; | ||
| 505 | (p63) add r8=1,r8 | ||
| 506 | mov pr=r9,0x1ffff | ||
| 507 | mov ar.lc=r3 } | ||
| 508 | { .mfb; rum 1<<5 // clear um.mfh | ||
| 509 | nop.f 0x0 | ||
| 510 | br.ret.sptk.many b0 };; | 455 | br.ret.sptk.many b0 };; | 
| 511 | .endp bn_mul_add_words# | 456 | .endp bn_mul_add_words# | 
| 512 | #endif | 457 | #endif | 
| @@ -527,7 +472,8 @@ bn_sqr_words: | |||
| 527 | sxt4 r34=r34 };; | 472 | sxt4 r34=r34 };; | 
| 528 | { .mii; cmp.le p6,p0=r34,r0 | 473 | { .mii; cmp.le p6,p0=r34,r0 | 
| 529 | mov r8=r0 } // return value | 474 | mov r8=r0 } // return value | 
| 530 | { .mfb; nop.f 0x0 | 475 | { .mfb; ADDP r32=0,r32 | 
| 476 | nop.f 0x0 | ||
| 531 | (p6) br.ret.spnt.many b0 };; | 477 | (p6) br.ret.spnt.many b0 };; | 
| 532 | 478 | ||
| 533 | .save ar.lc,r3 | 479 | .save ar.lc,r3 | 
| @@ -536,11 +482,7 @@ bn_sqr_words: | |||
| 536 | mov r9=pr };; | 482 | mov r9=pr };; | 
| 537 | 483 | ||
| 538 | .body | 484 | .body | 
| 539 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 485 | { .mib; ADDP r33=0,r33 | 
| 540 | { .mii; addp4 r32=0,r32 | ||
| 541 | addp4 r33=0,r33 };; | ||
| 542 | #endif | ||
| 543 | { .mib; | ||
| 544 | mov pr.rot=1<<16 | 486 | mov pr.rot=1<<16 | 
| 545 | brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 | 487 | brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 | 
| 546 | } | 488 | } | 
| @@ -605,7 +547,7 @@ bn_sqr_comba8: | |||
| 605 | .prologue | 547 | .prologue | 
| 606 | .fframe 0 | 548 | .fframe 0 | 
| 607 | .save ar.pfs,r2 | 549 | .save ar.pfs,r2 | 
| 608 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 550 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 
| 609 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 551 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 
| 610 | addp4 r33=0,r33 | 552 | addp4 r33=0,r33 | 
| 611 | addp4 r32=0,r32 };; | 553 | addp4 r32=0,r32 };; | 
| @@ -631,6 +573,10 @@ bn_sqr_comba8: | |||
| 631 | // clause in Itanium µ-architecture manual? Comments are welcomed and | 573 | // clause in Itanium µ-architecture manual? Comments are welcomed and | 
| 632 | // highly appreciated. | 574 | // highly appreciated. | 
| 633 | // | 575 | // | 
| 576 | // On Itanium 2 it takes ~190 ticks. This is because of stalls on | ||
| 577 | // result from getf.sig. I do nothing about it at this point for | ||
| 578 | // reasons depicted below. | ||
| 579 | // | ||
| 634 | // However! It should be noted that even 160 ticks is darn good result | 580 | // However! It should be noted that even 160 ticks is darn good result | 
| 635 | // as it's over 10 (yes, ten, spelled as t-e-n) times faster than the | 581 | // as it's over 10 (yes, ten, spelled as t-e-n) times faster than the | 
| 636 | // C version (compiled with gcc with inline assembler). I really | 582 | // C version (compiled with gcc with inline assembler). I really | 
| @@ -673,7 +619,7 @@ bn_mul_comba8: | |||
| 673 | .prologue | 619 | .prologue | 
| 674 | .fframe 0 | 620 | .fframe 0 | 
| 675 | .save ar.pfs,r2 | 621 | .save ar.pfs,r2 | 
| 676 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 622 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 
| 677 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 623 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 
| 678 | addp4 r33=0,r33 | 624 | addp4 r33=0,r33 | 
| 679 | addp4 r34=0,r34 };; | 625 | addp4 r34=0,r34 };; | 
| @@ -1231,7 +1177,7 @@ bn_sqr_comba4: | |||
| 1231 | .prologue | 1177 | .prologue | 
| 1232 | .fframe 0 | 1178 | .fframe 0 | 
| 1233 | .save ar.pfs,r2 | 1179 | .save ar.pfs,r2 | 
| 1234 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 1180 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 
| 1235 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 1181 | { .mii; alloc r2=ar.pfs,2,1,0,0 | 
| 1236 | addp4 r32=0,r32 | 1182 | addp4 r32=0,r32 | 
| 1237 | addp4 r33=0,r33 };; | 1183 | addp4 r33=0,r33 };; | 
| @@ -1264,7 +1210,7 @@ bn_mul_comba4: | |||
| 1264 | .prologue | 1210 | .prologue | 
| 1265 | .fframe 0 | 1211 | .fframe 0 | 
| 1266 | .save ar.pfs,r2 | 1212 | .save ar.pfs,r2 | 
| 1267 | #if defined(_HPUX_SOURCE) && defined(_ILP32) | 1213 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | 
| 1268 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 1214 | { .mii; alloc r2=ar.pfs,3,0,0,0 | 
| 1269 | addp4 r33=0,r33 | 1215 | addp4 r33=0,r33 | 
| 1270 | addp4 r34=0,r34 };; | 1216 | addp4 r34=0,r34 };; | 
| @@ -1448,8 +1394,8 @@ bn_mul_comba4: | |||
| 1448 | #define I r21 | 1394 | #define I r21 | 
| 1449 | 1395 | ||
| 1450 | #if 0 | 1396 | #if 0 | 
| 1451 | // Some preprocessors (most notably HP-UX) apper to be allergic to | 1397 | // Some preprocessors (most notably HP-UX) appear to be allergic to | 
| 1452 | // macros enclosed to parenthesis as these three will be. | 1398 | // macros enclosed to parenthesis [as these three were]. | 
| 1453 | #define cont p16 | 1399 | #define cont p16 | 
| 1454 | #define break p0 // p20 | 1400 | #define break p0 // p20 | 
| 1455 | #define equ p24 | 1401 | #define equ p24 | 
| @@ -1581,9 +1527,18 @@ bn_div_words: | |||
| 1581 | // output: f8 = (int)(a/b) | 1527 | // output: f8 = (int)(a/b) | 
| 1582 | // clobbered: f8,f9,f10,f11,pred | 1528 | // clobbered: f8,f9,f10,f11,pred | 
| 1583 | pred=p15 | 1529 | pred=p15 | 
| 1584 | // This procedure is essentially Intel code and therefore is | 1530 | // One can argue that this snippet is copyrighted to Intel | 
| 1585 | // copyrighted to Intel Corporation (I suppose...). It's sligtly | 1531 | // Corporation, as it's essentially identical to one of those | 
| 1586 | // modified for specific needs. | 1532 | // found in "Divide, Square Root and Remainder" section at | 
| 1533 | // http://www.intel.com/software/products/opensource/libraries/num.htm. | ||
| 1534 | // Yes, I admit that the referred code was used as template, | ||
| 1535 | // but after I realized that there hardly is any other instruction | ||
| 1536 | // sequence which would perform this operation. I mean I figure that | ||
| 1537 | // any independent attempt to implement high-performance division | ||
| 1538 | // will result in code virtually identical to the Intel code. It | ||
| 1539 | // should be noted though that below division kernel is 1 cycle | ||
| 1540 | // faster than Intel one (note commented splits:-), not to mention | ||
| 1541 | // original prologue (rather lack of one) and epilogue. | ||
| 1587 | .align 32 | 1542 | .align 32 | 
| 1588 | .skip 16 | 1543 | .skip 16 | 
| 1589 | .L_udiv64_32_b6: | 1544 | .L_udiv64_32_b6: | 
| diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl new file mode 100644 index 0000000000..307c7ccb35 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/ppc.pl | |||
| @@ -0,0 +1,2081 @@ | |||
| 1 | #!/usr/bin/env perl | ||
| 2 | # | ||
| 3 | # Implemented as a Perl wrapper as we want to support several different | ||
| 4 | # architectures with single file. We pick up the target based on the | ||
| 5 | # file name we are asked to generate. | ||
| 6 | # | ||
| 7 | # It should be noted though that this perl code is nothing like | ||
| 8 | # <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much | ||
| 9 | # as pre-processor to cover for platform differences in name decoration, | ||
| 10 | # linker tables, 32-/64-bit instruction sets... | ||
| 11 | # | ||
| 12 | # As you might know there're several PowerPC ABI in use. Most notably | ||
| 13 | # Linux and AIX use different 32-bit ABIs. Good news are that these ABIs | ||
| 14 | # are similar enough to implement leaf(!) functions, which would be ABI | ||
| 15 | # neutral. And that's what you find here: ABI neutral leaf functions. | ||
| 16 | # In case you wonder what that is... | ||
| 17 | # | ||
| 18 | # AIX performance | ||
| 19 | # | ||
| 20 | # MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e. | ||
| 21 | # | ||
| 22 | # The following is the performance of 32-bit compiler | ||
| 23 | # generated code: | ||
| 24 | # | ||
| 25 | # OpenSSL 0.9.6c 21 dec 2001 | ||
| 26 | # built on: Tue Jun 11 11:06:51 EDT 2002 | ||
| 27 | # options:bn(64,32) ... | ||
| 28 | #compiler: cc -DTHREADS -DAIX -DB_ENDIAN -DBN_LLONG -O3 | ||
| 29 | # sign verify sign/s verify/s | ||
| 30 | #rsa 512 bits 0.0098s 0.0009s 102.0 1170.6 | ||
| 31 | #rsa 1024 bits 0.0507s 0.0026s 19.7 387.5 | ||
| 32 | #rsa 2048 bits 0.3036s 0.0085s 3.3 117.1 | ||
| 33 | #rsa 4096 bits 2.0040s 0.0299s 0.5 33.4 | ||
| 34 | #dsa 512 bits 0.0087s 0.0106s 114.3 94.5 | ||
| 35 | #dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 | ||
| 36 | # | ||
| 37 | # Same bechmark with this assembler code: | ||
| 38 | # | ||
| 39 | #rsa 512 bits 0.0056s 0.0005s 178.6 2049.2 | ||
| 40 | #rsa 1024 bits 0.0283s 0.0015s 35.3 674.1 | ||
| 41 | #rsa 2048 bits 0.1744s 0.0050s 5.7 201.2 | ||
| 42 | #rsa 4096 bits 1.1644s 0.0179s 0.9 55.7 | ||
| 43 | #dsa 512 bits 0.0052s 0.0062s 191.6 162.0 | ||
| 44 | #dsa 1024 bits 0.0149s 0.0180s 67.0 55.5 | ||
| 45 | # | ||
| 46 | # Number of operations increases by at almost 75% | ||
| 47 | # | ||
| 48 | # Here are performance numbers for 64-bit compiler | ||
| 49 | # generated code: | ||
| 50 | # | ||
| 51 | # OpenSSL 0.9.6g [engine] 9 Aug 2002 | ||
| 52 | # built on: Fri Apr 18 16:59:20 EDT 2003 | ||
| 53 | # options:bn(64,64) ... | ||
| 54 | # compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3 | ||
| 55 | # sign verify sign/s verify/s | ||
| 56 | #rsa 512 bits 0.0028s 0.0003s 357.1 3844.4 | ||
| 57 | #rsa 1024 bits 0.0148s 0.0008s 67.5 1239.7 | ||
| 58 | #rsa 2048 bits 0.0963s 0.0028s 10.4 353.0 | ||
| 59 | #rsa 4096 bits 0.6538s 0.0102s 1.5 98.1 | ||
| 60 | #dsa 512 bits 0.0026s 0.0032s 382.5 313.7 | ||
| 61 | #dsa 1024 bits 0.0081s 0.0099s 122.8 100.6 | ||
| 62 | # | ||
| 63 | # Same benchmark with this assembler code: | ||
| 64 | # | ||
| 65 | #rsa 512 bits 0.0020s 0.0002s 510.4 6273.7 | ||
| 66 | #rsa 1024 bits 0.0088s 0.0005s 114.1 2128.3 | ||
| 67 | #rsa 2048 bits 0.0540s 0.0016s 18.5 622.5 | ||
| 68 | #rsa 4096 bits 0.3700s 0.0058s 2.7 171.0 | ||
| 69 | #dsa 512 bits 0.0016s 0.0020s 610.7 507.1 | ||
| 70 | #dsa 1024 bits 0.0047s 0.0058s 212.5 173.2 | ||
| 71 | # | ||
| 72 | # Again, performance increases by at about 75% | ||
| 73 | # | ||
| 74 | # Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code) | ||
| 75 | # OpenSSL 0.9.7c 30 Sep 2003 | ||
| 76 | # | ||
| 77 | # Original code. | ||
| 78 | # | ||
| 79 | #rsa 512 bits 0.0011s 0.0001s 906.1 11012.5 | ||
| 80 | #rsa 1024 bits 0.0060s 0.0003s 166.6 3363.1 | ||
| 81 | #rsa 2048 bits 0.0370s 0.0010s 27.1 982.4 | ||
| 82 | #rsa 4096 bits 0.2426s 0.0036s 4.1 280.4 | ||
| 83 | #dsa 512 bits 0.0010s 0.0012s 1038.1 841.5 | ||
| 84 | #dsa 1024 bits 0.0030s 0.0037s 329.6 269.7 | ||
| 85 | #dsa 2048 bits 0.0101s 0.0127s 98.9 78.6 | ||
| 86 | # | ||
| 87 | # Same benchmark with this assembler code: | ||
| 88 | # | ||
| 89 | #rsa 512 bits 0.0007s 0.0001s 1416.2 16645.9 | ||
| 90 | #rsa 1024 bits 0.0036s 0.0002s 274.4 5380.6 | ||
| 91 | #rsa 2048 bits 0.0222s 0.0006s 45.1 1589.5 | ||
| 92 | #rsa 4096 bits 0.1469s 0.0022s 6.8 449.6 | ||
| 93 | #dsa 512 bits 0.0006s 0.0007s 1664.2 1376.2 | ||
| 94 | #dsa 1024 bits 0.0018s 0.0023s 545.0 442.2 | ||
| 95 | #dsa 2048 bits 0.0061s 0.0075s 163.5 132.8 | ||
| 96 | # | ||
| 97 | # Performance increase of ~60% | ||
| 98 | # | ||
| 99 | # If you have comments or suggestions to improve code send | ||
| 100 | # me a note at schari@us.ibm.com | ||
| 101 | # | ||
| 102 | |||
| 103 | $opf = shift; | ||
| 104 | |||
| 105 | if ($opf =~ /32\.s/) { | ||
| 106 | $BITS= 32; | ||
| 107 | $BNSZ= $BITS/8; | ||
| 108 | $ISA= "\"ppc\""; | ||
| 109 | |||
| 110 | $LD= "lwz"; # load | ||
| 111 | $LDU= "lwzu"; # load and update | ||
| 112 | $ST= "stw"; # store | ||
| 113 | $STU= "stwu"; # store and update | ||
| 114 | $UMULL= "mullw"; # unsigned multiply low | ||
| 115 | $UMULH= "mulhwu"; # unsigned multiply high | ||
| 116 | $UDIV= "divwu"; # unsigned divide | ||
| 117 | $UCMPI= "cmplwi"; # unsigned compare with immediate | ||
| 118 | $UCMP= "cmplw"; # unsigned compare | ||
| 119 | $COUNTZ="cntlzw"; # count leading zeros | ||
| 120 | $SHL= "slw"; # shift left | ||
| 121 | $SHR= "srw"; # unsigned shift right | ||
| 122 | $SHRI= "srwi"; # unsigned shift right by immediate | ||
| 123 | $SHLI= "slwi"; # shift left by immediate | ||
| 124 | $CLRU= "clrlwi"; # clear upper bits | ||
| 125 | $INSR= "insrwi"; # insert right | ||
| 126 | $ROTL= "rotlwi"; # rotate left by immediate | ||
| 127 | } elsif ($opf =~ /64\.s/) { | ||
| 128 | $BITS= 64; | ||
| 129 | $BNSZ= $BITS/8; | ||
| 130 | $ISA= "\"ppc64\""; | ||
| 131 | |||
| 132 | # same as above, but 64-bit mnemonics... | ||
| 133 | $LD= "ld"; # load | ||
| 134 | $LDU= "ldu"; # load and update | ||
| 135 | $ST= "std"; # store | ||
| 136 | $STU= "stdu"; # store and update | ||
| 137 | $UMULL= "mulld"; # unsigned multiply low | ||
| 138 | $UMULH= "mulhdu"; # unsigned multiply high | ||
| 139 | $UDIV= "divdu"; # unsigned divide | ||
| 140 | $UCMPI= "cmpldi"; # unsigned compare with immediate | ||
| 141 | $UCMP= "cmpld"; # unsigned compare | ||
| 142 | $COUNTZ="cntlzd"; # count leading zeros | ||
| 143 | $SHL= "sld"; # shift left | ||
| 144 | $SHR= "srd"; # unsigned shift right | ||
| 145 | $SHRI= "srdi"; # unsigned shift right by immediate | ||
| 146 | $SHLI= "sldi"; # shift left by immediate | ||
| 147 | $CLRU= "clrldi"; # clear upper bits | ||
| 148 | $INSR= "insrdi"; # insert right | ||
| 149 | $ROTL= "rotldi"; # rotate left by immediate | ||
| 150 | } else { die "nonsense $opf"; } | ||
| 151 | |||
| 152 | ( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!"; | ||
| 153 | |||
| 154 | # function entry points from the AIX code | ||
| 155 | # | ||
| 156 | # There are other, more elegant, ways to handle this. We (IBM) chose | ||
| 157 | # this approach as it plays well with scripts we run to 'namespace' | ||
| 158 | # OpenSSL .i.e. we add a prefix to all the public symbols so we can | ||
| 159 | # co-exist in the same process with other implementations of OpenSSL. | ||
| 160 | # 'cleverer' ways of doing these substitutions tend to hide data we | ||
| 161 | # need to be obvious. | ||
| 162 | # | ||
| 163 | my @items = ("bn_sqr_comba4", | ||
| 164 | "bn_sqr_comba8", | ||
| 165 | "bn_mul_comba4", | ||
| 166 | "bn_mul_comba8", | ||
| 167 | "bn_sub_words", | ||
| 168 | "bn_add_words", | ||
| 169 | "bn_div_words", | ||
| 170 | "bn_sqr_words", | ||
| 171 | "bn_mul_words", | ||
| 172 | "bn_mul_add_words"); | ||
| 173 | |||
| 174 | if ($opf =~ /linux/) { do_linux(); } | ||
| 175 | elsif ($opf =~ /aix/) { do_aix(); } | ||
| 176 | elsif ($opf =~ /osx/) { do_osx(); } | ||
| 177 | else { do_bsd(); } | ||
| 178 | |||
| 179 | sub do_linux { | ||
| 180 | $d=&data(); | ||
| 181 | |||
| 182 | if ($BITS==64) { | ||
| 183 | foreach $t (@items) { | ||
| 184 | $d =~ s/\.$t:/\ | ||
| 185 | \t.section\t".opd","aw"\ | ||
| 186 | \t.align\t3\ | ||
| 187 | \t.globl\t$t\ | ||
| 188 | $t:\ | ||
| 189 | \t.quad\t.$t,.TOC.\@tocbase,0\ | ||
| 190 | \t.size\t$t,24\ | ||
| 191 | \t.previous\n\ | ||
| 192 | \t.type\t.$t,\@function\ | ||
| 193 | \t.globl\t.$t\ | ||
| 194 | .$t:/g; | ||
| 195 | } | ||
| 196 | } | ||
| 197 | else { | ||
| 198 | foreach $t (@items) { | ||
| 199 | $d=~s/\.$t/$t/g; | ||
| 200 | } | ||
| 201 | } | ||
| 202 | # hide internal labels to avoid pollution of name table... | ||
| 203 | $d=~s/Lppcasm_/.Lppcasm_/gm; | ||
| 204 | print $d; | ||
| 205 | } | ||
| 206 | |||
| 207 | sub do_aix { | ||
| 208 | # AIX assembler is smart enough to please the linker without | ||
| 209 | # making us do something special... | ||
| 210 | print &data(); | ||
| 211 | } | ||
| 212 | |||
| 213 | # MacOSX 32 bit | ||
| 214 | sub do_osx { | ||
| 215 | $d=&data(); | ||
| 216 | # Change the bn symbol prefix from '.' to '_' | ||
| 217 | foreach $t (@items) { | ||
| 218 | $d=~s/\.$t/_$t/g; | ||
| 219 | } | ||
| 220 | # Change .machine to something OS X asm will accept | ||
| 221 | $d=~s/\.machine.*/.text/g; | ||
| 222 | $d=~s/\#/;/g; # change comment from '#' to ';' | ||
| 223 | print $d; | ||
| 224 | } | ||
| 225 | |||
| 226 | # BSD (Untested) | ||
| 227 | sub do_bsd { | ||
| 228 | $d=&data(); | ||
| 229 | foreach $t (@items) { | ||
| 230 | $d=~s/\.$t/_$t/g; | ||
| 231 | } | ||
| 232 | print $d; | ||
| 233 | } | ||
| 234 | |||
| 235 | sub data { | ||
| 236 | local($data)=<<EOF; | ||
| 237 | #-------------------------------------------------------------------- | ||
| 238 | # | ||
| 239 | # | ||
| 240 | # | ||
| 241 | # | ||
| 242 | # File: ppc32.s | ||
| 243 | # | ||
| 244 | # Created by: Suresh Chari | ||
| 245 | # IBM Thomas J. Watson Research Library | ||
| 246 | # Hawthorne, NY | ||
| 247 | # | ||
| 248 | # | ||
| 249 | # Description: Optimized assembly routines for OpenSSL crypto | ||
| 250 | # on the 32 bitPowerPC platform. | ||
| 251 | # | ||
| 252 | # | ||
| 253 | # Version History | ||
| 254 | # | ||
| 255 | # 2. Fixed bn_add,bn_sub and bn_div_words, added comments, | ||
| 256 | # cleaned up code. Also made a single version which can | ||
| 257 | # be used for both the AIX and Linux compilers. See NOTE | ||
| 258 | # below. | ||
| 259 | # 12/05/03 Suresh Chari | ||
| 260 | # (with lots of help from) Andy Polyakov | ||
| 261 | ## | ||
| 262 | # 1. Initial version 10/20/02 Suresh Chari | ||
| 263 | # | ||
| 264 | # | ||
| 265 | # The following file works for the xlc,cc | ||
| 266 | # and gcc compilers. | ||
| 267 | # | ||
| 268 | # NOTE: To get the file to link correctly with the gcc compiler | ||
| 269 | # you have to change the names of the routines and remove | ||
| 270 | # the first .(dot) character. This should automatically | ||
| 271 | # be done in the build process. | ||
| 272 | # | ||
| 273 | # Hand optimized assembly code for the following routines | ||
| 274 | # | ||
| 275 | # bn_sqr_comba4 | ||
| 276 | # bn_sqr_comba8 | ||
| 277 | # bn_mul_comba4 | ||
| 278 | # bn_mul_comba8 | ||
| 279 | # bn_sub_words | ||
| 280 | # bn_add_words | ||
| 281 | # bn_div_words | ||
| 282 | # bn_sqr_words | ||
| 283 | # bn_mul_words | ||
| 284 | # bn_mul_add_words | ||
| 285 | # | ||
| 286 | # NOTE: It is possible to optimize this code more for | ||
| 287 | # specific PowerPC or Power architectures. On the Northstar | ||
| 288 | # architecture the optimizations in this file do | ||
| 289 | # NOT provide much improvement. | ||
| 290 | # | ||
| 291 | # If you have comments or suggestions to improve code send | ||
| 292 | # me a note at schari\@us.ibm.com | ||
| 293 | # | ||
| 294 | #-------------------------------------------------------------------------- | ||
| 295 | # | ||
| 296 | # Defines to be used in the assembly code. | ||
| 297 | # | ||
| 298 | .set r0,0 # we use it as storage for value of 0 | ||
| 299 | .set SP,1 # preserved | ||
| 300 | .set RTOC,2 # preserved | ||
| 301 | .set r3,3 # 1st argument/return value | ||
| 302 | .set r4,4 # 2nd argument/volatile register | ||
| 303 | .set r5,5 # 3rd argument/volatile register | ||
| 304 | .set r6,6 # ... | ||
| 305 | .set r7,7 | ||
| 306 | .set r8,8 | ||
| 307 | .set r9,9 | ||
| 308 | .set r10,10 | ||
| 309 | .set r11,11 | ||
| 310 | .set r12,12 | ||
| 311 | .set r13,13 # not used, nor any other "below" it... | ||
| 312 | |||
| 313 | .set BO_IF_NOT,4 | ||
| 314 | .set BO_IF,12 | ||
| 315 | .set BO_dCTR_NZERO,16 | ||
| 316 | .set BO_dCTR_ZERO,18 | ||
| 317 | .set BO_ALWAYS,20 | ||
| 318 | .set CR0_LT,0; | ||
| 319 | .set CR0_GT,1; | ||
| 320 | .set CR0_EQ,2 | ||
| 321 | .set CR1_FX,4; | ||
| 322 | .set CR1_FEX,5; | ||
| 323 | .set CR1_VX,6 | ||
| 324 | .set LR,8 | ||
| 325 | |||
| 326 | # Declare function names to be global | ||
| 327 | # NOTE: For gcc these names MUST be changed to remove | ||
| 328 | # the first . i.e. for example change ".bn_sqr_comba4" | ||
| 329 | # to "bn_sqr_comba4". This should be automatically done | ||
| 330 | # in the build. | ||
| 331 | |||
| 332 | .globl .bn_sqr_comba4 | ||
| 333 | .globl .bn_sqr_comba8 | ||
| 334 | .globl .bn_mul_comba4 | ||
| 335 | .globl .bn_mul_comba8 | ||
| 336 | .globl .bn_sub_words | ||
| 337 | .globl .bn_add_words | ||
| 338 | .globl .bn_div_words | ||
| 339 | .globl .bn_sqr_words | ||
| 340 | .globl .bn_mul_words | ||
| 341 | .globl .bn_mul_add_words | ||
| 342 | |||
| 343 | # .text section | ||
| 344 | |||
| 345 | .machine $ISA | ||
| 346 | |||
| 347 | # | ||
| 348 | # NOTE: The following label name should be changed to | ||
| 349 | # "bn_sqr_comba4" i.e. remove the first dot | ||
| 350 | # for the gcc compiler. This should be automatically | ||
| 351 | # done in the build | ||
| 352 | # | ||
| 353 | |||
| 354 | .align 4 | ||
| 355 | .bn_sqr_comba4: | ||
| 356 | # | ||
| 357 | # Optimized version of bn_sqr_comba4. | ||
| 358 | # | ||
| 359 | # void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) | ||
| 360 | # r3 contains r | ||
| 361 | # r4 contains a | ||
| 362 | # | ||
| 363 | # Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: | ||
| 364 | # | ||
| 365 | # r5,r6 are the two BN_ULONGs being multiplied. | ||
| 366 | # r7,r8 are the results of the 32x32 giving 64 bit multiply. | ||
| 367 | # r9,r10, r11 are the equivalents of c1,c2, c3. | ||
| 368 | # Here's the assembly | ||
| 369 | # | ||
| 370 | # | ||
| 371 | xor r0,r0,r0 # set r0 = 0. Used in the addze | ||
| 372 | # instructions below | ||
| 373 | |||
| 374 | #sqr_add_c(a,0,c1,c2,c3) | ||
| 375 | $LD r5,`0*$BNSZ`(r4) | ||
| 376 | $UMULL r9,r5,r5 | ||
| 377 | $UMULH r10,r5,r5 #in first iteration. No need | ||
| 378 | #to add since c1=c2=c3=0. | ||
| 379 | # Note c3(r11) is NOT set to 0 | ||
| 380 | # but will be. | ||
| 381 | |||
| 382 | $ST r9,`0*$BNSZ`(r3) # r[0]=c1; | ||
| 383 | # sqr_add_c2(a,1,0,c2,c3,c1); | ||
| 384 | $LD r6,`1*$BNSZ`(r4) | ||
| 385 | $UMULL r7,r5,r6 | ||
| 386 | $UMULH r8,r5,r6 | ||
| 387 | |||
| 388 | addc r7,r7,r7 # compute (r7,r8)=2*(r7,r8) | ||
| 389 | adde r8,r8,r8 | ||
| 390 | addze r9,r0 # catch carry if any. | ||
| 391 | # r9= r0(=0) and carry | ||
| 392 | |||
| 393 | addc r10,r7,r10 # now add to temp result. | ||
| 394 | addze r11,r8 # r8 added to r11 which is 0 | ||
| 395 | addze r9,r9 | ||
| 396 | |||
| 397 | $ST r10,`1*$BNSZ`(r3) #r[1]=c2; | ||
| 398 | #sqr_add_c(a,1,c3,c1,c2) | ||
| 399 | $UMULL r7,r6,r6 | ||
| 400 | $UMULH r8,r6,r6 | ||
| 401 | addc r11,r7,r11 | ||
| 402 | adde r9,r8,r9 | ||
| 403 | addze r10,r0 | ||
| 404 | #sqr_add_c2(a,2,0,c3,c1,c2) | ||
| 405 | $LD r6,`2*$BNSZ`(r4) | ||
| 406 | $UMULL r7,r5,r6 | ||
| 407 | $UMULH r8,r5,r6 | ||
| 408 | |||
| 409 | addc r7,r7,r7 | ||
| 410 | adde r8,r8,r8 | ||
| 411 | addze r10,r10 | ||
| 412 | |||
| 413 | addc r11,r7,r11 | ||
| 414 | adde r9,r8,r9 | ||
| 415 | addze r10,r10 | ||
| 416 | $ST r11,`2*$BNSZ`(r3) #r[2]=c3 | ||
| 417 | #sqr_add_c2(a,3,0,c1,c2,c3); | ||
| 418 | $LD r6,`3*$BNSZ`(r4) | ||
| 419 | $UMULL r7,r5,r6 | ||
| 420 | $UMULH r8,r5,r6 | ||
| 421 | addc r7,r7,r7 | ||
| 422 | adde r8,r8,r8 | ||
| 423 | addze r11,r0 | ||
| 424 | |||
| 425 | addc r9,r7,r9 | ||
| 426 | adde r10,r8,r10 | ||
| 427 | addze r11,r11 | ||
| 428 | #sqr_add_c2(a,2,1,c1,c2,c3); | ||
| 429 | $LD r5,`1*$BNSZ`(r4) | ||
| 430 | $LD r6,`2*$BNSZ`(r4) | ||
| 431 | $UMULL r7,r5,r6 | ||
| 432 | $UMULH r8,r5,r6 | ||
| 433 | |||
| 434 | addc r7,r7,r7 | ||
| 435 | adde r8,r8,r8 | ||
| 436 | addze r11,r11 | ||
| 437 | addc r9,r7,r9 | ||
| 438 | adde r10,r8,r10 | ||
| 439 | addze r11,r11 | ||
| 440 | $ST r9,`3*$BNSZ`(r3) #r[3]=c1 | ||
| 441 | #sqr_add_c(a,2,c2,c3,c1); | ||
| 442 | $UMULL r7,r6,r6 | ||
| 443 | $UMULH r8,r6,r6 | ||
| 444 | addc r10,r7,r10 | ||
| 445 | adde r11,r8,r11 | ||
| 446 | addze r9,r0 | ||
| 447 | #sqr_add_c2(a,3,1,c2,c3,c1); | ||
| 448 | $LD r6,`3*$BNSZ`(r4) | ||
| 449 | $UMULL r7,r5,r6 | ||
| 450 | $UMULH r8,r5,r6 | ||
| 451 | addc r7,r7,r7 | ||
| 452 | adde r8,r8,r8 | ||
| 453 | addze r9,r9 | ||
| 454 | |||
| 455 | addc r10,r7,r10 | ||
| 456 | adde r11,r8,r11 | ||
| 457 | addze r9,r9 | ||
| 458 | $ST r10,`4*$BNSZ`(r3) #r[4]=c2 | ||
| 459 | #sqr_add_c2(a,3,2,c3,c1,c2); | ||
| 460 | $LD r5,`2*$BNSZ`(r4) | ||
| 461 | $UMULL r7,r5,r6 | ||
| 462 | $UMULH r8,r5,r6 | ||
| 463 | addc r7,r7,r7 | ||
| 464 | adde r8,r8,r8 | ||
| 465 | addze r10,r0 | ||
| 466 | |||
| 467 | addc r11,r7,r11 | ||
| 468 | adde r9,r8,r9 | ||
| 469 | addze r10,r10 | ||
| 470 | $ST r11,`5*$BNSZ`(r3) #r[5] = c3 | ||
| 471 | #sqr_add_c(a,3,c1,c2,c3); | ||
| 472 | $UMULL r7,r6,r6 | ||
| 473 | $UMULH r8,r6,r6 | ||
| 474 | addc r9,r7,r9 | ||
| 475 | adde r10,r8,r10 | ||
| 476 | |||
| 477 | $ST r9,`6*$BNSZ`(r3) #r[6]=c1 | ||
| 478 | $ST r10,`7*$BNSZ`(r3) #r[7]=c2 | ||
| 479 | bclr BO_ALWAYS,CR0_LT | ||
| 480 | .long 0x00000000 | ||
| 481 | |||
| 482 | # | ||
| 483 | # NOTE: The following label name should be changed to | ||
| 484 | # "bn_sqr_comba8" i.e. remove the first dot | ||
| 485 | # for the gcc compiler. This should be automatically | ||
| 486 | # done in the build | ||
| 487 | # | ||
| 488 | |||
| 489 | .align 4 | ||
| 490 | .bn_sqr_comba8: | ||
| 491 | # | ||
| 492 | # This is an optimized version of the bn_sqr_comba8 routine. | ||
| 493 | # Tightly uses the adde instruction | ||
| 494 | # | ||
| 495 | # | ||
| 496 | # void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | ||
| 497 | # r3 contains r | ||
| 498 | # r4 contains a | ||
| 499 | # | ||
| 500 | # Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows: | ||
| 501 | # | ||
| 502 | # r5,r6 are the two BN_ULONGs being multiplied. | ||
| 503 | # r7,r8 are the results of the 32x32 giving 64 bit multiply. | ||
| 504 | # r9,r10, r11 are the equivalents of c1,c2, c3. | ||
| 505 | # | ||
| 506 | # Possible optimization of loading all 8 longs of a into registers | ||
| 507 | # doesnt provide any speedup | ||
| 508 | # | ||
| 509 | |||
| 510 | xor r0,r0,r0 #set r0 = 0.Used in addze | ||
| 511 | #instructions below. | ||
| 512 | |||
| 513 | #sqr_add_c(a,0,c1,c2,c3); | ||
| 514 | $LD r5,`0*$BNSZ`(r4) | ||
| 515 | $UMULL r9,r5,r5 #1st iteration: no carries. | ||
| 516 | $UMULH r10,r5,r5 | ||
| 517 | $ST r9,`0*$BNSZ`(r3) # r[0]=c1; | ||
| 518 | #sqr_add_c2(a,1,0,c2,c3,c1); | ||
| 519 | $LD r6,`1*$BNSZ`(r4) | ||
| 520 | $UMULL r7,r5,r6 | ||
| 521 | $UMULH r8,r5,r6 | ||
| 522 | |||
| 523 | addc r10,r7,r10 #add the two register number | ||
| 524 | adde r11,r8,r0 # (r8,r7) to the three register | ||
| 525 | addze r9,r0 # number (r9,r11,r10).NOTE:r0=0 | ||
| 526 | |||
| 527 | addc r10,r7,r10 #add the two register number | ||
| 528 | adde r11,r8,r11 # (r8,r7) to the three register | ||
| 529 | addze r9,r9 # number (r9,r11,r10). | ||
| 530 | |||
| 531 | $ST r10,`1*$BNSZ`(r3) # r[1]=c2 | ||
| 532 | |||
| 533 | #sqr_add_c(a,1,c3,c1,c2); | ||
| 534 | $UMULL r7,r6,r6 | ||
| 535 | $UMULH r8,r6,r6 | ||
| 536 | addc r11,r7,r11 | ||
| 537 | adde r9,r8,r9 | ||
| 538 | addze r10,r0 | ||
| 539 | #sqr_add_c2(a,2,0,c3,c1,c2); | ||
| 540 | $LD r6,`2*$BNSZ`(r4) | ||
| 541 | $UMULL r7,r5,r6 | ||
| 542 | $UMULH r8,r5,r6 | ||
| 543 | |||
| 544 | addc r11,r7,r11 | ||
| 545 | adde r9,r8,r9 | ||
| 546 | addze r10,r10 | ||
| 547 | |||
| 548 | addc r11,r7,r11 | ||
| 549 | adde r9,r8,r9 | ||
| 550 | addze r10,r10 | ||
| 551 | |||
| 552 | $ST r11,`2*$BNSZ`(r3) #r[2]=c3 | ||
| 553 | #sqr_add_c2(a,3,0,c1,c2,c3); | ||
| 554 | $LD r6,`3*$BNSZ`(r4) #r6 = a[3]. r5 is already a[0]. | ||
| 555 | $UMULL r7,r5,r6 | ||
| 556 | $UMULH r8,r5,r6 | ||
| 557 | |||
| 558 | addc r9,r7,r9 | ||
| 559 | adde r10,r8,r10 | ||
| 560 | addze r11,r0 | ||
| 561 | |||
| 562 | addc r9,r7,r9 | ||
| 563 | adde r10,r8,r10 | ||
| 564 | addze r11,r11 | ||
| 565 | #sqr_add_c2(a,2,1,c1,c2,c3); | ||
| 566 | $LD r5,`1*$BNSZ`(r4) | ||
| 567 | $LD r6,`2*$BNSZ`(r4) | ||
| 568 | $UMULL r7,r5,r6 | ||
| 569 | $UMULH r8,r5,r6 | ||
| 570 | |||
| 571 | addc r9,r7,r9 | ||
| 572 | adde r10,r8,r10 | ||
| 573 | addze r11,r11 | ||
| 574 | |||
| 575 | addc r9,r7,r9 | ||
| 576 | adde r10,r8,r10 | ||
| 577 | addze r11,r11 | ||
| 578 | |||
| 579 | $ST r9,`3*$BNSZ`(r3) #r[3]=c1; | ||
| 580 | #sqr_add_c(a,2,c2,c3,c1); | ||
| 581 | $UMULL r7,r6,r6 | ||
| 582 | $UMULH r8,r6,r6 | ||
| 583 | |||
| 584 | addc r10,r7,r10 | ||
| 585 | adde r11,r8,r11 | ||
| 586 | addze r9,r0 | ||
| 587 | #sqr_add_c2(a,3,1,c2,c3,c1); | ||
| 588 | $LD r6,`3*$BNSZ`(r4) | ||
| 589 | $UMULL r7,r5,r6 | ||
| 590 | $UMULH r8,r5,r6 | ||
| 591 | |||
| 592 | addc r10,r7,r10 | ||
| 593 | adde r11,r8,r11 | ||
| 594 | addze r9,r9 | ||
| 595 | |||
| 596 | addc r10,r7,r10 | ||
| 597 | adde r11,r8,r11 | ||
| 598 | addze r9,r9 | ||
| 599 | #sqr_add_c2(a,4,0,c2,c3,c1); | ||
| 600 | $LD r5,`0*$BNSZ`(r4) | ||
| 601 | $LD r6,`4*$BNSZ`(r4) | ||
| 602 | $UMULL r7,r5,r6 | ||
| 603 | $UMULH r8,r5,r6 | ||
| 604 | |||
| 605 | addc r10,r7,r10 | ||
| 606 | adde r11,r8,r11 | ||
| 607 | addze r9,r9 | ||
| 608 | |||
| 609 | addc r10,r7,r10 | ||
| 610 | adde r11,r8,r11 | ||
| 611 | addze r9,r9 | ||
| 612 | $ST r10,`4*$BNSZ`(r3) #r[4]=c2; | ||
| 613 | #sqr_add_c2(a,5,0,c3,c1,c2); | ||
| 614 | $LD r6,`5*$BNSZ`(r4) | ||
| 615 | $UMULL r7,r5,r6 | ||
| 616 | $UMULH r8,r5,r6 | ||
| 617 | |||
| 618 | addc r11,r7,r11 | ||
| 619 | adde r9,r8,r9 | ||
| 620 | addze r10,r0 | ||
| 621 | |||
| 622 | addc r11,r7,r11 | ||
| 623 | adde r9,r8,r9 | ||
| 624 | addze r10,r10 | ||
| 625 | #sqr_add_c2(a,4,1,c3,c1,c2); | ||
| 626 | $LD r5,`1*$BNSZ`(r4) | ||
| 627 | $LD r6,`4*$BNSZ`(r4) | ||
| 628 | $UMULL r7,r5,r6 | ||
| 629 | $UMULH r8,r5,r6 | ||
| 630 | |||
| 631 | addc r11,r7,r11 | ||
| 632 | adde r9,r8,r9 | ||
| 633 | addze r10,r10 | ||
| 634 | |||
| 635 | addc r11,r7,r11 | ||
| 636 | adde r9,r8,r9 | ||
| 637 | addze r10,r10 | ||
| 638 | #sqr_add_c2(a,3,2,c3,c1,c2); | ||
| 639 | $LD r5,`2*$BNSZ`(r4) | ||
| 640 | $LD r6,`3*$BNSZ`(r4) | ||
| 641 | $UMULL r7,r5,r6 | ||
| 642 | $UMULH r8,r5,r6 | ||
| 643 | |||
| 644 | addc r11,r7,r11 | ||
| 645 | adde r9,r8,r9 | ||
| 646 | addze r10,r10 | ||
| 647 | |||
| 648 | addc r11,r7,r11 | ||
| 649 | adde r9,r8,r9 | ||
| 650 | addze r10,r10 | ||
| 651 | $ST r11,`5*$BNSZ`(r3) #r[5]=c3; | ||
| 652 | #sqr_add_c(a,3,c1,c2,c3); | ||
| 653 | $UMULL r7,r6,r6 | ||
| 654 | $UMULH r8,r6,r6 | ||
| 655 | addc r9,r7,r9 | ||
| 656 | adde r10,r8,r10 | ||
| 657 | addze r11,r0 | ||
| 658 | #sqr_add_c2(a,4,2,c1,c2,c3); | ||
| 659 | $LD r6,`4*$BNSZ`(r4) | ||
| 660 | $UMULL r7,r5,r6 | ||
| 661 | $UMULH r8,r5,r6 | ||
| 662 | |||
| 663 | addc r9,r7,r9 | ||
| 664 | adde r10,r8,r10 | ||
| 665 | addze r11,r11 | ||
| 666 | |||
| 667 | addc r9,r7,r9 | ||
| 668 | adde r10,r8,r10 | ||
| 669 | addze r11,r11 | ||
| 670 | #sqr_add_c2(a,5,1,c1,c2,c3); | ||
| 671 | $LD r5,`1*$BNSZ`(r4) | ||
| 672 | $LD r6,`5*$BNSZ`(r4) | ||
| 673 | $UMULL r7,r5,r6 | ||
| 674 | $UMULH r8,r5,r6 | ||
| 675 | |||
| 676 | addc r9,r7,r9 | ||
| 677 | adde r10,r8,r10 | ||
| 678 | addze r11,r11 | ||
| 679 | |||
| 680 | addc r9,r7,r9 | ||
| 681 | adde r10,r8,r10 | ||
| 682 | addze r11,r11 | ||
| 683 | #sqr_add_c2(a,6,0,c1,c2,c3); | ||
| 684 | $LD r5,`0*$BNSZ`(r4) | ||
| 685 | $LD r6,`6*$BNSZ`(r4) | ||
| 686 | $UMULL r7,r5,r6 | ||
| 687 | $UMULH r8,r5,r6 | ||
| 688 | addc r9,r7,r9 | ||
| 689 | adde r10,r8,r10 | ||
| 690 | addze r11,r11 | ||
| 691 | addc r9,r7,r9 | ||
| 692 | adde r10,r8,r10 | ||
| 693 | addze r11,r11 | ||
| 694 | $ST r9,`6*$BNSZ`(r3) #r[6]=c1; | ||
| 695 | #sqr_add_c2(a,7,0,c2,c3,c1); | ||
| 696 | $LD r6,`7*$BNSZ`(r4) | ||
| 697 | $UMULL r7,r5,r6 | ||
| 698 | $UMULH r8,r5,r6 | ||
| 699 | |||
| 700 | addc r10,r7,r10 | ||
| 701 | adde r11,r8,r11 | ||
| 702 | addze r9,r0 | ||
| 703 | addc r10,r7,r10 | ||
| 704 | adde r11,r8,r11 | ||
| 705 | addze r9,r9 | ||
| 706 | #sqr_add_c2(a,6,1,c2,c3,c1); | ||
| 707 | $LD r5,`1*$BNSZ`(r4) | ||
| 708 | $LD r6,`6*$BNSZ`(r4) | ||
| 709 | $UMULL r7,r5,r6 | ||
| 710 | $UMULH r8,r5,r6 | ||
| 711 | |||
| 712 | addc r10,r7,r10 | ||
| 713 | adde r11,r8,r11 | ||
| 714 | addze r9,r9 | ||
| 715 | addc r10,r7,r10 | ||
| 716 | adde r11,r8,r11 | ||
| 717 | addze r9,r9 | ||
| 718 | #sqr_add_c2(a,5,2,c2,c3,c1); | ||
| 719 | $LD r5,`2*$BNSZ`(r4) | ||
| 720 | $LD r6,`5*$BNSZ`(r4) | ||
| 721 | $UMULL r7,r5,r6 | ||
| 722 | $UMULH r8,r5,r6 | ||
| 723 | addc r10,r7,r10 | ||
| 724 | adde r11,r8,r11 | ||
| 725 | addze r9,r9 | ||
| 726 | addc r10,r7,r10 | ||
| 727 | adde r11,r8,r11 | ||
| 728 | addze r9,r9 | ||
| 729 | #sqr_add_c2(a,4,3,c2,c3,c1); | ||
| 730 | $LD r5,`3*$BNSZ`(r4) | ||
| 731 | $LD r6,`4*$BNSZ`(r4) | ||
| 732 | $UMULL r7,r5,r6 | ||
| 733 | $UMULH r8,r5,r6 | ||
| 734 | |||
| 735 | addc r10,r7,r10 | ||
| 736 | adde r11,r8,r11 | ||
| 737 | addze r9,r9 | ||
| 738 | addc r10,r7,r10 | ||
| 739 | adde r11,r8,r11 | ||
| 740 | addze r9,r9 | ||
| 741 | $ST r10,`7*$BNSZ`(r3) #r[7]=c2; | ||
| 742 | #sqr_add_c(a,4,c3,c1,c2); | ||
| 743 | $UMULL r7,r6,r6 | ||
| 744 | $UMULH r8,r6,r6 | ||
| 745 | addc r11,r7,r11 | ||
| 746 | adde r9,r8,r9 | ||
| 747 | addze r10,r0 | ||
| 748 | #sqr_add_c2(a,5,3,c3,c1,c2); | ||
| 749 | $LD r6,`5*$BNSZ`(r4) | ||
| 750 | $UMULL r7,r5,r6 | ||
| 751 | $UMULH r8,r5,r6 | ||
| 752 | addc r11,r7,r11 | ||
| 753 | adde r9,r8,r9 | ||
| 754 | addze r10,r10 | ||
| 755 | addc r11,r7,r11 | ||
| 756 | adde r9,r8,r9 | ||
| 757 | addze r10,r10 | ||
| 758 | #sqr_add_c2(a,6,2,c3,c1,c2); | ||
| 759 | $LD r5,`2*$BNSZ`(r4) | ||
| 760 | $LD r6,`6*$BNSZ`(r4) | ||
| 761 | $UMULL r7,r5,r6 | ||
| 762 | $UMULH r8,r5,r6 | ||
| 763 | addc r11,r7,r11 | ||
| 764 | adde r9,r8,r9 | ||
| 765 | addze r10,r10 | ||
| 766 | |||
| 767 | addc r11,r7,r11 | ||
| 768 | adde r9,r8,r9 | ||
| 769 | addze r10,r10 | ||
| 770 | #sqr_add_c2(a,7,1,c3,c1,c2); | ||
| 771 | $LD r5,`1*$BNSZ`(r4) | ||
| 772 | $LD r6,`7*$BNSZ`(r4) | ||
| 773 | $UMULL r7,r5,r6 | ||
| 774 | $UMULH r8,r5,r6 | ||
| 775 | addc r11,r7,r11 | ||
| 776 | adde r9,r8,r9 | ||
| 777 | addze r10,r10 | ||
| 778 | addc r11,r7,r11 | ||
| 779 | adde r9,r8,r9 | ||
| 780 | addze r10,r10 | ||
| 781 | $ST r11,`8*$BNSZ`(r3) #r[8]=c3; | ||
| 782 | #sqr_add_c2(a,7,2,c1,c2,c3); | ||
| 783 | $LD r5,`2*$BNSZ`(r4) | ||
| 784 | $UMULL r7,r5,r6 | ||
| 785 | $UMULH r8,r5,r6 | ||
| 786 | |||
| 787 | addc r9,r7,r9 | ||
| 788 | adde r10,r8,r10 | ||
| 789 | addze r11,r0 | ||
| 790 | addc r9,r7,r9 | ||
| 791 | adde r10,r8,r10 | ||
| 792 | addze r11,r11 | ||
| 793 | #sqr_add_c2(a,6,3,c1,c2,c3); | ||
| 794 | $LD r5,`3*$BNSZ`(r4) | ||
| 795 | $LD r6,`6*$BNSZ`(r4) | ||
| 796 | $UMULL r7,r5,r6 | ||
| 797 | $UMULH r8,r5,r6 | ||
| 798 | addc r9,r7,r9 | ||
| 799 | adde r10,r8,r10 | ||
| 800 | addze r11,r11 | ||
| 801 | addc r9,r7,r9 | ||
| 802 | adde r10,r8,r10 | ||
| 803 | addze r11,r11 | ||
| 804 | #sqr_add_c2(a,5,4,c1,c2,c3); | ||
| 805 | $LD r5,`4*$BNSZ`(r4) | ||
| 806 | $LD r6,`5*$BNSZ`(r4) | ||
| 807 | $UMULL r7,r5,r6 | ||
| 808 | $UMULH r8,r5,r6 | ||
| 809 | addc r9,r7,r9 | ||
| 810 | adde r10,r8,r10 | ||
| 811 | addze r11,r11 | ||
| 812 | addc r9,r7,r9 | ||
| 813 | adde r10,r8,r10 | ||
| 814 | addze r11,r11 | ||
| 815 | $ST r9,`9*$BNSZ`(r3) #r[9]=c1; | ||
| 816 | #sqr_add_c(a,5,c2,c3,c1); | ||
| 817 | $UMULL r7,r6,r6 | ||
| 818 | $UMULH r8,r6,r6 | ||
| 819 | addc r10,r7,r10 | ||
| 820 | adde r11,r8,r11 | ||
| 821 | addze r9,r0 | ||
| 822 | #sqr_add_c2(a,6,4,c2,c3,c1); | ||
| 823 | $LD r6,`6*$BNSZ`(r4) | ||
| 824 | $UMULL r7,r5,r6 | ||
| 825 | $UMULH r8,r5,r6 | ||
| 826 | addc r10,r7,r10 | ||
| 827 | adde r11,r8,r11 | ||
| 828 | addze r9,r9 | ||
| 829 | addc r10,r7,r10 | ||
| 830 | adde r11,r8,r11 | ||
| 831 | addze r9,r9 | ||
| 832 | #sqr_add_c2(a,7,3,c2,c3,c1); | ||
| 833 | $LD r5,`3*$BNSZ`(r4) | ||
| 834 | $LD r6,`7*$BNSZ`(r4) | ||
| 835 | $UMULL r7,r5,r6 | ||
| 836 | $UMULH r8,r5,r6 | ||
| 837 | addc r10,r7,r10 | ||
| 838 | adde r11,r8,r11 | ||
| 839 | addze r9,r9 | ||
| 840 | addc r10,r7,r10 | ||
| 841 | adde r11,r8,r11 | ||
| 842 | addze r9,r9 | ||
| 843 | $ST r10,`10*$BNSZ`(r3) #r[10]=c2; | ||
| 844 | #sqr_add_c2(a,7,4,c3,c1,c2); | ||
| 845 | $LD r5,`4*$BNSZ`(r4) | ||
| 846 | $UMULL r7,r5,r6 | ||
| 847 | $UMULH r8,r5,r6 | ||
| 848 | addc r11,r7,r11 | ||
| 849 | adde r9,r8,r9 | ||
| 850 | addze r10,r0 | ||
| 851 | addc r11,r7,r11 | ||
| 852 | adde r9,r8,r9 | ||
| 853 | addze r10,r10 | ||
| 854 | #sqr_add_c2(a,6,5,c3,c1,c2); | ||
| 855 | $LD r5,`5*$BNSZ`(r4) | ||
| 856 | $LD r6,`6*$BNSZ`(r4) | ||
| 857 | $UMULL r7,r5,r6 | ||
| 858 | $UMULH r8,r5,r6 | ||
| 859 | addc r11,r7,r11 | ||
| 860 | adde r9,r8,r9 | ||
| 861 | addze r10,r10 | ||
| 862 | addc r11,r7,r11 | ||
| 863 | adde r9,r8,r9 | ||
| 864 | addze r10,r10 | ||
| 865 | $ST r11,`11*$BNSZ`(r3) #r[11]=c3; | ||
| 866 | #sqr_add_c(a,6,c1,c2,c3); | ||
| 867 | $UMULL r7,r6,r6 | ||
| 868 | $UMULH r8,r6,r6 | ||
| 869 | addc r9,r7,r9 | ||
| 870 | adde r10,r8,r10 | ||
| 871 | addze r11,r0 | ||
| 872 | #sqr_add_c2(a,7,5,c1,c2,c3) | ||
| 873 | $LD r6,`7*$BNSZ`(r4) | ||
| 874 | $UMULL r7,r5,r6 | ||
| 875 | $UMULH r8,r5,r6 | ||
| 876 | addc r9,r7,r9 | ||
| 877 | adde r10,r8,r10 | ||
| 878 | addze r11,r11 | ||
| 879 | addc r9,r7,r9 | ||
| 880 | adde r10,r8,r10 | ||
| 881 | addze r11,r11 | ||
| 882 | $ST r9,`12*$BNSZ`(r3) #r[12]=c1; | ||
| 883 | |||
| 884 | #sqr_add_c2(a,7,6,c2,c3,c1) | ||
| 885 | $LD r5,`6*$BNSZ`(r4) | ||
| 886 | $UMULL r7,r5,r6 | ||
| 887 | $UMULH r8,r5,r6 | ||
| 888 | addc r10,r7,r10 | ||
| 889 | adde r11,r8,r11 | ||
| 890 | addze r9,r0 | ||
| 891 | addc r10,r7,r10 | ||
| 892 | adde r11,r8,r11 | ||
| 893 | addze r9,r9 | ||
| 894 | $ST r10,`13*$BNSZ`(r3) #r[13]=c2; | ||
| 895 | #sqr_add_c(a,7,c3,c1,c2); | ||
| 896 | $UMULL r7,r6,r6 | ||
| 897 | $UMULH r8,r6,r6 | ||
| 898 | addc r11,r7,r11 | ||
| 899 | adde r9,r8,r9 | ||
| 900 | $ST r11,`14*$BNSZ`(r3) #r[14]=c3; | ||
| 901 | $ST r9, `15*$BNSZ`(r3) #r[15]=c1; | ||
| 902 | |||
| 903 | |||
| 904 | bclr BO_ALWAYS,CR0_LT | ||
| 905 | |||
| 906 | .long 0x00000000 | ||
| 907 | |||
| 908 | # | ||
| 909 | # NOTE: The following label name should be changed to | ||
| 910 | # "bn_mul_comba4" i.e. remove the first dot | ||
| 911 | # for the gcc compiler. This should be automatically | ||
| 912 | # done in the build | ||
| 913 | # | ||
| 914 | |||
| 915 | .align 4 | ||
| 916 | .bn_mul_comba4: | ||
| 917 | # | ||
| 918 | # This is an optimized version of the bn_mul_comba4 routine. | ||
| 919 | # | ||
| 920 | # void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | ||
| 921 | # r3 contains r | ||
| 922 | # r4 contains a | ||
| 923 | # r5 contains b | ||
| 924 | # r6, r7 are the 2 BN_ULONGs being multiplied. | ||
| 925 | # r8, r9 are the results of the 32x32 giving 64 multiply. | ||
| 926 | # r10, r11, r12 are the equivalents of c1, c2, and c3. | ||
| 927 | # | ||
| 928 | xor r0,r0,r0 #r0=0. Used in addze below. | ||
| 929 | #mul_add_c(a[0],b[0],c1,c2,c3); | ||
| 930 | $LD r6,`0*$BNSZ`(r4) | ||
| 931 | $LD r7,`0*$BNSZ`(r5) | ||
| 932 | $UMULL r10,r6,r7 | ||
| 933 | $UMULH r11,r6,r7 | ||
| 934 | $ST r10,`0*$BNSZ`(r3) #r[0]=c1 | ||
| 935 | #mul_add_c(a[0],b[1],c2,c3,c1); | ||
| 936 | $LD r7,`1*$BNSZ`(r5) | ||
| 937 | $UMULL r8,r6,r7 | ||
| 938 | $UMULH r9,r6,r7 | ||
| 939 | addc r11,r8,r11 | ||
| 940 | adde r12,r9,r0 | ||
| 941 | addze r10,r0 | ||
| 942 | #mul_add_c(a[1],b[0],c2,c3,c1); | ||
| 943 | $LD r6, `1*$BNSZ`(r4) | ||
| 944 | $LD r7, `0*$BNSZ`(r5) | ||
| 945 | $UMULL r8,r6,r7 | ||
| 946 | $UMULH r9,r6,r7 | ||
| 947 | addc r11,r8,r11 | ||
| 948 | adde r12,r9,r12 | ||
| 949 | addze r10,r10 | ||
| 950 | $ST r11,`1*$BNSZ`(r3) #r[1]=c2 | ||
| 951 | #mul_add_c(a[2],b[0],c3,c1,c2); | ||
| 952 | $LD r6,`2*$BNSZ`(r4) | ||
| 953 | $UMULL r8,r6,r7 | ||
| 954 | $UMULH r9,r6,r7 | ||
| 955 | addc r12,r8,r12 | ||
| 956 | adde r10,r9,r10 | ||
| 957 | addze r11,r0 | ||
| 958 | #mul_add_c(a[1],b[1],c3,c1,c2); | ||
| 959 | $LD r6,`1*$BNSZ`(r4) | ||
| 960 | $LD r7,`1*$BNSZ`(r5) | ||
| 961 | $UMULL r8,r6,r7 | ||
| 962 | $UMULH r9,r6,r7 | ||
| 963 | addc r12,r8,r12 | ||
| 964 | adde r10,r9,r10 | ||
| 965 | addze r11,r11 | ||
| 966 | #mul_add_c(a[0],b[2],c3,c1,c2); | ||
| 967 | $LD r6,`0*$BNSZ`(r4) | ||
| 968 | $LD r7,`2*$BNSZ`(r5) | ||
| 969 | $UMULL r8,r6,r7 | ||
| 970 | $UMULH r9,r6,r7 | ||
| 971 | addc r12,r8,r12 | ||
| 972 | adde r10,r9,r10 | ||
| 973 | addze r11,r11 | ||
| 974 | $ST r12,`2*$BNSZ`(r3) #r[2]=c3 | ||
| 975 | #mul_add_c(a[0],b[3],c1,c2,c3); | ||
| 976 | $LD r7,`3*$BNSZ`(r5) | ||
| 977 | $UMULL r8,r6,r7 | ||
| 978 | $UMULH r9,r6,r7 | ||
| 979 | addc r10,r8,r10 | ||
| 980 | adde r11,r9,r11 | ||
| 981 | addze r12,r0 | ||
| 982 | #mul_add_c(a[1],b[2],c1,c2,c3); | ||
| 983 | $LD r6,`1*$BNSZ`(r4) | ||
| 984 | $LD r7,`2*$BNSZ`(r5) | ||
| 985 | $UMULL r8,r6,r7 | ||
| 986 | $UMULH r9,r6,r7 | ||
| 987 | addc r10,r8,r10 | ||
| 988 | adde r11,r9,r11 | ||
| 989 | addze r12,r12 | ||
| 990 | #mul_add_c(a[2],b[1],c1,c2,c3); | ||
| 991 | $LD r6,`2*$BNSZ`(r4) | ||
| 992 | $LD r7,`1*$BNSZ`(r5) | ||
| 993 | $UMULL r8,r6,r7 | ||
| 994 | $UMULH r9,r6,r7 | ||
| 995 | addc r10,r8,r10 | ||
| 996 | adde r11,r9,r11 | ||
| 997 | addze r12,r12 | ||
| 998 | #mul_add_c(a[3],b[0],c1,c2,c3); | ||
| 999 | $LD r6,`3*$BNSZ`(r4) | ||
| 1000 | $LD r7,`0*$BNSZ`(r5) | ||
| 1001 | $UMULL r8,r6,r7 | ||
| 1002 | $UMULH r9,r6,r7 | ||
| 1003 | addc r10,r8,r10 | ||
| 1004 | adde r11,r9,r11 | ||
| 1005 | addze r12,r12 | ||
| 1006 | $ST r10,`3*$BNSZ`(r3) #r[3]=c1 | ||
| 1007 | #mul_add_c(a[3],b[1],c2,c3,c1); | ||
| 1008 | $LD r7,`1*$BNSZ`(r5) | ||
| 1009 | $UMULL r8,r6,r7 | ||
| 1010 | $UMULH r9,r6,r7 | ||
| 1011 | addc r11,r8,r11 | ||
| 1012 | adde r12,r9,r12 | ||
| 1013 | addze r10,r0 | ||
| 1014 | #mul_add_c(a[2],b[2],c2,c3,c1); | ||
| 1015 | $LD r6,`2*$BNSZ`(r4) | ||
| 1016 | $LD r7,`2*$BNSZ`(r5) | ||
| 1017 | $UMULL r8,r6,r7 | ||
| 1018 | $UMULH r9,r6,r7 | ||
| 1019 | addc r11,r8,r11 | ||
| 1020 | adde r12,r9,r12 | ||
| 1021 | addze r10,r10 | ||
| 1022 | #mul_add_c(a[1],b[3],c2,c3,c1); | ||
| 1023 | $LD r6,`1*$BNSZ`(r4) | ||
| 1024 | $LD r7,`3*$BNSZ`(r5) | ||
| 1025 | $UMULL r8,r6,r7 | ||
| 1026 | $UMULH r9,r6,r7 | ||
| 1027 | addc r11,r8,r11 | ||
| 1028 | adde r12,r9,r12 | ||
| 1029 | addze r10,r10 | ||
| 1030 | $ST r11,`4*$BNSZ`(r3) #r[4]=c2 | ||
| 1031 | #mul_add_c(a[2],b[3],c3,c1,c2); | ||
| 1032 | $LD r6,`2*$BNSZ`(r4) | ||
| 1033 | $UMULL r8,r6,r7 | ||
| 1034 | $UMULH r9,r6,r7 | ||
| 1035 | addc r12,r8,r12 | ||
| 1036 | adde r10,r9,r10 | ||
| 1037 | addze r11,r0 | ||
| 1038 | #mul_add_c(a[3],b[2],c3,c1,c2); | ||
| 1039 | $LD r6,`3*$BNSZ`(r4) | ||
| 1040 | $LD r7,`2*$BNSZ`(r4) | ||
| 1041 | $UMULL r8,r6,r7 | ||
| 1042 | $UMULH r9,r6,r7 | ||
| 1043 | addc r12,r8,r12 | ||
| 1044 | adde r10,r9,r10 | ||
| 1045 | addze r11,r11 | ||
| 1046 | $ST r12,`5*$BNSZ`(r3) #r[5]=c3 | ||
| 1047 | #mul_add_c(a[3],b[3],c1,c2,c3); | ||
| 1048 | $LD r7,`3*$BNSZ`(r5) | ||
| 1049 | $UMULL r8,r6,r7 | ||
| 1050 | $UMULH r9,r6,r7 | ||
| 1051 | addc r10,r8,r10 | ||
| 1052 | adde r11,r9,r11 | ||
| 1053 | |||
| 1054 | $ST r10,`6*$BNSZ`(r3) #r[6]=c1 | ||
| 1055 | $ST r11,`7*$BNSZ`(r3) #r[7]=c2 | ||
| 1056 | bclr BO_ALWAYS,CR0_LT | ||
| 1057 | .long 0x00000000 | ||
| 1058 | |||
| 1059 | # | ||
| 1060 | # NOTE: The following label name should be changed to | ||
| 1061 | # "bn_mul_comba8" i.e. remove the first dot | ||
| 1062 | # for the gcc compiler. This should be automatically | ||
| 1063 | # done in the build | ||
| 1064 | # | ||
| 1065 | |||
| 1066 | .align 4 | ||
| 1067 | .bn_mul_comba8: | ||
| 1068 | # | ||
| 1069 | # Optimized version of the bn_mul_comba8 routine. | ||
| 1070 | # | ||
| 1071 | # void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | ||
| 1072 | # r3 contains r | ||
| 1073 | # r4 contains a | ||
| 1074 | # r5 contains b | ||
| 1075 | # r6, r7 are the 2 BN_ULONGs being multiplied. | ||
| 1076 | # r8, r9 are the results of the 32x32 giving 64 multiply. | ||
| 1077 | # r10, r11, r12 are the equivalents of c1, c2, and c3. | ||
| 1078 | # | ||
| 1079 | xor r0,r0,r0 #r0=0. Used in addze below. | ||
| 1080 | |||
| 1081 | #mul_add_c(a[0],b[0],c1,c2,c3); | ||
| 1082 | $LD r6,`0*$BNSZ`(r4) #a[0] | ||
| 1083 | $LD r7,`0*$BNSZ`(r5) #b[0] | ||
| 1084 | $UMULL r10,r6,r7 | ||
| 1085 | $UMULH r11,r6,r7 | ||
| 1086 | $ST r10,`0*$BNSZ`(r3) #r[0]=c1; | ||
| 1087 | #mul_add_c(a[0],b[1],c2,c3,c1); | ||
| 1088 | $LD r7,`1*$BNSZ`(r5) | ||
| 1089 | $UMULL r8,r6,r7 | ||
| 1090 | $UMULH r9,r6,r7 | ||
| 1091 | addc r11,r11,r8 | ||
| 1092 | addze r12,r9 # since we didnt set r12 to zero before. | ||
| 1093 | addze r10,r0 | ||
| 1094 | #mul_add_c(a[1],b[0],c2,c3,c1); | ||
| 1095 | $LD r6,`1*$BNSZ`(r4) | ||
| 1096 | $LD r7,`0*$BNSZ`(r5) | ||
| 1097 | $UMULL r8,r6,r7 | ||
| 1098 | $UMULH r9,r6,r7 | ||
| 1099 | addc r11,r11,r8 | ||
| 1100 | adde r12,r12,r9 | ||
| 1101 | addze r10,r10 | ||
| 1102 | $ST r11,`1*$BNSZ`(r3) #r[1]=c2; | ||
| 1103 | #mul_add_c(a[2],b[0],c3,c1,c2); | ||
| 1104 | $LD r6,`2*$BNSZ`(r4) | ||
| 1105 | $UMULL r8,r6,r7 | ||
| 1106 | $UMULH r9,r6,r7 | ||
| 1107 | addc r12,r12,r8 | ||
| 1108 | adde r10,r10,r9 | ||
| 1109 | addze r11,r0 | ||
| 1110 | #mul_add_c(a[1],b[1],c3,c1,c2); | ||
| 1111 | $LD r6,`1*$BNSZ`(r4) | ||
| 1112 | $LD r7,`1*$BNSZ`(r5) | ||
| 1113 | $UMULL r8,r6,r7 | ||
| 1114 | $UMULH r9,r6,r7 | ||
| 1115 | addc r12,r12,r8 | ||
| 1116 | adde r10,r10,r9 | ||
| 1117 | addze r11,r11 | ||
| 1118 | #mul_add_c(a[0],b[2],c3,c1,c2); | ||
| 1119 | $LD r6,`0*$BNSZ`(r4) | ||
| 1120 | $LD r7,`2*$BNSZ`(r5) | ||
| 1121 | $UMULL r8,r6,r7 | ||
| 1122 | $UMULH r9,r6,r7 | ||
| 1123 | addc r12,r12,r8 | ||
| 1124 | adde r10,r10,r9 | ||
| 1125 | addze r11,r11 | ||
| 1126 | $ST r12,`2*$BNSZ`(r3) #r[2]=c3; | ||
| 1127 | #mul_add_c(a[0],b[3],c1,c2,c3); | ||
| 1128 | $LD r7,`3*$BNSZ`(r5) | ||
| 1129 | $UMULL r8,r6,r7 | ||
| 1130 | $UMULH r9,r6,r7 | ||
| 1131 | addc r10,r10,r8 | ||
| 1132 | adde r11,r11,r9 | ||
| 1133 | addze r12,r0 | ||
| 1134 | #mul_add_c(a[1],b[2],c1,c2,c3); | ||
| 1135 | $LD r6,`1*$BNSZ`(r4) | ||
| 1136 | $LD r7,`2*$BNSZ`(r5) | ||
| 1137 | $UMULL r8,r6,r7 | ||
| 1138 | $UMULH r9,r6,r7 | ||
| 1139 | addc r10,r10,r8 | ||
| 1140 | adde r11,r11,r9 | ||
| 1141 | addze r12,r12 | ||
| 1142 | |||
| 1143 | #mul_add_c(a[2],b[1],c1,c2,c3); | ||
| 1144 | $LD r6,`2*$BNSZ`(r4) | ||
| 1145 | $LD r7,`1*$BNSZ`(r5) | ||
| 1146 | $UMULL r8,r6,r7 | ||
| 1147 | $UMULH r9,r6,r7 | ||
| 1148 | addc r10,r10,r8 | ||
| 1149 | adde r11,r11,r9 | ||
| 1150 | addze r12,r12 | ||
| 1151 | #mul_add_c(a[3],b[0],c1,c2,c3); | ||
| 1152 | $LD r6,`3*$BNSZ`(r4) | ||
| 1153 | $LD r7,`0*$BNSZ`(r5) | ||
| 1154 | $UMULL r8,r6,r7 | ||
| 1155 | $UMULH r9,r6,r7 | ||
| 1156 | addc r10,r10,r8 | ||
| 1157 | adde r11,r11,r9 | ||
| 1158 | addze r12,r12 | ||
| 1159 | $ST r10,`3*$BNSZ`(r3) #r[3]=c1; | ||
| 1160 | #mul_add_c(a[4],b[0],c2,c3,c1); | ||
| 1161 | $LD r6,`4*$BNSZ`(r4) | ||
| 1162 | $UMULL r8,r6,r7 | ||
| 1163 | $UMULH r9,r6,r7 | ||
| 1164 | addc r11,r11,r8 | ||
| 1165 | adde r12,r12,r9 | ||
| 1166 | addze r10,r0 | ||
| 1167 | #mul_add_c(a[3],b[1],c2,c3,c1); | ||
| 1168 | $LD r6,`3*$BNSZ`(r4) | ||
| 1169 | $LD r7,`1*$BNSZ`(r5) | ||
| 1170 | $UMULL r8,r6,r7 | ||
| 1171 | $UMULH r9,r6,r7 | ||
| 1172 | addc r11,r11,r8 | ||
| 1173 | adde r12,r12,r9 | ||
| 1174 | addze r10,r10 | ||
| 1175 | #mul_add_c(a[2],b[2],c2,c3,c1); | ||
| 1176 | $LD r6,`2*$BNSZ`(r4) | ||
| 1177 | $LD r7,`2*$BNSZ`(r5) | ||
| 1178 | $UMULL r8,r6,r7 | ||
| 1179 | $UMULH r9,r6,r7 | ||
| 1180 | addc r11,r11,r8 | ||
| 1181 | adde r12,r12,r9 | ||
| 1182 | addze r10,r10 | ||
| 1183 | #mul_add_c(a[1],b[3],c2,c3,c1); | ||
| 1184 | $LD r6,`1*$BNSZ`(r4) | ||
| 1185 | $LD r7,`3*$BNSZ`(r5) | ||
| 1186 | $UMULL r8,r6,r7 | ||
| 1187 | $UMULH r9,r6,r7 | ||
| 1188 | addc r11,r11,r8 | ||
| 1189 | adde r12,r12,r9 | ||
| 1190 | addze r10,r10 | ||
| 1191 | #mul_add_c(a[0],b[4],c2,c3,c1); | ||
| 1192 | $LD r6,`0*$BNSZ`(r4) | ||
| 1193 | $LD r7,`4*$BNSZ`(r5) | ||
| 1194 | $UMULL r8,r6,r7 | ||
| 1195 | $UMULH r9,r6,r7 | ||
| 1196 | addc r11,r11,r8 | ||
| 1197 | adde r12,r12,r9 | ||
| 1198 | addze r10,r10 | ||
| 1199 | $ST r11,`4*$BNSZ`(r3) #r[4]=c2; | ||
| 1200 | #mul_add_c(a[0],b[5],c3,c1,c2); | ||
| 1201 | $LD r7,`5*$BNSZ`(r5) | ||
| 1202 | $UMULL r8,r6,r7 | ||
| 1203 | $UMULH r9,r6,r7 | ||
| 1204 | addc r12,r12,r8 | ||
| 1205 | adde r10,r10,r9 | ||
| 1206 | addze r11,r0 | ||
| 1207 | #mul_add_c(a[1],b[4],c3,c1,c2); | ||
| 1208 | $LD r6,`1*$BNSZ`(r4) | ||
| 1209 | $LD r7,`4*$BNSZ`(r5) | ||
| 1210 | $UMULL r8,r6,r7 | ||
| 1211 | $UMULH r9,r6,r7 | ||
| 1212 | addc r12,r12,r8 | ||
| 1213 | adde r10,r10,r9 | ||
| 1214 | addze r11,r11 | ||
| 1215 | #mul_add_c(a[2],b[3],c3,c1,c2); | ||
| 1216 | $LD r6,`2*$BNSZ`(r4) | ||
| 1217 | $LD r7,`3*$BNSZ`(r5) | ||
| 1218 | $UMULL r8,r6,r7 | ||
| 1219 | $UMULH r9,r6,r7 | ||
| 1220 | addc r12,r12,r8 | ||
| 1221 | adde r10,r10,r9 | ||
| 1222 | addze r11,r11 | ||
| 1223 | #mul_add_c(a[3],b[2],c3,c1,c2); | ||
| 1224 | $LD r6,`3*$BNSZ`(r4) | ||
| 1225 | $LD r7,`2*$BNSZ`(r5) | ||
| 1226 | $UMULL r8,r6,r7 | ||
| 1227 | $UMULH r9,r6,r7 | ||
| 1228 | addc r12,r12,r8 | ||
| 1229 | adde r10,r10,r9 | ||
| 1230 | addze r11,r11 | ||
| 1231 | #mul_add_c(a[4],b[1],c3,c1,c2); | ||
| 1232 | $LD r6,`4*$BNSZ`(r4) | ||
| 1233 | $LD r7,`1*$BNSZ`(r5) | ||
| 1234 | $UMULL r8,r6,r7 | ||
| 1235 | $UMULH r9,r6,r7 | ||
| 1236 | addc r12,r12,r8 | ||
| 1237 | adde r10,r10,r9 | ||
| 1238 | addze r11,r11 | ||
| 1239 | #mul_add_c(a[5],b[0],c3,c1,c2); | ||
| 1240 | $LD r6,`5*$BNSZ`(r4) | ||
| 1241 | $LD r7,`0*$BNSZ`(r5) | ||
| 1242 | $UMULL r8,r6,r7 | ||
| 1243 | $UMULH r9,r6,r7 | ||
| 1244 | addc r12,r12,r8 | ||
| 1245 | adde r10,r10,r9 | ||
| 1246 | addze r11,r11 | ||
| 1247 | $ST r12,`5*$BNSZ`(r3) #r[5]=c3; | ||
| 1248 | #mul_add_c(a[6],b[0],c1,c2,c3); | ||
| 1249 | $LD r6,`6*$BNSZ`(r4) | ||
| 1250 | $UMULL r8,r6,r7 | ||
| 1251 | $UMULH r9,r6,r7 | ||
| 1252 | addc r10,r10,r8 | ||
| 1253 | adde r11,r11,r9 | ||
| 1254 | addze r12,r0 | ||
| 1255 | #mul_add_c(a[5],b[1],c1,c2,c3); | ||
| 1256 | $LD r6,`5*$BNSZ`(r4) | ||
| 1257 | $LD r7,`1*$BNSZ`(r5) | ||
| 1258 | $UMULL r8,r6,r7 | ||
| 1259 | $UMULH r9,r6,r7 | ||
| 1260 | addc r10,r10,r8 | ||
| 1261 | adde r11,r11,r9 | ||
| 1262 | addze r12,r12 | ||
| 1263 | #mul_add_c(a[4],b[2],c1,c2,c3); | ||
| 1264 | $LD r6,`4*$BNSZ`(r4) | ||
| 1265 | $LD r7,`2*$BNSZ`(r5) | ||
| 1266 | $UMULL r8,r6,r7 | ||
| 1267 | $UMULH r9,r6,r7 | ||
| 1268 | addc r10,r10,r8 | ||
| 1269 | adde r11,r11,r9 | ||
| 1270 | addze r12,r12 | ||
| 1271 | #mul_add_c(a[3],b[3],c1,c2,c3); | ||
| 1272 | $LD r6,`3*$BNSZ`(r4) | ||
| 1273 | $LD r7,`3*$BNSZ`(r5) | ||
| 1274 | $UMULL r8,r6,r7 | ||
| 1275 | $UMULH r9,r6,r7 | ||
| 1276 | addc r10,r10,r8 | ||
| 1277 | adde r11,r11,r9 | ||
| 1278 | addze r12,r12 | ||
| 1279 | #mul_add_c(a[2],b[4],c1,c2,c3); | ||
| 1280 | $LD r6,`2*$BNSZ`(r4) | ||
| 1281 | $LD r7,`4*$BNSZ`(r5) | ||
| 1282 | $UMULL r8,r6,r7 | ||
| 1283 | $UMULH r9,r6,r7 | ||
| 1284 | addc r10,r10,r8 | ||
| 1285 | adde r11,r11,r9 | ||
| 1286 | addze r12,r12 | ||
| 1287 | #mul_add_c(a[1],b[5],c1,c2,c3); | ||
| 1288 | $LD r6,`1*$BNSZ`(r4) | ||
| 1289 | $LD r7,`5*$BNSZ`(r5) | ||
| 1290 | $UMULL r8,r6,r7 | ||
| 1291 | $UMULH r9,r6,r7 | ||
| 1292 | addc r10,r10,r8 | ||
| 1293 | adde r11,r11,r9 | ||
| 1294 | addze r12,r12 | ||
| 1295 | #mul_add_c(a[0],b[6],c1,c2,c3); | ||
| 1296 | $LD r6,`0*$BNSZ`(r4) | ||
| 1297 | $LD r7,`6*$BNSZ`(r5) | ||
| 1298 | $UMULL r8,r6,r7 | ||
| 1299 | $UMULH r9,r6,r7 | ||
| 1300 | addc r10,r10,r8 | ||
| 1301 | adde r11,r11,r9 | ||
| 1302 | addze r12,r12 | ||
| 1303 | $ST r10,`6*$BNSZ`(r3) #r[6]=c1; | ||
| 1304 | #mul_add_c(a[0],b[7],c2,c3,c1); | ||
| 1305 | $LD r7,`7*$BNSZ`(r5) | ||
| 1306 | $UMULL r8,r6,r7 | ||
| 1307 | $UMULH r9,r6,r7 | ||
| 1308 | addc r11,r11,r8 | ||
| 1309 | adde r12,r12,r9 | ||
| 1310 | addze r10,r0 | ||
| 1311 | #mul_add_c(a[1],b[6],c2,c3,c1); | ||
| 1312 | $LD r6,`1*$BNSZ`(r4) | ||
| 1313 | $LD r7,`6*$BNSZ`(r5) | ||
| 1314 | $UMULL r8,r6,r7 | ||
| 1315 | $UMULH r9,r6,r7 | ||
| 1316 | addc r11,r11,r8 | ||
| 1317 | adde r12,r12,r9 | ||
| 1318 | addze r10,r10 | ||
| 1319 | #mul_add_c(a[2],b[5],c2,c3,c1); | ||
| 1320 | $LD r6,`2*$BNSZ`(r4) | ||
| 1321 | $LD r7,`5*$BNSZ`(r5) | ||
| 1322 | $UMULL r8,r6,r7 | ||
| 1323 | $UMULH r9,r6,r7 | ||
| 1324 | addc r11,r11,r8 | ||
| 1325 | adde r12,r12,r9 | ||
| 1326 | addze r10,r10 | ||
| 1327 | #mul_add_c(a[3],b[4],c2,c3,c1); | ||
| 1328 | $LD r6,`3*$BNSZ`(r4) | ||
| 1329 | $LD r7,`4*$BNSZ`(r5) | ||
| 1330 | $UMULL r8,r6,r7 | ||
| 1331 | $UMULH r9,r6,r7 | ||
| 1332 | addc r11,r11,r8 | ||
| 1333 | adde r12,r12,r9 | ||
| 1334 | addze r10,r10 | ||
| 1335 | #mul_add_c(a[4],b[3],c2,c3,c1); | ||
| 1336 | $LD r6,`4*$BNSZ`(r4) | ||
| 1337 | $LD r7,`3*$BNSZ`(r5) | ||
| 1338 | $UMULL r8,r6,r7 | ||
| 1339 | $UMULH r9,r6,r7 | ||
| 1340 | addc r11,r11,r8 | ||
| 1341 | adde r12,r12,r9 | ||
| 1342 | addze r10,r10 | ||
| 1343 | #mul_add_c(a[5],b[2],c2,c3,c1); | ||
| 1344 | $LD r6,`5*$BNSZ`(r4) | ||
| 1345 | $LD r7,`2*$BNSZ`(r5) | ||
| 1346 | $UMULL r8,r6,r7 | ||
| 1347 | $UMULH r9,r6,r7 | ||
| 1348 | addc r11,r11,r8 | ||
| 1349 | adde r12,r12,r9 | ||
| 1350 | addze r10,r10 | ||
| 1351 | #mul_add_c(a[6],b[1],c2,c3,c1); | ||
| 1352 | $LD r6,`6*$BNSZ`(r4) | ||
| 1353 | $LD r7,`1*$BNSZ`(r5) | ||
| 1354 | $UMULL r8,r6,r7 | ||
| 1355 | $UMULH r9,r6,r7 | ||
| 1356 | addc r11,r11,r8 | ||
| 1357 | adde r12,r12,r9 | ||
| 1358 | addze r10,r10 | ||
| 1359 | #mul_add_c(a[7],b[0],c2,c3,c1); | ||
| 1360 | $LD r6,`7*$BNSZ`(r4) | ||
| 1361 | $LD r7,`0*$BNSZ`(r5) | ||
| 1362 | $UMULL r8,r6,r7 | ||
| 1363 | $UMULH r9,r6,r7 | ||
| 1364 | addc r11,r11,r8 | ||
| 1365 | adde r12,r12,r9 | ||
| 1366 | addze r10,r10 | ||
| 1367 | $ST r11,`7*$BNSZ`(r3) #r[7]=c2; | ||
| 1368 | #mul_add_c(a[7],b[1],c3,c1,c2); | ||
| 1369 | $LD r7,`1*$BNSZ`(r5) | ||
| 1370 | $UMULL r8,r6,r7 | ||
| 1371 | $UMULH r9,r6,r7 | ||
| 1372 | addc r12,r12,r8 | ||
| 1373 | adde r10,r10,r9 | ||
| 1374 | addze r11,r0 | ||
| 1375 | #mul_add_c(a[6],b[2],c3,c1,c2); | ||
| 1376 | $LD r6,`6*$BNSZ`(r4) | ||
| 1377 | $LD r7,`2*$BNSZ`(r5) | ||
| 1378 | $UMULL r8,r6,r7 | ||
| 1379 | $UMULH r9,r6,r7 | ||
| 1380 | addc r12,r12,r8 | ||
| 1381 | adde r10,r10,r9 | ||
| 1382 | addze r11,r11 | ||
| 1383 | #mul_add_c(a[5],b[3],c3,c1,c2); | ||
| 1384 | $LD r6,`5*$BNSZ`(r4) | ||
| 1385 | $LD r7,`3*$BNSZ`(r5) | ||
| 1386 | $UMULL r8,r6,r7 | ||
| 1387 | $UMULH r9,r6,r7 | ||
| 1388 | addc r12,r12,r8 | ||
| 1389 | adde r10,r10,r9 | ||
| 1390 | addze r11,r11 | ||
| 1391 | #mul_add_c(a[4],b[4],c3,c1,c2); | ||
| 1392 | $LD r6,`4*$BNSZ`(r4) | ||
| 1393 | $LD r7,`4*$BNSZ`(r5) | ||
| 1394 | $UMULL r8,r6,r7 | ||
| 1395 | $UMULH r9,r6,r7 | ||
| 1396 | addc r12,r12,r8 | ||
| 1397 | adde r10,r10,r9 | ||
| 1398 | addze r11,r11 | ||
| 1399 | #mul_add_c(a[3],b[5],c3,c1,c2); | ||
| 1400 | $LD r6,`3*$BNSZ`(r4) | ||
| 1401 | $LD r7,`5*$BNSZ`(r5) | ||
| 1402 | $UMULL r8,r6,r7 | ||
| 1403 | $UMULH r9,r6,r7 | ||
| 1404 | addc r12,r12,r8 | ||
| 1405 | adde r10,r10,r9 | ||
| 1406 | addze r11,r11 | ||
| 1407 | #mul_add_c(a[2],b[6],c3,c1,c2); | ||
| 1408 | $LD r6,`2*$BNSZ`(r4) | ||
| 1409 | $LD r7,`6*$BNSZ`(r5) | ||
| 1410 | $UMULL r8,r6,r7 | ||
| 1411 | $UMULH r9,r6,r7 | ||
| 1412 | addc r12,r12,r8 | ||
| 1413 | adde r10,r10,r9 | ||
| 1414 | addze r11,r11 | ||
| 1415 | #mul_add_c(a[1],b[7],c3,c1,c2); | ||
| 1416 | $LD r6,`1*$BNSZ`(r4) | ||
| 1417 | $LD r7,`7*$BNSZ`(r5) | ||
| 1418 | $UMULL r8,r6,r7 | ||
| 1419 | $UMULH r9,r6,r7 | ||
| 1420 | addc r12,r12,r8 | ||
| 1421 | adde r10,r10,r9 | ||
| 1422 | addze r11,r11 | ||
| 1423 | $ST r12,`8*$BNSZ`(r3) #r[8]=c3; | ||
| 1424 | #mul_add_c(a[2],b[7],c1,c2,c3); | ||
| 1425 | $LD r6,`2*$BNSZ`(r4) | ||
| 1426 | $UMULL r8,r6,r7 | ||
| 1427 | $UMULH r9,r6,r7 | ||
| 1428 | addc r10,r10,r8 | ||
| 1429 | adde r11,r11,r9 | ||
| 1430 | addze r12,r0 | ||
| 1431 | #mul_add_c(a[3],b[6],c1,c2,c3); | ||
| 1432 | $LD r6,`3*$BNSZ`(r4) | ||
| 1433 | $LD r7,`6*$BNSZ`(r5) | ||
| 1434 | $UMULL r8,r6,r7 | ||
| 1435 | $UMULH r9,r6,r7 | ||
| 1436 | addc r10,r10,r8 | ||
| 1437 | adde r11,r11,r9 | ||
| 1438 | addze r12,r12 | ||
| 1439 | #mul_add_c(a[4],b[5],c1,c2,c3); | ||
| 1440 | $LD r6,`4*$BNSZ`(r4) | ||
| 1441 | $LD r7,`5*$BNSZ`(r5) | ||
| 1442 | $UMULL r8,r6,r7 | ||
| 1443 | $UMULH r9,r6,r7 | ||
| 1444 | addc r10,r10,r8 | ||
| 1445 | adde r11,r11,r9 | ||
| 1446 | addze r12,r12 | ||
| 1447 | #mul_add_c(a[5],b[4],c1,c2,c3); | ||
| 1448 | $LD r6,`5*$BNSZ`(r4) | ||
| 1449 | $LD r7,`4*$BNSZ`(r5) | ||
| 1450 | $UMULL r8,r6,r7 | ||
| 1451 | $UMULH r9,r6,r7 | ||
| 1452 | addc r10,r10,r8 | ||
| 1453 | adde r11,r11,r9 | ||
| 1454 | addze r12,r12 | ||
| 1455 | #mul_add_c(a[6],b[3],c1,c2,c3); | ||
| 1456 | $LD r6,`6*$BNSZ`(r4) | ||
| 1457 | $LD r7,`3*$BNSZ`(r5) | ||
| 1458 | $UMULL r8,r6,r7 | ||
| 1459 | $UMULH r9,r6,r7 | ||
| 1460 | addc r10,r10,r8 | ||
| 1461 | adde r11,r11,r9 | ||
| 1462 | addze r12,r12 | ||
| 1463 | #mul_add_c(a[7],b[2],c1,c2,c3); | ||
| 1464 | $LD r6,`7*$BNSZ`(r4) | ||
| 1465 | $LD r7,`2*$BNSZ`(r5) | ||
| 1466 | $UMULL r8,r6,r7 | ||
| 1467 | $UMULH r9,r6,r7 | ||
| 1468 | addc r10,r10,r8 | ||
| 1469 | adde r11,r11,r9 | ||
| 1470 | addze r12,r12 | ||
| 1471 | $ST r10,`9*$BNSZ`(r3) #r[9]=c1; | ||
| 1472 | #mul_add_c(a[7],b[3],c2,c3,c1); | ||
| 1473 | $LD r7,`3*$BNSZ`(r5) | ||
| 1474 | $UMULL r8,r6,r7 | ||
| 1475 | $UMULH r9,r6,r7 | ||
| 1476 | addc r11,r11,r8 | ||
| 1477 | adde r12,r12,r9 | ||
| 1478 | addze r10,r0 | ||
| 1479 | #mul_add_c(a[6],b[4],c2,c3,c1); | ||
| 1480 | $LD r6,`6*$BNSZ`(r4) | ||
| 1481 | $LD r7,`4*$BNSZ`(r5) | ||
| 1482 | $UMULL r8,r6,r7 | ||
| 1483 | $UMULH r9,r6,r7 | ||
| 1484 | addc r11,r11,r8 | ||
| 1485 | adde r12,r12,r9 | ||
| 1486 | addze r10,r10 | ||
| 1487 | #mul_add_c(a[5],b[5],c2,c3,c1); | ||
| 1488 | $LD r6,`5*$BNSZ`(r4) | ||
| 1489 | $LD r7,`5*$BNSZ`(r5) | ||
| 1490 | $UMULL r8,r6,r7 | ||
| 1491 | $UMULH r9,r6,r7 | ||
| 1492 | addc r11,r11,r8 | ||
| 1493 | adde r12,r12,r9 | ||
| 1494 | addze r10,r10 | ||
| 1495 | #mul_add_c(a[4],b[6],c2,c3,c1); | ||
| 1496 | $LD r6,`4*$BNSZ`(r4) | ||
| 1497 | $LD r7,`6*$BNSZ`(r5) | ||
| 1498 | $UMULL r8,r6,r7 | ||
| 1499 | $UMULH r9,r6,r7 | ||
| 1500 | addc r11,r11,r8 | ||
| 1501 | adde r12,r12,r9 | ||
| 1502 | addze r10,r10 | ||
| 1503 | #mul_add_c(a[3],b[7],c2,c3,c1); | ||
| 1504 | $LD r6,`3*$BNSZ`(r4) | ||
| 1505 | $LD r7,`7*$BNSZ`(r5) | ||
| 1506 | $UMULL r8,r6,r7 | ||
| 1507 | $UMULH r9,r6,r7 | ||
| 1508 | addc r11,r11,r8 | ||
| 1509 | adde r12,r12,r9 | ||
| 1510 | addze r10,r10 | ||
| 1511 | $ST r11,`10*$BNSZ`(r3) #r[10]=c2; | ||
| 1512 | #mul_add_c(a[4],b[7],c3,c1,c2); | ||
| 1513 | $LD r6,`4*$BNSZ`(r4) | ||
| 1514 | $UMULL r8,r6,r7 | ||
| 1515 | $UMULH r9,r6,r7 | ||
| 1516 | addc r12,r12,r8 | ||
| 1517 | adde r10,r10,r9 | ||
| 1518 | addze r11,r0 | ||
| 1519 | #mul_add_c(a[5],b[6],c3,c1,c2); | ||
| 1520 | $LD r6,`5*$BNSZ`(r4) | ||
| 1521 | $LD r7,`6*$BNSZ`(r5) | ||
| 1522 | $UMULL r8,r6,r7 | ||
| 1523 | $UMULH r9,r6,r7 | ||
| 1524 | addc r12,r12,r8 | ||
| 1525 | adde r10,r10,r9 | ||
| 1526 | addze r11,r11 | ||
| 1527 | #mul_add_c(a[6],b[5],c3,c1,c2); | ||
| 1528 | $LD r6,`6*$BNSZ`(r4) | ||
| 1529 | $LD r7,`5*$BNSZ`(r5) | ||
| 1530 | $UMULL r8,r6,r7 | ||
| 1531 | $UMULH r9,r6,r7 | ||
| 1532 | addc r12,r12,r8 | ||
| 1533 | adde r10,r10,r9 | ||
| 1534 | addze r11,r11 | ||
| 1535 | #mul_add_c(a[7],b[4],c3,c1,c2); | ||
| 1536 | $LD r6,`7*$BNSZ`(r4) | ||
| 1537 | $LD r7,`4*$BNSZ`(r5) | ||
| 1538 | $UMULL r8,r6,r7 | ||
| 1539 | $UMULH r9,r6,r7 | ||
| 1540 | addc r12,r12,r8 | ||
| 1541 | adde r10,r10,r9 | ||
| 1542 | addze r11,r11 | ||
| 1543 | $ST r12,`11*$BNSZ`(r3) #r[11]=c3; | ||
| 1544 | #mul_add_c(a[7],b[5],c1,c2,c3); | ||
| 1545 | $LD r7,`5*$BNSZ`(r5) | ||
| 1546 | $UMULL r8,r6,r7 | ||
| 1547 | $UMULH r9,r6,r7 | ||
| 1548 | addc r10,r10,r8 | ||
| 1549 | adde r11,r11,r9 | ||
| 1550 | addze r12,r0 | ||
| 1551 | #mul_add_c(a[6],b[6],c1,c2,c3); | ||
| 1552 | $LD r6,`6*$BNSZ`(r4) | ||
| 1553 | $LD r7,`6*$BNSZ`(r5) | ||
| 1554 | $UMULL r8,r6,r7 | ||
| 1555 | $UMULH r9,r6,r7 | ||
| 1556 | addc r10,r10,r8 | ||
| 1557 | adde r11,r11,r9 | ||
| 1558 | addze r12,r12 | ||
| 1559 | #mul_add_c(a[5],b[7],c1,c2,c3); | ||
| 1560 | $LD r6,`5*$BNSZ`(r4) | ||
| 1561 | $LD r7,`7*$BNSZ`(r5) | ||
| 1562 | $UMULL r8,r6,r7 | ||
| 1563 | $UMULH r9,r6,r7 | ||
| 1564 | addc r10,r10,r8 | ||
| 1565 | adde r11,r11,r9 | ||
| 1566 | addze r12,r12 | ||
| 1567 | $ST r10,`12*$BNSZ`(r3) #r[12]=c1; | ||
| 1568 | #mul_add_c(a[6],b[7],c2,c3,c1); | ||
| 1569 | $LD r6,`6*$BNSZ`(r4) | ||
| 1570 | $UMULL r8,r6,r7 | ||
| 1571 | $UMULH r9,r6,r7 | ||
| 1572 | addc r11,r11,r8 | ||
| 1573 | adde r12,r12,r9 | ||
| 1574 | addze r10,r0 | ||
| 1575 | #mul_add_c(a[7],b[6],c2,c3,c1); | ||
| 1576 | $LD r6,`7*$BNSZ`(r4) | ||
| 1577 | $LD r7,`6*$BNSZ`(r5) | ||
| 1578 | $UMULL r8,r6,r7 | ||
| 1579 | $UMULH r9,r6,r7 | ||
| 1580 | addc r11,r11,r8 | ||
| 1581 | adde r12,r12,r9 | ||
| 1582 | addze r10,r10 | ||
| 1583 | $ST r11,`13*$BNSZ`(r3) #r[13]=c2; | ||
| 1584 | #mul_add_c(a[7],b[7],c3,c1,c2); | ||
| 1585 | $LD r7,`7*$BNSZ`(r5) | ||
| 1586 | $UMULL r8,r6,r7 | ||
| 1587 | $UMULH r9,r6,r7 | ||
| 1588 | addc r12,r12,r8 | ||
| 1589 | adde r10,r10,r9 | ||
| 1590 | $ST r12,`14*$BNSZ`(r3) #r[14]=c3; | ||
| 1591 | $ST r10,`15*$BNSZ`(r3) #r[15]=c1; | ||
| 1592 | bclr BO_ALWAYS,CR0_LT | ||
| 1593 | .long 0x00000000 | ||
| 1594 | |||
| 1595 | # | ||
| 1596 | # NOTE: The following label name should be changed to | ||
| 1597 | # "bn_sub_words" i.e. remove the first dot | ||
| 1598 | # for the gcc compiler. This should be automatically | ||
| 1599 | # done in the build | ||
| 1600 | # | ||
| 1601 | # | ||
| 1602 | .align 4 | ||
| 1603 | .bn_sub_words: | ||
| 1604 | # | ||
| 1605 | # Handcoded version of bn_sub_words | ||
| 1606 | # | ||
| 1607 | #BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | ||
| 1608 | # | ||
| 1609 | # r3 = r | ||
| 1610 | # r4 = a | ||
| 1611 | # r5 = b | ||
| 1612 | # r6 = n | ||
| 1613 | # | ||
| 1614 | # Note: No loop unrolling done since this is not a performance | ||
| 1615 | # critical loop. | ||
| 1616 | |||
| 1617 | xor r0,r0,r0 #set r0 = 0 | ||
| 1618 | # | ||
| 1619 | # check for r6 = 0 AND set carry bit. | ||
| 1620 | # | ||
| 1621 | subfc. r7,r0,r6 # If r6 is 0 then result is 0. | ||
| 1622 | # if r6 > 0 then result !=0 | ||
| 1623 | # In either case carry bit is set. | ||
| 1624 | bc BO_IF,CR0_EQ,Lppcasm_sub_adios | ||
| 1625 | addi r4,r4,-$BNSZ | ||
| 1626 | addi r3,r3,-$BNSZ | ||
| 1627 | addi r5,r5,-$BNSZ | ||
| 1628 | mtctr r6 | ||
| 1629 | Lppcasm_sub_mainloop: | ||
| 1630 | $LDU r7,$BNSZ(r4) | ||
| 1631 | $LDU r8,$BNSZ(r5) | ||
| 1632 | subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8) | ||
| 1633 | # if carry = 1 this is r7-r8. Else it | ||
| 1634 | # is r7-r8 -1 as we need. | ||
| 1635 | $STU r6,$BNSZ(r3) | ||
| 1636 | bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop | ||
| 1637 | Lppcasm_sub_adios: | ||
| 1638 | subfze r3,r0 # if carry bit is set then r3 = 0 else -1 | ||
| 1639 | andi. r3,r3,1 # keep only last bit. | ||
| 1640 | bclr BO_ALWAYS,CR0_LT | ||
| 1641 | .long 0x00000000 | ||
| 1642 | |||
| 1643 | |||
| 1644 | # | ||
| 1645 | # NOTE: The following label name should be changed to | ||
| 1646 | # "bn_add_words" i.e. remove the first dot | ||
| 1647 | # for the gcc compiler. This should be automatically | ||
| 1648 | # done in the build | ||
| 1649 | # | ||
| 1650 | |||
| 1651 | .align 4 | ||
| 1652 | .bn_add_words: | ||
| 1653 | # | ||
| 1654 | # Handcoded version of bn_add_words | ||
| 1655 | # | ||
| 1656 | #BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | ||
| 1657 | # | ||
| 1658 | # r3 = r | ||
| 1659 | # r4 = a | ||
| 1660 | # r5 = b | ||
| 1661 | # r6 = n | ||
| 1662 | # | ||
| 1663 | # Note: No loop unrolling done since this is not a performance | ||
| 1664 | # critical loop. | ||
| 1665 | |||
| 1666 | xor r0,r0,r0 | ||
| 1667 | # | ||
| 1668 | # check for r6 = 0. Is this needed? | ||
| 1669 | # | ||
| 1670 | addic. r6,r6,0 #test r6 and clear carry bit. | ||
| 1671 | bc BO_IF,CR0_EQ,Lppcasm_add_adios | ||
| 1672 | addi r4,r4,-$BNSZ | ||
| 1673 | addi r3,r3,-$BNSZ | ||
| 1674 | addi r5,r5,-$BNSZ | ||
| 1675 | mtctr r6 | ||
| 1676 | Lppcasm_add_mainloop: | ||
| 1677 | $LDU r7,$BNSZ(r4) | ||
| 1678 | $LDU r8,$BNSZ(r5) | ||
| 1679 | adde r8,r7,r8 | ||
| 1680 | $STU r8,$BNSZ(r3) | ||
| 1681 | bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop | ||
| 1682 | Lppcasm_add_adios: | ||
| 1683 | addze r3,r0 #return carry bit. | ||
| 1684 | bclr BO_ALWAYS,CR0_LT | ||
| 1685 | .long 0x00000000 | ||
| 1686 | |||
| 1687 | # | ||
| 1688 | # NOTE: The following label name should be changed to | ||
| 1689 | # "bn_div_words" i.e. remove the first dot | ||
| 1690 | # for the gcc compiler. This should be automatically | ||
| 1691 | # done in the build | ||
| 1692 | # | ||
| 1693 | |||
| 1694 | .align 4 | ||
| 1695 | .bn_div_words: | ||
| 1696 | # | ||
| 1697 | # This is a cleaned up version of code generated by | ||
| 1698 | # the AIX compiler. The only optimization is to use | ||
| 1699 | # the PPC instruction to count leading zeros instead | ||
| 1700 | # of call to num_bits_word. Since this was compiled | ||
| 1701 | # only at level -O2 we can possibly squeeze it more? | ||
| 1702 | # | ||
| 1703 | # r3 = h | ||
| 1704 | # r4 = l | ||
| 1705 | # r5 = d | ||
| 1706 | |||
| 1707 | $UCMPI 0,r5,0 # compare r5 and 0 | ||
| 1708 | bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0 | ||
| 1709 | li r3,-1 # d=0 return -1 | ||
| 1710 | bclr BO_ALWAYS,CR0_LT | ||
| 1711 | Lppcasm_div1: | ||
| 1712 | xor r0,r0,r0 #r0=0 | ||
| 1713 | $COUNTZ r7,r5 #r7 = num leading 0s in d. | ||
| 1714 | subfic r8,r7,$BITS #r8 = BN_num_bits_word(d) | ||
| 1715 | cmpi 0,0,r8,$BITS # | ||
| 1716 | bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if (r8==$BITS) | ||
| 1717 | li r9,1 # r9=1 | ||
| 1718 | $SHL r10,r9,r8 # r9<<=r8 | ||
| 1719 | $UCMP 0,r3,r10 # | ||
| 1720 | bc BO_IF,CR0_GT,Lppcasm_div2 #or if (h > (1<<r8)) | ||
| 1721 | $UDIV r3,r3,r0 #if not assert(0) divide by 0! | ||
| 1722 | #that's how we signal overflow | ||
| 1723 | bclr BO_ALWAYS,CR0_LT #return. NEVER REACHED. | ||
| 1724 | Lppcasm_div2: | ||
| 1725 | $UCMP 0,r3,r5 #h>=d? | ||
| 1726 | bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not | ||
| 1727 | subf r3,r5,r3 #h-=d ; | ||
| 1728 | Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i | ||
| 1729 | cmpi 0,0,r7,0 # is (i == 0)? | ||
| 1730 | bc BO_IF,CR0_EQ,Lppcasm_div4 | ||
| 1731 | $SHL r3,r3,r7 # h = (h<< i) | ||
| 1732 | $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) | ||
| 1733 | $SHL r5,r5,r7 # d<<=i | ||
| 1734 | or r3,r3,r8 # h = (h<<i)|(l>>(BN_BITS2-i)) | ||
| 1735 | $SHL r4,r4,r7 # l <<=i | ||
| 1736 | Lppcasm_div4: | ||
| 1737 | $SHRI r9,r5,`$BITS/2` # r9 = dh | ||
| 1738 | # dl will be computed when needed | ||
| 1739 | # as it saves registers. | ||
| 1740 | li r6,2 #r6=2 | ||
| 1741 | mtctr r6 #counter will be in count. | ||
| 1742 | Lppcasm_divouterloop: | ||
| 1743 | $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4) | ||
| 1744 | $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 | ||
| 1745 | # compute here for innerloop. | ||
| 1746 | $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh | ||
| 1747 | bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not | ||
| 1748 | |||
| 1749 | li r8,-1 | ||
| 1750 | $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l | ||
| 1751 | b Lppcasm_div6 | ||
| 1752 | Lppcasm_div5: | ||
| 1753 | $UDIV r8,r3,r9 #q = h/dh | ||
| 1754 | Lppcasm_div6: | ||
| 1755 | $UMULL r12,r9,r8 #th = q*dh | ||
| 1756 | $CLRU r10,r5,`$BITS/2` #r10=dl | ||
| 1757 | $UMULL r6,r8,r10 #tl = q*dl | ||
| 1758 | |||
| 1759 | Lppcasm_divinnerloop: | ||
| 1760 | subf r10,r12,r3 #t = h -th | ||
| 1761 | $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of... | ||
| 1762 | addic. r7,r7,0 #test if r7 == 0. used below. | ||
| 1763 | # now want to compute | ||
| 1764 | # r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4) | ||
| 1765 | # the following 2 instructions do that | ||
| 1766 | $SHLI r7,r10,`$BITS/2` # r7 = (t<<BN_BITS4) | ||
| 1767 | or r7,r7,r11 # r7|=((l&BN_MASK2h)>>BN_BITS4) | ||
| 1768 | $UCMP 1,r6,r7 # compare (tl <= r7) | ||
| 1769 | bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit | ||
| 1770 | bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit | ||
| 1771 | addi r8,r8,-1 #q-- | ||
| 1772 | subf r12,r9,r12 #th -=dh | ||
| 1773 | $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. | ||
| 1774 | subf r6,r10,r6 #tl -=dl | ||
| 1775 | b Lppcasm_divinnerloop | ||
| 1776 | Lppcasm_divinnerexit: | ||
| 1777 | $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) | ||
| 1778 | $SHLI r11,r6,`$BITS/2` #tl=(tl<<BN_BITS4)&BN_MASK2h; | ||
| 1779 | $UCMP 1,r4,r11 # compare l and tl | ||
| 1780 | add r12,r12,r10 # th+=t | ||
| 1781 | bc BO_IF_NOT,CR1_FX,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 | ||
| 1782 | addi r12,r12,1 # th++ | ||
| 1783 | Lppcasm_div7: | ||
| 1784 | subf r11,r11,r4 #r11=l-tl | ||
| 1785 | $UCMP 1,r3,r12 #compare h and th | ||
| 1786 | bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 | ||
| 1787 | addi r8,r8,-1 # q-- | ||
| 1788 | add r3,r5,r3 # h+=d | ||
| 1789 | Lppcasm_div8: | ||
| 1790 | subf r12,r12,r3 #r12 = h-th | ||
| 1791 | $SHLI r4,r11,`$BITS/2` #l=(l&BN_MASK2l)<<BN_BITS4 | ||
| 1792 | # want to compute | ||
| 1793 | # h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2 | ||
| 1794 | # the following 2 instructions will do this. | ||
| 1795 | $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. | ||
| 1796 | $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 | ||
| 1797 | bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ; | ||
| 1798 | $SHLI r0,r8,`$BITS/2` #ret =q<<BN_BITS4 | ||
| 1799 | b Lppcasm_divouterloop | ||
| 1800 | Lppcasm_div9: | ||
| 1801 | or r3,r8,r0 | ||
| 1802 | bclr BO_ALWAYS,CR0_LT | ||
| 1803 | .long 0x00000000 | ||
| 1804 | |||
| 1805 | # | ||
| 1806 | # NOTE: The following label name should be changed to | ||
| 1807 | # "bn_sqr_words" i.e. remove the first dot | ||
| 1808 | # for the gcc compiler. This should be automatically | ||
| 1809 | # done in the build | ||
| 1810 | # | ||
| 1811 | .align 4 | ||
| 1812 | .bn_sqr_words: | ||
| 1813 | # | ||
| 1814 | # Optimized version of bn_sqr_words | ||
| 1815 | # | ||
| 1816 | # void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) | ||
| 1817 | # | ||
| 1818 | # r3 = r | ||
| 1819 | # r4 = a | ||
| 1820 | # r5 = n | ||
| 1821 | # | ||
| 1822 | # r6 = a[i]. | ||
| 1823 | # r7,r8 = product. | ||
| 1824 | # | ||
| 1825 | # No unrolling done here. Not performance critical. | ||
| 1826 | |||
| 1827 | addic. r5,r5,0 #test r5. | ||
| 1828 | bc BO_IF,CR0_EQ,Lppcasm_sqr_adios | ||
| 1829 | addi r4,r4,-$BNSZ | ||
| 1830 | addi r3,r3,-$BNSZ | ||
| 1831 | mtctr r5 | ||
| 1832 | Lppcasm_sqr_mainloop: | ||
| 1833 | #sqr(r[0],r[1],a[0]); | ||
| 1834 | $LDU r6,$BNSZ(r4) | ||
| 1835 | $UMULL r7,r6,r6 | ||
| 1836 | $UMULH r8,r6,r6 | ||
| 1837 | $STU r7,$BNSZ(r3) | ||
| 1838 | $STU r8,$BNSZ(r3) | ||
| 1839 | bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop | ||
| 1840 | Lppcasm_sqr_adios: | ||
| 1841 | bclr BO_ALWAYS,CR0_LT | ||
| 1842 | .long 0x00000000 | ||
| 1843 | |||
| 1844 | |||
| 1845 | # | ||
| 1846 | # NOTE: The following label name should be changed to | ||
| 1847 | # "bn_mul_words" i.e. remove the first dot | ||
| 1848 | # for the gcc compiler. This should be automatically | ||
| 1849 | # done in the build | ||
| 1850 | # | ||
| 1851 | |||
| 1852 | .align 4 | ||
| 1853 | .bn_mul_words: | ||
| 1854 | # | ||
| 1855 | # BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | ||
| 1856 | # | ||
| 1857 | # r3 = rp | ||
| 1858 | # r4 = ap | ||
| 1859 | # r5 = num | ||
| 1860 | # r6 = w | ||
| 1861 | xor r0,r0,r0 | ||
| 1862 | xor r12,r12,r12 # used for carry | ||
| 1863 | rlwinm. r7,r5,30,2,31 # num >> 2 | ||
| 1864 | bc BO_IF,CR0_EQ,Lppcasm_mw_REM | ||
| 1865 | mtctr r7 | ||
| 1866 | Lppcasm_mw_LOOP: | ||
| 1867 | #mul(rp[0],ap[0],w,c1); | ||
| 1868 | $LD r8,`0*$BNSZ`(r4) | ||
| 1869 | $UMULL r9,r6,r8 | ||
| 1870 | $UMULH r10,r6,r8 | ||
| 1871 | addc r9,r9,r12 | ||
| 1872 | #addze r10,r10 #carry is NOT ignored. | ||
| 1873 | #will be taken care of | ||
| 1874 | #in second spin below | ||
| 1875 | #using adde. | ||
| 1876 | $ST r9,`0*$BNSZ`(r3) | ||
| 1877 | #mul(rp[1],ap[1],w,c1); | ||
| 1878 | $LD r8,`1*$BNSZ`(r4) | ||
| 1879 | $UMULL r11,r6,r8 | ||
| 1880 | $UMULH r12,r6,r8 | ||
| 1881 | adde r11,r11,r10 | ||
| 1882 | #addze r12,r12 | ||
| 1883 | $ST r11,`1*$BNSZ`(r3) | ||
| 1884 | #mul(rp[2],ap[2],w,c1); | ||
| 1885 | $LD r8,`2*$BNSZ`(r4) | ||
| 1886 | $UMULL r9,r6,r8 | ||
| 1887 | $UMULH r10,r6,r8 | ||
| 1888 | adde r9,r9,r12 | ||
| 1889 | #addze r10,r10 | ||
| 1890 | $ST r9,`2*$BNSZ`(r3) | ||
| 1891 | #mul_add(rp[3],ap[3],w,c1); | ||
| 1892 | $LD r8,`3*$BNSZ`(r4) | ||
| 1893 | $UMULL r11,r6,r8 | ||
| 1894 | $UMULH r12,r6,r8 | ||
| 1895 | adde r11,r11,r10 | ||
| 1896 | addze r12,r12 #this spin we collect carry into | ||
| 1897 | #r12 | ||
| 1898 | $ST r11,`3*$BNSZ`(r3) | ||
| 1899 | |||
| 1900 | addi r3,r3,`4*$BNSZ` | ||
| 1901 | addi r4,r4,`4*$BNSZ` | ||
| 1902 | bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP | ||
| 1903 | |||
| 1904 | Lppcasm_mw_REM: | ||
| 1905 | andi. r5,r5,0x3 | ||
| 1906 | bc BO_IF,CR0_EQ,Lppcasm_mw_OVER | ||
| 1907 | #mul(rp[0],ap[0],w,c1); | ||
| 1908 | $LD r8,`0*$BNSZ`(r4) | ||
| 1909 | $UMULL r9,r6,r8 | ||
| 1910 | $UMULH r10,r6,r8 | ||
| 1911 | addc r9,r9,r12 | ||
| 1912 | addze r10,r10 | ||
| 1913 | $ST r9,`0*$BNSZ`(r3) | ||
| 1914 | addi r12,r10,0 | ||
| 1915 | |||
| 1916 | addi r5,r5,-1 | ||
| 1917 | cmpli 0,0,r5,0 | ||
| 1918 | bc BO_IF,CR0_EQ,Lppcasm_mw_OVER | ||
| 1919 | |||
| 1920 | |||
| 1921 | #mul(rp[1],ap[1],w,c1); | ||
| 1922 | $LD r8,`1*$BNSZ`(r4) | ||
| 1923 | $UMULL r9,r6,r8 | ||
| 1924 | $UMULH r10,r6,r8 | ||
| 1925 | addc r9,r9,r12 | ||
| 1926 | addze r10,r10 | ||
| 1927 | $ST r9,`1*$BNSZ`(r3) | ||
| 1928 | addi r12,r10,0 | ||
| 1929 | |||
| 1930 | addi r5,r5,-1 | ||
| 1931 | cmpli 0,0,r5,0 | ||
| 1932 | bc BO_IF,CR0_EQ,Lppcasm_mw_OVER | ||
| 1933 | |||
| 1934 | #mul_add(rp[2],ap[2],w,c1); | ||
| 1935 | $LD r8,`2*$BNSZ`(r4) | ||
| 1936 | $UMULL r9,r6,r8 | ||
| 1937 | $UMULH r10,r6,r8 | ||
| 1938 | addc r9,r9,r12 | ||
| 1939 | addze r10,r10 | ||
| 1940 | $ST r9,`2*$BNSZ`(r3) | ||
| 1941 | addi r12,r10,0 | ||
| 1942 | |||
| 1943 | Lppcasm_mw_OVER: | ||
| 1944 | addi r3,r12,0 | ||
| 1945 | bclr BO_ALWAYS,CR0_LT | ||
| 1946 | .long 0x00000000 | ||
| 1947 | |||
| 1948 | # | ||
| 1949 | # NOTE: The following label name should be changed to | ||
| 1950 | # "bn_mul_add_words" i.e. remove the first dot | ||
| 1951 | # for the gcc compiler. This should be automatically | ||
| 1952 | # done in the build | ||
| 1953 | # | ||
| 1954 | |||
| 1955 | .align 4 | ||
| 1956 | .bn_mul_add_words: | ||
| 1957 | # | ||
| 1958 | # BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | ||
| 1959 | # | ||
| 1960 | # r3 = rp | ||
| 1961 | # r4 = ap | ||
| 1962 | # r5 = num | ||
| 1963 | # r6 = w | ||
| 1964 | # | ||
| 1965 | # empirical evidence suggests that unrolled version performs best!! | ||
| 1966 | # | ||
| 1967 | xor r0,r0,r0 #r0 = 0 | ||
| 1968 | xor r12,r12,r12 #r12 = 0 . used for carry | ||
| 1969 | rlwinm. r7,r5,30,2,31 # num >> 2 | ||
| 1970 | bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover | ||
| 1971 | mtctr r7 | ||
| 1972 | Lppcasm_maw_mainloop: | ||
| 1973 | #mul_add(rp[0],ap[0],w,c1); | ||
| 1974 | $LD r8,`0*$BNSZ`(r4) | ||
| 1975 | $LD r11,`0*$BNSZ`(r3) | ||
| 1976 | $UMULL r9,r6,r8 | ||
| 1977 | $UMULH r10,r6,r8 | ||
| 1978 | addc r9,r9,r12 #r12 is carry. | ||
| 1979 | addze r10,r10 | ||
| 1980 | addc r9,r9,r11 | ||
| 1981 | #addze r10,r10 | ||
| 1982 | #the above instruction addze | ||
| 1983 | #is NOT needed. Carry will NOT | ||
| 1984 | #be ignored. It's not affected | ||
| 1985 | #by multiply and will be collected | ||
| 1986 | #in the next spin | ||
| 1987 | $ST r9,`0*$BNSZ`(r3) | ||
| 1988 | |||
| 1989 | #mul_add(rp[1],ap[1],w,c1); | ||
| 1990 | $LD r8,`1*$BNSZ`(r4) | ||
| 1991 | $LD r9,`1*$BNSZ`(r3) | ||
| 1992 | $UMULL r11,r6,r8 | ||
| 1993 | $UMULH r12,r6,r8 | ||
| 1994 | adde r11,r11,r10 #r10 is carry. | ||
| 1995 | addze r12,r12 | ||
| 1996 | addc r11,r11,r9 | ||
| 1997 | #addze r12,r12 | ||
| 1998 | $ST r11,`1*$BNSZ`(r3) | ||
| 1999 | |||
| 2000 | #mul_add(rp[2],ap[2],w,c1); | ||
| 2001 | $LD r8,`2*$BNSZ`(r4) | ||
| 2002 | $UMULL r9,r6,r8 | ||
| 2003 | $LD r11,`2*$BNSZ`(r3) | ||
| 2004 | $UMULH r10,r6,r8 | ||
| 2005 | adde r9,r9,r12 | ||
| 2006 | addze r10,r10 | ||
| 2007 | addc r9,r9,r11 | ||
| 2008 | #addze r10,r10 | ||
| 2009 | $ST r9,`2*$BNSZ`(r3) | ||
| 2010 | |||
| 2011 | #mul_add(rp[3],ap[3],w,c1); | ||
| 2012 | $LD r8,`3*$BNSZ`(r4) | ||
| 2013 | $UMULL r11,r6,r8 | ||
| 2014 | $LD r9,`3*$BNSZ`(r3) | ||
| 2015 | $UMULH r12,r6,r8 | ||
| 2016 | adde r11,r11,r10 | ||
| 2017 | addze r12,r12 | ||
| 2018 | addc r11,r11,r9 | ||
| 2019 | addze r12,r12 | ||
| 2020 | $ST r11,`3*$BNSZ`(r3) | ||
| 2021 | addi r3,r3,`4*$BNSZ` | ||
| 2022 | addi r4,r4,`4*$BNSZ` | ||
| 2023 | bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop | ||
| 2024 | |||
| 2025 | Lppcasm_maw_leftover: | ||
| 2026 | andi. r5,r5,0x3 | ||
| 2027 | bc BO_IF,CR0_EQ,Lppcasm_maw_adios | ||
| 2028 | addi r3,r3,-$BNSZ | ||
| 2029 | addi r4,r4,-$BNSZ | ||
| 2030 | #mul_add(rp[0],ap[0],w,c1); | ||
| 2031 | mtctr r5 | ||
| 2032 | $LDU r8,$BNSZ(r4) | ||
| 2033 | $UMULL r9,r6,r8 | ||
| 2034 | $UMULH r10,r6,r8 | ||
| 2035 | $LDU r11,$BNSZ(r3) | ||
| 2036 | addc r9,r9,r11 | ||
| 2037 | addze r10,r10 | ||
| 2038 | addc r9,r9,r12 | ||
| 2039 | addze r12,r10 | ||
| 2040 | $ST r9,0(r3) | ||
| 2041 | |||
| 2042 | bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios | ||
| 2043 | #mul_add(rp[1],ap[1],w,c1); | ||
| 2044 | $LDU r8,$BNSZ(r4) | ||
| 2045 | $UMULL r9,r6,r8 | ||
| 2046 | $UMULH r10,r6,r8 | ||
| 2047 | $LDU r11,$BNSZ(r3) | ||
| 2048 | addc r9,r9,r11 | ||
| 2049 | addze r10,r10 | ||
| 2050 | addc r9,r9,r12 | ||
| 2051 | addze r12,r10 | ||
| 2052 | $ST r9,0(r3) | ||
| 2053 | |||
| 2054 | bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios | ||
| 2055 | #mul_add(rp[2],ap[2],w,c1); | ||
| 2056 | $LDU r8,$BNSZ(r4) | ||
| 2057 | $UMULL r9,r6,r8 | ||
| 2058 | $UMULH r10,r6,r8 | ||
| 2059 | $LDU r11,$BNSZ(r3) | ||
| 2060 | addc r9,r9,r11 | ||
| 2061 | addze r10,r10 | ||
| 2062 | addc r9,r9,r12 | ||
| 2063 | addze r12,r10 | ||
| 2064 | $ST r9,0(r3) | ||
| 2065 | |||
| 2066 | Lppcasm_maw_adios: | ||
| 2067 | addi r3,r12,0 | ||
| 2068 | bclr BO_ALWAYS,CR0_LT | ||
| 2069 | .long 0x00000000 | ||
| 2070 | .align 4 | ||
| 2071 | EOF | ||
| 2072 | $data =~ s/\`([^\`]*)\`/eval $1/gem; | ||
| 2073 | |||
| 2074 | # if some assembler chokes on some simplified mnemonic, | ||
| 2075 | # this is the spot to fix it up, e.g.: | ||
| 2076 | # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare | ||
| 2077 | $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm; | ||
| 2078 | # assembler X doesn't accept li, load immediate value | ||
| 2079 | #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm; | ||
| 2080 | return($data); | ||
| 2081 | } | ||
| diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c index 450e8e4322..7378344251 100644 --- a/src/lib/libcrypto/bn/asm/x86_64-gcc.c +++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c | |||
| @@ -13,20 +13,42 @@ | |||
| 13 | * A. Well, that's because this code is basically a quick-n-dirty | 13 | * A. Well, that's because this code is basically a quick-n-dirty | 
| 14 | * proof-of-concept hack. As you can see it's implemented with | 14 | * proof-of-concept hack. As you can see it's implemented with | 
| 15 | * inline assembler, which means that you're bound to GCC and that | 15 | * inline assembler, which means that you're bound to GCC and that | 
| 16 | * there must be a room for fine-tuning. | 16 | * there might be enough room for further improvement. | 
| 17 | * | 17 | * | 
| 18 | * Q. Why inline assembler? | 18 | * Q. Why inline assembler? | 
| 19 | * A. x86_64 features own ABI I'm not familiar with. Which is why | 19 | * A. x86_64 features own ABI which I'm not familiar with. This is | 
| 20 | * I decided to let the compiler take care of subroutine | 20 | * why I decided to let the compiler take care of subroutine | 
| 21 | * prologue/epilogue as well as register allocation. | 21 | * prologue/epilogue as well as register allocation. For reference. | 
| 22 | * Win64 implements different ABI for AMD64, different from Linux. | ||
| 22 | * | 23 | * | 
| 23 | * Q. How much faster does it get? | 24 | * Q. How much faster does it get? | 
| 24 | * A. Unfortunately people sitting on x86_64 hardware are prohibited | 25 | * A. 'apps/openssl speed rsa dsa' output with no-asm: | 
| 25 | * to disclose the performance numbers, so they (SuSE labs to be | 26 | * | 
| 26 | * specific) wouldn't tell me. However! Very similar coding technique | 27 | * sign verify sign/s verify/s | 
| 27 | * (reaching out for 128-bit result from 64x64-bit multiplication) | 28 | * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 | 
| 28 | * results in >3 times performance improvement on MIPS and I see no | 29 | * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 | 
| 29 | * reason why gain on x86_64 would be so much different:-) | 30 | * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 | 
| 31 | * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 | ||
| 32 | * sign verify sign/s verify/s | ||
| 33 | * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 | ||
| 34 | * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 | ||
| 35 | * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 | ||
| 36 | * | ||
| 37 | * 'apps/openssl speed rsa dsa' output with this module: | ||
| 38 | * | ||
| 39 | * sign verify sign/s verify/s | ||
| 40 | * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 | ||
| 41 | * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 | ||
| 42 | * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 | ||
| 43 | * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 | ||
| 44 | * sign verify sign/s verify/s | ||
| 45 | * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 | ||
| 46 | * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 | ||
| 47 | * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 | ||
| 48 | * | ||
| 49 | * For the reference. IA-32 assembler implementation performs | ||
| 50 | * very much like 64-bit code compiled with no-asm on the same | ||
| 51 | * machine. | ||
| 30 | */ | 52 | */ | 
| 31 | 53 | ||
| 32 | #define BN_ULONG unsigned long | 54 | #define BN_ULONG unsigned long | 
| @@ -151,7 +173,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | |||
| 151 | } | 173 | } | 
| 152 | 174 | ||
| 153 | BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | 175 | BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | 
| 154 | { BN_ULONG ret,i; | 176 | { BN_ULONG ret=0,i=0; | 
| 155 | 177 | ||
| 156 | if (n <= 0) return 0; | 178 | if (n <= 0) return 0; | 
| 157 | 179 | ||
| @@ -164,7 +186,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | |||
| 164 | " leaq 1(%2),%2 \n" | 186 | " leaq 1(%2),%2 \n" | 
| 165 | " loop 1b \n" | 187 | " loop 1b \n" | 
| 166 | " sbbq %0,%0 \n" | 188 | " sbbq %0,%0 \n" | 
| 167 | : "+a"(ret),"+c"(n),"+r"(i) | 189 | : "=&a"(ret),"+c"(n),"=&r"(i) | 
| 168 | : "r"(rp),"r"(ap),"r"(bp) | 190 | : "r"(rp),"r"(ap),"r"(bp) | 
| 169 | : "cc" | 191 | : "cc" | 
| 170 | ); | 192 | ); | 
| @@ -174,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | |||
| 174 | 196 | ||
| 175 | #ifndef SIMICS | 197 | #ifndef SIMICS | 
| 176 | BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | 198 | BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | 
| 177 | { BN_ULONG ret,i; | 199 | { BN_ULONG ret=0,i=0; | 
| 178 | 200 | ||
| 179 | if (n <= 0) return 0; | 201 | if (n <= 0) return 0; | 
| 180 | 202 | ||
| @@ -187,7 +209,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) | |||
| 187 | " leaq 1(%2),%2 \n" | 209 | " leaq 1(%2),%2 \n" | 
| 188 | " loop 1b \n" | 210 | " loop 1b \n" | 
| 189 | " sbbq %0,%0 \n" | 211 | " sbbq %0,%0 \n" | 
| 190 | : "+a"(ret),"+c"(n),"+r"(i) | 212 | : "=&a"(ret),"+c"(n),"=&r"(i) | 
| 191 | : "r"(rp),"r"(ap),"r"(bp) | 213 | : "r"(rp),"r"(ap),"r"(bp) | 
| 192 | : "cc" | 214 | : "cc" | 
| 193 | ); | 215 | ); | 
| @@ -318,7 +340,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 318 | 340 | ||
| 319 | void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | 341 | void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | 
| 320 | { | 342 | { | 
| 321 | BN_ULONG bl,bh; | ||
| 322 | BN_ULONG t1,t2; | 343 | BN_ULONG t1,t2; | 
| 323 | BN_ULONG c1,c2,c3; | 344 | BN_ULONG c1,c2,c3; | 
| 324 | 345 | ||
| @@ -423,7 +444,6 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | |||
| 423 | 444 | ||
| 424 | void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | 445 | void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | 
| 425 | { | 446 | { | 
| 426 | BN_ULONG bl,bh; | ||
| 427 | BN_ULONG t1,t2; | 447 | BN_ULONG t1,t2; | 
| 428 | BN_ULONG c1,c2,c3; | 448 | BN_ULONG c1,c2,c3; | 
| 429 | 449 | ||
| @@ -464,7 +484,6 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | |||
| 464 | 484 | ||
| 465 | void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | 485 | void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | 
| 466 | { | 486 | { | 
| 467 | BN_ULONG bl,bh; | ||
| 468 | BN_ULONG t1,t2; | 487 | BN_ULONG t1,t2; | 
| 469 | BN_ULONG c1,c2,c3; | 488 | BN_ULONG c1,c2,c3; | 
| 470 | 489 | ||
| @@ -541,7 +560,6 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | |||
| 541 | 560 | ||
| 542 | void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) | 561 | void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) | 
| 543 | { | 562 | { | 
| 544 | BN_ULONG bl,bh; | ||
| 545 | BN_ULONG t1,t2; | 563 | BN_ULONG t1,t2; | 
| 546 | BN_ULONG c1,c2,c3; | 564 | BN_ULONG c1,c2,c3; | 
| 547 | 565 | ||
| diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index c9ebdbaabe..b79b1b60da 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c | |||
| @@ -273,7 +273,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 273 | 273 | ||
| 274 | BN_init(&Ri); | 274 | BN_init(&Ri); | 
| 275 | R= &(mont->RR); /* grab RR as a temp */ | 275 | R= &(mont->RR); /* grab RR as a temp */ | 
| 276 | BN_copy(&(mont->N),mod); /* Set N */ | 276 | if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ | 
| 277 | mont->N.neg = 0; | 277 | mont->N.neg = 0; | 
| 278 | 278 | ||
| 279 | #ifdef MONT_WORD | 279 | #ifdef MONT_WORD | 
| diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c index 76e40005c9..dc4791a8cf 100644 --- a/src/lib/libcrypto/cast/c_skey.c +++ b/src/lib/libcrypto/cast/c_skey.c | |||
| @@ -56,7 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] | 
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include <openssl/crypto.h> | ||
| 59 | #include <openssl/cast.h> | 60 | #include <openssl/cast.h> | 
| 61 | |||
| 60 | #include "cast_lcl.h" | 62 | #include "cast_lcl.h" | 
| 61 | #include "cast_s.h" | 63 | #include "cast_s.h" | 
| 62 | 64 | ||
| @@ -72,7 +74,7 @@ | |||
| 72 | #define S6 CAST_S_table6 | 74 | #define S6 CAST_S_table6 | 
| 73 | #define S7 CAST_S_table7 | 75 | #define S7 CAST_S_table7 | 
| 74 | 76 | ||
| 75 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) | 77 | FIPS_NON_FIPS_VCIPHER_Init(CAST) | 
| 76 | { | 78 | { | 
| 77 | CAST_LONG x[16]; | 79 | CAST_LONG x[16]; | 
| 78 | CAST_LONG z[16]; | 80 | CAST_LONG z[16]; | 
| diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h index b28e4e4f3b..9e300178d9 100644 --- a/src/lib/libcrypto/cast/cast.h +++ b/src/lib/libcrypto/cast/cast.h | |||
| @@ -81,7 +81,10 @@ typedef struct cast_key_st | |||
| 81 | int short_key; /* Use reduced rounds for short key */ | 81 | int short_key; /* Use reduced rounds for short key */ | 
| 82 | } CAST_KEY; | 82 | } CAST_KEY; | 
| 83 | 83 | ||
| 84 | 84 | ||
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); | ||
| 87 | #endif | ||
| 85 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); | 88 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); | 
| 86 | void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, | 89 | void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, | 
| 87 | int enc); | 90 | int enc); | 
| diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c index 8c0876151a..1bd2850d15 100644 --- a/src/lib/libcrypto/comp/c_zlib.c +++ b/src/lib/libcrypto/comp/c_zlib.c | |||
| @@ -3,6 +3,7 @@ | |||
| 3 | #include <string.h> | 3 | #include <string.h> | 
| 4 | #include <openssl/objects.h> | 4 | #include <openssl/objects.h> | 
| 5 | #include <openssl/comp.h> | 5 | #include <openssl/comp.h> | 
| 6 | #include <openssl/err.h> | ||
| 6 | 7 | ||
| 7 | COMP_METHOD *COMP_zlib(void ); | 8 | COMP_METHOD *COMP_zlib(void ); | 
| 8 | 9 | ||
| @@ -189,7 +190,17 @@ COMP_METHOD *COMP_zlib(void) | |||
| 189 | if (!zlib_loaded) | 190 | if (!zlib_loaded) | 
| 190 | { | 191 | { | 
| 191 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | 192 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | 
| 192 | zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); | 193 | zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); | 
| 194 | if (!zlib_dso) | ||
| 195 | { | ||
| 196 | zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); | ||
| 197 | if (zlib_dso) | ||
| 198 | { | ||
| 199 | /* Clear the errors from the first failed | ||
| 200 | DSO_load() */ | ||
| 201 | ERR_clear_error(); | ||
| 202 | } | ||
| 203 | } | ||
| 193 | #else | 204 | #else | 
| 194 | zlib_dso = DSO_load(NULL, "z", NULL, 0); | 205 | zlib_dso = DSO_load(NULL, "z", NULL, 0); | 
| 195 | #endif | 206 | #endif | 
| diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c index 2e9f52f1fd..b5a876ae68 100644 --- a/src/lib/libcrypto/conf/conf_def.c +++ b/src/lib/libcrypto/conf/conf_def.c | |||
| @@ -632,6 +632,11 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) | |||
| 632 | BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); | 632 | BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from))); | 
| 633 | while (*p) | 633 | while (*p) | 
| 634 | buf->data[to++]= *(p++); | 634 | buf->data[to++]= *(p++); | 
| 635 | |||
| 636 | /* Since we change the pointer 'from', we also have | ||
| 637 | to change the perceived length of the string it | ||
| 638 | points at. /RL */ | ||
| 639 | len -= e-from; | ||
| 635 | from=e; | 640 | from=e; | 
| 636 | } | 641 | } | 
| 637 | else | 642 | else | 
| diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index 2924def2bb..fef0afb29f 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c | |||
| @@ -105,7 +105,9 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = | |||
| 105 | "engine", | 105 | "engine", | 
| 106 | "ui", | 106 | "ui", | 
| 107 | "hwcrhk", /* This is a HACK which will disappear in 0.9.8 */ | 107 | "hwcrhk", /* This is a HACK which will disappear in 0.9.8 */ | 
| 108 | #if CRYPTO_NUM_LOCKS != 33 | 108 | "fips", | 
| 109 | "fips2", | ||
| 110 | #if CRYPTO_NUM_LOCKS != 35 | ||
| 109 | # error "Inconsistency between crypto.h and cryptlib.c" | 111 | # error "Inconsistency between crypto.h and cryptlib.c" | 
| 110 | #endif | 112 | #endif | 
| 111 | }; | 113 | }; | 
| @@ -478,13 +480,12 @@ const char *CRYPTO_get_lock_name(int type) | |||
| 478 | return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); | 480 | return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); | 
| 479 | } | 481 | } | 
| 480 | 482 | ||
| 481 | #ifdef _DLL | 483 | #if defined(_WIN32) && defined(_WINDLL) | 
| 482 | #ifdef OPENSSL_SYS_WIN32 | ||
| 483 | 484 | ||
| 484 | /* All we really need to do is remove the 'error' state when a thread | 485 | /* All we really need to do is remove the 'error' state when a thread | 
| 485 | * detaches */ | 486 | * detaches */ | 
| 486 | 487 | ||
| 487 | BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, | 488 | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, | 
| 488 | LPVOID lpvReserved) | 489 | LPVOID lpvReserved) | 
| 489 | { | 490 | { | 
| 490 | switch(fdwReason) | 491 | switch(fdwReason) | 
| @@ -503,8 +504,6 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, | |||
| 503 | } | 504 | } | 
| 504 | #endif | 505 | #endif | 
| 505 | 506 | ||
| 506 | #endif | ||
| 507 | |||
| 508 | void OpenSSLDie(const char *file,int line,const char *assertion) | 507 | void OpenSSLDie(const char *file,int line,const char *assertion) | 
| 509 | { | 508 | { | 
| 510 | fprintf(stderr, | 509 | fprintf(stderr, | 
| @@ -512,3 +511,122 @@ void OpenSSLDie(const char *file,int line,const char *assertion) | |||
| 512 | file,line,assertion); | 511 | file,line,assertion); | 
| 513 | abort(); | 512 | abort(); | 
| 514 | } | 513 | } | 
| 514 | |||
| 515 | #ifdef OPENSSL_FIPS | ||
| 516 | static int fips_started = 0; | ||
| 517 | static int fips_mode = 0; | ||
| 518 | static void *fips_rand_check = 0; | ||
| 519 | static unsigned long fips_thread = 0; | ||
| 520 | |||
| 521 | void fips_set_started(void) | ||
| 522 | { | ||
| 523 | fips_started = 1; | ||
| 524 | } | ||
| 525 | |||
| 526 | int fips_is_started(void) | ||
| 527 | { | ||
| 528 | return fips_started; | ||
| 529 | } | ||
| 530 | |||
| 531 | int fips_is_owning_thread(void) | ||
| 532 | { | ||
| 533 | int ret = 0; | ||
| 534 | |||
| 535 | if (fips_is_started()) | ||
| 536 | { | ||
| 537 | CRYPTO_r_lock(CRYPTO_LOCK_FIPS2); | ||
| 538 | if (fips_thread != 0 && fips_thread == CRYPTO_thread_id()) | ||
| 539 | ret = 1; | ||
| 540 | CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2); | ||
| 541 | } | ||
| 542 | return ret; | ||
| 543 | } | ||
| 544 | |||
| 545 | int fips_set_owning_thread(void) | ||
| 546 | { | ||
| 547 | int ret = 0; | ||
| 548 | |||
| 549 | if (fips_is_started()) | ||
| 550 | { | ||
| 551 | CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | ||
| 552 | if (fips_thread == 0) | ||
| 553 | { | ||
| 554 | fips_thread = CRYPTO_thread_id(); | ||
| 555 | ret = 1; | ||
| 556 | } | ||
| 557 | CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | ||
| 558 | } | ||
| 559 | return ret; | ||
| 560 | } | ||
| 561 | |||
| 562 | int fips_clear_owning_thread(void) | ||
| 563 | { | ||
| 564 | int ret = 0; | ||
| 565 | |||
| 566 | if (fips_is_started()) | ||
| 567 | { | ||
| 568 | CRYPTO_w_lock(CRYPTO_LOCK_FIPS2); | ||
| 569 | if (fips_thread == CRYPTO_thread_id()) | ||
| 570 | { | ||
| 571 | fips_thread = 0; | ||
| 572 | ret = 1; | ||
| 573 | } | ||
| 574 | CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2); | ||
| 575 | } | ||
| 576 | return ret; | ||
| 577 | } | ||
| 578 | |||
| 579 | void fips_set_mode(int onoff) | ||
| 580 | { | ||
| 581 | int owning_thread = fips_is_owning_thread(); | ||
| 582 | |||
| 583 | if (fips_is_started()) | ||
| 584 | { | ||
| 585 | if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); | ||
| 586 | fips_mode = onoff; | ||
| 587 | if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); | ||
| 588 | } | ||
| 589 | } | ||
| 590 | |||
| 591 | void fips_set_rand_check(void *rand_check) | ||
| 592 | { | ||
| 593 | int owning_thread = fips_is_owning_thread(); | ||
| 594 | |||
| 595 | if (fips_is_started()) | ||
| 596 | { | ||
| 597 | if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); | ||
| 598 | fips_rand_check = rand_check; | ||
| 599 | if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); | ||
| 600 | } | ||
| 601 | } | ||
| 602 | |||
| 603 | int FIPS_mode(void) | ||
| 604 | { | ||
| 605 | int ret = 0; | ||
| 606 | int owning_thread = fips_is_owning_thread(); | ||
| 607 | |||
| 608 | if (fips_is_started()) | ||
| 609 | { | ||
| 610 | if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); | ||
| 611 | ret = fips_mode; | ||
| 612 | if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); | ||
| 613 | } | ||
| 614 | return ret; | ||
| 615 | } | ||
| 616 | |||
| 617 | void *FIPS_rand_check(void) | ||
| 618 | { | ||
| 619 | void *ret = 0; | ||
| 620 | int owning_thread = fips_is_owning_thread(); | ||
| 621 | |||
| 622 | if (fips_is_started()) | ||
| 623 | { | ||
| 624 | if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); | ||
| 625 | ret = fips_rand_check; | ||
| 626 | if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); | ||
| 627 | } | ||
| 628 | return ret; | ||
| 629 | } | ||
| 630 | |||
| 631 | #endif /* OPENSSL_FIPS */ | ||
| 632 | |||
| diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index 273bc5e3f8..4d1dfac7f1 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h | |||
| @@ -128,7 +128,9 @@ extern "C" { | |||
| 128 | #define CRYPTO_LOCK_ENGINE 30 | 128 | #define CRYPTO_LOCK_ENGINE 30 | 
| 129 | #define CRYPTO_LOCK_UI 31 | 129 | #define CRYPTO_LOCK_UI 31 | 
| 130 | #define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ | 130 | #define CRYPTO_LOCK_HWCRHK 32 /* This is a HACK which will disappear in 0.9.8 */ | 
| 131 | #define CRYPTO_NUM_LOCKS 33 | 131 | #define CRYPTO_LOCK_FIPS 33 | 
| 132 | #define CRYPTO_LOCK_FIPS2 34 | ||
| 133 | #define CRYPTO_NUM_LOCKS 35 | ||
| 132 | 134 | ||
| 133 | #define CRYPTO_LOCK 1 | 135 | #define CRYPTO_LOCK 1 | 
| 134 | #define CRYPTO_UNLOCK 2 | 136 | #define CRYPTO_UNLOCK 2 | 
| @@ -434,6 +436,63 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); | |||
| 434 | void OpenSSLDie(const char *file,int line,const char *assertion); | 436 | void OpenSSLDie(const char *file,int line,const char *assertion); | 
| 435 | #define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | 437 | #define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) | 
| 436 | 438 | ||
| 439 | #ifdef OPENSSL_FIPS | ||
| 440 | int FIPS_mode(void); | ||
| 441 | void *FIPS_rand_check(void); | ||
| 442 | |||
| 443 | #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 444 | alg " previous FIPS forbidden algorithm error ignored"); | ||
| 445 | |||
| 446 | #define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ | ||
| 447 | #alg " Algorithm forbidden in FIPS mode"); | ||
| 448 | |||
| 449 | #ifdef OPENSSL_FIPS_STRICT | ||
| 450 | #define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) | ||
| 451 | #else | ||
| 452 | #define FIPS_BAD_ALGORITHM(alg) \ | ||
| 453 | { \ | ||
| 454 | FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ | ||
| 455 | ERR_add_error_data(2, "Algorithm=", #alg); \ | ||
| 456 | return 0; \ | ||
| 457 | } | ||
| 458 | #endif | ||
| 459 | |||
| 460 | /* Low level digest API blocking macro */ | ||
| 461 | |||
| 462 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 463 | int alg##_Init(alg##_CTX *c) \ | ||
| 464 | { \ | ||
| 465 | if (FIPS_mode()) \ | ||
| 466 | FIPS_BAD_ALGORITHM(alg) \ | ||
| 467 | return private_##alg##_Init(c); \ | ||
| 468 | } \ | ||
| 469 | int private_##alg##_Init(alg##_CTX *c) | ||
| 470 | |||
| 471 | /* For ciphers the API often varies from cipher to cipher and each needs to | ||
| 472 | * be treated as a special case. Variable key length ciphers (Blowfish, RC4, | ||
| 473 | * CAST) however are very similar and can use a blocking macro. | ||
| 474 | */ | ||
| 475 | |||
| 476 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 477 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ | ||
| 478 | { \ | ||
| 479 | if (FIPS_mode()) \ | ||
| 480 | FIPS_BAD_ABORT(alg) \ | ||
| 481 | private_##alg##_set_key(key, len, data); \ | ||
| 482 | } \ | ||
| 483 | void private_##alg##_set_key(alg##_KEY *key, int len, \ | ||
| 484 | const unsigned char *data) | ||
| 485 | |||
| 486 | #else | ||
| 487 | |||
| 488 | #define FIPS_NON_FIPS_VCIPHER_Init(alg) \ | ||
| 489 | void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) | ||
| 490 | |||
| 491 | #define FIPS_NON_FIPS_MD_Init(alg) \ | ||
| 492 | int alg##_Init(alg##_CTX *c) | ||
| 493 | |||
| 494 | #endif /* def OPENSSL_FIPS */ | ||
| 495 | |||
| 437 | /* BEGIN ERROR CODES */ | 496 | /* BEGIN ERROR CODES */ | 
| 438 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 497 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 
| 439 | * made after this point may be overwritten when the script is next run. | 498 | * made after this point may be overwritten when the script is next run. | 
| diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c index 60c1aa08db..f3c6018528 100644 --- a/src/lib/libcrypto/des/cfb64ede.c +++ b/src/lib/libcrypto/des/cfb64ede.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" | 
| 60 | #include "e_os.h" | ||
| 60 | 61 | ||
| 61 | /* The input and output encrypted as though 64bit cfb mode is being | 62 | /* The input and output encrypted as though 64bit cfb mode is being | 
| 62 | * used. The extra state information to record how much of the | 63 | * used. The extra state information to record how much of the | 
| @@ -140,3 +141,114 @@ void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | |||
| 140 | DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); | 141 | DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); | 
| 141 | } | 142 | } | 
| 142 | #endif | 143 | #endif | 
| 144 | |||
| 145 | /* This is compatible with the single key CFB-r for DES, even thought that's | ||
| 146 | * not what EVP needs. | ||
| 147 | */ | ||
| 148 | |||
| 149 | void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, | ||
| 150 | int numbits,long length,DES_key_schedule *ks1, | ||
| 151 | DES_key_schedule *ks2,DES_key_schedule *ks3, | ||
| 152 | DES_cblock *ivec,int enc) | ||
| 153 | { | ||
| 154 | register DES_LONG d0,d1,v0,v1; | ||
| 155 | register long l=length; | ||
| 156 | register int num=numbits,n=(numbits+7)/8,i; | ||
| 157 | DES_LONG ti[2]; | ||
| 158 | unsigned char *iv; | ||
| 159 | unsigned char ovec[16]; | ||
| 160 | |||
| 161 | if (num > 64) return; | ||
| 162 | iv = &(*ivec)[0]; | ||
| 163 | c2l(iv,v0); | ||
| 164 | c2l(iv,v1); | ||
| 165 | if (enc) | ||
| 166 | { | ||
| 167 | while (l >= n) | ||
| 168 | { | ||
| 169 | l-=n; | ||
| 170 | ti[0]=v0; | ||
| 171 | ti[1]=v1; | ||
| 172 | DES_encrypt3(ti,ks1,ks2,ks3); | ||
| 173 | c2ln(in,d0,d1,n); | ||
| 174 | in+=n; | ||
| 175 | d0^=ti[0]; | ||
| 176 | d1^=ti[1]; | ||
| 177 | l2cn(d0,d1,out,n); | ||
| 178 | out+=n; | ||
| 179 | /* 30-08-94 - eay - changed because l>>32 and | ||
| 180 | * l<<32 are bad under gcc :-( */ | ||
| 181 | if (num == 32) | ||
| 182 | { v0=v1; v1=d0; } | ||
| 183 | else if (num == 64) | ||
| 184 | { v0=d0; v1=d1; } | ||
| 185 | else | ||
| 186 | { | ||
| 187 | iv=&ovec[0]; | ||
| 188 | l2c(v0,iv); | ||
| 189 | l2c(v1,iv); | ||
| 190 | l2c(d0,iv); | ||
| 191 | l2c(d1,iv); | ||
| 192 | /* shift ovec left most of the bits... */ | ||
| 193 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | ||
| 194 | /* now the remaining bits */ | ||
| 195 | if(num%8 != 0) | ||
| 196 | for(i=0 ; i < 8 ; ++i) | ||
| 197 | { | ||
| 198 | ovec[i]<<=num%8; | ||
| 199 | ovec[i]|=ovec[i+1]>>(8-num%8); | ||
| 200 | } | ||
| 201 | iv=&ovec[0]; | ||
| 202 | c2l(iv,v0); | ||
| 203 | c2l(iv,v1); | ||
| 204 | } | ||
| 205 | } | ||
| 206 | } | ||
| 207 | else | ||
| 208 | { | ||
| 209 | while (l >= n) | ||
| 210 | { | ||
| 211 | l-=n; | ||
| 212 | ti[0]=v0; | ||
| 213 | ti[1]=v1; | ||
| 214 | DES_encrypt3(ti,ks1,ks2,ks3); | ||
| 215 | c2ln(in,d0,d1,n); | ||
| 216 | in+=n; | ||
| 217 | /* 30-08-94 - eay - changed because l>>32 and | ||
| 218 | * l<<32 are bad under gcc :-( */ | ||
| 219 | if (num == 32) | ||
| 220 | { v0=v1; v1=d0; } | ||
| 221 | else if (num == 64) | ||
| 222 | { v0=d0; v1=d1; } | ||
| 223 | else | ||
| 224 | { | ||
| 225 | iv=&ovec[0]; | ||
| 226 | l2c(v0,iv); | ||
| 227 | l2c(v1,iv); | ||
| 228 | l2c(d0,iv); | ||
| 229 | l2c(d1,iv); | ||
| 230 | /* shift ovec left most of the bits... */ | ||
| 231 | memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); | ||
| 232 | /* now the remaining bits */ | ||
| 233 | if(num%8 != 0) | ||
| 234 | for(i=0 ; i < 8 ; ++i) | ||
| 235 | { | ||
| 236 | ovec[i]<<=num%8; | ||
| 237 | ovec[i]|=ovec[i+1]>>(8-num%8); | ||
| 238 | } | ||
| 239 | iv=&ovec[0]; | ||
| 240 | c2l(iv,v0); | ||
| 241 | c2l(iv,v1); | ||
| 242 | } | ||
| 243 | d0^=ti[0]; | ||
| 244 | d1^=ti[1]; | ||
| 245 | l2cn(d0,d1,out,n); | ||
| 246 | out+=n; | ||
| 247 | } | ||
| 248 | } | ||
| 249 | iv = &(*ivec)[0]; | ||
| 250 | l2c(v0,iv); | ||
| 251 | l2c(v1,iv); | ||
| 252 | v0=v1=d0=d1=ti[0]=ti[1]=0; | ||
| 253 | } | ||
| 254 | |||
| diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h index daaf239dbe..c5df1c9c7b 100644 --- a/src/lib/libcrypto/des/des.h +++ b/src/lib/libcrypto/des/des.h | |||
| @@ -128,7 +128,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ | |||
| 128 | #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) | 128 | #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) | 
| 129 | 129 | ||
| 130 | const char *DES_options(void); | 130 | const char *DES_options(void); | 
| 131 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, | 131 | void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output, | 
| 132 | DES_key_schedule *ks1,DES_key_schedule *ks2, | 132 | DES_key_schedule *ks1,DES_key_schedule *ks2, | 
| 133 | DES_key_schedule *ks3, int enc); | 133 | DES_key_schedule *ks3, int enc); | 
| 134 | DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, | 134 | DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, | 
| @@ -187,6 +187,10 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, | |||
| 187 | long length,DES_key_schedule *ks1, | 187 | long length,DES_key_schedule *ks1, | 
| 188 | DES_key_schedule *ks2,DES_key_schedule *ks3, | 188 | DES_key_schedule *ks2,DES_key_schedule *ks3, | 
| 189 | DES_cblock *ivec,int *num,int enc); | 189 | DES_cblock *ivec,int *num,int enc); | 
| 190 | void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, | ||
| 191 | int numbits,long length,DES_key_schedule *ks1, | ||
| 192 | DES_key_schedule *ks2,DES_key_schedule *ks3, | ||
| 193 | DES_cblock *ivec,int enc); | ||
| 190 | void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, | 194 | void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, | 
| 191 | long length,DES_key_schedule *ks1, | 195 | long length,DES_key_schedule *ks1, | 
| 192 | DES_key_schedule *ks2,DES_key_schedule *ks3, | 196 | DES_key_schedule *ks2,DES_key_schedule *ks3, | 
| diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c index 1c37ab96d3..72be2d98d7 100644 --- a/src/lib/libcrypto/des/des_enc.c +++ b/src/lib/libcrypto/des/des_enc.c | |||
| @@ -58,6 +58,8 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" | 
| 60 | 60 | ||
| 61 | #ifndef OPENSSL_FIPS | ||
| 62 | |||
| 61 | void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) | 63 | void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) | 
| 62 | { | 64 | { | 
| 63 | register DES_LONG l,r,t,u; | 65 | register DES_LONG l,r,t,u; | 
| @@ -287,8 +289,12 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, | |||
| 287 | data[1]=r; | 289 | data[1]=r; | 
| 288 | } | 290 | } | 
| 289 | 291 | ||
| 292 | #endif /* ndef OPENSSL_FIPS */ | ||
| 293 | |||
| 290 | #ifndef DES_DEFAULT_OPTIONS | 294 | #ifndef DES_DEFAULT_OPTIONS | 
| 291 | 295 | ||
| 296 | #if !defined(OPENSSL_FIPS_DES_ASM) | ||
| 297 | |||
| 292 | #undef CBC_ENC_C__DONT_UPDATE_IV | 298 | #undef CBC_ENC_C__DONT_UPDATE_IV | 
| 293 | #include "ncbc_enc.c" /* DES_ncbc_encrypt */ | 299 | #include "ncbc_enc.c" /* DES_ncbc_encrypt */ | 
| 294 | 300 | ||
| @@ -404,4 +410,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, | |||
| 404 | tin[0]=tin[1]=0; | 410 | tin[0]=tin[1]=0; | 
| 405 | } | 411 | } | 
| 406 | 412 | ||
| 413 | #endif /* !defined(OPENSSL_FIPS_DES_ASM) */ | ||
| 414 | |||
| 407 | #endif /* DES_DEFAULT_OPTIONS */ | 415 | #endif /* DES_DEFAULT_OPTIONS */ | 
| diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c index c3437bc606..fa0c9c4d4f 100644 --- a/src/lib/libcrypto/des/ecb3_enc.c +++ b/src/lib/libcrypto/des/ecb3_enc.c | |||
| @@ -58,15 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" | 
| 60 | 60 | ||
| 61 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, | 61 | void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out, | 
| 62 | DES_key_schedule *ks1, DES_key_schedule *ks2, | 62 | DES_key_schedule *ks1, DES_key_schedule *ks2, | 
| 63 | DES_key_schedule *ks3, | 63 | DES_key_schedule *ks3, | 
| 64 | int enc) | 64 | int enc) | 
| 65 | { | 65 | { | 
| 66 | register DES_LONG l0,l1; | 66 | register DES_LONG l0,l1; | 
| 67 | DES_LONG ll[2]; | 67 | DES_LONG ll[2]; | 
| 68 | const unsigned char *in = &(*input)[0]; | ||
| 69 | unsigned char *out = &(*output)[0]; | ||
| 70 | 68 | ||
| 71 | c2l(in,l0); | 69 | c2l(in,l0); | 
| 72 | c2l(in,l1); | 70 | c2l(in,l1); | 
| diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c index 143008ed9c..8881d46a7a 100644 --- a/src/lib/libcrypto/des/set_key.c +++ b/src/lib/libcrypto/des/set_key.c | |||
| @@ -65,6 +65,8 @@ | |||
| 65 | */ | 65 | */ | 
| 66 | #include "des_locl.h" | 66 | #include "des_locl.h" | 
| 67 | 67 | ||
| 68 | #ifndef OPENSSL_FIPS | ||
| 69 | |||
| 68 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ | 70 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ | 
| 69 | 71 | ||
| 70 | static const unsigned char odd_parity[256]={ | 72 | static const unsigned char odd_parity[256]={ | 
| @@ -405,3 +407,5 @@ void des_fixup_key_parity(des_cblock *key) | |||
| 405 | des_set_odd_parity(key); | 407 | des_set_odd_parity(key); | 
| 406 | } | 408 | } | 
| 407 | */ | 409 | */ | 
| 410 | |||
| 411 | #endif /* ndef OPENSSL_FIPS */ | ||
| diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index f0373f7d68..a7e9920efb 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c | |||
| @@ -70,6 +70,8 @@ | |||
| 70 | * should hold. | 70 | * should hold. | 
| 71 | */ | 71 | */ | 
| 72 | 72 | ||
| 73 | #ifndef OPENSSL_FIPS | ||
| 74 | |||
| 73 | int DH_check(const DH *dh, int *ret) | 75 | int DH_check(const DH *dh, int *ret) | 
| 74 | { | 76 | { | 
| 75 | int ok=0; | 77 | int ok=0; | 
| @@ -118,3 +120,5 @@ err: | |||
| 118 | if (q != NULL) BN_free(q); | 120 | if (q != NULL) BN_free(q); | 
| 119 | return(ok); | 121 | return(ok); | 
| 120 | } | 122 | } | 
| 123 | |||
| 124 | #endif | ||
| diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index d837950aec..c2715044c9 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/dh/dh_err.c */ | 1 | /* crypto/dh/dh_err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 06f78b35ab..23777f5a16 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c | |||
| @@ -86,6 +86,9 @@ | |||
| 86 | * It's just as OK (and in some sense better) to use a generator of the | 86 | * It's just as OK (and in some sense better) to use a generator of the | 
| 87 | * order-q subgroup. | 87 | * order-q subgroup. | 
| 88 | */ | 88 | */ | 
| 89 | |||
| 90 | #ifndef OPENSSL_FIPS | ||
| 91 | |||
| 89 | DH *DH_generate_parameters(int prime_len, int generator, | 92 | DH *DH_generate_parameters(int prime_len, int generator, | 
| 90 | void (*callback)(int,int,void *), void *cb_arg) | 93 | void (*callback)(int,int,void *), void *cb_arg) | 
| 91 | { | 94 | { | 
| @@ -146,6 +149,7 @@ DH *DH_generate_parameters(int prime_len, int generator, | |||
| 146 | if (callback != NULL) callback(3,0,cb_arg); | 149 | if (callback != NULL) callback(3,0,cb_arg); | 
| 147 | ret->p=p; | 150 | ret->p=p; | 
| 148 | ret->g=BN_new(); | 151 | ret->g=BN_new(); | 
| 152 | if (ret->g == NULL) goto err; | ||
| 149 | if (!BN_set_word(ret->g,g)) goto err; | 153 | if (!BN_set_word(ret->g,g)) goto err; | 
| 150 | ok=1; | 154 | ok=1; | 
| 151 | err: | 155 | err: | 
| @@ -167,3 +171,5 @@ err: | |||
| 167 | } | 171 | } | 
| 168 | return(ret); | 172 | return(ret); | 
| 169 | } | 173 | } | 
| 174 | |||
| 175 | #endif | ||
| diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 77f2f50b51..ff125c2296 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -62,6 +62,8 @@ | |||
| 62 | #include <openssl/rand.h> | 62 | #include <openssl/rand.h> | 
| 63 | #include <openssl/dh.h> | 63 | #include <openssl/dh.h> | 
| 64 | 64 | ||
| 65 | #ifndef OPENSSL_FIPS | ||
| 66 | |||
| 65 | static int generate_key(DH *dh); | 67 | static int generate_key(DH *dh); | 
| 66 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); | 68 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); | 
| 67 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | 69 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | 
| @@ -220,3 +222,5 @@ static int dh_finish(DH *dh) | |||
| 220 | BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); | 222 | BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); | 
| 221 | return(1); | 223 | return(1); | 
| 222 | } | 224 | } | 
| 225 | |||
| 226 | #endif | ||
| diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod index e01beb817a..cdfa7fe1fe 100644 --- a/src/lib/libcrypto/doc/ERR_error_string.pod +++ b/src/lib/libcrypto/doc/ERR_error_string.pod | |||
| @@ -11,7 +11,7 @@ error message | |||
| 11 | #include <openssl/err.h> | 11 | #include <openssl/err.h> | 
| 12 | 12 | ||
| 13 | char *ERR_error_string(unsigned long e, char *buf); | 13 | char *ERR_error_string(unsigned long e, char *buf); | 
| 14 | char *ERR_error_string_n(unsigned long e, char *buf, size_t len); | 14 | void ERR_error_string_n(unsigned long e, char *buf, size_t len); | 
| 15 | 15 | ||
| 16 | const char *ERR_lib_error_string(unsigned long e); | 16 | const char *ERR_lib_error_string(unsigned long e); | 
| 17 | const char *ERR_func_error_string(unsigned long e); | 17 | const char *ERR_func_error_string(unsigned long e); | 
| diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index daf57e5895..40e525dd56 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod | |||
| @@ -479,6 +479,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an | |||
| 479 | if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) | 479 | if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) | 
| 480 | { | 480 | { | 
| 481 | /* Error */ | 481 | /* Error */ | 
| 482 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 482 | return 0; | 483 | return 0; | 
| 483 | } | 484 | } | 
| 484 | fwrite(outbuf, 1, outlen, out); | 485 | fwrite(outbuf, 1, outlen, out); | 
| @@ -486,6 +487,7 @@ General encryption, decryption function example using FILE I/O and RC2 with an | |||
| 486 | if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) | 487 | if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) | 
| 487 | { | 488 | { | 
| 488 | /* Error */ | 489 | /* Error */ | 
| 490 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 489 | return 0; | 491 | return 0; | 
| 490 | } | 492 | } | 
| 491 | fwrite(outbuf, 1, outlen, out); | 493 | fwrite(outbuf, 1, outlen, out); | 
| diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod index b5e477e294..48a0e29954 100644 --- a/src/lib/libcrypto/doc/EVP_SealInit.pod +++ b/src/lib/libcrypto/doc/EVP_SealInit.pod | |||
| @@ -8,8 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption | |||
| 8 | 8 | ||
| 9 | #include <openssl/evp.h> | 9 | #include <openssl/evp.h> | 
| 10 | 10 | ||
| 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, | 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | 
| 12 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); | 12 | unsigned char **ek, int *ekl, unsigned char *iv, | 
| 13 | EVP_PKEY **pubk, int npubk); | ||
| 13 | int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 14 | int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 
| 14 | int *outl, unsigned char *in, int inl); | 15 | int *outl, unsigned char *in, int inl); | 
| 15 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 16 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 
| diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod index b203c3a1c5..b6e62ce7f6 100644 --- a/src/lib/libcrypto/doc/EVP_SignInit.pod +++ b/src/lib/libcrypto/doc/EVP_SignInit.pod | |||
| @@ -29,11 +29,10 @@ EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the | |||
| 29 | signature context B<ctx>. This function can be called several times on the | 29 | signature context B<ctx>. This function can be called several times on the | 
| 30 | same B<ctx> to include additional data. | 30 | same B<ctx> to include additional data. | 
| 31 | 31 | ||
| 32 | EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> | 32 | EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and | 
| 33 | and places the signature in B<sig>. If the B<s> parameter is not NULL | 33 | places the signature in B<sig>. The number of bytes of data written (i.e. the | 
| 34 | then the number of bytes of data written (i.e. the length of the signature) | 34 | length of the signature) will be written to the integer at B<s>, at most | 
| 35 | will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes | 35 | EVP_PKEY_size(pkey) bytes will be written. | 
| 36 | will be written. | ||
| 37 | 36 | ||
| 38 | EVP_SignInit() initializes a signing context B<ctx> to use the default | 37 | EVP_SignInit() initializes a signing context B<ctx> to use the default | 
| 39 | implementation of digest B<type>. | 38 | implementation of digest B<type>. | 
| diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod index d53e19d2b7..ab0fe3b2cd 100644 --- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod +++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod | |||
| @@ -47,9 +47,10 @@ Encrypting user data directly with RSA is insecure. | |||
| 47 | =back | 47 | =back | 
| 48 | 48 | ||
| 49 | B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 | 49 | B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 | 
| 50 | based padding modes, and less than RSA_size(B<rsa>) - 41 for | 50 | based padding modes, less than RSA_size(B<rsa>) - 41 for | 
| 51 | RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded | 51 | RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING. | 
| 52 | prior to calling RSA_public_encrypt(). | 52 | The random number generator must be seeded prior to calling | 
| 53 | RSA_public_encrypt(). | ||
| 53 | 54 | ||
| 54 | RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the | 55 | RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the | 
| 55 | private key B<rsa> and stores the plaintext in B<to>. B<to> must point | 56 | private key B<rsa> and stores the plaintext in B<to>. B<to> must point | 
| diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod index d287c18564..11b35f6fd3 100644 --- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod +++ b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod | |||
| @@ -13,11 +13,11 @@ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); | |||
| 13 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | 13 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | 
| 14 | 14 | ||
| 15 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); | 15 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); | 
| 16 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); | 16 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); | 
| 17 | 17 | ||
| 18 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); | 18 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); | 
| 19 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); | 19 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); | 
| 20 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len); | 20 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); | 
| 21 | 21 | ||
| 22 | =head1 DESCRIPTION | 22 | =head1 DESCRIPTION | 
| 23 | 23 | ||
| diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod index 4472a1c5cf..e2ab4b0d2b 100644 --- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod +++ b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod | |||
| @@ -7,10 +7,14 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions | |||
| 7 | 7 | ||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS | 
| 9 | 9 | ||
| 10 | int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); | 10 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); | 
| 11 | |||
| 11 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); | 12 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); | 
| 13 | |||
| 12 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); | 14 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); | 
| 15 | |||
| 13 | int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); | 16 | int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); | 
| 17 | |||
| 14 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); | 18 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); | 
| 15 | 19 | ||
| 16 | =head1 DESCRIPTION | 20 | =head1 DESCRIPTION | 
| diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod index 907c04f684..919b908919 100644 --- a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod +++ b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod | |||
| @@ -41,8 +41,8 @@ applications. | |||
| 41 | Although there are a large number of possible flags for most purposes | 41 | Although there are a large number of possible flags for most purposes | 
| 42 | B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. | 42 | B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. | 
| 43 | As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page | 43 | As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page | 
| 44 | for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example | 44 | for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example | 
| 45 | B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used. | 45 | B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used. | 
| 46 | 46 | ||
| 47 | The complete set of the flags supported by X509_NAME_print_ex() is listed below. | 47 | The complete set of the flags supported by X509_NAME_print_ex() is listed below. | 
| 48 | 48 | ||
| diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 9b3baadf2c..225ff391f9 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h | |||
| @@ -81,6 +81,10 @@ | |||
| 81 | 81 | ||
| 82 | #define DSA_FLAG_CACHE_MONT_P 0x01 | 82 | #define DSA_FLAG_CACHE_MONT_P 0x01 | 
| 83 | 83 | ||
| 84 | #if defined(OPENSSL_FIPS) | ||
| 85 | #define FIPS_DSA_SIZE_T int | ||
| 86 | #endif | ||
| 87 | |||
| 84 | #ifdef __cplusplus | 88 | #ifdef __cplusplus | 
| 85 | extern "C" { | 89 | extern "C" { | 
| 86 | #endif | 90 | #endif | 
| diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index dc9c249310..e40afeea51 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c | |||
| @@ -80,6 +80,7 @@ | |||
| 80 | #include <openssl/rand.h> | 80 | #include <openssl/rand.h> | 
| 81 | #include <openssl/sha.h> | 81 | #include <openssl/sha.h> | 
| 82 | 82 | ||
| 83 | #ifndef OPENSSL_FIPS | ||
| 83 | DSA *DSA_generate_parameters(int bits, | 84 | DSA *DSA_generate_parameters(int bits, | 
| 84 | unsigned char *seed_in, int seed_len, | 85 | unsigned char *seed_in, int seed_len, | 
| 85 | int *counter_ret, unsigned long *h_ret, | 86 | int *counter_ret, unsigned long *h_ret, | 
| @@ -127,8 +128,9 @@ DSA *DSA_generate_parameters(int bits, | |||
| 127 | c = BN_CTX_get(ctx2); | 128 | c = BN_CTX_get(ctx2); | 
| 128 | p = BN_CTX_get(ctx2); | 129 | p = BN_CTX_get(ctx2); | 
| 129 | test = BN_CTX_get(ctx2); | 130 | test = BN_CTX_get(ctx2); | 
| 131 | if (test == NULL) goto err; | ||
| 130 | 132 | ||
| 131 | BN_lshift(test,BN_value_one(),bits-1); | 133 | if (!BN_lshift(test,BN_value_one(),bits-1)) goto err; | 
| 132 | 134 | ||
| 133 | for (;;) | 135 | for (;;) | 
| 134 | { | 136 | { | 
| @@ -196,7 +198,7 @@ DSA *DSA_generate_parameters(int bits, | |||
| 196 | callback(0,counter,cb_arg); | 198 | callback(0,counter,cb_arg); | 
| 197 | 199 | ||
| 198 | /* step 7 */ | 200 | /* step 7 */ | 
| 199 | BN_zero(W); | 201 | if (!BN_zero(W)) goto err; | 
| 200 | /* now 'buf' contains "SEED + offset - 1" */ | 202 | /* now 'buf' contains "SEED + offset - 1" */ | 
| 201 | for (k=0; k<=n; k++) | 203 | for (k=0; k<=n; k++) | 
| 202 | { | 204 | { | 
| @@ -212,20 +214,20 @@ DSA *DSA_generate_parameters(int bits, | |||
| 212 | /* step 8 */ | 214 | /* step 8 */ | 
| 213 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) | 215 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) | 
| 214 | goto err; | 216 | goto err; | 
| 215 | BN_lshift(r0,r0,160*k); | 217 | if (!BN_lshift(r0,r0,160*k)) goto err; | 
| 216 | BN_add(W,W,r0); | 218 | if (!BN_add(W,W,r0)) goto err; | 
| 217 | } | 219 | } | 
| 218 | 220 | ||
| 219 | /* more of step 8 */ | 221 | /* more of step 8 */ | 
| 220 | BN_mask_bits(W,bits-1); | 222 | if (!BN_mask_bits(W,bits-1)) goto err; | 
| 221 | BN_copy(X,W); /* this should be ok */ | 223 | if (!BN_copy(X,W)) goto err; | 
| 222 | BN_add(X,X,test); /* this should be ok */ | 224 | if (!BN_add(X,X,test)) goto err; | 
| 223 | 225 | ||
| 224 | /* step 9 */ | 226 | /* step 9 */ | 
| 225 | BN_lshift1(r0,q); | 227 | if (!BN_lshift1(r0,q)) goto err; | 
| 226 | BN_mod(c,X,r0,ctx); | 228 | if (!BN_mod(c,X,r0,ctx)) goto err; | 
| 227 | BN_sub(r0,c,BN_value_one()); | 229 | if (!BN_sub(r0,c,BN_value_one())) goto err; | 
| 228 | BN_sub(p,X,r0); | 230 | if (!BN_sub(p,X,r0)) goto err; | 
| 229 | 231 | ||
| 230 | /* step 10 */ | 232 | /* step 10 */ | 
| 231 | if (BN_cmp(p,test) >= 0) | 233 | if (BN_cmp(p,test) >= 0) | 
| @@ -251,18 +253,18 @@ end: | |||
| 251 | 253 | ||
| 252 | /* We now need to generate g */ | 254 | /* We now need to generate g */ | 
| 253 | /* Set r0=(p-1)/q */ | 255 | /* Set r0=(p-1)/q */ | 
| 254 | BN_sub(test,p,BN_value_one()); | 256 | if (!BN_sub(test,p,BN_value_one())) goto err; | 
| 255 | BN_div(r0,NULL,test,q,ctx); | 257 | if (!BN_div(r0,NULL,test,q,ctx)) goto err; | 
| 256 | 258 | ||
| 257 | BN_set_word(test,h); | 259 | if (!BN_set_word(test,h)) goto err; | 
| 258 | BN_MONT_CTX_set(mont,p,ctx); | 260 | if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; | 
| 259 | 261 | ||
| 260 | for (;;) | 262 | for (;;) | 
| 261 | { | 263 | { | 
| 262 | /* g=test^r0%p */ | 264 | /* g=test^r0%p */ | 
| 263 | BN_mod_exp_mont(g,test,r0,p,ctx,mont); | 265 | if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; | 
| 264 | if (!BN_is_one(g)) break; | 266 | if (!BN_is_one(g)) break; | 
| 265 | BN_add(test,test,BN_value_one()); | 267 | if (!BN_add(test,test,BN_value_one())) goto err; | 
| 266 | h++; | 268 | h++; | 
| 267 | } | 269 | } | 
| 268 | 270 | ||
| @@ -279,6 +281,11 @@ err: | |||
| 279 | ret->p=BN_dup(p); | 281 | ret->p=BN_dup(p); | 
| 280 | ret->q=BN_dup(q); | 282 | ret->q=BN_dup(q); | 
| 281 | ret->g=BN_dup(g); | 283 | ret->g=BN_dup(g); | 
| 284 | if (ret->p == NULL || ret->q == NULL || ret->g == NULL) | ||
| 285 | { | ||
| 286 | ok=0; | ||
| 287 | goto err; | ||
| 288 | } | ||
| 282 | if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); | 289 | if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); | 
| 283 | if (counter_ret != NULL) *counter_ret=counter; | 290 | if (counter_ret != NULL) *counter_ret=counter; | 
| 284 | if (h_ret != NULL) *h_ret=h; | 291 | if (h_ret != NULL) *h_ret=h; | 
| @@ -293,4 +300,6 @@ err: | |||
| 293 | if (mont != NULL) BN_MONT_CTX_free(mont); | 300 | if (mont != NULL) BN_MONT_CTX_free(mont); | 
| 294 | return(ok?ret:NULL); | 301 | return(ok?ret:NULL); | 
| 295 | } | 302 | } | 
| 296 | #endif | 303 | #endif /* ndef OPENSSL_FIPS */ | 
| 304 | #endif /* ndef OPENSSL_NO_SHA */ | ||
| 305 | |||
| diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index ef87c3e637..30607ca579 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c | |||
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> | 
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> | 
| 66 | 66 | ||
| 67 | #ifndef OPENSSL_FIPS | ||
| 67 | int DSA_generate_key(DSA *dsa) | 68 | int DSA_generate_key(DSA *dsa) | 
| 68 | { | 69 | { | 
| 69 | int ok=0; | 70 | int ok=0; | 
| @@ -103,3 +104,4 @@ err: | |||
| 103 | return(ok); | 104 | return(ok); | 
| 104 | } | 105 | } | 
| 105 | #endif | 106 | #endif | 
| 107 | #endif | ||
| diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index b9e7f3ea5c..f1a85afcde 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -65,6 +65,7 @@ | |||
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> | 
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> | 
| 67 | 67 | ||
| 68 | #ifndef OPENSSL_FIPS | ||
| 68 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 69 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 
| 69 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | 70 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | 
| 70 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 71 | static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 
| @@ -346,3 +347,4 @@ static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | |||
| 346 | { | 347 | { | 
| 347 | return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); | 348 | return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); | 
| 348 | } | 349 | } | 
| 350 | #endif | ||
| diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index 89205026f0..3c9753bac3 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c | |||
| @@ -64,9 +64,17 @@ | |||
| 64 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> | 
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> | 
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> | 
| 67 | #ifndef OPENSSL_NO_ENGINE | ||
| 68 | #include <openssl/engine.h> | ||
| 69 | #endif | ||
| 70 | #include <openssl/fips.h> | ||
| 67 | 71 | ||
| 68 | DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | 72 | DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | 
| 69 | { | 73 | { | 
| 74 | #ifdef OPENSSL_FIPS | ||
| 75 | if(FIPS_mode() && !FIPS_dsa_check(dsa)) | ||
| 76 | return NULL; | ||
| 77 | #endif | ||
| 70 | return dsa->meth->dsa_do_sign(dgst, dlen, dsa); | 78 | return dsa->meth->dsa_do_sign(dgst, dlen, dsa); | 
| 71 | } | 79 | } | 
| 72 | 80 | ||
| @@ -87,6 +95,10 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, | |||
| 87 | 95 | ||
| 88 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | 96 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | 
| 89 | { | 97 | { | 
| 98 | #ifdef OPENSSL_FIPS | ||
| 99 | if(FIPS_mode() && !FIPS_dsa_check(dsa)) | ||
| 100 | return 0; | ||
| 101 | #endif | ||
| 90 | return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); | 102 | return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); | 
| 91 | } | 103 | } | 
| 92 | 104 | ||
| diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index c4aeddd056..8ef0c45025 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c | |||
| @@ -65,10 +65,18 @@ | |||
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> | 
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> | 
| 67 | #include <openssl/asn1_mac.h> | 67 | #include <openssl/asn1_mac.h> | 
| 68 | #ifndef OPENSSL_NO_ENGINE | ||
| 69 | #include <openssl/engine.h> | ||
| 70 | #endif | ||
| 71 | #include <openssl/fips.h> | ||
| 68 | 72 | ||
| 69 | int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 73 | int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | 
| 70 | DSA *dsa) | 74 | DSA *dsa) | 
| 71 | { | 75 | { | 
| 76 | #ifdef OPENSSL_FIPS | ||
| 77 | if(FIPS_mode() && !FIPS_dsa_check(dsa)) | ||
| 78 | return -1; | ||
| 79 | #endif | ||
| 72 | return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | 80 | return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | 
| 73 | } | 81 | } | 
| 74 | 82 | ||
| diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c index 792f329600..c78790a54c 100644 --- a/src/lib/libcrypto/err/err.c +++ b/src/lib/libcrypto/err/err.c | |||
| @@ -149,6 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= | |||
| 149 | {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, | 149 | {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, | 
| 150 | {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, | 150 | {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, | 
| 151 | {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, | 151 | {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, | 
| 152 | {ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, | ||
| 152 | {0,NULL}, | 153 | {0,NULL}, | 
| 153 | }; | 154 | }; | 
| 154 | 155 | ||
| @@ -167,6 +168,7 @@ static ERR_STRING_DATA ERR_str_functs[]= | |||
| 167 | #endif | 168 | #endif | 
| 168 | {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, | 169 | {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, | 
| 169 | {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, | 170 | {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, | 
| 171 | {ERR_PACK(0,SYS_F_GETADDRINFO,0), "getaddrinfo"}, | ||
| 170 | {0,NULL}, | 172 | {0,NULL}, | 
| 171 | }; | 173 | }; | 
| 172 | 174 | ||
| diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h index 8faa3a7b4f..2efa18866a 100644 --- a/src/lib/libcrypto/err/err.h +++ b/src/lib/libcrypto/err/err.h | |||
| @@ -131,6 +131,7 @@ typedef struct err_state_st | |||
| 131 | #define ERR_LIB_OCSP 39 | 131 | #define ERR_LIB_OCSP 39 | 
| 132 | #define ERR_LIB_UI 40 | 132 | #define ERR_LIB_UI 40 | 
| 133 | #define ERR_LIB_COMP 41 | 133 | #define ERR_LIB_COMP 41 | 
| 134 | #define ERR_LIB_FIPS 42 | ||
| 134 | 135 | ||
| 135 | #define ERR_LIB_USER 128 | 136 | #define ERR_LIB_USER 128 | 
| 136 | 137 | ||
| @@ -159,6 +160,7 @@ typedef struct err_state_st | |||
| 159 | #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) | 160 | #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) | 
| 160 | #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) | 161 | #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) | 
| 161 | #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) | 162 | #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) | 
| 163 | #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) | ||
| 162 | 164 | ||
| 163 | /* Borland C seems too stupid to be able to shift and do longs in | 165 | /* Borland C seems too stupid to be able to shift and do longs in | 
| 164 | * the pre-processor :-( */ | 166 | * the pre-processor :-( */ | 
| @@ -183,6 +185,7 @@ typedef struct err_state_st | |||
| 183 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ | 185 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ | 
| 184 | #define SYS_F_OPENDIR 10 | 186 | #define SYS_F_OPENDIR 10 | 
| 185 | #define SYS_F_FREAD 11 | 187 | #define SYS_F_FREAD 11 | 
| 188 | #define SYS_F_GETADDRINFO 12 | ||
| 186 | 189 | ||
| 187 | 190 | ||
| 188 | /* reasons */ | 191 | /* reasons */ | 
| diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c index dc505d9d9d..4dc9300892 100644 --- a/src/lib/libcrypto/err/err_all.c +++ b/src/lib/libcrypto/err/err_all.c | |||
| @@ -87,6 +87,7 @@ | |||
| 87 | #endif | 87 | #endif | 
| 88 | #include <openssl/ocsp.h> | 88 | #include <openssl/ocsp.h> | 
| 89 | #include <openssl/err.h> | 89 | #include <openssl/err.h> | 
| 90 | #include <openssl/fips.h> | ||
| 90 | 91 | ||
| 91 | void ERR_load_crypto_strings(void) | 92 | void ERR_load_crypto_strings(void) | 
| 92 | { | 93 | { | 
| @@ -130,4 +131,7 @@ void ERR_load_crypto_strings(void) | |||
| 130 | ERR_load_OCSP_strings(); | 131 | ERR_load_OCSP_strings(); | 
| 131 | ERR_load_UI_strings(); | 132 | ERR_load_UI_strings(); | 
| 132 | #endif | 133 | #endif | 
| 134 | #ifdef OPENSSL_FIPS | ||
| 135 | ERR_load_FIPS_strings(); | ||
| 136 | #endif | ||
| 133 | } | 137 | } | 
| diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec index 29a69dfdd4..447a7f87ed 100644 --- a/src/lib/libcrypto/err/openssl.ec +++ b/src/lib/libcrypto/err/openssl.ec | |||
| @@ -27,6 +27,7 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c | |||
| 27 | L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c | 27 | L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c | 
| 28 | L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c | 28 | L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c | 
| 29 | L UI crypto/ui/ui.h crypto/ui/ui_err.c | 29 | L UI crypto/ui/ui.h crypto/ui/ui_err.c | 
| 30 | L FIPS fips/fips.h fips/fips_err.h | ||
| 30 | 31 | ||
| 31 | # additional header files to be scanned for function names | 32 | # additional header files to be scanned for function names | 
| 32 | L NONE crypto/x509/x509_vfy.h NONE | 33 | L NONE crypto/x509/x509_vfy.h NONE | 
| diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index c632dfb202..f4aa41ac4b 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c | |||
| @@ -176,10 +176,11 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 176 | { | 176 | { | 
| 177 | case BIO_CTRL_RESET: | 177 | case BIO_CTRL_RESET: | 
| 178 | if (b->init) | 178 | if (b->init) | 
| 179 | EVP_DigestInit_ex(ctx,ctx->digest, NULL); | 179 | ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL); | 
| 180 | else | 180 | else | 
| 181 | ret=0; | 181 | ret=0; | 
| 182 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 182 | if (ret > 0) | 
| 183 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | ||
| 183 | break; | 184 | break; | 
| 184 | case BIO_C_GET_MD: | 185 | case BIO_C_GET_MD: | 
| 185 | if (b->init) | 186 | if (b->init) | 
| @@ -191,11 +192,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 191 | ret=0; | 192 | ret=0; | 
| 192 | break; | 193 | break; | 
| 193 | case BIO_C_GET_MD_CTX: | 194 | case BIO_C_GET_MD_CTX: | 
| 195 | pctx=ptr; | ||
| 196 | *pctx=ctx; | ||
| 197 | break; | ||
| 198 | case BIO_C_SET_MD_CTX: | ||
| 194 | if (b->init) | 199 | if (b->init) | 
| 195 | { | 200 | b->ptr=ptr; | 
| 196 | pctx=ptr; | ||
| 197 | *pctx=ctx; | ||
| 198 | } | ||
| 199 | else | 201 | else | 
| 200 | ret=0; | 202 | ret=0; | 
| 201 | break; | 203 | break; | 
| @@ -207,8 +209,9 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) | |||
| 207 | 209 | ||
| 208 | case BIO_C_SET_MD: | 210 | case BIO_C_SET_MD: | 
| 209 | md=ptr; | 211 | md=ptr; | 
| 210 | EVP_DigestInit_ex(ctx,md, NULL); | 212 | ret = EVP_DigestInit_ex(ctx,md, NULL); | 
| 211 | b->init=1; | 213 | if (ret > 0) | 
| 214 | b->init=1; | ||
| 212 | break; | 215 | break; | 
| 213 | case BIO_CTRL_DUP: | 216 | case BIO_CTRL_DUP: | 
| 214 | dbio=ptr; | 217 | dbio=ptr; | 
| diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index 0623ddf1f0..f21c63842c 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) | |||
| 137 | return EVP_DigestInit_ex(ctx, type, NULL); | 137 | return EVP_DigestInit_ex(ctx, type, NULL); | 
| 138 | } | 138 | } | 
| 139 | 139 | ||
| 140 | #ifdef OPENSSL_FIPS | ||
| 141 | |||
| 142 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 143 | * algorithms in FIPS mode and ignore the errors. | ||
| 144 | */ | ||
| 145 | |||
| 146 | static int bad_init(EVP_MD_CTX *ctx) | ||
| 147 | { FIPS_ERROR_IGNORED("Digest init"); return 0;} | ||
| 148 | |||
| 149 | static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 150 | { FIPS_ERROR_IGNORED("Digest update"); return 0;} | ||
| 151 | |||
| 152 | static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 153 | { FIPS_ERROR_IGNORED("Digest Final"); return 0;} | ||
| 154 | |||
| 155 | static const EVP_MD bad_md = | ||
| 156 | { | ||
| 157 | 0, | ||
| 158 | 0, | ||
| 159 | 0, | ||
| 160 | 0, | ||
| 161 | bad_init, | ||
| 162 | bad_update, | ||
| 163 | bad_final, | ||
| 164 | NULL, | ||
| 165 | NULL, | ||
| 166 | NULL, | ||
| 167 | 0, | ||
| 168 | {0,0,0,0}, | ||
| 169 | }; | ||
| 170 | |||
| 171 | #endif | ||
| 172 | |||
| 140 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 173 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | 
| 141 | { | 174 | { | 
| 142 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 175 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | 
| @@ -195,6 +228,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) | |||
| 195 | #endif | 228 | #endif | 
| 196 | if (ctx->digest != type) | 229 | if (ctx->digest != type) | 
| 197 | { | 230 | { | 
| 231 | #ifdef OPENSSL_FIPS | ||
| 232 | if (FIPS_mode()) | ||
| 233 | { | ||
| 234 | if (!(type->flags & EVP_MD_FLAG_FIPS) | ||
| 235 | && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) | ||
| 236 | { | ||
| 237 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 238 | ctx->digest = &bad_md; | ||
| 239 | return 0; | ||
| 240 | } | ||
| 241 | } | ||
| 242 | #endif | ||
| 198 | if (ctx->digest && ctx->digest->ctx_size) | 243 | if (ctx->digest && ctx->digest->ctx_size) | 
| 199 | OPENSSL_free(ctx->md_data); | 244 | OPENSSL_free(ctx->md_data); | 
| 200 | ctx->digest=type; | 245 | ctx->digest=type; | 
| diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index fe8bcda631..f35036c9d7 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -67,34 +67,52 @@ typedef struct | |||
| 67 | 67 | ||
| 68 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, | 68 | IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, | 
| 69 | NID_aes_128, 16, 16, 16, 128, | 69 | NID_aes_128, 16, 16, 16, 128, | 
| 70 | 0, aes_init_key, NULL, | 70 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 
| 71 | EVP_CIPHER_set_asn1_iv, | 71 | EVP_CIPHER_set_asn1_iv, | 
| 72 | EVP_CIPHER_get_asn1_iv, | 72 | EVP_CIPHER_get_asn1_iv, | 
| 73 | NULL) | 73 | NULL) | 
| 74 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, | 74 | IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, | 
| 75 | NID_aes_192, 16, 24, 16, 128, | 75 | NID_aes_192, 16, 24, 16, 128, | 
| 76 | 0, aes_init_key, NULL, | 76 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 
| 77 | EVP_CIPHER_set_asn1_iv, | 77 | EVP_CIPHER_set_asn1_iv, | 
| 78 | EVP_CIPHER_get_asn1_iv, | 78 | EVP_CIPHER_get_asn1_iv, | 
| 79 | NULL) | 79 | NULL) | 
| 80 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | 80 | IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | 
| 81 | NID_aes_256, 16, 32, 16, 128, | 81 | NID_aes_256, 16, 32, 16, 128, | 
| 82 | 0, aes_init_key, NULL, | 82 | EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, | 
| 83 | EVP_CIPHER_set_asn1_iv, | 83 | EVP_CIPHER_set_asn1_iv, | 
| 84 | EVP_CIPHER_get_asn1_iv, | 84 | EVP_CIPHER_get_asn1_iv, | 
| 85 | NULL) | 85 | NULL) | 
| 86 | 86 | ||
| 87 | #define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) | ||
| 88 | |||
| 89 | IMPLEMENT_AES_CFBR(128,1,0) | ||
| 90 | IMPLEMENT_AES_CFBR(192,1,0) | ||
| 91 | IMPLEMENT_AES_CFBR(256,1,0) | ||
| 92 | |||
| 93 | IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) | ||
| 94 | IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) | ||
| 95 | IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) | ||
| 96 | |||
| 87 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 97 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 
| 88 | const unsigned char *iv, int enc) { | 98 | const unsigned char *iv, int enc) | 
| 99 | { | ||
| 100 | int ret; | ||
| 89 | 101 | ||
| 90 | if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE | 102 | if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE | 
| 91 | || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE | 103 | || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE | 
| 92 | || enc) | 104 | || enc) | 
| 93 | AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 105 | ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 
| 94 | else | 106 | else | 
| 95 | AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 107 | ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 
| 108 | |||
| 109 | if(ret < 0) | ||
| 110 | { | ||
| 111 | EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); | ||
| 112 | return 0; | ||
| 113 | } | ||
| 96 | 114 | ||
| 97 | return 1; | 115 | return 1; | 
| 98 | } | 116 | } | 
| 99 | 117 | ||
| 100 | #endif | 118 | #endif | 
| diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index 105266a4b3..46e2899825 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c | |||
| @@ -56,9 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] | 
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_DES | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" | 
| 61 | #ifndef OPENSSL_NO_DES | ||
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> | 
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> | 
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" | 
| @@ -92,20 +92,55 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 92 | return 1; | 92 | return 1; | 
| 93 | } | 93 | } | 
| 94 | 94 | ||
| 95 | static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 95 | static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 
| 96 | const unsigned char *in, unsigned int inl) | 96 | const unsigned char *in, unsigned int inl) | 
| 97 | { | 97 | { | 
| 98 | DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, | 98 | DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, | 
| 99 | (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); | 99 | (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); | 
| 100 | return 1; | 100 | return 1; | 
| 101 | } | 101 | } | 
| 102 | 102 | ||
| 103 | /* Although we have a CFB-r implementation for DES, it doesn't pack the right | ||
| 104 | way, so wrap it here */ | ||
| 105 | static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 106 | const unsigned char *in, unsigned int inl) | ||
| 107 | { | ||
| 108 | unsigned int n; | ||
| 109 | unsigned char c[1],d[1]; | ||
| 110 | |||
| 111 | for(n=0 ; n < inl ; ++n) | ||
| 112 | { | ||
| 113 | c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; | ||
| 114 | DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, | ||
| 115 | ctx->encrypt); | ||
| 116 | out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); | ||
| 117 | } | ||
| 118 | return 1; | ||
| 119 | } | ||
| 120 | |||
| 121 | static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 122 | const unsigned char *in, unsigned int inl) | ||
| 123 | { | ||
| 124 | DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, | ||
| 125 | ctx->encrypt); | ||
| 126 | return 1; | ||
| 127 | } | ||
| 128 | |||
| 103 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, | 129 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, | 
| 104 | 0, des_init_key, NULL, | 130 | EVP_CIPH_FLAG_FIPS, des_init_key, NULL, | 
| 105 | EVP_CIPHER_set_asn1_iv, | 131 | EVP_CIPHER_set_asn1_iv, | 
| 106 | EVP_CIPHER_get_asn1_iv, | 132 | EVP_CIPHER_get_asn1_iv, | 
| 107 | NULL) | 133 | NULL) | 
| 108 | 134 | ||
| 135 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, | ||
| 136 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | ||
| 137 | EVP_CIPHER_set_asn1_iv, | ||
| 138 | EVP_CIPHER_get_asn1_iv,NULL) | ||
| 139 | |||
| 140 | BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, | ||
| 141 | EVP_CIPH_FLAG_FIPS,des_init_key,NULL, | ||
| 142 | EVP_CIPHER_set_asn1_iv, | ||
| 143 | EVP_CIPHER_get_asn1_iv,NULL) | ||
| 109 | 144 | ||
| 110 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 145 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 
| 111 | const unsigned char *iv, int enc) | 146 | const unsigned char *iv, int enc) | 
| diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index 077860e7b6..677322bf02 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c | |||
| @@ -56,9 +56,9 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] | 
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_DES | ||
| 60 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" | 
| 61 | #ifndef OPENSSL_NO_DES | ||
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> | 
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> | 
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" | 
| @@ -85,7 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 85 | const unsigned char *in, unsigned int inl) | 85 | const unsigned char *in, unsigned int inl) | 
| 86 | { | 86 | { | 
| 87 | BLOCK_CIPHER_ecb_loop() | 87 | BLOCK_CIPHER_ecb_loop() | 
| 88 | DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), | 88 | DES_ecb3_encrypt(in + i,out + i, | 
| 89 | &data(ctx)->ks1, &data(ctx)->ks2, | 89 | &data(ctx)->ks1, &data(ctx)->ks2, | 
| 90 | &data(ctx)->ks3, | 90 | &data(ctx)->ks3, | 
| 91 | ctx->encrypt); | 91 | ctx->encrypt); | 
| @@ -121,7 +121,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 121 | return 1; | 121 | return 1; | 
| 122 | } | 122 | } | 
| 123 | 123 | ||
| 124 | static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 124 | static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 
| 125 | const unsigned char *in, unsigned int inl) | 125 | const unsigned char *in, unsigned int inl) | 
| 126 | { | 126 | { | 
| 127 | DES_ede3_cfb64_encrypt(in, out, (long)inl, | 127 | DES_ede3_cfb64_encrypt(in, out, (long)inl, | 
| @@ -130,23 +130,62 @@ static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 130 | return 1; | 130 | return 1; | 
| 131 | } | 131 | } | 
| 132 | 132 | ||
| 133 | /* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right | ||
| 134 | way, so wrap it here */ | ||
| 135 | static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 136 | const unsigned char *in, unsigned int inl) | ||
| 137 | { | ||
| 138 | unsigned int n; | ||
| 139 | unsigned char c[1],d[1]; | ||
| 140 | |||
| 141 | for(n=0 ; n < inl ; ++n) | ||
| 142 | { | ||
| 143 | c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; | ||
| 144 | DES_ede3_cfb_encrypt(c,d,1,1, | ||
| 145 | &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, | ||
| 146 | (DES_cblock *)ctx->iv,ctx->encrypt); | ||
| 147 | out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); | ||
| 148 | } | ||
| 149 | |||
| 150 | return 1; | ||
| 151 | } | ||
| 152 | |||
| 153 | static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 154 | const unsigned char *in, unsigned int inl) | ||
| 155 | { | ||
| 156 | DES_ede3_cfb_encrypt(in,out,8,inl, | ||
| 157 | &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, | ||
| 158 | (DES_cblock *)ctx->iv,ctx->encrypt); | ||
| 159 | return 1; | ||
| 160 | } | ||
| 161 | |||
| 133 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | 162 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, | 
| 134 | 0, des_ede_init_key, NULL, | 163 | EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, | 
| 135 | EVP_CIPHER_set_asn1_iv, | 164 | EVP_CIPHER_set_asn1_iv, | 
| 136 | EVP_CIPHER_get_asn1_iv, | 165 | EVP_CIPHER_get_asn1_iv, | 
| 137 | NULL) | 166 | NULL) | 
| 138 | 167 | ||
| 139 | #define des_ede3_cfb_cipher des_ede_cfb_cipher | 168 | #define des_ede3_cfb64_cipher des_ede_cfb64_cipher | 
| 140 | #define des_ede3_ofb_cipher des_ede_ofb_cipher | 169 | #define des_ede3_ofb_cipher des_ede_ofb_cipher | 
| 141 | #define des_ede3_cbc_cipher des_ede_cbc_cipher | 170 | #define des_ede3_cbc_cipher des_ede_cbc_cipher | 
| 142 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | 171 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | 
| 143 | 172 | ||
| 144 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | 173 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, | 
| 145 | 0, des_ede3_init_key, NULL, | 174 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, | 
| 146 | EVP_CIPHER_set_asn1_iv, | 175 | EVP_CIPHER_set_asn1_iv, | 
| 147 | EVP_CIPHER_get_asn1_iv, | 176 | EVP_CIPHER_get_asn1_iv, | 
| 148 | NULL) | 177 | NULL) | 
| 149 | 178 | ||
| 179 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, | ||
| 180 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | ||
| 181 | EVP_CIPHER_set_asn1_iv, | ||
| 182 | EVP_CIPHER_get_asn1_iv,NULL) | ||
| 183 | |||
| 184 | BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, | ||
| 185 | EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL, | ||
| 186 | EVP_CIPHER_set_asn1_iv, | ||
| 187 | EVP_CIPHER_get_asn1_iv,NULL) | ||
| 188 | |||
| 150 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 189 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 
| 151 | const unsigned char *iv, int enc) | 190 | const unsigned char *iv, int enc) | 
| 152 | { | 191 | { | 
| diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index 2420d7e5af..a84b0f14b1 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c | |||
| @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= | |||
| 69 | { | 69 | { | 
| 70 | NID_undef, | 70 | NID_undef, | 
| 71 | 1,0,0, | 71 | 1,0,0, | 
| 72 | 0, | 72 | EVP_CIPH_FLAG_FIPS, | 
| 73 | null_init_key, | 73 | null_init_key, | 
| 74 | null_cipher, | 74 | null_cipher, | 
| 75 | NULL, | 75 | NULL, | 
| diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c new file mode 100644 index 0000000000..92dc498945 --- /dev/null +++ b/src/lib/libcrypto/evp/e_old.c | |||
| @@ -0,0 +1,108 @@ | |||
| 1 | /* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL | ||
| 3 | * project 2004. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * openssl-core@openssl.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <openssl/evp.h> | ||
| 60 | |||
| 61 | /* Define some deprecated functions, so older programs | ||
| 62 | don't crash and burn too quickly. On Windows and VMS, | ||
| 63 | these will never be used, since functions and variables | ||
| 64 | in shared libraries are selected by entry point location, | ||
| 65 | not by name. */ | ||
| 66 | |||
| 67 | #ifndef OPENSSL_NO_BF | ||
| 68 | #undef EVP_bf_cfb | ||
| 69 | const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } | ||
| 70 | #endif | ||
| 71 | |||
| 72 | #ifndef OPENSSL_NO_DES | ||
| 73 | #undef EVP_des_cfb | ||
| 74 | const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } | ||
| 75 | #undef EVP_des_ede3_cfb | ||
| 76 | const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } | ||
| 77 | #undef EVP_des_ede_cfb | ||
| 78 | const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } | ||
| 79 | #endif | ||
| 80 | |||
| 81 | #ifndef OPENSSL_NO_IDEA | ||
| 82 | #undef EVP_idea_cfb | ||
| 83 | const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } | ||
| 84 | #endif | ||
| 85 | |||
| 86 | #ifndef OPENSSL_NO_RC2 | ||
| 87 | #undef EVP_rc2_cfb | ||
| 88 | const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } | ||
| 89 | #endif | ||
| 90 | |||
| 91 | #ifndef OPENSSL_NO_CAST | ||
| 92 | #undef EVP_cast5_cfb | ||
| 93 | const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } | ||
| 94 | #endif | ||
| 95 | |||
| 96 | #ifndef OPENSSL_NO_RC5 | ||
| 97 | #undef EVP_rc5_32_12_16_cfb | ||
| 98 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } | ||
| 99 | #endif | ||
| 100 | |||
| 101 | #ifndef OPENSSL_NO_AES | ||
| 102 | #undef EVP_aes_128_cfb | ||
| 103 | const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } | ||
| 104 | #undef EVP_aes_192_cfb | ||
| 105 | const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } | ||
| 106 | #undef EVP_aes_256_cfb | ||
| 107 | const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } | ||
| 108 | #endif | ||
| diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index d58f507837..8aa70585b9 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c | |||
| @@ -62,6 +62,7 @@ | |||
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" | 
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> | 
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> | 
| 65 | #include "evp_locl.h" | ||
| 65 | #include <openssl/rc4.h> | 66 | #include <openssl/rc4.h> | 
| 66 | 67 | ||
| 67 | /* FIXME: surely this is available elsewhere? */ | 68 | /* FIXME: surely this is available elsewhere? */ | 
| diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 4801d8eaa3..5cde88ae76 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -117,6 +117,10 @@ | |||
| 117 | #include <openssl/aes.h> | 117 | #include <openssl/aes.h> | 
| 118 | #endif | 118 | #endif | 
| 119 | 119 | ||
| 120 | #ifdef OPENSSL_FIPS | ||
| 121 | #include <openssl/fips.h> | ||
| 122 | #endif | ||
| 123 | |||
| 120 | /* | 124 | /* | 
| 121 | #define EVP_RC2_KEY_SIZE 16 | 125 | #define EVP_RC2_KEY_SIZE 16 | 
| 122 | #define EVP_RC4_KEY_SIZE 16 | 126 | #define EVP_RC4_KEY_SIZE 16 | 
| @@ -290,6 +294,7 @@ struct env_md_st | |||
| 290 | 294 | ||
| 291 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | 295 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | 
| 292 | * block */ | 296 | * block */ | 
| 297 | #define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ | ||
| 293 | 298 | ||
| 294 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 299 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 
| 295 | 300 | ||
| @@ -332,6 +337,9 @@ struct env_md_ctx_st | |||
| 332 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | 337 | #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data | 
| 333 | * in EVP_MD_CTX_cleanup */ | 338 | * in EVP_MD_CTX_cleanup */ | 
| 334 | 339 | ||
| 340 | #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest | ||
| 341 | * in FIPS mode */ | ||
| 342 | |||
| 335 | struct evp_cipher_st | 343 | struct evp_cipher_st | 
| 336 | { | 344 | { | 
| 337 | int nid; | 345 | int nid; | 
| @@ -373,6 +381,10 @@ struct evp_cipher_st | |||
| 373 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 | 381 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 | 
| 374 | /* Don't use standard block padding */ | 382 | /* Don't use standard block padding */ | 
| 375 | #define EVP_CIPH_NO_PADDING 0x100 | 383 | #define EVP_CIPH_NO_PADDING 0x100 | 
| 384 | /* Note if suitable for use in FIPS mode */ | ||
| 385 | #define EVP_CIPH_FLAG_FIPS 0x400 | ||
| 386 | /* Allow non FIPS cipher in FIPS mode */ | ||
| 387 | #define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 | ||
| 376 | 388 | ||
| 377 | /* ctrl() values */ | 389 | /* ctrl() values */ | 
| 378 | 390 | ||
| @@ -478,6 +490,9 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 478 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | 490 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | 
| 479 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | 491 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | 
| 480 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | 492 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | 
| 493 | #define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | ||
| 494 | #define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | ||
| 495 | #define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | ||
| 481 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | 496 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | 
| 482 | 497 | ||
| 483 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) | 498 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) | 
| @@ -499,6 +514,7 @@ void BIO_set_md(BIO *,const EVP_MD *md); | |||
| 499 | #endif | 514 | #endif | 
| 500 | #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) | 515 | #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) | 
| 501 | #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) | 516 | #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) | 
| 517 | #define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) | ||
| 502 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) | 518 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) | 
| 503 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) | 519 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) | 
| 504 | 520 | ||
| @@ -640,9 +656,20 @@ const EVP_CIPHER *EVP_des_ede(void); | |||
| 640 | const EVP_CIPHER *EVP_des_ede3(void); | 656 | const EVP_CIPHER *EVP_des_ede3(void); | 
| 641 | const EVP_CIPHER *EVP_des_ede_ecb(void); | 657 | const EVP_CIPHER *EVP_des_ede_ecb(void); | 
| 642 | const EVP_CIPHER *EVP_des_ede3_ecb(void); | 658 | const EVP_CIPHER *EVP_des_ede3_ecb(void); | 
| 643 | const EVP_CIPHER *EVP_des_cfb(void); | 659 | const EVP_CIPHER *EVP_des_cfb64(void); | 
| 644 | const EVP_CIPHER *EVP_des_ede_cfb(void); | 660 | # define EVP_des_cfb EVP_des_cfb64 | 
| 645 | const EVP_CIPHER *EVP_des_ede3_cfb(void); | 661 | const EVP_CIPHER *EVP_des_cfb1(void); | 
| 662 | const EVP_CIPHER *EVP_des_cfb8(void); | ||
| 663 | const EVP_CIPHER *EVP_des_ede_cfb64(void); | ||
| 664 | # define EVP_des_ede_cfb EVP_des_ede_cfb64 | ||
| 665 | #if 0 | ||
| 666 | const EVP_CIPHER *EVP_des_ede_cfb1(void); | ||
| 667 | const EVP_CIPHER *EVP_des_ede_cfb8(void); | ||
| 668 | #endif | ||
| 669 | const EVP_CIPHER *EVP_des_ede3_cfb64(void); | ||
| 670 | # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 | ||
| 671 | const EVP_CIPHER *EVP_des_ede3_cfb1(void); | ||
| 672 | const EVP_CIPHER *EVP_des_ede3_cfb8(void); | ||
| 646 | const EVP_CIPHER *EVP_des_ofb(void); | 673 | const EVP_CIPHER *EVP_des_ofb(void); | 
| 647 | const EVP_CIPHER *EVP_des_ede_ofb(void); | 674 | const EVP_CIPHER *EVP_des_ede_ofb(void); | 
| 648 | const EVP_CIPHER *EVP_des_ede3_ofb(void); | 675 | const EVP_CIPHER *EVP_des_ede3_ofb(void); | 
| @@ -666,7 +693,8 @@ const EVP_CIPHER *EVP_rc4_40(void); | |||
| 666 | #endif | 693 | #endif | 
| 667 | #ifndef OPENSSL_NO_IDEA | 694 | #ifndef OPENSSL_NO_IDEA | 
| 668 | const EVP_CIPHER *EVP_idea_ecb(void); | 695 | const EVP_CIPHER *EVP_idea_ecb(void); | 
| 669 | const EVP_CIPHER *EVP_idea_cfb(void); | 696 | const EVP_CIPHER *EVP_idea_cfb64(void); | 
| 697 | # define EVP_idea_cfb EVP_idea_cfb64 | ||
| 670 | const EVP_CIPHER *EVP_idea_ofb(void); | 698 | const EVP_CIPHER *EVP_idea_ofb(void); | 
| 671 | const EVP_CIPHER *EVP_idea_cbc(void); | 699 | const EVP_CIPHER *EVP_idea_cbc(void); | 
| 672 | #endif | 700 | #endif | 
| @@ -675,45 +703,58 @@ const EVP_CIPHER *EVP_rc2_ecb(void); | |||
| 675 | const EVP_CIPHER *EVP_rc2_cbc(void); | 703 | const EVP_CIPHER *EVP_rc2_cbc(void); | 
| 676 | const EVP_CIPHER *EVP_rc2_40_cbc(void); | 704 | const EVP_CIPHER *EVP_rc2_40_cbc(void); | 
| 677 | const EVP_CIPHER *EVP_rc2_64_cbc(void); | 705 | const EVP_CIPHER *EVP_rc2_64_cbc(void); | 
| 678 | const EVP_CIPHER *EVP_rc2_cfb(void); | 706 | const EVP_CIPHER *EVP_rc2_cfb64(void); | 
| 707 | # define EVP_rc2_cfb EVP_rc2_cfb64 | ||
| 679 | const EVP_CIPHER *EVP_rc2_ofb(void); | 708 | const EVP_CIPHER *EVP_rc2_ofb(void); | 
| 680 | #endif | 709 | #endif | 
| 681 | #ifndef OPENSSL_NO_BF | 710 | #ifndef OPENSSL_NO_BF | 
| 682 | const EVP_CIPHER *EVP_bf_ecb(void); | 711 | const EVP_CIPHER *EVP_bf_ecb(void); | 
| 683 | const EVP_CIPHER *EVP_bf_cbc(void); | 712 | const EVP_CIPHER *EVP_bf_cbc(void); | 
| 684 | const EVP_CIPHER *EVP_bf_cfb(void); | 713 | const EVP_CIPHER *EVP_bf_cfb64(void); | 
| 714 | # define EVP_bf_cfb EVP_bf_cfb64 | ||
| 685 | const EVP_CIPHER *EVP_bf_ofb(void); | 715 | const EVP_CIPHER *EVP_bf_ofb(void); | 
| 686 | #endif | 716 | #endif | 
| 687 | #ifndef OPENSSL_NO_CAST | 717 | #ifndef OPENSSL_NO_CAST | 
| 688 | const EVP_CIPHER *EVP_cast5_ecb(void); | 718 | const EVP_CIPHER *EVP_cast5_ecb(void); | 
| 689 | const EVP_CIPHER *EVP_cast5_cbc(void); | 719 | const EVP_CIPHER *EVP_cast5_cbc(void); | 
| 690 | const EVP_CIPHER *EVP_cast5_cfb(void); | 720 | const EVP_CIPHER *EVP_cast5_cfb64(void); | 
| 721 | # define EVP_cast5_cfb EVP_cast5_cfb64 | ||
| 691 | const EVP_CIPHER *EVP_cast5_ofb(void); | 722 | const EVP_CIPHER *EVP_cast5_ofb(void); | 
| 692 | #endif | 723 | #endif | 
| 693 | #ifndef OPENSSL_NO_RC5 | 724 | #ifndef OPENSSL_NO_RC5 | 
| 694 | const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); | 725 | const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); | 
| 695 | const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); | 726 | const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); | 
| 696 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); | 727 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); | 
| 728 | # define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 | ||
| 697 | const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); | 729 | const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); | 
| 698 | #endif | 730 | #endif | 
| 699 | #ifndef OPENSSL_NO_AES | 731 | #ifndef OPENSSL_NO_AES | 
| 700 | const EVP_CIPHER *EVP_aes_128_ecb(void); | 732 | const EVP_CIPHER *EVP_aes_128_ecb(void); | 
| 701 | const EVP_CIPHER *EVP_aes_128_cbc(void); | 733 | const EVP_CIPHER *EVP_aes_128_cbc(void); | 
| 702 | const EVP_CIPHER *EVP_aes_128_cfb(void); | 734 | const EVP_CIPHER *EVP_aes_128_cfb1(void); | 
| 735 | const EVP_CIPHER *EVP_aes_128_cfb8(void); | ||
| 736 | const EVP_CIPHER *EVP_aes_128_cfb128(void); | ||
| 737 | # define EVP_aes_128_cfb EVP_aes_128_cfb128 | ||
| 703 | const EVP_CIPHER *EVP_aes_128_ofb(void); | 738 | const EVP_CIPHER *EVP_aes_128_ofb(void); | 
| 704 | #if 0 | 739 | #if 0 | 
| 705 | const EVP_CIPHER *EVP_aes_128_ctr(void); | 740 | const EVP_CIPHER *EVP_aes_128_ctr(void); | 
| 706 | #endif | 741 | #endif | 
| 707 | const EVP_CIPHER *EVP_aes_192_ecb(void); | 742 | const EVP_CIPHER *EVP_aes_192_ecb(void); | 
| 708 | const EVP_CIPHER *EVP_aes_192_cbc(void); | 743 | const EVP_CIPHER *EVP_aes_192_cbc(void); | 
| 709 | const EVP_CIPHER *EVP_aes_192_cfb(void); | 744 | const EVP_CIPHER *EVP_aes_192_cfb1(void); | 
| 745 | const EVP_CIPHER *EVP_aes_192_cfb8(void); | ||
| 746 | const EVP_CIPHER *EVP_aes_192_cfb128(void); | ||
| 747 | # define EVP_aes_192_cfb EVP_aes_192_cfb128 | ||
| 710 | const EVP_CIPHER *EVP_aes_192_ofb(void); | 748 | const EVP_CIPHER *EVP_aes_192_ofb(void); | 
| 711 | #if 0 | 749 | #if 0 | 
| 712 | const EVP_CIPHER *EVP_aes_192_ctr(void); | 750 | const EVP_CIPHER *EVP_aes_192_ctr(void); | 
| 713 | #endif | 751 | #endif | 
| 714 | const EVP_CIPHER *EVP_aes_256_ecb(void); | 752 | const EVP_CIPHER *EVP_aes_256_ecb(void); | 
| 715 | const EVP_CIPHER *EVP_aes_256_cbc(void); | 753 | const EVP_CIPHER *EVP_aes_256_cbc(void); | 
| 716 | const EVP_CIPHER *EVP_aes_256_cfb(void); | 754 | const EVP_CIPHER *EVP_aes_256_cfb1(void); | 
| 755 | const EVP_CIPHER *EVP_aes_256_cfb8(void); | ||
| 756 | const EVP_CIPHER *EVP_aes_256_cfb128(void); | ||
| 757 | # define EVP_aes_256_cfb EVP_aes_256_cfb128 | ||
| 717 | const EVP_CIPHER *EVP_aes_256_ofb(void); | 758 | const EVP_CIPHER *EVP_aes_256_ofb(void); | 
| 718 | #if 0 | 759 | #if 0 | 
| 719 | const EVP_CIPHER *EVP_aes_256_ctr(void); | 760 | const EVP_CIPHER *EVP_aes_256_ctr(void); | 
| @@ -825,13 +866,18 @@ void ERR_load_EVP_strings(void); | |||
| 825 | /* Error codes for the EVP functions. */ | 866 | /* Error codes for the EVP functions. */ | 
| 826 | 867 | ||
| 827 | /* Function codes. */ | 868 | /* Function codes. */ | 
| 869 | #define EVP_F_AES_INIT_KEY 129 | ||
| 828 | #define EVP_F_D2I_PKEY 100 | 870 | #define EVP_F_D2I_PKEY 100 | 
| 871 | #define EVP_F_EVP_ADD_CIPHER 130 | ||
| 872 | #define EVP_F_EVP_ADD_DIGEST 131 | ||
| 829 | #define EVP_F_EVP_CIPHERINIT 123 | 873 | #define EVP_F_EVP_CIPHERINIT 123 | 
| 830 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | 874 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | 
| 831 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | 875 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | 
| 832 | #define EVP_F_EVP_DECRYPTFINAL 101 | 876 | #define EVP_F_EVP_DECRYPTFINAL 101 | 
| 833 | #define EVP_F_EVP_DIGESTINIT 128 | 877 | #define EVP_F_EVP_DIGESTINIT 128 | 
| 834 | #define EVP_F_EVP_ENCRYPTFINAL 127 | 878 | #define EVP_F_EVP_ENCRYPTFINAL 127 | 
| 879 | #define EVP_F_EVP_GET_CIPHERBYNAME 132 | ||
| 880 | #define EVP_F_EVP_GET_DIGESTBYNAME 133 | ||
| 835 | #define EVP_F_EVP_MD_CTX_COPY 110 | 881 | #define EVP_F_EVP_MD_CTX_COPY 110 | 
| 836 | #define EVP_F_EVP_OPENINIT 102 | 882 | #define EVP_F_EVP_OPENINIT 102 | 
| 837 | #define EVP_F_EVP_PBE_ALG_ADD 115 | 883 | #define EVP_F_EVP_PBE_ALG_ADD 115 | 
| @@ -855,6 +901,7 @@ void ERR_load_EVP_strings(void); | |||
| 855 | #define EVP_F_RC5_CTRL 125 | 901 | #define EVP_F_RC5_CTRL 125 | 
| 856 | 902 | ||
| 857 | /* Reason codes. */ | 903 | /* Reason codes. */ | 
| 904 | #define EVP_R_AES_KEY_SETUP_FAILED 140 | ||
| 858 | #define EVP_R_BAD_BLOCK_LENGTH 136 | 905 | #define EVP_R_BAD_BLOCK_LENGTH 136 | 
| 859 | #define EVP_R_BAD_DECRYPT 100 | 906 | #define EVP_R_BAD_DECRYPT 100 | 
| 860 | #define EVP_R_BAD_KEY_LENGTH 137 | 907 | #define EVP_R_BAD_KEY_LENGTH 137 | 
| @@ -866,6 +913,7 @@ void ERR_load_EVP_strings(void); | |||
| 866 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | 913 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | 
| 867 | #define EVP_R_DECODE_ERROR 114 | 914 | #define EVP_R_DECODE_ERROR 114 | 
| 868 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 915 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 
| 916 | #define EVP_R_DISABLED_FOR_FIPS 141 | ||
| 869 | #define EVP_R_ENCODE_ERROR 115 | 917 | #define EVP_R_ENCODE_ERROR 115 | 
| 870 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | 918 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | 
| 871 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | 919 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | 
| diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 8ea5aa935d..f549eeb437 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | |||
| 82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); | 82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); | 
| 83 | } | 83 | } | 
| 84 | 84 | ||
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | |||
| 87 | /* The purpose of these is to trap programs that attempt to use non FIPS | ||
| 88 | * algorithms in FIPS mode and ignore the errors. | ||
| 89 | */ | ||
| 90 | |||
| 91 | int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 92 | const unsigned char *iv, int enc) | ||
| 93 | { FIPS_ERROR_IGNORED("Cipher init"); return 0;} | ||
| 94 | |||
| 95 | int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 96 | const unsigned char *in, unsigned int inl) | ||
| 97 | { FIPS_ERROR_IGNORED("Cipher update"); return 0;} | ||
| 98 | |||
| 99 | /* NB: no cleanup because it is allowed after failed init */ | ||
| 100 | |||
| 101 | int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 102 | { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} | ||
| 103 | int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) | ||
| 104 | { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} | ||
| 105 | int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | ||
| 106 | { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} | ||
| 107 | |||
| 108 | static const EVP_CIPHER bad_cipher = | ||
| 109 | { | ||
| 110 | 0, | ||
| 111 | 0, | ||
| 112 | 0, | ||
| 113 | 0, | ||
| 114 | 0, | ||
| 115 | bad_init, | ||
| 116 | bad_do_cipher, | ||
| 117 | NULL, | ||
| 118 | 0, | ||
| 119 | bad_set_asn1, | ||
| 120 | bad_get_asn1, | ||
| 121 | bad_ctrl, | ||
| 122 | NULL | ||
| 123 | }; | ||
| 124 | |||
| 125 | #endif | ||
| 126 | |||
| 85 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | 127 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | 
| 86 | const unsigned char *key, const unsigned char *iv, int enc) | 128 | const unsigned char *key, const unsigned char *iv, int enc) | 
| 87 | { | 129 | { | 
| @@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp | |||
| 146 | else | 188 | else | 
| 147 | ctx->engine = NULL; | 189 | ctx->engine = NULL; | 
| 148 | #endif | 190 | #endif | 
| 149 | |||
| 150 | ctx->cipher=cipher; | 191 | ctx->cipher=cipher; | 
| 151 | if (ctx->cipher->ctx_size) | 192 | if (ctx->cipher->ctx_size) | 
| 152 | { | 193 | { | 
| @@ -210,6 +251,24 @@ skip_to_init: | |||
| 210 | } | 251 | } | 
| 211 | } | 252 | } | 
| 212 | 253 | ||
| 254 | #ifdef OPENSSL_FIPS | ||
| 255 | /* After 'key' is set no further parameters changes are permissible. | ||
| 256 | * So only check for non FIPS enabling at this point. | ||
| 257 | */ | ||
| 258 | if (key && FIPS_mode()) | ||
| 259 | { | ||
| 260 | if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) | ||
| 261 | & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) | ||
| 262 | { | ||
| 263 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS); | ||
| 264 | ERR_add_error_data(2, "cipher=", | ||
| 265 | EVP_CIPHER_name(ctx->cipher)); | ||
| 266 | ctx->cipher = &bad_cipher; | ||
| 267 | return 0; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | #endif | ||
| 271 | |||
| 213 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | 272 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | 
| 214 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | 273 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | 
| 215 | } | 274 | } | 
| diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 3a23d21c21..40135d0729 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/evp/evp_err.c */ | 1 | /* crypto/evp/evp_err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| @@ -66,13 +66,18 @@ | |||
| 66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR | 
| 67 | static ERR_STRING_DATA EVP_str_functs[]= | 67 | static ERR_STRING_DATA EVP_str_functs[]= | 
| 68 | { | 68 | { | 
| 69 | {ERR_PACK(0,EVP_F_AES_INIT_KEY,0), "AES_INIT_KEY"}, | ||
| 69 | {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, | 70 | {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, | 
| 71 | {ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0), "EVP_add_cipher"}, | ||
| 72 | {ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0), "EVP_add_digest"}, | ||
| 70 | {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, | 73 | {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, | 
| 71 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, | 74 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, | 
| 72 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, | 75 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, | 
| 73 | {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, | 76 | {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, | 
| 74 | {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, | 77 | {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, | 
| 75 | {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, | 78 | {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, | 
| 79 | {ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0), "EVP_get_cipherbyname"}, | ||
| 80 | {ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0), "EVP_get_digestbyname"}, | ||
| 76 | {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, | 81 | {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, | 
| 77 | {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, | 82 | {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, | 
| 78 | {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, | 83 | {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, | 
| @@ -99,6 +104,7 @@ static ERR_STRING_DATA EVP_str_functs[]= | |||
| 99 | 104 | ||
| 100 | static ERR_STRING_DATA EVP_str_reasons[]= | 105 | static ERR_STRING_DATA EVP_str_reasons[]= | 
| 101 | { | 106 | { | 
| 107 | {EVP_R_AES_KEY_SETUP_FAILED ,"aes key setup failed"}, | ||
| 102 | {EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, | 108 | {EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, | 
| 103 | {EVP_R_BAD_DECRYPT ,"bad decrypt"}, | 109 | {EVP_R_BAD_DECRYPT ,"bad decrypt"}, | 
| 104 | {EVP_R_BAD_KEY_LENGTH ,"bad key length"}, | 110 | {EVP_R_BAD_KEY_LENGTH ,"bad key length"}, | 
| @@ -110,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= | |||
| 110 | {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, | 116 | {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, | 
| 111 | {EVP_R_DECODE_ERROR ,"decode error"}, | 117 | {EVP_R_DECODE_ERROR ,"decode error"}, | 
| 112 | {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, | 118 | {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, | 
| 119 | {EVP_R_DISABLED_FOR_FIPS ,"disabled for fips"}, | ||
| 113 | {EVP_R_ENCODE_ERROR ,"encode error"}, | 120 | {EVP_R_ENCODE_ERROR ,"encode error"}, | 
| 114 | {EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, | 121 | {EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, | 
| 115 | {EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, | 122 | {EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, | 
| diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index 52a3b287be..a63ba19317 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c | |||
| @@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 68 | if (c->cipher->set_asn1_parameters != NULL) | 68 | if (c->cipher->set_asn1_parameters != NULL) | 
| 69 | ret=c->cipher->set_asn1_parameters(c,type); | 69 | ret=c->cipher->set_asn1_parameters(c,type); | 
| 70 | else | 70 | else | 
| 71 | ret=1; | 71 | return -1; | 
| 72 | return(ret); | 72 | return(ret); | 
| 73 | } | 73 | } | 
| 74 | 74 | ||
| @@ -79,7 +79,7 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 79 | if (c->cipher->get_asn1_parameters != NULL) | 79 | if (c->cipher->get_asn1_parameters != NULL) | 
| 80 | ret=c->cipher->get_asn1_parameters(c,type); | 80 | ret=c->cipher->get_asn1_parameters(c,type); | 
| 81 | else | 81 | else | 
| 82 | ret=1; | 82 | return -1; | 
| 83 | return(ret); | 83 | return(ret); | 
| 84 | } | 84 | } | 
| 85 | 85 | ||
| @@ -133,6 +133,30 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) | |||
| 133 | 133 | ||
| 134 | return NID_rc4; | 134 | return NID_rc4; | 
| 135 | 135 | ||
| 136 | case NID_aes_128_cfb128: | ||
| 137 | case NID_aes_128_cfb8: | ||
| 138 | case NID_aes_128_cfb1: | ||
| 139 | |||
| 140 | return NID_aes_128_cfb128; | ||
| 141 | |||
| 142 | case NID_aes_192_cfb128: | ||
| 143 | case NID_aes_192_cfb8: | ||
| 144 | case NID_aes_192_cfb1: | ||
| 145 | |||
| 146 | return NID_aes_192_cfb128; | ||
| 147 | |||
| 148 | case NID_aes_256_cfb128: | ||
| 149 | case NID_aes_256_cfb8: | ||
| 150 | case NID_aes_256_cfb1: | ||
| 151 | |||
| 152 | return NID_aes_256_cfb128; | ||
| 153 | |||
| 154 | case NID_des_cfb64: | ||
| 155 | case NID_des_cfb8: | ||
| 156 | case NID_des_cfb1: | ||
| 157 | |||
| 158 | return NID_des_cfb64; | ||
| 159 | |||
| 136 | default: | 160 | default: | 
| 137 | /* Check it has an OID and it is valid */ | 161 | /* Check it has an OID and it is valid */ | 
| 138 | otmp = OBJ_nid2obj(nid); | 162 | otmp = OBJ_nid2obj(nid); | 
| diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 4d81a3bf4c..f8c5343620 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h | |||
| @@ -90,7 +90,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns | |||
| 90 | } | 90 | } | 
| 91 | 91 | ||
| 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ | 
| 93 | static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 93 | static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 
| 94 | {\ | 94 | {\ | 
| 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ | 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ | 
| 96 | return 1;\ | 96 | return 1;\ | 
| @@ -127,7 +127,7 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | |||
| 127 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ | 127 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ | 
| 128 | iv_len, cbits, flags, init_key, cleanup, \ | 128 | iv_len, cbits, flags, init_key, cleanup, \ | 
| 129 | set_asn1, get_asn1, ctrl) \ | 129 | set_asn1, get_asn1, ctrl) \ | 
| 130 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \ | 130 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ | 
| 131 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 131 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | 
| 132 | get_asn1, ctrl) | 132 | get_asn1, ctrl) | 
| 133 | 133 | ||
| @@ -225,3 +225,28 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | |||
| 225 | get_asn1, ctrl) | 225 | get_asn1, ctrl) | 
| 226 | 226 | ||
| 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) | 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) | 
| 228 | |||
| 229 | #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \ | ||
| 230 | BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ | ||
| 231 | BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ | ||
| 232 | NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ | ||
| 233 | flags, cipher##_init_key, NULL, \ | ||
| 234 | EVP_CIPHER_set_asn1_iv, \ | ||
| 235 | EVP_CIPHER_get_asn1_iv, \ | ||
| 236 | NULL) | ||
| 237 | |||
| 238 | #ifdef OPENSSL_FIPS | ||
| 239 | #define RC2_set_key private_RC2_set_key | ||
| 240 | #define RC4_set_key private_RC4_set_key | ||
| 241 | #define CAST_set_key private_CAST_set_key | ||
| 242 | #define RC5_32_set_key private_RC5_32_set_key | ||
| 243 | #define BF_set_key private_BF_set_key | ||
| 244 | #define idea_set_encrypt_key private_idea_set_encrypt_key | ||
| 245 | |||
| 246 | #define MD5_Init private_MD5_Init | ||
| 247 | #define MD4_Init private_MD4_Init | ||
| 248 | #define MD2_Init private_MD2_Init | ||
| 249 | #define MDC2_Init private_MDC2_Init | ||
| 250 | #define SHA_Init private_SHA_Init | ||
| 251 | |||
| 252 | #endif | ||
| diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index eb481ec661..47a69932a5 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c | |||
| @@ -235,7 +235,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) | |||
| 235 | return NULL; | 235 | return NULL; | 
| 236 | } | 236 | } | 
| 237 | p8->broken = broken; | 237 | p8->broken = broken; | 
| 238 | ASN1_INTEGER_set (p8->version, 0); | 238 | if (!ASN1_INTEGER_set(p8->version, 0)) { | 
| 239 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 240 | PKCS8_PRIV_KEY_INFO_free (p8); | ||
| 241 | return NULL; | ||
| 242 | } | ||
| 239 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { | 243 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { | 
| 240 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 244 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 241 | PKCS8_PRIV_KEY_INFO_free (p8); | 245 | PKCS8_PRIV_KEY_INFO_free (p8); | 
| @@ -303,29 +307,35 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) | |||
| 303 | #ifndef OPENSSL_NO_DSA | 307 | #ifndef OPENSSL_NO_DSA | 
| 304 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | 308 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | 
| 305 | { | 309 | { | 
| 306 | ASN1_STRING *params; | 310 | ASN1_STRING *params = NULL; | 
| 307 | ASN1_INTEGER *prkey; | 311 | ASN1_INTEGER *prkey = NULL; | 
| 308 | ASN1_TYPE *ttmp; | 312 | ASN1_TYPE *ttmp = NULL; | 
| 309 | STACK_OF(ASN1_TYPE) *ndsa; | 313 | STACK_OF(ASN1_TYPE) *ndsa = NULL; | 
| 310 | unsigned char *p, *q; | 314 | unsigned char *p = NULL, *q; | 
| 311 | int len; | 315 | int len; | 
| 312 | 316 | ||
| 313 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | 317 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | 
| 314 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | 318 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | 
| 315 | if (!(p = OPENSSL_malloc(len))) { | 319 | if (!(p = OPENSSL_malloc(len))) { | 
| 316 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 320 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 317 | PKCS8_PRIV_KEY_INFO_free (p8); | 321 | goto err; | 
| 318 | return 0; | ||
| 319 | } | 322 | } | 
| 320 | q = p; | 323 | q = p; | 
| 321 | i2d_DSAparams (pkey->pkey.dsa, &q); | 324 | i2d_DSAparams (pkey->pkey.dsa, &q); | 
| 322 | params = ASN1_STRING_new(); | 325 | if (!(params = ASN1_STRING_new())) { | 
| 323 | ASN1_STRING_set(params, p, len); | 326 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 327 | goto err; | ||
| 328 | } | ||
| 329 | if (!ASN1_STRING_set(params, p, len)) { | ||
| 330 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 331 | goto err; | ||
| 332 | } | ||
| 324 | OPENSSL_free(p); | 333 | OPENSSL_free(p); | 
| 334 | p = NULL; | ||
| 325 | /* Get private key into integer */ | 335 | /* Get private key into integer */ | 
| 326 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | 336 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | 
| 327 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 337 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 
| 328 | return 0; | 338 | goto err; | 
| 329 | } | 339 | } | 
| 330 | 340 | ||
| 331 | switch(p8->broken) { | 341 | switch(p8->broken) { | 
| @@ -336,12 +346,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 336 | if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, | 346 | if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, | 
| 337 | &p8->pkey->value.octet_string)) { | 347 | &p8->pkey->value.octet_string)) { | 
| 338 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 348 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 339 | M_ASN1_INTEGER_free (prkey); | 349 | goto err; | 
| 340 | return 0; | ||
| 341 | } | 350 | } | 
| 342 | 351 | ||
| 343 | M_ASN1_INTEGER_free (prkey); | 352 | M_ASN1_INTEGER_free (prkey); | 
| 353 | prkey = NULL; | ||
| 344 | p8->pkeyalg->parameter->value.sequence = params; | 354 | p8->pkeyalg->parameter->value.sequence = params; | 
| 355 | params = NULL; | ||
| 345 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 356 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 
| 346 | 357 | ||
| 347 | break; | 358 | break; | 
| @@ -349,32 +360,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 349 | case PKCS8_NS_DB: | 360 | case PKCS8_NS_DB: | 
| 350 | 361 | ||
| 351 | p8->pkeyalg->parameter->value.sequence = params; | 362 | p8->pkeyalg->parameter->value.sequence = params; | 
| 363 | params = NULL; | ||
| 352 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 364 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | 
| 353 | ndsa = sk_ASN1_TYPE_new_null(); | 365 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 
| 354 | ttmp = ASN1_TYPE_new(); | 366 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 355 | if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { | 367 | goto err; | 
| 368 | } | ||
| 369 | if (!(ttmp = ASN1_TYPE_new())) { | ||
| 370 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 371 | goto err; | ||
| 372 | } | ||
| 373 | if (!(ttmp->value.integer = | ||
| 374 | BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { | ||
| 356 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 375 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | 
| 357 | PKCS8_PRIV_KEY_INFO_free(p8); | 376 | goto err; | 
| 358 | return 0; | ||
| 359 | } | 377 | } | 
| 360 | ttmp->type = V_ASN1_INTEGER; | 378 | ttmp->type = V_ASN1_INTEGER; | 
| 361 | sk_ASN1_TYPE_push(ndsa, ttmp); | 379 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 
| 380 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 381 | goto err; | ||
| 382 | } | ||
| 362 | 383 | ||
| 363 | ttmp = ASN1_TYPE_new(); | 384 | if (!(ttmp = ASN1_TYPE_new())) { | 
| 385 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 386 | goto err; | ||
| 387 | } | ||
| 364 | ttmp->value.integer = prkey; | 388 | ttmp->value.integer = prkey; | 
| 389 | prkey = NULL; | ||
| 365 | ttmp->type = V_ASN1_INTEGER; | 390 | ttmp->type = V_ASN1_INTEGER; | 
| 366 | sk_ASN1_TYPE_push(ndsa, ttmp); | 391 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 
| 392 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 393 | goto err; | ||
| 394 | } | ||
| 395 | ttmp = NULL; | ||
| 367 | 396 | ||
| 368 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | 397 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 
| 398 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 399 | goto err; | ||
| 400 | } | ||
| 369 | 401 | ||
| 370 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | 402 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | 
| 371 | &p8->pkey->value.octet_string->data, | 403 | &p8->pkey->value.octet_string->data, | 
| 372 | &p8->pkey->value.octet_string->length)) { | 404 | &p8->pkey->value.octet_string->length)) { | 
| 373 | 405 | ||
| 374 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 406 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 375 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 407 | goto err; | 
| 376 | M_ASN1_INTEGER_free(prkey); | ||
| 377 | return 0; | ||
| 378 | } | 408 | } | 
| 379 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 409 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 
| 380 | break; | 410 | break; | 
| @@ -382,31 +412,57 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | |||
| 382 | case PKCS8_EMBEDDED_PARAM: | 412 | case PKCS8_EMBEDDED_PARAM: | 
| 383 | 413 | ||
| 384 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 414 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 
| 385 | ndsa = sk_ASN1_TYPE_new_null(); | 415 | if (!(ndsa = sk_ASN1_TYPE_new_null())) { | 
| 386 | ttmp = ASN1_TYPE_new(); | 416 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 417 | goto err; | ||
| 418 | } | ||
| 419 | if (!(ttmp = ASN1_TYPE_new())) { | ||
| 420 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 421 | goto err; | ||
| 422 | } | ||
| 387 | ttmp->value.sequence = params; | 423 | ttmp->value.sequence = params; | 
| 424 | params = NULL; | ||
| 388 | ttmp->type = V_ASN1_SEQUENCE; | 425 | ttmp->type = V_ASN1_SEQUENCE; | 
| 389 | sk_ASN1_TYPE_push(ndsa, ttmp); | 426 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 
| 427 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 428 | goto err; | ||
| 429 | } | ||
| 390 | 430 | ||
| 391 | ttmp = ASN1_TYPE_new(); | 431 | if (!(ttmp = ASN1_TYPE_new())) { | 
| 432 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 433 | goto err; | ||
| 434 | } | ||
| 392 | ttmp->value.integer = prkey; | 435 | ttmp->value.integer = prkey; | 
| 436 | prkey = NULL; | ||
| 393 | ttmp->type = V_ASN1_INTEGER; | 437 | ttmp->type = V_ASN1_INTEGER; | 
| 394 | sk_ASN1_TYPE_push(ndsa, ttmp); | 438 | if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { | 
| 439 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 440 | goto err; | ||
| 441 | } | ||
| 442 | ttmp = NULL; | ||
| 395 | 443 | ||
| 396 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | 444 | if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { | 
| 445 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 446 | goto err; | ||
| 447 | } | ||
| 397 | 448 | ||
| 398 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | 449 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | 
| 399 | &p8->pkey->value.octet_string->data, | 450 | &p8->pkey->value.octet_string->data, | 
| 400 | &p8->pkey->value.octet_string->length)) { | 451 | &p8->pkey->value.octet_string->length)) { | 
| 401 | 452 | ||
| 402 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 453 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 
| 403 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 454 | goto err; | 
| 404 | M_ASN1_INTEGER_free (prkey); | ||
| 405 | return 0; | ||
| 406 | } | 455 | } | 
| 407 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 456 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | 
| 408 | break; | 457 | break; | 
| 409 | } | 458 | } | 
| 410 | return 1; | 459 | return 1; | 
| 460 | err: | ||
| 461 | if (p != NULL) OPENSSL_free(p); | ||
| 462 | if (params != NULL) ASN1_STRING_free(params); | ||
| 463 | if (prkey != NULL) M_ASN1_INTEGER_free(prkey); | ||
| 464 | if (ttmp != NULL) ASN1_TYPE_free(ttmp); | ||
| 465 | if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 466 | return 0; | ||
| 411 | } | 467 | } | 
| 412 | #endif | 468 | #endif | 
| diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index beb8d7fc5c..d393eb3400 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c | |||
| @@ -77,7 +77,7 @@ static const EVP_MD dsa_md= | |||
| 77 | NID_dsaWithSHA, | 77 | NID_dsaWithSHA, | 
| 78 | NID_dsaWithSHA, | 78 | NID_dsaWithSHA, | 
| 79 | SHA_DIGEST_LENGTH, | 79 | SHA_DIGEST_LENGTH, | 
| 80 | 0, | 80 | EVP_MD_FLAG_FIPS, | 
| 81 | init, | 81 | init, | 
| 82 | update, | 82 | update, | 
| 83 | final, | 83 | final, | 
| diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index e19b663754..0605e4b707 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #include <stdio.h> | 60 | #include <stdio.h> | 
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" | 
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> | 
| 63 | #include "evp_locl.h" | ||
| 63 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> | 
| 64 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> | 
| 65 | #include <openssl/md4.h> | 66 | #include <openssl/md4.h> | 
| diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index b00a03e048..752615d473 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #include <stdio.h> | 60 | #include <stdio.h> | 
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" | 
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> | 
| 63 | #include "evp_locl.h" | ||
| 63 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> | 
| 64 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> | 
| 65 | #include <openssl/md5.h> | 66 | #include <openssl/md5.h> | 
| diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index d6be3502f0..fe4402389a 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c | |||
| @@ -77,7 +77,7 @@ static const EVP_MD sha1_md= | |||
| 77 | NID_sha1, | 77 | NID_sha1, | 
| 78 | NID_sha1WithRSAEncryption, | 78 | NID_sha1WithRSAEncryption, | 
| 79 | SHA_DIGEST_LENGTH, | 79 | SHA_DIGEST_LENGTH, | 
| 80 | 0, | 80 | EVP_MD_FLAG_FIPS, | 
| 81 | init, | 81 | init, | 
| 82 | update, | 82 | update, | 
| 83 | final, | 83 | final, | 
| diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index eb9f4329cd..7712453046 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c | |||
| @@ -61,6 +61,9 @@ | |||
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> | 
| 62 | #include <openssl/objects.h> | 62 | #include <openssl/objects.h> | 
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> | 
| 64 | #ifdef OPENSSL_FIPS | ||
| 65 | #include <openssl/fips.h> | ||
| 66 | #endif | ||
| 64 | 67 | ||
| 65 | int EVP_add_cipher(const EVP_CIPHER *c) | 68 | int EVP_add_cipher(const EVP_CIPHER *c) | 
| 66 | { | 69 | { | 
| diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 4c91f919d5..06ee80761f 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c | |||
| @@ -77,6 +77,15 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, | |||
| 77 | 77 | ||
| 78 | if (key != NULL) | 78 | if (key != NULL) | 
| 79 | { | 79 | { | 
| 80 | #ifdef OPENSSL_FIPS | ||
| 81 | if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS) | ||
| 82 | && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | ||
| 83 | || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) | ||
| 84 | || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))) | ||
| 85 | OpenSSLDie(__FILE__,__LINE__, | ||
| 86 | "HMAC: digest not allowed in FIPS mode"); | ||
| 87 | #endif | ||
| 88 | |||
| 80 | reset=1; | 89 | reset=1; | 
| 81 | j=EVP_MD_block_size(md); | 90 | j=EVP_MD_block_size(md); | 
| 82 | OPENSSL_assert(j <= sizeof ctx->key); | 91 | OPENSSL_assert(j <= sizeof ctx->key); | 
| @@ -171,3 +180,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | |||
| 171 | return(md); | 180 | return(md); | 
| 172 | } | 181 | } | 
| 173 | 182 | ||
| 183 | void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) | ||
| 184 | { | ||
| 185 | EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); | ||
| 186 | EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); | ||
| 187 | EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); | ||
| 188 | } | ||
| 189 | |||
| diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h index 0364a1fcbd..294ab3b36a 100644 --- a/src/lib/libcrypto/hmac/hmac.h +++ b/src/lib/libcrypto/hmac/hmac.h | |||
| @@ -98,6 +98,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | |||
| 98 | const unsigned char *d, int n, unsigned char *md, | 98 | const unsigned char *d, int n, unsigned char *md, | 
| 99 | unsigned int *md_len); | 99 | unsigned int *md_len); | 
| 100 | 100 | ||
| 101 | void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); | ||
| 101 | 102 | ||
| 102 | #ifdef __cplusplus | 103 | #ifdef __cplusplus | 
| 103 | } | 104 | } | 
| diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h index 67132414ee..bf41844fd7 100644 --- a/src/lib/libcrypto/idea/idea.h +++ b/src/lib/libcrypto/idea/idea.h | |||
| @@ -82,6 +82,10 @@ typedef struct idea_key_st | |||
| 82 | const char *idea_options(void); | 82 | const char *idea_options(void); | 
| 83 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, | 83 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, | 
| 84 | IDEA_KEY_SCHEDULE *ks); | 84 | IDEA_KEY_SCHEDULE *ks); | 
| 85 | #ifdef OPENSSL_FIPS | ||
| 86 | void private_idea_set_encrypt_key(const unsigned char *key, | ||
| 87 | IDEA_KEY_SCHEDULE *ks); | ||
| 88 | #endif | ||
| 85 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); | 89 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); | 
| 86 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); | 90 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); | 
| 87 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, | 91 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, | 
| diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h index 573850b122..733da6acaf 100644 --- a/src/lib/libcrypto/md32_common.h +++ b/src/lib/libcrypto/md32_common.h | |||
| @@ -128,6 +128,10 @@ | |||
| 128 | * <appro@fy.chalmers.se> | 128 | * <appro@fy.chalmers.se> | 
| 129 | */ | 129 | */ | 
| 130 | 130 | ||
| 131 | #include <openssl/crypto.h> | ||
| 132 | #include <openssl/fips.h> | ||
| 133 | #include <openssl/err.h> | ||
| 134 | |||
| 131 | #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) | 135 | #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) | 
| 132 | #error "DATA_ORDER must be defined!" | 136 | #error "DATA_ORDER must be defined!" | 
| 133 | #endif | 137 | #endif | 
| @@ -207,7 +211,7 @@ | |||
| 207 | : "cc"); \ | 211 | : "cc"); \ | 
| 208 | ret; \ | 212 | ret; \ | 
| 209 | }) | 213 | }) | 
| 210 | # elif defined(__powerpc) || defined(__ppc) | 214 | # elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) | 
| 211 | # define ROTATE(a,n) ({ register unsigned int ret; \ | 215 | # define ROTATE(a,n) ({ register unsigned int ret; \ | 
| 212 | asm ( \ | 216 | asm ( \ | 
| 213 | "rlwinm %0,%1,%2,0,31" \ | 217 | "rlwinm %0,%1,%2,0,31" \ | 
| @@ -555,6 +559,14 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) | |||
| 555 | static const unsigned char end[4]={0x80,0x00,0x00,0x00}; | 559 | static const unsigned char end[4]={0x80,0x00,0x00,0x00}; | 
| 556 | const unsigned char *cp=end; | 560 | const unsigned char *cp=end; | 
| 557 | 561 | ||
| 562 | #if 0 | ||
| 563 | if(FIPS_mode() && !FIPS_md5_allowed()) | ||
| 564 | { | ||
| 565 | FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); | ||
| 566 | return 0; | ||
| 567 | } | ||
| 568 | #endif | ||
| 569 | |||
| 558 | /* c->num should definitly have room for at least one more byte. */ | 570 | /* c->num should definitly have room for at least one more byte. */ | 
| 559 | p=c->data; | 571 | p=c->data; | 
| 560 | i=c->num>>2; | 572 | i=c->num>>2; | 
| diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h index 7a7b23682f..7e761efb62 100644 --- a/src/lib/libcrypto/md4/md4.h +++ b/src/lib/libcrypto/md4/md4.h | |||
| @@ -104,6 +104,9 @@ typedef struct MD4state_st | |||
| 104 | int num; | 104 | int num; | 
| 105 | } MD4_CTX; | 105 | } MD4_CTX; | 
| 106 | 106 | ||
| 107 | #ifdef OPENSSL_FIPS | ||
| 108 | int private_MD4_Init(MD4_CTX *c); | ||
| 109 | #endif | ||
| 107 | int MD4_Init(MD4_CTX *c); | 110 | int MD4_Init(MD4_CTX *c); | 
| 108 | int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); | 111 | int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); | 
| 109 | int MD4_Final(unsigned char *md, MD4_CTX *c); | 112 | int MD4_Final(unsigned char *md, MD4_CTX *c); | 
| diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c index 7afb7185b6..ee7cc72262 100644 --- a/src/lib/libcrypto/md4/md4_dgst.c +++ b/src/lib/libcrypto/md4/md4_dgst.c | |||
| @@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; | |||
| 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 
| 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 
| 72 | 72 | ||
| 73 | int MD4_Init(MD4_CTX *c) | 73 | FIPS_NON_FIPS_MD_Init(MD4) | 
| 74 | { | 74 | { | 
| 75 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; | 
| 76 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; | 
| diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h index a252e02115..c663dd1816 100644 --- a/src/lib/libcrypto/md5/md5.h +++ b/src/lib/libcrypto/md5/md5.h | |||
| @@ -104,6 +104,9 @@ typedef struct MD5state_st | |||
| 104 | int num; | 104 | int num; | 
| 105 | } MD5_CTX; | 105 | } MD5_CTX; | 
| 106 | 106 | ||
| 107 | #ifdef OPENSSL_FIPS | ||
| 108 | int private_MD5_Init(MD5_CTX *c); | ||
| 109 | #endif | ||
| 107 | int MD5_Init(MD5_CTX *c); | 110 | int MD5_Init(MD5_CTX *c); | 
| 108 | int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); | 111 | int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); | 
| 109 | int MD5_Final(unsigned char *md, MD5_CTX *c); | 112 | int MD5_Final(unsigned char *md, MD5_CTX *c); | 
| diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c index 9c7abc3697..54b33c6509 100644 --- a/src/lib/libcrypto/md5/md5_dgst.c +++ b/src/lib/libcrypto/md5/md5_dgst.c | |||
| @@ -70,7 +70,7 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; | |||
| 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 
| 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 
| 72 | 72 | ||
| 73 | int MD5_Init(MD5_CTX *c) | 73 | FIPS_NON_FIPS_MD_Init(MD5) | 
| 74 | { | 74 | { | 
| 75 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; | 
| 76 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; | 
| diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c new file mode 100644 index 0000000000..da8860491d --- /dev/null +++ b/src/lib/libcrypto/o_str.c | |||
| @@ -0,0 +1,96 @@ | |||
| 1 | /* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL | ||
| 3 | * project 2003. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2003 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * openssl-core@openssl.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | |||
| 59 | #include <ctype.h> | ||
| 60 | #include <e_os.h> | ||
| 61 | #include "o_str.h" | ||
| 62 | |||
| 63 | int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) | ||
| 64 | { | ||
| 65 | #if defined(OPENSSL_IMPLEMENTS_strncasecmp) | ||
| 66 | while (*str1 && *str2 && n) | ||
| 67 | { | ||
| 68 | int res = toupper(*str1) - toupper(*str2); | ||
| 69 | if (res) return res < 0 ? -1 : 1; | ||
| 70 | str1++; | ||
| 71 | str2++; | ||
| 72 | n--; | ||
| 73 | } | ||
| 74 | if (n == 0) | ||
| 75 | return 0; | ||
| 76 | if (*str1) | ||
| 77 | return 1; | ||
| 78 | if (*str2) | ||
| 79 | return -1; | ||
| 80 | return 0; | ||
| 81 | #else | ||
| 82 | /* Recursion hazard warning! Whenever strncasecmp is #defined as | ||
| 83 | * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be | ||
| 84 | * defined as well. */ | ||
| 85 | return strncasecmp(str1, str2, n); | ||
| 86 | #endif | ||
| 87 | } | ||
| 88 | int OPENSSL_strcasecmp(const char *str1, const char *str2) | ||
| 89 | { | ||
| 90 | #if defined(OPENSSL_IMPLEMENTS_strncasecmp) | ||
| 91 | return OPENSSL_strncasecmp(str1, str2, (size_t)-1); | ||
| 92 | #else | ||
| 93 | return strcasecmp(str1, str2); | ||
| 94 | #endif | ||
| 95 | } | ||
| 96 | |||
| diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c index 785468131e..e29091d650 100644 --- a/src/lib/libcrypto/o_time.c +++ b/src/lib/libcrypto/o_time.c | |||
| @@ -114,16 +114,28 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) | |||
| 114 | return NULL; | 114 | return NULL; | 
| 115 | logvalue[reslen] = '\0'; | 115 | logvalue[reslen] = '\0'; | 
| 116 | 116 | ||
| 117 | t = *timer; | ||
| 118 | |||
| 119 | /* The following is extracted from the DEC C header time.h */ | ||
| 120 | /* | ||
| 121 | ** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime | ||
| 122 | ** have two implementations. One implementation is provided | ||
| 123 | ** for compatibility and deals with time in terms of local time, | ||
| 124 | ** the other __utc_* deals with time in terms of UTC. | ||
| 125 | */ | ||
| 126 | /* We use the same conditions as in said time.h to check if we should | ||
| 127 | assume that t contains local time (and should therefore be adjusted) | ||
| 128 | or UTC (and should therefore be left untouched). */ | ||
| 129 | #if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE | ||
| 117 | /* Get the numerical value of the equivalence string */ | 130 | /* Get the numerical value of the equivalence string */ | 
| 118 | status = atoi(logvalue); | 131 | status = atoi(logvalue); | 
| 119 | 132 | ||
| 120 | /* and use it to move time to GMT */ | 133 | /* and use it to move time to GMT */ | 
| 121 | t = *timer - status; | 134 | t -= status; | 
| 135 | #endif | ||
| 122 | 136 | ||
| 123 | /* then convert the result to the time structure */ | 137 | /* then convert the result to the time structure */ | 
| 124 | #ifndef OPENSSL_THREADS | 138 | |
| 125 | ts=(struct tm *)localtime(&t); | ||
| 126 | #else | ||
| 127 | /* Since there was no gmtime_r() to do this stuff for us, | 139 | /* Since there was no gmtime_r() to do this stuff for us, | 
| 128 | we have to do it the hard way. */ | 140 | we have to do it the hard way. */ | 
| 129 | { | 141 | { | 
| @@ -198,7 +210,6 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) | |||
| 198 | result->tm_isdst = 0; /* There's no way to know... */ | 210 | result->tm_isdst = 0; /* There's no way to know... */ | 
| 199 | 211 | ||
| 200 | ts = result; | 212 | ts = result; | 
| 201 | #endif | ||
| 202 | } | 213 | } | 
| 203 | } | 214 | } | 
| 204 | #endif | 215 | #endif | 
| diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c index b4453b4a98..28c9370ca3 100644 --- a/src/lib/libcrypto/objects/o_names.c +++ b/src/lib/libcrypto/objects/o_names.c | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | #include <stdlib.h> | 2 | #include <stdlib.h> | 
| 3 | #include <string.h> | 3 | #include <string.h> | 
| 4 | 4 | ||
| 5 | #include <openssl/err.h> | ||
| 5 | #include <openssl/lhash.h> | 6 | #include <openssl/lhash.h> | 
| 6 | #include <openssl/objects.h> | 7 | #include <openssl/objects.h> | 
| 7 | #include <openssl/safestack.h> | 8 | #include <openssl/safestack.h> | 
| @@ -80,7 +81,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), | |||
| 80 | MemCheck_off(); | 81 | MemCheck_off(); | 
| 81 | name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); | 82 | name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); | 
| 82 | MemCheck_on(); | 83 | MemCheck_on(); | 
| 83 | if (!name_funcs) return(0); | 84 | if (!name_funcs) | 
| 85 | { | ||
| 86 | OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE); | ||
| 87 | return(0); | ||
| 88 | } | ||
| 84 | name_funcs->hash_func = lh_strhash; | 89 | name_funcs->hash_func = lh_strhash; | 
| 85 | name_funcs->cmp_func = OPENSSL_strcmp; | 90 | name_funcs->cmp_func = OPENSSL_strcmp; | 
| 86 | name_funcs->free_func = 0; /* NULL is often declared to | 91 | name_funcs->free_func = 0; /* NULL is often declared to | 
| diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c index 4534dc0985..f549d078ef 100644 --- a/src/lib/libcrypto/objects/obj_dat.c +++ b/src/lib/libcrypto/objects/obj_dat.c | |||
| @@ -236,13 +236,13 @@ int OBJ_add_object(const ASN1_OBJECT *obj) | |||
| 236 | if (added == NULL) | 236 | if (added == NULL) | 
| 237 | if (!init_added()) return(0); | 237 | if (!init_added()) return(0); | 
| 238 | if ((o=OBJ_dup(obj)) == NULL) goto err; | 238 | if ((o=OBJ_dup(obj)) == NULL) goto err; | 
| 239 | if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; | 239 | if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; | 
| 240 | if ((o->length != 0) && (obj->data != NULL)) | 240 | if ((o->length != 0) && (obj->data != NULL)) | 
| 241 | ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); | 241 | if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; | 
| 242 | if (o->sn != NULL) | 242 | if (o->sn != NULL) | 
| 243 | ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); | 243 | if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; | 
| 244 | if (o->ln != NULL) | 244 | if (o->ln != NULL) | 
| 245 | ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); | 245 | if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; | 
| 246 | 246 | ||
| 247 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 247 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 
| 248 | { | 248 | { | 
| @@ -260,6 +260,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) | |||
| 260 | ASN1_OBJECT_FLAG_DYNAMIC_DATA); | 260 | ASN1_OBJECT_FLAG_DYNAMIC_DATA); | 
| 261 | 261 | ||
| 262 | return(o->nid); | 262 | return(o->nid); | 
| 263 | err2: | ||
| 264 | OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE); | ||
| 263 | err: | 265 | err: | 
| 264 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 266 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 
| 265 | if (ao[i] != NULL) OPENSSL_free(ao[i]); | 267 | if (ao[i] != NULL) OPENSSL_free(ao[i]); | 
| @@ -648,7 +650,7 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) | |||
| 648 | 650 | ||
| 649 | if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) | 651 | if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) | 
| 650 | { | 652 | { | 
| 651 | OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE); | 653 | OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE); | 
| 652 | return(0); | 654 | return(0); | 
| 653 | } | 655 | } | 
| 654 | i=a2d_ASN1_OBJECT(buf,i,oid,-1); | 656 | i=a2d_ASN1_OBJECT(buf,i,oid,-1); | 
| diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c index 80ab6855af..2b5f43e3cc 100644 --- a/src/lib/libcrypto/objects/obj_err.c +++ b/src/lib/libcrypto/objects/obj_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/objects/obj_err.c */ | 1 | /* crypto/objects/obj_err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| @@ -66,8 +66,10 @@ | |||
| 66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR | 
| 67 | static ERR_STRING_DATA OBJ_str_functs[]= | 67 | static ERR_STRING_DATA OBJ_str_functs[]= | 
| 68 | { | 68 | { | 
| 69 | {ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"}, | ||
| 69 | {ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, | 70 | {ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, | 
| 70 | {ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, | 71 | {ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, | 
| 72 | {ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"}, | ||
| 71 | {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, | 73 | {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, | 
| 72 | {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, | 74 | {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, | 
| 73 | {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, | 75 | {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, | 
| diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num index 9838072b65..0e64a929ba 100644 --- a/src/lib/libcrypto/objects/obj_mac.num +++ b/src/lib/libcrypto/objects/obj_mac.num | |||
| @@ -647,3 +647,21 @@ joint_iso_itu_t 646 | |||
| 647 | international_organizations 647 | 647 | international_organizations 647 | 
| 648 | ms_smartcard_login 648 | 648 | ms_smartcard_login 648 | 
| 649 | ms_upn 649 | 649 | ms_upn 649 | 
| 650 | aes_128_cfb1 650 | ||
| 651 | aes_192_cfb1 651 | ||
| 652 | aes_256_cfb1 652 | ||
| 653 | aes_128_cfb8 653 | ||
| 654 | aes_192_cfb8 654 | ||
| 655 | aes_256_cfb8 655 | ||
| 656 | des_cfb1 656 | ||
| 657 | des_cfb8 657 | ||
| 658 | des_ede3_cfb1 658 | ||
| 659 | des_ede3_cfb8 659 | ||
| 660 | streetAddress 660 | ||
| 661 | postalCode 661 | ||
| 662 | id_ppl 662 | ||
| 663 | proxyCertInfo 663 | ||
| 664 | id_ppl_anyLanguage 664 | ||
| 665 | id_ppl_inheritAll 665 | ||
| 666 | id_ppl_independent 666 | ||
| 667 | Independent 667 | ||
| diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h index de10532813..f859d859b8 100644 --- a/src/lib/libcrypto/objects/objects.h +++ b/src/lib/libcrypto/objects/objects.h | |||
| @@ -1026,8 +1026,10 @@ void ERR_load_OBJ_strings(void); | |||
| 1026 | /* Error codes for the OBJ functions. */ | 1026 | /* Error codes for the OBJ functions. */ | 
| 1027 | 1027 | ||
| 1028 | /* Function codes. */ | 1028 | /* Function codes. */ | 
| 1029 | #define OBJ_F_OBJ_ADD_OBJECT 105 | ||
| 1029 | #define OBJ_F_OBJ_CREATE 100 | 1030 | #define OBJ_F_OBJ_CREATE 100 | 
| 1030 | #define OBJ_F_OBJ_DUP 101 | 1031 | #define OBJ_F_OBJ_DUP 101 | 
| 1032 | #define OBJ_F_OBJ_NAME_NEW_INDEX 106 | ||
| 1031 | #define OBJ_F_OBJ_NID2LN 102 | 1033 | #define OBJ_F_OBJ_NID2LN 102 | 
| 1032 | #define OBJ_F_OBJ_NID2OBJ 103 | 1034 | #define OBJ_F_OBJ_NID2OBJ 103 | 
| 1033 | #define OBJ_F_OBJ_NID2SN 104 | 1035 | #define OBJ_F_OBJ_NID2SN 104 | 
| diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt index 3ba11f65cc..50e9031e61 100644 --- a/src/lib/libcrypto/objects/objects.txt +++ b/src/lib/libcrypto/objects/objects.txt | |||
| @@ -312,6 +312,7 @@ id-pkix 9 : id-pda | |||
| 312 | id-pkix 10 : id-aca | 312 | id-pkix 10 : id-aca | 
| 313 | id-pkix 11 : id-qcs | 313 | id-pkix 11 : id-qcs | 
| 314 | id-pkix 12 : id-cct | 314 | id-pkix 12 : id-cct | 
| 315 | id-pkix 21 : id-ppl | ||
| 315 | id-pkix 48 : id-ad | 316 | id-pkix 48 : id-ad | 
| 316 | 317 | ||
| 317 | # PKIX Modules | 318 | # PKIX Modules | 
| @@ -346,6 +347,7 @@ id-pe 9 : sbqp-routerIdentifier | |||
| 346 | id-pe 10 : ac-proxying | 347 | id-pe 10 : ac-proxying | 
| 347 | !Cname sinfo-access | 348 | !Cname sinfo-access | 
| 348 | id-pe 11 : subjectInfoAccess : Subject Information Access | 349 | id-pe 11 : subjectInfoAccess : Subject Information Access | 
| 350 | id-pe 14 : proxyCertInfo : Proxy Certificate Information | ||
| 349 | 351 | ||
| 350 | # PKIX policyQualifiers for Internet policy qualifiers | 352 | # PKIX policyQualifiers for Internet policy qualifiers | 
| 351 | id-qt 1 : id-qt-cps : Policy Qualifier CPS | 353 | id-qt 1 : id-qt-cps : Policy Qualifier CPS | 
| @@ -461,6 +463,11 @@ id-cct 1 : id-cct-crs | |||
| 461 | id-cct 2 : id-cct-PKIData | 463 | id-cct 2 : id-cct-PKIData | 
| 462 | id-cct 3 : id-cct-PKIResponse | 464 | id-cct 3 : id-cct-PKIResponse | 
| 463 | 465 | ||
| 466 | # Predefined Proxy Certificate policy languages | ||
| 467 | id-ppl 0 : id-ppl-anyLanguage : Any language | ||
| 468 | id-ppl 1 : id-ppl-inheritAll : Inherit all | ||
| 469 | id-ppl 2 : id-ppl-independent : Independent | ||
| 470 | |||
| 464 | # access descriptors for authority info access extension | 471 | # access descriptors for authority info access extension | 
| 465 | !Cname ad-OCSP | 472 | !Cname ad-OCSP | 
| 466 | id-ad 1 : OCSP : OCSP | 473 | id-ad 1 : OCSP : OCSP | 
| @@ -536,10 +543,12 @@ X509 5 : : serialNumber | |||
| 536 | X509 6 : C : countryName | 543 | X509 6 : C : countryName | 
| 537 | X509 7 : L : localityName | 544 | X509 7 : L : localityName | 
| 538 | X509 8 : ST : stateOrProvinceName | 545 | X509 8 : ST : stateOrProvinceName | 
| 546 | X509 9 : : streetAddress | ||
| 539 | X509 10 : O : organizationName | 547 | X509 10 : O : organizationName | 
| 540 | X509 11 : OU : organizationalUnitName | 548 | X509 11 : OU : organizationalUnitName | 
| 541 | X509 12 : : title | 549 | X509 12 : : title | 
| 542 | X509 13 : : description | 550 | X509 13 : : description | 
| 551 | X509 17 : : postalCode | ||
| 543 | X509 41 : name : name | 552 | X509 41 : name : name | 
| 544 | X509 42 : GN : givenName | 553 | X509 42 : GN : givenName | 
| 545 | X509 43 : : initials | 554 | X509 43 : : initials | 
| @@ -681,6 +690,19 @@ aes 43 : AES-256-OFB : aes-256-ofb | |||
| 681 | !Cname aes-256-cfb128 | 690 | !Cname aes-256-cfb128 | 
| 682 | aes 44 : AES-256-CFB : aes-256-cfb | 691 | aes 44 : AES-256-CFB : aes-256-cfb | 
| 683 | 692 | ||
| 693 | # There are no OIDs for these modes... | ||
| 694 | |||
| 695 | : AES-128-CFB1 : aes-128-cfb1 | ||
| 696 | : AES-192-CFB1 : aes-192-cfb1 | ||
| 697 | : AES-256-CFB1 : aes-256-cfb1 | ||
| 698 | : AES-128-CFB8 : aes-128-cfb8 | ||
| 699 | : AES-192-CFB8 : aes-192-cfb8 | ||
| 700 | : AES-256-CFB8 : aes-256-cfb8 | ||
| 701 | : DES-CFB1 : des-cfb1 | ||
| 702 | : DES-CFB8 : des-cfb8 | ||
| 703 | : DES-EDE3-CFB1 : des-ede3-cfb1 | ||
| 704 | : DES-EDE3-CFB8 : des-ede3-cfb8 | ||
| 705 | |||
| 684 | # Hold instruction CRL entry extension | 706 | # Hold instruction CRL entry extension | 
| 685 | !Cname hold-instruction-code | 707 | !Cname hold-instruction-code | 
| 686 | id-ce 23 : holdInstructionCode : Hold Instruction Code | 708 | id-ce 23 : holdInstructionCode : Hold Instruction Code | 
| diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index 02f1710fb3..5d5f688edd 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h | |||
| @@ -25,8 +25,12 @@ | |||
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | 
| 26 | * major minor fix final patch/beta) | 26 | * major minor fix final patch/beta) | 
| 27 | */ | 27 | */ | 
| 28 | #define OPENSSL_VERSION_NUMBER 0x0090704fL | 28 | #define OPENSSL_VERSION_NUMBER 0x0090707fL | 
| 29 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7d 17 Mar 2004" | 29 | #ifdef OPENSSL_FIPS | 
| 30 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g-fips 11 Apr 2005" | ||
| 31 | #else | ||
| 32 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7g 11 Apr 2005" | ||
| 33 | #endif | ||
| 30 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 34 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 
| 31 | 35 | ||
| 32 | 36 | ||
| diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index e72b7134ce..07963314c9 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c | |||
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> | 
| 65 | #include <openssl/pkcs7.h> | 65 | #include <openssl/pkcs7.h> | 
| 66 | #include <openssl/pem.h> | 66 | #include <openssl/pem.h> | 
| 67 | #include <openssl/fips.h> | ||
| 67 | 68 | ||
| 68 | #ifndef OPENSSL_NO_RSA | 69 | #ifndef OPENSSL_NO_RSA | 
| 69 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); | 70 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); | 
| @@ -128,7 +129,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, | |||
| 128 | 129 | ||
| 129 | #endif | 130 | #endif | 
| 130 | 131 | ||
| 132 | #ifdef OPENSSL_FIPS | ||
| 133 | |||
| 134 | int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, | ||
| 135 | unsigned char *kstr, int klen, | ||
| 136 | pem_password_cb *cb, void *u) | ||
| 137 | { | ||
| 138 | EVP_PKEY *k; | ||
| 139 | int ret; | ||
| 140 | k = EVP_PKEY_new(); | ||
| 141 | if (!k) | ||
| 142 | return 0; | ||
| 143 | EVP_PKEY_set1_RSA(k, x); | ||
| 144 | |||
| 145 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
| 146 | EVP_PKEY_free(k); | ||
| 147 | return ret; | ||
| 148 | } | ||
| 149 | |||
| 150 | #ifndef OPENSSL_NO_FP_API | ||
| 151 | int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, | ||
| 152 | unsigned char *kstr, int klen, | ||
| 153 | pem_password_cb *cb, void *u) | ||
| 154 | { | ||
| 155 | EVP_PKEY *k; | ||
| 156 | int ret; | ||
| 157 | k = EVP_PKEY_new(); | ||
| 158 | if (!k) | ||
| 159 | return 0; | ||
| 160 | |||
| 161 | EVP_PKEY_set1_RSA(k, x); | ||
| 162 | |||
| 163 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
| 164 | EVP_PKEY_free(k); | ||
| 165 | return ret; | ||
| 166 | } | ||
| 167 | #endif | ||
| 168 | |||
| 169 | #else | ||
| 170 | |||
| 131 | IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) | 171 | IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) | 
| 172 | |||
| 173 | #endif | ||
| 174 | |||
| 132 | IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) | 175 | IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) | 
| 133 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) | 176 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) | 
| 134 | 177 | ||
| @@ -158,7 +201,48 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, | |||
| 158 | return pkey_get_dsa(pktmp, dsa); | 201 | return pkey_get_dsa(pktmp, dsa); | 
| 159 | } | 202 | } | 
| 160 | 203 | ||
| 204 | |||
| 205 | #ifdef OPENSSL_FIPS | ||
| 206 | |||
| 207 | int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, | ||
| 208 | unsigned char *kstr, int klen, | ||
| 209 | pem_password_cb *cb, void *u) | ||
| 210 | { | ||
| 211 | EVP_PKEY *k; | ||
| 212 | int ret; | ||
| 213 | k = EVP_PKEY_new(); | ||
| 214 | if (!k) | ||
| 215 | return 0; | ||
| 216 | EVP_PKEY_set1_DSA(k, x); | ||
| 217 | |||
| 218 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
| 219 | EVP_PKEY_free(k); | ||
| 220 | return ret; | ||
| 221 | } | ||
| 222 | |||
| 223 | #ifndef OPENSSL_NO_FP_API | ||
| 224 | int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, | ||
| 225 | unsigned char *kstr, int klen, | ||
| 226 | pem_password_cb *cb, void *u) | ||
| 227 | { | ||
| 228 | EVP_PKEY *k; | ||
| 229 | int ret; | ||
| 230 | k = EVP_PKEY_new(); | ||
| 231 | if (!k) | ||
| 232 | return 0; | ||
| 233 | EVP_PKEY_set1_DSA(k, x); | ||
| 234 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
| 235 | EVP_PKEY_free(k); | ||
| 236 | return ret; | ||
| 237 | } | ||
| 238 | #endif | ||
| 239 | |||
| 240 | #else | ||
| 241 | |||
| 161 | IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) | 242 | IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) | 
| 243 | |||
| 244 | #endif | ||
| 245 | |||
| 162 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) | 246 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) | 
| 163 | 247 | ||
| 164 | #ifndef OPENSSL_NO_FP_API | 248 | #ifndef OPENSSL_NO_FP_API | 
| @@ -190,7 +274,42 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) | |||
| 190 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything | 274 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything | 
| 191 | * appropriate.) | 275 | * appropriate.) | 
| 192 | */ | 276 | */ | 
| 277 | |||
| 278 | #ifdef OPENSSL_FIPS | ||
| 279 | |||
| 280 | int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
| 281 | unsigned char *kstr, int klen, | ||
| 282 | pem_password_cb *cb, void *u) | ||
| 283 | { | ||
| 284 | if (FIPS_mode()) | ||
| 285 | return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, | ||
| 286 | (char *)kstr, klen, cb, u); | ||
| 287 | else | ||
| 288 | return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, | ||
| 289 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 290 | bp,(char *)x,enc,kstr,klen,cb,u); | ||
| 291 | } | ||
| 292 | |||
| 293 | #ifndef OPENSSL_NO_FP_API | ||
| 294 | int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
| 295 | unsigned char *kstr, int klen, | ||
| 296 | pem_password_cb *cb, void *u) | ||
| 297 | { | ||
| 298 | if (FIPS_mode()) | ||
| 299 | return PEM_write_PKCS8PrivateKey(fp, x, enc, | ||
| 300 | (char *)kstr, klen, cb, u); | ||
| 301 | else | ||
| 302 | return PEM_ASN1_write((int (*)())i2d_PrivateKey, | ||
| 303 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 304 | fp,(char *)x,enc,kstr,klen,cb,u); | ||
| 305 | } | ||
| 306 | #endif | ||
| 307 | |||
| 308 | #else | ||
| 309 | |||
| 193 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) | 310 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) | 
| 194 | 311 | ||
| 312 | #endif | ||
| 313 | |||
| 195 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) | 314 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) | 
| 196 | 315 | ||
| diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 7785039b99..82815067b3 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c | |||
| @@ -73,7 +73,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; | |||
| 73 | 73 | ||
| 74 | #define MIN_LENGTH 4 | 74 | #define MIN_LENGTH 4 | 
| 75 | 75 | ||
| 76 | static int load_iv(unsigned char **fromp,unsigned char *to, int num); | 76 | static int load_iv(char **fromp,unsigned char *to, int num); | 
| 77 | static int check_pem(const char *nm, const char *name); | 77 | static int check_pem(const char *nm, const char *name); | 
| 78 | 78 | ||
| 79 | int PEM_def_callback(char *buf, int num, int w, void *key) | 79 | int PEM_def_callback(char *buf, int num, int w, void *key) | 
| @@ -301,7 +301,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, | |||
| 301 | 301 | ||
| 302 | if ((dsize=i2d(x,NULL)) < 0) | 302 | if ((dsize=i2d(x,NULL)) < 0) | 
| 303 | { | 303 | { | 
| 304 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); | 304 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); | 
| 305 | dsize=0; | 305 | dsize=0; | 
| 306 | goto err; | 306 | goto err; | 
| 307 | } | 307 | } | 
| @@ -432,6 +432,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) | |||
| 432 | int o; | 432 | int o; | 
| 433 | const EVP_CIPHER *enc=NULL; | 433 | const EVP_CIPHER *enc=NULL; | 
| 434 | char *p,c; | 434 | char *p,c; | 
| 435 | char **header_pp = &header; | ||
| 435 | 436 | ||
| 436 | cipher->cipher=NULL; | 437 | cipher->cipher=NULL; | 
| 437 | if ((header == NULL) || (*header == '\0') || (*header == '\n')) | 438 | if ((header == NULL) || (*header == '\0') || (*header == '\n')) | 
| @@ -478,15 +479,16 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) | |||
| 478 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); | 479 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); | 
| 479 | return(0); | 480 | return(0); | 
| 480 | } | 481 | } | 
| 481 | if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0); | 482 | if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) | 
| 483 | return(0); | ||
| 482 | 484 | ||
| 483 | return(1); | 485 | return(1); | 
| 484 | } | 486 | } | 
| 485 | 487 | ||
| 486 | static int load_iv(unsigned char **fromp, unsigned char *to, int num) | 488 | static int load_iv(char **fromp, unsigned char *to, int num) | 
| 487 | { | 489 | { | 
| 488 | int v,i; | 490 | int v,i; | 
| 489 | unsigned char *from; | 491 | char *from; | 
| 490 | 492 | ||
| 491 | from= *fromp; | 493 | from= *fromp; | 
| 492 | for (i=0; i<num; i++) to[i]=0; | 494 | for (i=0; i<num; i++) to[i]=0; | 
| @@ -623,6 +625,9 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, | |||
| 623 | dataB=BUF_MEM_new(); | 625 | dataB=BUF_MEM_new(); | 
| 624 | if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) | 626 | if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) | 
| 625 | { | 627 | { | 
| 628 | BUF_MEM_free(nameB); | ||
| 629 | BUF_MEM_free(headerB); | ||
| 630 | BUF_MEM_free(dataB); | ||
| 626 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 631 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 
| 627 | return(0); | 632 | return(0); | 
| 628 | } | 633 | } | 
| diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c index f77c949e87..9ecdbd5419 100644 --- a/src/lib/libcrypto/pem/pem_pkey.c +++ b/src/lib/libcrypto/pem/pem_pkey.c | |||
| @@ -104,6 +104,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
| 104 | if (klen <= 0) { | 104 | if (klen <= 0) { | 
| 105 | PEMerr(PEM_F_PEM_ASN1_READ_BIO, | 105 | PEMerr(PEM_F_PEM_ASN1_READ_BIO, | 
| 106 | PEM_R_BAD_PASSWORD_READ); | 106 | PEM_R_BAD_PASSWORD_READ); | 
| 107 | X509_SIG_free(p8); | ||
| 107 | goto err; | 108 | goto err; | 
| 108 | } | 109 | } | 
| 109 | p8inf = PKCS8_decrypt(p8, psbuf, klen); | 110 | p8inf = PKCS8_decrypt(p8, psbuf, klen); | 
| diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl index 1cb96e914a..bef2667079 100644 --- a/src/lib/libcrypto/perlasm/x86asm.pl +++ b/src/lib/libcrypto/perlasm/x86asm.pl | |||
| @@ -124,4 +124,6 @@ BSDI - a.out with a very primative version of as. | |||
| 124 | EOF | 124 | EOF | 
| 125 | } | 125 | } | 
| 126 | 126 | ||
| 127 | sub main'align() {} # swallow align statements in 0.9.7 context | ||
| 128 | |||
| 127 | 1; | 129 | 1; | 
| diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 5e8958612b..003ec7a33e 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c | |||
| @@ -88,7 +88,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) | 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) | 
| 89 | { | 89 | { | 
| 90 | PBEPARAM *pbe; | 90 | PBEPARAM *pbe; | 
| 91 | int saltlen, iter; | 91 | int saltlen, iter, ret; | 
| 92 | unsigned char *salt, *pbuf; | 92 | unsigned char *salt, *pbuf; | 
| 93 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | 93 | unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; | 
| 94 | 94 | ||
| @@ -117,8 +117,8 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 117 | return 0; | 117 | return 0; | 
| 118 | } | 118 | } | 
| 119 | PBEPARAM_free(pbe); | 119 | PBEPARAM_free(pbe); | 
| 120 | EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); | 120 | ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); | 
| 121 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 121 | OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); | 
| 122 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 122 | OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); | 
| 123 | return 1; | 123 | return ret; | 
| 124 | } | 124 | } | 
| diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c index eb837a78cf..5276b12669 100644 --- a/src/lib/libcrypto/pkcs12/p12_init.c +++ b/src/lib/libcrypto/pkcs12/p12_init.c | |||
| @@ -76,15 +76,17 @@ PKCS12 *PKCS12_init (int mode) | |||
| 76 | if (!(pkcs12->authsafes->d.data = | 76 | if (!(pkcs12->authsafes->d.data = | 
| 77 | M_ASN1_OCTET_STRING_new())) { | 77 | M_ASN1_OCTET_STRING_new())) { | 
| 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | 
| 79 | return NULL; | 79 | goto err; | 
| 80 | } | 80 | } | 
| 81 | break; | 81 | break; | 
| 82 | default: | 82 | default: | 
| 83 | PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE); | 83 | PKCS12err(PKCS12_F_PKCS12_INIT, | 
| 84 | PKCS12_free(pkcs12); | 84 | PKCS12_R_UNSUPPORTED_PKCS12_MODE); | 
| 85 | return NULL; | 85 | goto err; | 
| 86 | break; | ||
| 87 | } | 86 | } | 
| 88 | 87 | ||
| 89 | return pkcs12; | 88 | return pkcs12; | 
| 89 | err: | ||
| 90 | if (pkcs12 != NULL) PKCS12_free(pkcs12); | ||
| 91 | return NULL; | ||
| 90 | } | 92 | } | 
| diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 885087ad00..2b31999e11 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c | |||
| @@ -249,14 +249,26 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 249 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) | 249 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) | 
| 250 | return 1; | 250 | return 1; | 
| 251 | if (!(x509 = PKCS12_certbag2x509(bag))) return 0; | 251 | if (!(x509 = PKCS12_certbag2x509(bag))) return 0; | 
| 252 | if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length); | 252 | if(ckid) | 
| 253 | { | ||
| 254 | if (!X509_keyid_set1(x509, ckid->data, ckid->length)) | ||
| 255 | { | ||
| 256 | X509_free(x509); | ||
| 257 | return 0; | ||
| 258 | } | ||
| 259 | } | ||
| 253 | if(fname) { | 260 | if(fname) { | 
| 254 | int len; | 261 | int len, r; | 
| 255 | unsigned char *data; | 262 | unsigned char *data; | 
| 256 | len = ASN1_STRING_to_UTF8(&data, fname); | 263 | len = ASN1_STRING_to_UTF8(&data, fname); | 
| 257 | if(len > 0) { | 264 | if(len > 0) { | 
| 258 | X509_alias_set1(x509, data, len); | 265 | r = X509_alias_set1(x509, data, len); | 
| 259 | OPENSSL_free(data); | 266 | OPENSSL_free(data); | 
| 267 | if (!r) | ||
| 268 | { | ||
| 269 | X509_free(x509); | ||
| 270 | return 0; | ||
| 271 | } | ||
| 260 | } | 272 | } | 
| 261 | } | 273 | } | 
| 262 | 274 | ||
| diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index 0fb67f74b8..4886b9b289 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
| @@ -148,7 +148,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | |||
| 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 
| 149 | return 0; | 149 | return 0; | 
| 150 | } | 150 | } | 
| 151 | ASN1_INTEGER_set(p12->mac->iter, iter); | 151 | if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { | 
| 152 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | ||
| 153 | return 0; | ||
| 154 | } | ||
| 152 | } | 155 | } | 
| 153 | if (!saltlen) saltlen = PKCS12_SALT_LEN; | 156 | if (!saltlen) saltlen = PKCS12_SALT_LEN; | 
| 154 | p12->mac->salt->length = saltlen; | 157 | p12->mac->salt->length = saltlen; | 
| diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c index 5ff5a88b5c..039141027a 100644 --- a/src/lib/libcrypto/pkcs7/pk7_attr.c +++ b/src/lib/libcrypto/pkcs7/pk7_attr.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2001. | 3 | * project 2001. | 
| 4 | */ | 4 | */ | 
| 5 | /* ==================================================================== | 5 | /* ==================================================================== | 
| 6 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. | 
| 7 | * | 7 | * | 
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | 
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | 
| @@ -94,17 +94,18 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) | |||
| 94 | } | 94 | } | 
| 95 | 95 | ||
| 96 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) | 96 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) | 
| 97 | { | 97 | { | 
| 98 | ASN1_TYPE *cap; | 98 | ASN1_TYPE *cap; | 
| 99 | unsigned char *p; | 99 | unsigned char *p; | 
| 100 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); | 100 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); | 
| 101 | if (!cap) return NULL; | 101 | if (!cap || (cap->type != V_ASN1_SEQUENCE)) | 
| 102 | return NULL; | ||
| 102 | p = cap->value.sequence->data; | 103 | p = cap->value.sequence->data; | 
| 103 | return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, | 104 | return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, | 
| 104 | cap->value.sequence->length, | 105 | cap->value.sequence->length, | 
| 105 | d2i_X509_ALGOR, X509_ALGOR_free, | 106 | d2i_X509_ALGOR, X509_ALGOR_free, | 
| 106 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 107 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 
| 107 | } | 108 | } | 
| 108 | 109 | ||
| 109 | /* Basic smime-capabilities OID and optional integer arg */ | 110 | /* Basic smime-capabilities OID and optional integer arg */ | 
| 110 | int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) | 111 | int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) | 
| diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 35c7dcd0b3..4ac29ae14d 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -239,7 +239,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 239 | OPENSSL_free(tmp); | 239 | OPENSSL_free(tmp); | 
| 240 | goto err; | 240 | goto err; | 
| 241 | } | 241 | } | 
| 242 | M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); | 242 | if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) | 
| 243 | { | ||
| 244 | PKCS7err(PKCS7_F_PKCS7_DATAINIT, | ||
| 245 | ERR_R_MALLOC_FAILURE); | ||
| 246 | OPENSSL_free(tmp); | ||
| 247 | goto err; | ||
| 248 | } | ||
| 243 | } | 249 | } | 
| 244 | OPENSSL_free(tmp); | 250 | OPENSSL_free(tmp); | 
| 245 | OPENSSL_cleanse(key, keylen); | 251 | OPENSSL_cleanse(key, keylen); | 
| @@ -257,10 +263,15 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | |||
| 257 | bio=BIO_new(BIO_s_null()); | 263 | bio=BIO_new(BIO_s_null()); | 
| 258 | else | 264 | else | 
| 259 | { | 265 | { | 
| 260 | ASN1_OCTET_STRING *os; | 266 | if (PKCS7_type_is_signed(p7)) | 
| 261 | os = PKCS7_get_octet_string(p7->d.sign->contents); | 267 | { | 
| 262 | if (os && os->length > 0) | 268 | ASN1_OCTET_STRING *os; | 
| 263 | bio = BIO_new_mem_buf(os->data, os->length); | 269 | os = PKCS7_get_octet_string( | 
| 270 | p7->d.sign->contents); | ||
| 271 | if (os && os->length > 0) | ||
| 272 | bio = BIO_new_mem_buf(os->data, | ||
| 273 | os->length); | ||
| 274 | } | ||
| 264 | if(bio == NULL) | 275 | if(bio == NULL) | 
| 265 | { | 276 | { | 
| 266 | bio=BIO_new(BIO_s_mem()); | 277 | bio=BIO_new(BIO_s_mem()); | 
| @@ -515,12 +526,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 515 | case NID_pkcs7_signedAndEnveloped: | 526 | case NID_pkcs7_signedAndEnveloped: | 
| 516 | /* XXXXXXXXXXXXXXXX */ | 527 | /* XXXXXXXXXXXXXXXX */ | 
| 517 | si_sk=p7->d.signed_and_enveloped->signer_info; | 528 | si_sk=p7->d.signed_and_enveloped->signer_info; | 
| 518 | os=M_ASN1_OCTET_STRING_new(); | 529 | if (!(os=M_ASN1_OCTET_STRING_new())) | 
| 530 | { | ||
| 531 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); | ||
| 532 | goto err; | ||
| 533 | } | ||
| 519 | p7->d.signed_and_enveloped->enc_data->enc_data=os; | 534 | p7->d.signed_and_enveloped->enc_data->enc_data=os; | 
| 520 | break; | 535 | break; | 
| 521 | case NID_pkcs7_enveloped: | 536 | case NID_pkcs7_enveloped: | 
| 522 | /* XXXXXXXXXXXXXXXX */ | 537 | /* XXXXXXXXXXXXXXXX */ | 
| 523 | os=M_ASN1_OCTET_STRING_new(); | 538 | if (!(os=M_ASN1_OCTET_STRING_new())) | 
| 539 | { | ||
| 540 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); | ||
| 541 | goto err; | ||
| 542 | } | ||
| 524 | p7->d.enveloped->enc_data->enc_data=os; | 543 | p7->d.enveloped->enc_data->enc_data=os; | 
| 525 | break; | 544 | break; | 
| 526 | case NID_pkcs7_signed: | 545 | case NID_pkcs7_signed: | 
| @@ -594,7 +613,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 594 | if (!PKCS7_get_signed_attribute(si, | 613 | if (!PKCS7_get_signed_attribute(si, | 
| 595 | NID_pkcs9_signingTime)) | 614 | NID_pkcs9_signingTime)) | 
| 596 | { | 615 | { | 
| 597 | sign_time=X509_gmtime_adj(NULL,0); | 616 | if (!(sign_time=X509_gmtime_adj(NULL,0))) | 
| 617 | { | ||
| 618 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | ||
| 619 | ERR_R_MALLOC_FAILURE); | ||
| 620 | goto err; | ||
| 621 | } | ||
| 598 | PKCS7_add_signed_attribute(si, | 622 | PKCS7_add_signed_attribute(si, | 
| 599 | NID_pkcs9_signingTime, | 623 | NID_pkcs9_signingTime, | 
| 600 | V_ASN1_UTCTIME,sign_time); | 624 | V_ASN1_UTCTIME,sign_time); | 
| @@ -603,8 +627,19 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) | |||
| 603 | /* Add digest */ | 627 | /* Add digest */ | 
| 604 | md_tmp=EVP_MD_CTX_md(&ctx_tmp); | 628 | md_tmp=EVP_MD_CTX_md(&ctx_tmp); | 
| 605 | EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); | 629 | EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); | 
| 606 | digest=M_ASN1_OCTET_STRING_new(); | 630 | if (!(digest=M_ASN1_OCTET_STRING_new())) | 
| 607 | M_ASN1_OCTET_STRING_set(digest,md_data,md_len); | 631 | { | 
| 632 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | ||
| 633 | ERR_R_MALLOC_FAILURE); | ||
| 634 | goto err; | ||
| 635 | } | ||
| 636 | if (!M_ASN1_OCTET_STRING_set(digest,md_data, | ||
| 637 | md_len)) | ||
| 638 | { | ||
| 639 | PKCS7err(PKCS7_F_PKCS7_DATASIGN, | ||
| 640 | ERR_R_MALLOC_FAILURE); | ||
| 641 | goto err; | ||
| 642 | } | ||
| 608 | PKCS7_add_signed_attribute(si, | 643 | PKCS7_add_signed_attribute(si, | 
| 609 | NID_pkcs9_messageDigest, | 644 | NID_pkcs9_messageDigest, | 
| 610 | V_ASN1_OCTET_STRING,digest); | 645 | V_ASN1_OCTET_STRING,digest); | 
| diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index 985b07245c..ee1817c7af 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c | |||
| @@ -164,7 +164,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) | |||
| 164 | p7->type=obj; | 164 | p7->type=obj; | 
| 165 | if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) | 165 | if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) | 
| 166 | goto err; | 166 | goto err; | 
| 167 | ASN1_INTEGER_set(p7->d.sign->version,1); | 167 | if (!ASN1_INTEGER_set(p7->d.sign->version,1)) | 
| 168 | { | ||
| 169 | PKCS7_SIGNED_free(p7->d.sign); | ||
| 170 | p7->d.sign=NULL; | ||
| 171 | goto err; | ||
| 172 | } | ||
| 168 | break; | 173 | break; | 
| 169 | case NID_pkcs7_data: | 174 | case NID_pkcs7_data: | 
| 170 | p7->type=obj; | 175 | p7->type=obj; | 
| @@ -176,6 +181,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) | |||
| 176 | if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) | 181 | if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) | 
| 177 | == NULL) goto err; | 182 | == NULL) goto err; | 
| 178 | ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); | 183 | ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); | 
| 184 | if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) | ||
| 185 | goto err; | ||
| 179 | p7->d.signed_and_enveloped->enc_data->content_type | 186 | p7->d.signed_and_enveloped->enc_data->content_type | 
| 180 | = OBJ_nid2obj(NID_pkcs7_data); | 187 | = OBJ_nid2obj(NID_pkcs7_data); | 
| 181 | break; | 188 | break; | 
| @@ -183,7 +190,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) | |||
| 183 | p7->type=obj; | 190 | p7->type=obj; | 
| 184 | if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) | 191 | if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) | 
| 185 | == NULL) goto err; | 192 | == NULL) goto err; | 
| 186 | ASN1_INTEGER_set(p7->d.enveloped->version,0); | 193 | if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) | 
| 194 | goto err; | ||
| 187 | p7->d.enveloped->enc_data->content_type | 195 | p7->d.enveloped->enc_data->content_type | 
| 188 | = OBJ_nid2obj(NID_pkcs7_data); | 196 | = OBJ_nid2obj(NID_pkcs7_data); | 
| 189 | break; | 197 | break; | 
| @@ -191,7 +199,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) | |||
| 191 | p7->type=obj; | 199 | p7->type=obj; | 
| 192 | if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) | 200 | if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) | 
| 193 | == NULL) goto err; | 201 | == NULL) goto err; | 
| 194 | ASN1_INTEGER_set(p7->d.encrypted->version,0); | 202 | if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) | 
| 203 | goto err; | ||
| 195 | p7->d.encrypted->enc_data->content_type | 204 | p7->d.encrypted->enc_data->content_type | 
| 196 | = OBJ_nid2obj(NID_pkcs7_data); | 205 | = OBJ_nid2obj(NID_pkcs7_data); | 
| 197 | break; | 206 | break; | 
| @@ -318,15 +327,18 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, | |||
| 318 | if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; | 327 | if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; | 
| 319 | else is_dsa = 0; | 328 | else is_dsa = 0; | 
| 320 | /* We now need to add another PKCS7_SIGNER_INFO entry */ | 329 | /* We now need to add another PKCS7_SIGNER_INFO entry */ | 
| 321 | ASN1_INTEGER_set(p7i->version,1); | 330 | if (!ASN1_INTEGER_set(p7i->version,1)) | 
| 322 | X509_NAME_set(&p7i->issuer_and_serial->issuer, | 331 | goto err; | 
| 323 | X509_get_issuer_name(x509)); | 332 | if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, | 
| 333 | X509_get_issuer_name(x509))) | ||
| 334 | goto err; | ||
| 324 | 335 | ||
| 325 | /* because ASN1_INTEGER_set is used to set a 'long' we will do | 336 | /* because ASN1_INTEGER_set is used to set a 'long' we will do | 
| 326 | * things the ugly way. */ | 337 | * things the ugly way. */ | 
| 327 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 338 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 
| 328 | p7i->issuer_and_serial->serial= | 339 | if (!(p7i->issuer_and_serial->serial= | 
| 329 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); | 340 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) | 
| 341 | goto err; | ||
| 330 | 342 | ||
| 331 | /* lets keep the pkey around for a while */ | 343 | /* lets keep the pkey around for a while */ | 
| 332 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 344 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 
| @@ -423,16 +435,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) | |||
| 423 | 435 | ||
| 424 | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) | 436 | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) | 
| 425 | { | 437 | { | 
| 426 | ASN1_INTEGER_set(p7i->version,0); | 438 | if (!ASN1_INTEGER_set(p7i->version,0)) | 
| 427 | X509_NAME_set(&p7i->issuer_and_serial->issuer, | 439 | return 0; | 
| 428 | X509_get_issuer_name(x509)); | 440 | if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, | 
| 441 | X509_get_issuer_name(x509))) | ||
| 442 | return 0; | ||
| 429 | 443 | ||
| 430 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 444 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 
| 431 | p7i->issuer_and_serial->serial= | 445 | if (!(p7i->issuer_and_serial->serial= | 
| 432 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); | 446 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) | 
| 447 | return 0; | ||
| 433 | 448 | ||
| 434 | X509_ALGOR_free(p7i->key_enc_algor); | 449 | X509_ALGOR_free(p7i->key_enc_algor); | 
| 435 | p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); | 450 | if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) | 
| 451 | return 0; | ||
| 436 | 452 | ||
| 437 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); | 453 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); | 
| 438 | p7i->cert=x509; | 454 | p7i->cert=x509; | 
| diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index 6e5735de11..a852b49235 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c | |||
| @@ -155,7 +155,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 155 | char buf[4096]; | 155 | char buf[4096]; | 
| 156 | int i, j=0, k, ret = 0; | 156 | int i, j=0, k, ret = 0; | 
| 157 | BIO *p7bio; | 157 | BIO *p7bio; | 
| 158 | BIO *tmpout; | 158 | BIO *tmpin, *tmpout; | 
| 159 | 159 | ||
| 160 | if(!p7) { | 160 | if(!p7) { | 
| 161 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); | 161 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); | 
| @@ -228,7 +228,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 228 | /* Check for revocation status here */ | 228 | /* Check for revocation status here */ | 
| 229 | } | 229 | } | 
| 230 | 230 | ||
| 231 | p7bio=PKCS7_dataInit(p7,indata); | 231 | /* Performance optimization: if the content is a memory BIO then | 
| 232 | * store its contents in a temporary read only memory BIO. This | ||
| 233 | * avoids potentially large numbers of slow copies of data which will | ||
| 234 | * occur when reading from a read write memory BIO when signatures | ||
| 235 | * are calculated. | ||
| 236 | */ | ||
| 237 | |||
| 238 | if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) | ||
| 239 | { | ||
| 240 | char *ptr; | ||
| 241 | long len; | ||
| 242 | len = BIO_get_mem_data(indata, &ptr); | ||
| 243 | tmpin = BIO_new_mem_buf(ptr, len); | ||
| 244 | if (tmpin == NULL) | ||
| 245 | { | ||
| 246 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); | ||
| 247 | return 0; | ||
| 248 | } | ||
| 249 | } | ||
| 250 | else | ||
| 251 | tmpin = indata; | ||
| 252 | |||
| 253 | |||
| 254 | p7bio=PKCS7_dataInit(p7,tmpin); | ||
| 232 | 255 | ||
| 233 | if(flags & PKCS7_TEXT) { | 256 | if(flags & PKCS7_TEXT) { | 
| 234 | if(!(tmpout = BIO_new(BIO_s_mem()))) { | 257 | if(!(tmpout = BIO_new(BIO_s_mem()))) { | 
| @@ -270,9 +293,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 270 | ret = 1; | 293 | ret = 1; | 
| 271 | 294 | ||
| 272 | err: | 295 | err: | 
| 296 | |||
| 297 | if (tmpin == indata) | ||
| 298 | { | ||
| 299 | if(indata) BIO_pop(p7bio); | ||
| 300 | BIO_free_all(p7bio); | ||
| 301 | } | ||
| 302 | else | ||
| 303 | BIO_free_all(tmpin); | ||
| 273 | 304 | ||
| 274 | if(indata) BIO_pop(p7bio); | ||
| 275 | BIO_free_all(p7bio); | ||
| 276 | sk_X509_free(signers); | 305 | sk_X509_free(signers); | 
| 277 | 306 | ||
| 278 | return ret; | 307 | return ret; | 
| @@ -296,10 +325,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 296 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); | 325 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); | 
| 297 | return NULL; | 326 | return NULL; | 
| 298 | } | 327 | } | 
| 299 | if(!(signers = sk_X509_new_null())) { | ||
| 300 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); | ||
| 301 | return NULL; | ||
| 302 | } | ||
| 303 | 328 | ||
| 304 | /* Collect all the signers together */ | 329 | /* Collect all the signers together */ | 
| 305 | 330 | ||
| @@ -310,6 +335,11 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 310 | return 0; | 335 | return 0; | 
| 311 | } | 336 | } | 
| 312 | 337 | ||
| 338 | if(!(signers = sk_X509_new_null())) { | ||
| 339 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); | ||
| 340 | return NULL; | ||
| 341 | } | ||
| 342 | |||
| 313 | for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) | 343 | for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) | 
| 314 | { | 344 | { | 
| 315 | si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); | 345 | si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); | 
| diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index 606382dd21..604df9be6c 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h | |||
| @@ -71,6 +71,10 @@ | |||
| 71 | extern "C" { | 71 | extern "C" { | 
| 72 | #endif | 72 | #endif | 
| 73 | 73 | ||
| 74 | #if defined(OPENSSL_FIPS) | ||
| 75 | #define FIPS_RAND_SIZE_T int | ||
| 76 | #endif | ||
| 77 | |||
| 74 | typedef struct rand_meth_st | 78 | typedef struct rand_meth_st | 
| 75 | { | 79 | { | 
| 76 | void (*seed)(const void *buf, int num); | 80 | void (*seed)(const void *buf, int num); | 
| @@ -121,11 +125,17 @@ void ERR_load_RAND_strings(void); | |||
| 121 | /* Error codes for the RAND functions. */ | 125 | /* Error codes for the RAND functions. */ | 
| 122 | 126 | ||
| 123 | /* Function codes. */ | 127 | /* Function codes. */ | 
| 128 | #define RAND_F_FIPS_RAND_BYTES 102 | ||
| 124 | #define RAND_F_RAND_GET_RAND_METHOD 101 | 129 | #define RAND_F_RAND_GET_RAND_METHOD 101 | 
| 125 | #define RAND_F_SSLEAY_RAND_BYTES 100 | 130 | #define RAND_F_SSLEAY_RAND_BYTES 100 | 
| 126 | 131 | ||
| 127 | /* Reason codes. */ | 132 | /* Reason codes. */ | 
| 133 | #define RAND_R_NON_FIPS_METHOD 101 | ||
| 134 | #define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105 | ||
| 135 | #define RAND_R_PRNG_NOT_REKEYED 103 | ||
| 136 | #define RAND_R_PRNG_NOT_RESEEDED 104 | ||
| 128 | #define RAND_R_PRNG_NOT_SEEDED 100 | 137 | #define RAND_R_PRNG_NOT_SEEDED 100 | 
| 138 | #define RAND_R_PRNG_STUCK 102 | ||
| 129 | 139 | ||
| 130 | #ifdef __cplusplus | 140 | #ifdef __cplusplus | 
| 131 | } | 141 | } | 
| diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index b77267e213..95574659ac 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/rand/rand_err.c */ | 1 | /* crypto/rand/rand_err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| @@ -66,6 +66,7 @@ | |||
| 66 | #ifndef OPENSSL_NO_ERR | 66 | #ifndef OPENSSL_NO_ERR | 
| 67 | static ERR_STRING_DATA RAND_str_functs[]= | 67 | static ERR_STRING_DATA RAND_str_functs[]= | 
| 68 | { | 68 | { | 
| 69 | {ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"}, | ||
| 69 | {ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, | 70 | {ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, | 
| 70 | {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, | 71 | {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, | 
| 71 | {0,NULL} | 72 | {0,NULL} | 
| @@ -73,7 +74,12 @@ static ERR_STRING_DATA RAND_str_functs[]= | |||
| 73 | 74 | ||
| 74 | static ERR_STRING_DATA RAND_str_reasons[]= | 75 | static ERR_STRING_DATA RAND_str_reasons[]= | 
| 75 | { | 76 | { | 
| 77 | {RAND_R_NON_FIPS_METHOD ,"non fips method"}, | ||
| 78 | {RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"}, | ||
| 79 | {RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"}, | ||
| 80 | {RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"}, | ||
| 76 | {RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, | 81 | {RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, | 
| 82 | {RAND_R_PRNG_STUCK ,"prng stuck"}, | ||
| 77 | {0,NULL} | 83 | {0,NULL} | 
| 78 | }; | 84 | }; | 
| 79 | 85 | ||
| diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 513e338985..88f1b56d91 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c | |||
| @@ -63,6 +63,8 @@ | |||
| 63 | #ifndef OPENSSL_NO_ENGINE | 63 | #ifndef OPENSSL_NO_ENGINE | 
| 64 | #include <openssl/engine.h> | 64 | #include <openssl/engine.h> | 
| 65 | #endif | 65 | #endif | 
| 66 | #include <openssl/fips.h> | ||
| 67 | #include <openssl/fips_rand.h> | ||
| 66 | 68 | ||
| 67 | #ifndef OPENSSL_NO_ENGINE | 69 | #ifndef OPENSSL_NO_ENGINE | 
| 68 | /* non-NULL if default_RAND_meth is ENGINE-provided */ | 70 | /* non-NULL if default_RAND_meth is ENGINE-provided */ | 
| @@ -85,6 +87,16 @@ int RAND_set_rand_method(const RAND_METHOD *meth) | |||
| 85 | 87 | ||
| 86 | const RAND_METHOD *RAND_get_rand_method(void) | 88 | const RAND_METHOD *RAND_get_rand_method(void) | 
| 87 | { | 89 | { | 
| 90 | #ifdef OPENSSL_FIPS | ||
| 91 | if(FIPS_mode() | ||
| 92 | && default_RAND_meth != FIPS_rand_check()) | ||
| 93 | { | ||
| 94 | RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); | ||
| 95 | return 0; | ||
| 96 | } | ||
| 97 | #endif | ||
| 98 | |||
| 99 | |||
| 88 | if (!default_RAND_meth) | 100 | if (!default_RAND_meth) | 
| 89 | { | 101 | { | 
| 90 | #ifndef OPENSSL_NO_ENGINE | 102 | #ifndef OPENSSL_NO_ENGINE | 
| diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f5d0843d13..c7fba496a8 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c | |||
| @@ -166,6 +166,7 @@ int RAND_write_file(const char *file) | |||
| 166 | } | 166 | } | 
| 167 | 167 | ||
| 168 | #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) | 168 | #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) | 
| 169 | { | ||
| 169 | /* For some reason Win32 can't write to files created this way */ | 170 | /* For some reason Win32 can't write to files created this way */ | 
| 170 | 171 | ||
| 171 | /* chmod(..., 0600) is too late to protect the file, | 172 | /* chmod(..., 0600) is too late to protect the file, | 
| @@ -173,6 +174,7 @@ int RAND_write_file(const char *file) | |||
| 173 | int fd = open(file, O_CREAT, 0600); | 174 | int fd = open(file, O_CREAT, 0600); | 
| 174 | if (fd != -1) | 175 | if (fd != -1) | 
| 175 | out = fdopen(fd, "wb"); | 176 | out = fdopen(fd, "wb"); | 
| 177 | } | ||
| 176 | #endif | 178 | #endif | 
| 177 | if (out == NULL) | 179 | if (out == NULL) | 
| 178 | out = fopen(file,"wb"); | 180 | out = fopen(file,"wb"); | 
| diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h index 7816b454dc..71788158d8 100644 --- a/src/lib/libcrypto/rc2/rc2.h +++ b/src/lib/libcrypto/rc2/rc2.h | |||
| @@ -79,7 +79,10 @@ typedef struct rc2_key_st | |||
| 79 | RC2_INT data[64]; | 79 | RC2_INT data[64]; | 
| 80 | } RC2_KEY; | 80 | } RC2_KEY; | 
| 81 | 81 | ||
| 82 | 82 | #ifdef OPENSSL_FIPS | |
| 83 | void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, | ||
| 84 | int bits); | ||
| 85 | #endif | ||
| 83 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); | 86 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); | 
| 84 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, | 87 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, | 
| 85 | int enc); | 88 | int enc); | 
| diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c index cab3080c73..22f372f85c 100644 --- a/src/lib/libcrypto/rc2/rc2_skey.c +++ b/src/lib/libcrypto/rc2/rc2_skey.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include <openssl/rc2.h> | 59 | #include <openssl/rc2.h> | 
| 60 | #include <openssl/crypto.h> | ||
| 60 | #include "rc2_locl.h" | 61 | #include "rc2_locl.h" | 
| 61 | 62 | ||
| 62 | static unsigned char key_table[256]={ | 63 | static unsigned char key_table[256]={ | 
| @@ -90,7 +91,19 @@ static unsigned char key_table[256]={ | |||
| 90 | * BSAFE uses the 'retarded' version. What I previously shipped is | 91 | * BSAFE uses the 'retarded' version. What I previously shipped is | 
| 91 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses | 92 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses | 
| 92 | * a version where the bits parameter is the same as len*8 */ | 93 | * a version where the bits parameter is the same as len*8 */ | 
| 94 | |||
| 95 | #ifdef OPENSSL_FIPS | ||
| 96 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | ||
| 97 | { | ||
| 98 | if (FIPS_mode()) | ||
| 99 | FIPS_BAD_ABORT(RC2) | ||
| 100 | private_RC2_set_key(key, len, data, bits); | ||
| 101 | } | ||
| 102 | void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, | ||
| 103 | int bits) | ||
| 104 | #else | ||
| 93 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | 105 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) | 
| 106 | #endif | ||
| 94 | { | 107 | { | 
| 95 | int i,j; | 108 | int i,j; | 
| 96 | unsigned char *k; | 109 | unsigned char *k; | 
| diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl index 7ef889e5a1..d6e98f0811 100644 --- a/src/lib/libcrypto/rc4/asm/rc4-586.pl +++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl | |||
| @@ -1,16 +1,37 @@ | |||
| 1 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl | 
| 2 | 2 | ||
| 3 | # define for pentium pro friendly version | 3 | # At some point it became apparent that the original SSLeay RC4 | 
| 4 | # assembler implementation performs suboptimaly on latest IA-32 | ||
| 5 | # microarchitectures. After re-tuning performance has changed as | ||
| 6 | # following: | ||
| 7 | # | ||
| 8 | # Pentium +0% | ||
| 9 | # Pentium III +17% | ||
| 10 | # AMD +52%(*) | ||
| 11 | # P4 +180%(**) | ||
| 12 | # | ||
| 13 | # (*) This number is actually a trade-off:-) It's possible to | ||
| 14 | # achieve +72%, but at the cost of -48% off PIII performance. | ||
| 15 | # In other words code performing further 13% faster on AMD | ||
| 16 | # would perform almost 2 times slower on Intel PIII... | ||
| 17 | # For reference! This code delivers ~80% of rc4-amd64.pl | ||
| 18 | # performance on the same Opteron machine. | ||
| 19 | # (**) This number requires compressed key schedule set up by | ||
| 20 | # RC4_set_key and therefore doesn't apply to 0.9.7 [option for | ||
| 21 | # compressed key schedule is implemented in 0.9.8 and later, | ||
| 22 | # see commentary section in rc4_skey.c for further details]. | ||
| 23 | # | ||
| 24 | # <appro@fy.chalmers.se> | ||
| 4 | 25 | ||
| 5 | push(@INC,"perlasm","../../perlasm"); | 26 | push(@INC,"perlasm","../../perlasm"); | 
| 6 | require "x86asm.pl"; | 27 | require "x86asm.pl"; | 
| 7 | 28 | ||
| 8 | &asm_init($ARGV[0],"rc4-586.pl"); | 29 | &asm_init($ARGV[0],"rc4-586.pl"); | 
| 9 | 30 | ||
| 10 | $tx="eax"; | 31 | $x="eax"; | 
| 11 | $ty="ebx"; | 32 | $y="ebx"; | 
| 12 | $x="ecx"; | 33 | $tx="ecx"; | 
| 13 | $y="edx"; | 34 | $ty="edx"; | 
| 14 | $in="esi"; | 35 | $in="esi"; | 
| 15 | $out="edi"; | 36 | $out="edi"; | 
| 16 | $d="ebp"; | 37 | $d="ebp"; | 
| @@ -31,7 +52,7 @@ sub RC4_loop | |||
| 31 | { | 52 | { | 
| 32 | &mov($ty, &swtmp(2)); | 53 | &mov($ty, &swtmp(2)); | 
| 33 | &cmp($ty, $in); | 54 | &cmp($ty, $in); | 
| 34 | &jle(&label("finished")); | 55 | &jbe(&label("finished")); | 
| 35 | &inc($in); | 56 | &inc($in); | 
| 36 | } | 57 | } | 
| 37 | else | 58 | else | 
| @@ -39,27 +60,23 @@ sub RC4_loop | |||
| 39 | &add($ty, 8); | 60 | &add($ty, 8); | 
| 40 | &inc($in); | 61 | &inc($in); | 
| 41 | &cmp($ty, $in); | 62 | &cmp($ty, $in); | 
| 42 | &jl(&label("finished")); | 63 | &jb(&label("finished")); | 
| 43 | &mov(&swtmp(2), $ty); | 64 | &mov(&swtmp(2), $ty); | 
| 44 | } | 65 | } | 
| 45 | } | 66 | } | 
| 46 | # Moved out | 67 | # Moved out | 
| 47 | # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; | 68 | # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; | 
| 48 | 69 | ||
| 49 | &add( $y, $tx); | 70 | &add( &LB($y), &LB($tx)); | 
| 50 | &and( $y, 0xff); | ||
| 51 | &inc( $x); # NEXT ROUND | ||
| 52 | &mov( $ty, &DWP(0,$d,$y,4)); | 71 | &mov( $ty, &DWP(0,$d,$y,4)); | 
| 53 | # XXX | 72 | # XXX | 
| 54 | &mov( &DWP(-4,$d,$x,4),$ty); # AGI | 73 | &mov( &DWP(0,$d,$x,4),$ty); | 
| 55 | &add( $ty, $tx); | 74 | &add( $ty, $tx); | 
| 56 | &and( $x, 0xff); # NEXT ROUND | ||
| 57 | &and( $ty, 0xff); | ||
| 58 | &mov( &DWP(0,$d,$y,4),$tx); | 75 | &mov( &DWP(0,$d,$y,4),$tx); | 
| 59 | &nop(); | 76 | &and( $ty, 0xff); | 
| 60 | &mov( $ty, &DWP(0,$d,$ty,4)); | 77 | &inc( &LB($x)); # NEXT ROUND | 
| 61 | &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND | 78 | &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND | 
| 62 | # XXX | 79 | &mov( $ty, &DWP(0,$d,$ty,4)); | 
| 63 | 80 | ||
| 64 | if (!$char) | 81 | if (!$char) | 
| 65 | { | 82 | { | 
| @@ -88,35 +105,47 @@ sub RC4 | |||
| 88 | 105 | ||
| 89 | &function_begin_B($name,""); | 106 | &function_begin_B($name,""); | 
| 90 | 107 | ||
| 108 | &mov($ty,&wparam(1)); # len | ||
| 109 | &cmp($ty,0); | ||
| 110 | &jne(&label("proceed")); | ||
| 111 | &ret(); | ||
| 112 | &set_label("proceed"); | ||
| 113 | |||
| 91 | &comment(""); | 114 | &comment(""); | 
| 92 | 115 | ||
| 93 | &push("ebp"); | 116 | &push("ebp"); | 
| 94 | &push("ebx"); | 117 | &push("ebx"); | 
| 95 | &mov( $d, &wparam(0)); # key | ||
| 96 | &mov( $ty, &wparam(1)); # num | ||
| 97 | &push("esi"); | 118 | &push("esi"); | 
| 98 | &push("edi"); | 119 | &xor( $x, $x); # avoid partial register stalls | 
| 120 | &push("edi"); | ||
| 121 | &xor( $y, $y); # avoid partial register stalls | ||
| 122 | &mov( $d, &wparam(0)); # key | ||
| 123 | &mov( $in, &wparam(2)); | ||
| 99 | 124 | ||
| 100 | &mov( $x, &DWP(0,$d,"",1)); | 125 | &movb( &LB($x), &BP(0,$d,"",1)); | 
| 101 | &mov( $y, &DWP(4,$d,"",1)); | 126 | &movb( &LB($y), &BP(4,$d,"",1)); | 
| 102 | 127 | ||
| 103 | &mov( $in, &wparam(2)); | 128 | &mov( $out, &wparam(3)); | 
| 104 | &inc( $x); | 129 | &inc( &LB($x)); | 
| 105 | 130 | ||
| 106 | &stack_push(3); # 3 temp variables | 131 | &stack_push(3); # 3 temp variables | 
| 107 | &add( $d, 8); | 132 | &add( $d, 8); | 
| 108 | &and( $x, 0xff); | 133 | |
| 134 | # detect compressed schedule, see commentary section in rc4_skey.c... | ||
| 135 | # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant, | ||
| 136 | # as compressed key schedule is set up in 0.9.8 and later. | ||
| 137 | &cmp(&DWP(256,$d),-1); | ||
| 138 | &je(&label("RC4_CHAR")); | ||
| 109 | 139 | ||
| 110 | &lea( $ty, &DWP(-8,$ty,$in)); | 140 | &lea( $ty, &DWP(-8,$ty,$in)); | 
| 111 | 141 | ||
| 112 | # check for 0 length input | 142 | # check for 0 length input | 
| 113 | 143 | ||
| 114 | &mov( $out, &wparam(3)); | ||
| 115 | &mov( &swtmp(2), $ty); # this is now address to exit at | 144 | &mov( &swtmp(2), $ty); # this is now address to exit at | 
| 116 | &mov( $tx, &DWP(0,$d,$x,4)); | 145 | &mov( $tx, &DWP(0,$d,$x,4)); | 
| 117 | 146 | ||
| 118 | &cmp( $ty, $in); | 147 | &cmp( $ty, $in); | 
| 119 | &jl( &label("end")); # less than 8 bytes | 148 | &jb( &label("end")); # less than 8 bytes | 
| 120 | 149 | ||
| 121 | &set_label("start"); | 150 | &set_label("start"); | 
| 122 | 151 | ||
| @@ -148,7 +177,7 @@ sub RC4 | |||
| 148 | &mov( &DWP(-4,$out,"",0), $tx); | 177 | &mov( &DWP(-4,$out,"",0), $tx); | 
| 149 | &mov( $tx, &DWP(0,$d,$x,4)); | 178 | &mov( $tx, &DWP(0,$d,$x,4)); | 
| 150 | &cmp($in, $ty); | 179 | &cmp($in, $ty); | 
| 151 | &jle(&label("start")); | 180 | &jbe(&label("start")); | 
| 152 | 181 | ||
| 153 | &set_label("end"); | 182 | &set_label("end"); | 
| 154 | 183 | ||
| @@ -162,10 +191,37 @@ sub RC4 | |||
| 162 | &RC4_loop(5,0,1); | 191 | &RC4_loop(5,0,1); | 
| 163 | &RC4_loop(6,1,1); | 192 | &RC4_loop(6,1,1); | 
| 164 | 193 | ||
| 194 | &jmp(&label("finished")); | ||
| 195 | |||
| 196 | &align(16); | ||
| 197 | # this is essentially Intel P4 specific codepath, see rc4_skey.c, | ||
| 198 | # and is engaged in 0.9.8 and later context... | ||
| 199 | &set_label("RC4_CHAR"); | ||
| 200 | |||
| 201 | &lea ($ty,&DWP(0,$in,$ty)); | ||
| 202 | &mov (&swtmp(2),$ty); | ||
| 203 | |||
| 204 | # strangely enough unrolled loop performs over 20% slower... | ||
| 205 | &set_label("RC4_CHAR_loop"); | ||
| 206 | &movz ($tx,&BP(0,$d,$x)); | ||
| 207 | &add (&LB($y),&LB($tx)); | ||
| 208 | &movz ($ty,&BP(0,$d,$y)); | ||
| 209 | &movb (&BP(0,$d,$y),&LB($tx)); | ||
| 210 | &movb (&BP(0,$d,$x),&LB($ty)); | ||
| 211 | &add (&LB($ty),&LB($tx)); | ||
| 212 | &movz ($ty,&BP(0,$d,$ty)); | ||
| 213 | &xorb (&LB($ty),&BP(0,$in)); | ||
| 214 | &movb (&BP(0,$out),&LB($ty)); | ||
| 215 | &inc (&LB($x)); | ||
| 216 | &inc ($in); | ||
| 217 | &inc ($out); | ||
| 218 | &cmp ($in,&swtmp(2)); | ||
| 219 | &jb (&label("RC4_CHAR_loop")); | ||
| 220 | |||
| 165 | &set_label("finished"); | 221 | &set_label("finished"); | 
| 166 | &dec( $x); | 222 | &dec( $x); | 
| 167 | &stack_pop(3); | 223 | &stack_pop(3); | 
| 168 | &mov( &DWP(-4,$d,"",0),$y); | 224 | &movb( &BP(-4,$d,"",0),&LB($y)); | 
| 169 | &movb( &BP(-8,$d,"",0),&LB($x)); | 225 | &movb( &BP(-8,$d,"",0),&LB($x)); | 
| 170 | 226 | ||
| 171 | &function_end($name); | 227 | &function_end($name); | 
| diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h index 8722091f2e..dd90d9fde0 100644 --- a/src/lib/libcrypto/rc4/rc4.h +++ b/src/lib/libcrypto/rc4/rc4.h | |||
| @@ -73,10 +73,17 @@ typedef struct rc4_key_st | |||
| 73 | { | 73 | { | 
| 74 | RC4_INT x,y; | 74 | RC4_INT x,y; | 
| 75 | RC4_INT data[256]; | 75 | RC4_INT data[256]; | 
| 76 | #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64) | ||
| 77 | /* see crypto/rc4/asm/rc4-ia64.S for further details... */ | ||
| 78 | RC4_INT pad[512-256-2]; | ||
| 79 | #endif | ||
| 76 | } RC4_KEY; | 80 | } RC4_KEY; | 
| 77 | 81 | ||
| 78 | 82 | ||
| 79 | const char *RC4_options(void); | 83 | const char *RC4_options(void); | 
| 84 | #ifdef OPENSSL_FIPS | ||
| 85 | void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); | ||
| 86 | #endif | ||
| 80 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); | 87 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); | 
| 81 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | 88 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | 
| 82 | unsigned char *outdata); | 89 | unsigned char *outdata); | 
| diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c index d5f18a3a70..81a97ea3b7 100644 --- a/src/lib/libcrypto/rc4/rc4_enc.c +++ b/src/lib/libcrypto/rc4/rc4_enc.c | |||
| @@ -77,6 +77,10 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, | |||
| 77 | x=key->x; | 77 | x=key->x; | 
| 78 | y=key->y; | 78 | y=key->y; | 
| 79 | d=key->data; | 79 | d=key->data; | 
| 80 | #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64) | ||
| 81 | /* see crypto/rc4/asm/rc4-ia64.S for further details... */ | ||
| 82 | d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1)); | ||
| 83 | #endif | ||
| 80 | 84 | ||
| 81 | #if defined(RC4_CHUNK) | 85 | #if defined(RC4_CHUNK) | 
| 82 | /* | 86 | /* | 
| diff --git a/src/lib/libcrypto/rc4/rc4_locl.h b/src/lib/libcrypto/rc4/rc4_locl.h index 3bb80b6ce9..c712e1632e 100644 --- a/src/lib/libcrypto/rc4/rc4_locl.h +++ b/src/lib/libcrypto/rc4/rc4_locl.h | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | #ifndef HEADER_RC4_LOCL_H | 1 | #ifndef HEADER_RC4_LOCL_H | 
| 2 | #define HEADER_RC4_LOCL_H | 2 | #define HEADER_RC4_LOCL_H | 
| 3 | #include <openssl/opensslconf.h> | 3 | #include <openssl/opensslconf.h> | 
| 4 | #include <cryptlib.h> | ||
| 4 | #endif | 5 | #endif | 
| diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c index bb10c1ebe2..07234f061a 100644 --- a/src/lib/libcrypto/rc4/rc4_skey.c +++ b/src/lib/libcrypto/rc4/rc4_skey.c | |||
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ | 
| 58 | 58 | ||
| 59 | #include <openssl/rc4.h> | 59 | #include <openssl/rc4.h> | 
| 60 | #include <openssl/crypto.h> | ||
| 60 | #include "rc4_locl.h" | 61 | #include "rc4_locl.h" | 
| 61 | #include <openssl/opensslv.h> | 62 | #include <openssl/opensslv.h> | 
| 62 | 63 | ||
| @@ -85,7 +86,7 @@ const char *RC4_options(void) | |||
| 85 | * Date: Wed, 14 Sep 1994 06:35:31 GMT | 86 | * Date: Wed, 14 Sep 1994 06:35:31 GMT | 
| 86 | */ | 87 | */ | 
| 87 | 88 | ||
| 88 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) | 89 | FIPS_NON_FIPS_VCIPHER_Init(RC4) | 
| 89 | { | 90 | { | 
| 90 | register RC4_INT tmp; | 91 | register RC4_INT tmp; | 
| 91 | register int id1,id2; | 92 | register int id1,id2; | 
| @@ -93,6 +94,11 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) | |||
| 93 | unsigned int i; | 94 | unsigned int i; | 
| 94 | 95 | ||
| 95 | d= &(key->data[0]); | 96 | d= &(key->data[0]); | 
| 97 | #if defined(__ia64) || defined(__ia64__) || defined(_M_IA64) | ||
| 98 | /* see crypto/rc4/asm/rc4-ia64.S for further details... */ | ||
| 99 | d=(RC4_INT *)(((size_t)(d+255))&~(sizeof(key->data)-1)); | ||
| 100 | #endif | ||
| 101 | |||
| 96 | for (i=0; i<256; i++) | 102 | for (i=0; i<256; i++) | 
| 97 | d[i]=i; | 103 | d[i]=i; | 
| 98 | key->x = 0; | 104 | key->x = 0; | 
| diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h index 78d5f36560..7d0d998189 100644 --- a/src/lib/libcrypto/ripemd/ripemd.h +++ b/src/lib/libcrypto/ripemd/ripemd.h | |||
| @@ -90,6 +90,9 @@ typedef struct RIPEMD160state_st | |||
| 90 | int num; | 90 | int num; | 
| 91 | } RIPEMD160_CTX; | 91 | } RIPEMD160_CTX; | 
| 92 | 92 | ||
| 93 | #ifdef OPENSSL_FIPS | ||
| 94 | int private_RIPEMD160_Init(RIPEMD160_CTX *c); | ||
| 95 | #endif | ||
| 93 | int RIPEMD160_Init(RIPEMD160_CTX *c); | 96 | int RIPEMD160_Init(RIPEMD160_CTX *c); | 
| 94 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); | 97 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); | 
| 95 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); | 98 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); | 
| diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c index f351f00eea..5dff6bafa1 100644 --- a/src/lib/libcrypto/ripemd/rmd_dgst.c +++ b/src/lib/libcrypto/ripemd/rmd_dgst.c | |||
| @@ -58,6 +58,7 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> | 
| 60 | #include "rmd_locl.h" | 60 | #include "rmd_locl.h" | 
| 61 | #include <openssl/fips.h> | ||
| 61 | #include <openssl/opensslv.h> | 62 | #include <openssl/opensslv.h> | 
| 62 | 63 | ||
| 63 | const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; | 64 | const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; | 
| @@ -69,7 +70,7 @@ const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; | |||
| 69 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); | 70 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); | 
| 70 | # endif | 71 | # endif | 
| 71 | 72 | ||
| 72 | int RIPEMD160_Init(RIPEMD160_CTX *c) | 73 | FIPS_NON_FIPS_MD_Init(RIPEMD160) | 
| 73 | { | 74 | { | 
| 74 | c->A=RIPEMD160_A; | 75 | c->A=RIPEMD160_A; | 
| 75 | c->B=RIPEMD160_B; | 76 | c->B=RIPEMD160_B; | 
| diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 62fa745f79..fc3bb5f86d 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h | |||
| @@ -72,6 +72,10 @@ | |||
| 72 | #error RSA is disabled. | 72 | #error RSA is disabled. | 
| 73 | #endif | 73 | #endif | 
| 74 | 74 | ||
| 75 | #if defined(OPENSSL_FIPS) | ||
| 76 | #define FIPS_RSA_SIZE_T int | ||
| 77 | #endif | ||
| 78 | |||
| 75 | #ifdef __cplusplus | 79 | #ifdef __cplusplus | 
| 76 | extern "C" { | 80 | extern "C" { | 
| 77 | #endif | 81 | #endif | 
| diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index e0d286266e..d4caab3f95 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -62,7 +62,7 @@ | |||
| 62 | #include <openssl/rsa.h> | 62 | #include <openssl/rsa.h> | 
| 63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> | 
| 64 | 64 | ||
| 65 | #ifndef RSA_NULL | 65 | #if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) | 
| 66 | 66 | ||
| 67 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 67 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 
| 68 | unsigned char *to, RSA *rsa,int padding); | 68 | unsigned char *to, RSA *rsa,int padding); | 
| diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 00c25adbc5..adb5e34da5 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c | |||
| @@ -62,6 +62,8 @@ | |||
| 62 | #include <openssl/bn.h> | 62 | #include <openssl/bn.h> | 
| 63 | #include <openssl/rsa.h> | 63 | #include <openssl/rsa.h> | 
| 64 | 64 | ||
| 65 | #ifndef OPENSSL_FIPS | ||
| 66 | |||
| 65 | RSA *RSA_generate_key(int bits, unsigned long e_value, | 67 | RSA *RSA_generate_key(int bits, unsigned long e_value, | 
| 66 | void (*callback)(int,int,void *), void *cb_arg) | 68 | void (*callback)(int,int,void *), void *cb_arg) | 
| 67 | { | 69 | { | 
| @@ -195,3 +197,4 @@ err: | |||
| 195 | return(rsa); | 197 | return(rsa); | 
| 196 | } | 198 | } | 
| 197 | 199 | ||
| 200 | #endif | ||
| diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c index f462716a57..24fc94835e 100644 --- a/src/lib/libcrypto/rsa/rsa_saos.c +++ b/src/lib/libcrypto/rsa/rsa_saos.c | |||
| @@ -139,8 +139,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, | |||
| 139 | ret=1; | 139 | ret=1; | 
| 140 | err: | 140 | err: | 
| 141 | if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); | 141 | if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); | 
| 142 | OPENSSL_cleanse(s,(unsigned int)siglen); | 142 | if (s != NULL) | 
| 143 | OPENSSL_free(s); | 143 | { | 
| 144 | OPENSSL_cleanse(s,(unsigned int)siglen); | ||
| 145 | OPENSSL_free(s); | ||
| 146 | } | ||
| 144 | return(ret); | 147 | return(ret); | 
| 145 | } | 148 | } | 
| 146 | 149 | ||
| diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 8a1e642183..cee09eccb1 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c | |||
| @@ -169,7 +169,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 169 | } | 169 | } | 
| 170 | if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { | 170 | if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { | 
| 171 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); | 171 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); | 
| 172 | return(0); | 172 | goto err; | 
| 173 | } | 173 | } | 
| 174 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); | 174 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); | 
| 175 | 175 | ||
| @@ -222,8 +222,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, | |||
| 222 | } | 222 | } | 
| 223 | err: | 223 | err: | 
| 224 | if (sig != NULL) X509_SIG_free(sig); | 224 | if (sig != NULL) X509_SIG_free(sig); | 
| 225 | OPENSSL_cleanse(s,(unsigned int)siglen); | 225 | if (s != NULL) | 
| 226 | OPENSSL_free(s); | 226 | { | 
| 227 | OPENSSL_cleanse(s,(unsigned int)siglen); | ||
| 228 | OPENSSL_free(s); | ||
| 229 | } | ||
| 227 | return(ret); | 230 | return(ret); | 
| 228 | } | 231 | } | 
| 229 | 232 | ||
| diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl index e00f709553..041acc0348 100644 --- a/src/lib/libcrypto/sha/asm/sha1-586.pl +++ b/src/lib/libcrypto/sha/asm/sha1-586.pl | |||
| @@ -405,7 +405,7 @@ sub sha1_block_data | |||
| 405 | &mov(&DWP(16,$tmp1,"",0),$E); | 405 | &mov(&DWP(16,$tmp1,"",0),$E); | 
| 406 | &cmp("esi","eax"); | 406 | &cmp("esi","eax"); | 
| 407 | &mov(&DWP( 4,$tmp1,"",0),$B); | 407 | &mov(&DWP( 4,$tmp1,"",0),$B); | 
| 408 | &jl(&label("start")); | 408 | &jb(&label("start")); | 
| 409 | 409 | ||
| 410 | &stack_pop(18+9); | 410 | &stack_pop(18+9); | 
| 411 | &pop("edi"); | 411 | &pop("edi"); | 
| diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl new file mode 100644 index 0000000000..cb9dfad124 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-ia64.pl | |||
| @@ -0,0 +1,549 @@ | |||
| 1 | #!/usr/bin/env perl | ||
| 2 | # | ||
| 3 | # ==================================================================== | ||
| 4 | # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL | ||
| 5 | # project. Rights for redistribution and usage in source and binary | ||
| 6 | # forms are granted according to the OpenSSL license. | ||
| 7 | # ==================================================================== | ||
| 8 | # | ||
| 9 | # Eternal question is what's wrong with compiler generated code? The | ||
| 10 | # trick is that it's possible to reduce the number of shifts required | ||
| 11 | # to perform rotations by maintaining copy of 32-bit value in upper | ||
| 12 | # bits of 64-bit register. Just follow mux2 and shrp instructions... | ||
| 13 | # Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which | ||
| 14 | # is >50% better than HP C and >2x better than gcc. As of this moment | ||
| 15 | # performance under little-endian OS such as Linux and Windows will be | ||
| 16 | # a bit lower, because data has to be picked in reverse byte-order. | ||
| 17 | # It's possible to resolve this issue by implementing third function, | ||
| 18 | # sha1_block_asm_data_order_aligned, which would temporarily flip | ||
| 19 | # BE field in User Mask register... | ||
| 20 | |||
| 21 | $code=<<___; | ||
| 22 | .ident \"sha1-ia64.s, version 1.0\" | ||
| 23 | .ident \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\" | ||
| 24 | .explicit | ||
| 25 | |||
| 26 | ___ | ||
| 27 | |||
| 28 | |||
| 29 | if ($^O eq "hpux") { | ||
| 30 | $ADDP="addp4"; | ||
| 31 | for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } | ||
| 32 | } else { $ADDP="add"; } | ||
| 33 | for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); | ||
| 34 | $big_endian=0 if (/\-DL_ENDIAN/); } | ||
| 35 | if (!defined($big_endian)) | ||
| 36 | { $big_endian=(unpack('L',pack('N',1))==1); } | ||
| 37 | |||
| 38 | #$human=1; | ||
| 39 | if ($human) { # useful for visual code auditing... | ||
| 40 | ($A,$B,$C,$D,$E,$T) = ("A","B","C","D","E","T"); | ||
| 41 | ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4"); | ||
| 42 | ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = | ||
| 43 | ( "K_00_19","K_20_39","K_40_59","K_60_79" ); | ||
| 44 | @X= ( "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7", | ||
| 45 | "X8", "X9","X10","X11","X12","X13","X14","X15" ); | ||
| 46 | } | ||
| 47 | else { | ||
| 48 | ($A,$B,$C,$D,$E,$T) = ("loc0","loc1","loc2","loc3","loc4","loc5"); | ||
| 49 | ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10"); | ||
| 50 | ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = | ||
| 51 | ( "r14", "r15", "loc11", "loc12" ); | ||
| 52 | @X= ( "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", | ||
| 53 | "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" ); | ||
| 54 | } | ||
| 55 | |||
| 56 | sub BODY_00_15 { | ||
| 57 | local *code=shift; | ||
| 58 | local ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_; | ||
| 59 | |||
| 60 | if ($unaligned) { | ||
| 61 | $code.=<<___; | ||
| 62 | { .mmi; ld1 tmp0=[inp],2 // MSB | ||
| 63 | ld1 tmp1=[tmp3],2 };; | ||
| 64 | { .mmi; ld1 tmp2=[inp],2 | ||
| 65 | ld1 $X[$i&0xf]=[tmp3],2 // LSB | ||
| 66 | dep tmp1=tmp0,tmp1,8,8 };; | ||
| 67 | { .mii; cmp.ne p16,p0=r0,r0 // no misaligned prefetch | ||
| 68 | dep $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;; | ||
| 69 | dep $X[$i&0xf]=tmp1,$X[$i&0xf],16,16 };; | ||
| 70 | { .mmi; nop.m 0 | ||
| 71 | ___ | ||
| 72 | } | ||
| 73 | elsif ($i<15) { | ||
| 74 | $code.=<<___; | ||
| 75 | { .mmi; ld4 $X[($i+1)&0xf]=[inp],4 // prefetch | ||
| 76 | ___ | ||
| 77 | } | ||
| 78 | else { | ||
| 79 | $code.=<<___; | ||
| 80 | { .mmi; nop.m 0 | ||
| 81 | ___ | ||
| 82 | } | ||
| 83 | if ($i<15) { | ||
| 84 | $code.=<<___; | ||
| 85 | and tmp0=$c,$b | ||
| 86 | dep.z tmp5=$a,5,27 } // a<<5 | ||
| 87 | { .mmi; andcm tmp1=$d,$b | ||
| 88 | add tmp4=$e,$K_00_19 };; | ||
| 89 | { .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) | ||
| 90 | add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 | ||
| 91 | extr.u tmp1=$a,27,5 };; // a>>27 | ||
| 92 | { .mib; add $f=$f,tmp0 // f+=F_00_19(b,c,d) | ||
| 93 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) | ||
| 94 | { .mib; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 95 | mux2 tmp6=$a,0x44 };; // see b in next iteration | ||
| 96 | { .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) | ||
| 97 | mux2 $X[$i&0xf]=$X[$i&0xf],0x44 | ||
| 98 | nop.i 0 };; | ||
| 99 | |||
| 100 | ___ | ||
| 101 | } | ||
| 102 | else { | ||
| 103 | $code.=<<___; | ||
| 104 | and tmp0=$c,$b | ||
| 105 | dep.z tmp5=$a,5,27 } // a<<5 ;;? | ||
| 106 | { .mmi; andcm tmp1=$d,$b | ||
| 107 | add tmp4=$e,$K_00_19 };; | ||
| 108 | { .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) | ||
| 109 | add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 | ||
| 110 | extr.u tmp1=$a,27,5 } // a>>27 | ||
| 111 | { .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 | ||
| 112 | xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 | ||
| 113 | nop.i 0 };; | ||
| 114 | { .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) | ||
| 115 | xor tmp2=tmp2,tmp3 // +1 | ||
| 116 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) | ||
| 117 | { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 118 | mux2 tmp6=$a,0x44 };; // see b in next iteration | ||
| 119 | { .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) | ||
| 120 | shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) | ||
| 121 | mux2 $X[$i&0xf]=$X[$i&0xf],0x44 };; | ||
| 122 | |||
| 123 | ___ | ||
| 124 | } | ||
| 125 | } | ||
| 126 | |||
| 127 | sub BODY_16_19 { | ||
| 128 | local *code=shift; | ||
| 129 | local ($i,$a,$b,$c,$d,$e,$f)=@_; | ||
| 130 | |||
| 131 | $code.=<<___; | ||
| 132 | { .mmi; mov $X[$i&0xf]=$f // Xupdate | ||
| 133 | and tmp0=$c,$b | ||
| 134 | dep.z tmp5=$a,5,27 } // a<<5 | ||
| 135 | { .mmi; andcm tmp1=$d,$b | ||
| 136 | add tmp4=$e,$K_00_19 };; | ||
| 137 | { .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) | ||
| 138 | add $f=$f,tmp4 // f+=e+K_00_19 | ||
| 139 | extr.u tmp1=$a,27,5 } // a>>27 | ||
| 140 | { .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 | ||
| 141 | xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 | ||
| 142 | nop.i 0 };; | ||
| 143 | { .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) | ||
| 144 | xor tmp2=tmp2,tmp3 // +1 | ||
| 145 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) | ||
| 146 | { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 147 | mux2 tmp6=$a,0x44 };; // see b in next iteration | ||
| 148 | { .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) | ||
| 149 | shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) | ||
| 150 | nop.i 0 };; | ||
| 151 | |||
| 152 | ___ | ||
| 153 | } | ||
| 154 | |||
| 155 | sub BODY_20_39 { | ||
| 156 | local *code=shift; | ||
| 157 | local ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_; | ||
| 158 | $Konst = $K_20_39 if (!defined($Konst)); | ||
| 159 | |||
| 160 | if ($i<79) { | ||
| 161 | $code.=<<___; | ||
| 162 | { .mib; mov $X[$i&0xf]=$f // Xupdate | ||
| 163 | dep.z tmp5=$a,5,27 } // a<<5 | ||
| 164 | { .mib; xor tmp0=$c,$b | ||
| 165 | add tmp4=$e,$Konst };; | ||
| 166 | { .mmi; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d | ||
| 167 | add $f=$f,tmp4 // f+=e+K_20_39 | ||
| 168 | extr.u tmp1=$a,27,5 } // a>>27 | ||
| 169 | { .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 | ||
| 170 | xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 | ||
| 171 | nop.i 0 };; | ||
| 172 | { .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d) | ||
| 173 | xor tmp2=tmp2,tmp3 // +1 | ||
| 174 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) | ||
| 175 | { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 176 | mux2 tmp6=$a,0x44 };; // see b in next iteration | ||
| 177 | { .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) | ||
| 178 | shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) | ||
| 179 | nop.i 0 };; | ||
| 180 | |||
| 181 | ___ | ||
| 182 | } | ||
| 183 | else { | ||
| 184 | $code.=<<___; | ||
| 185 | { .mib; mov $X[$i&0xf]=$f // Xupdate | ||
| 186 | dep.z tmp5=$a,5,27 } // a<<5 | ||
| 187 | { .mib; xor tmp0=$c,$b | ||
| 188 | add tmp4=$e,$Konst };; | ||
| 189 | { .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d | ||
| 190 | extr.u tmp1=$a,27,5 } // a>>27 | ||
| 191 | { .mib; add $f=$f,tmp4 // f+=e+K_20_39 | ||
| 192 | add $h1=$h1,$a };; // wrap up | ||
| 193 | { .mmi; | ||
| 194 | (p16) ld4.s $X[0]=[inp],4 // non-faulting prefetch | ||
| 195 | add $f=$f,tmp0 // f+=F_20_39(b,c,d) | ||
| 196 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) ;;? | ||
| 197 | { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 198 | add $h3=$h3,$c };; // wrap up | ||
| 199 | { .mib; add tmp3=1,inp // used in unaligned codepath | ||
| 200 | add $f=$f,tmp1 } // f+=ROTATE(a,5) | ||
| 201 | { .mib; add $h2=$h2,$b // wrap up | ||
| 202 | add $h4=$h4,$d };; // wrap up | ||
| 203 | |||
| 204 | ___ | ||
| 205 | } | ||
| 206 | } | ||
| 207 | |||
| 208 | sub BODY_40_59 { | ||
| 209 | local *code=shift; | ||
| 210 | local ($i,$a,$b,$c,$d,$e,$f)=@_; | ||
| 211 | |||
| 212 | $code.=<<___; | ||
| 213 | { .mmi; mov $X[$i&0xf]=$f // Xupdate | ||
| 214 | and tmp0=$c,$b | ||
| 215 | dep.z tmp5=$a,5,27 } // a<<5 | ||
| 216 | { .mmi; and tmp1=$d,$b | ||
| 217 | add tmp4=$e,$K_40_59 };; | ||
| 218 | { .mmi; or tmp0=tmp0,tmp1 // (b&c)|(b&d) | ||
| 219 | add $f=$f,tmp4 // f+=e+K_40_59 | ||
| 220 | extr.u tmp1=$a,27,5 } // a>>27 | ||
| 221 | { .mmi; and tmp4=$c,$d | ||
| 222 | xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 | ||
| 223 | xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 | ||
| 224 | };; | ||
| 225 | { .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) | ||
| 226 | xor tmp2=tmp2,tmp3 // +1 | ||
| 227 | shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) | ||
| 228 | { .mmi; or tmp0=tmp0,tmp4 // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d) | ||
| 229 | mux2 tmp6=$a,0x44 };; // see b in next iteration | ||
| 230 | { .mii; add $f=$f,tmp0 // f+=F_40_59(b,c,d) | ||
| 231 | shrp $e=tmp2,tmp2,31;; // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) | ||
| 232 | add $f=$f,tmp1 };; // f+=ROTATE(a,5) | ||
| 233 | |||
| 234 | ___ | ||
| 235 | } | ||
| 236 | sub BODY_60_79 { &BODY_20_39(@_,$K_60_79); } | ||
| 237 | |||
| 238 | $code.=<<___; | ||
| 239 | .text | ||
| 240 | |||
| 241 | tmp0=r8; | ||
| 242 | tmp1=r9; | ||
| 243 | tmp2=r10; | ||
| 244 | tmp3=r11; | ||
| 245 | ctx=r32; // in0 | ||
| 246 | inp=r33; // in1 | ||
| 247 | |||
| 248 | // void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num); | ||
| 249 | .global sha1_block_asm_host_order# | ||
| 250 | .proc sha1_block_asm_host_order# | ||
| 251 | .align 32 | ||
| 252 | sha1_block_asm_host_order: | ||
| 253 | .prologue | ||
| 254 | .fframe 0 | ||
| 255 | .save ar.pfs,r0 | ||
| 256 | .save ar.lc,r3 | ||
| 257 | { .mmi; alloc tmp1=ar.pfs,3,15,0,0 | ||
| 258 | $ADDP tmp0=4,ctx | ||
| 259 | mov r3=ar.lc } | ||
| 260 | { .mmi; $ADDP ctx=0,ctx | ||
| 261 | $ADDP inp=0,inp | ||
| 262 | mov r2=pr };; | ||
| 263 | tmp4=in2; | ||
| 264 | tmp5=loc13; | ||
| 265 | tmp6=loc14; | ||
| 266 | .body | ||
| 267 | { .mlx; ld4 $h0=[ctx],8 | ||
| 268 | movl $K_00_19=0x5a827999 } | ||
| 269 | { .mlx; ld4 $h1=[tmp0],8 | ||
| 270 | movl $K_20_39=0x6ed9eba1 };; | ||
| 271 | { .mlx; ld4 $h2=[ctx],8 | ||
| 272 | movl $K_40_59=0x8f1bbcdc } | ||
| 273 | { .mlx; ld4 $h3=[tmp0] | ||
| 274 | movl $K_60_79=0xca62c1d6 };; | ||
| 275 | { .mmi; ld4 $h4=[ctx],-16 | ||
| 276 | add in2=-1,in2 // adjust num for ar.lc | ||
| 277 | mov ar.ec=1 };; | ||
| 278 | { .mmi; ld4 $X[0]=[inp],4 // prefetch | ||
| 279 | cmp.ne p16,p0=r0,in2 // prefecth at loop end | ||
| 280 | mov ar.lc=in2 };; // brp.loop.imp: too far | ||
| 281 | |||
| 282 | .Lhtop: | ||
| 283 | { .mmi; mov $A=$h0 | ||
| 284 | mov $B=$h1 | ||
| 285 | mux2 tmp6=$h1,0x44 } | ||
| 286 | { .mmi; mov $C=$h2 | ||
| 287 | mov $D=$h3 | ||
| 288 | mov $E=$h4 };; | ||
| 289 | |||
| 290 | ___ | ||
| 291 | |||
| 292 | &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T); | ||
| 293 | &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E); | ||
| 294 | &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D); | ||
| 295 | &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C); | ||
| 296 | &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B); | ||
| 297 | &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A); | ||
| 298 | &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T); | ||
| 299 | &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E); | ||
| 300 | &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D); | ||
| 301 | &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C); | ||
| 302 | &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B); | ||
| 303 | &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A); | ||
| 304 | &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T); | ||
| 305 | &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E); | ||
| 306 | &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D); | ||
| 307 | &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C); | ||
| 308 | |||
| 309 | &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); | ||
| 310 | &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); | ||
| 311 | &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); | ||
| 312 | &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); | ||
| 313 | |||
| 314 | &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); | ||
| 315 | &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); | ||
| 316 | &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); | ||
| 317 | &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); | ||
| 318 | &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); | ||
| 319 | &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); | ||
| 320 | &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); | ||
| 321 | &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); | ||
| 322 | &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); | ||
| 323 | &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); | ||
| 324 | &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); | ||
| 325 | &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); | ||
| 326 | &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); | ||
| 327 | &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); | ||
| 328 | &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); | ||
| 329 | &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); | ||
| 330 | &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); | ||
| 331 | &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); | ||
| 332 | &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); | ||
| 333 | &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); | ||
| 334 | |||
| 335 | &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); | ||
| 336 | &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); | ||
| 337 | &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); | ||
| 338 | &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); | ||
| 339 | &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); | ||
| 340 | &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); | ||
| 341 | &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); | ||
| 342 | &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); | ||
| 343 | &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); | ||
| 344 | &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); | ||
| 345 | &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); | ||
| 346 | &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); | ||
| 347 | &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); | ||
| 348 | &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); | ||
| 349 | &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); | ||
| 350 | &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); | ||
| 351 | &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); | ||
| 352 | &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); | ||
| 353 | &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); | ||
| 354 | &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); | ||
| 355 | |||
| 356 | &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); | ||
| 357 | &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); | ||
| 358 | &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); | ||
| 359 | &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); | ||
| 360 | &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); | ||
| 361 | &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); | ||
| 362 | &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); | ||
| 363 | &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); | ||
| 364 | &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); | ||
| 365 | &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); | ||
| 366 | &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); | ||
| 367 | &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); | ||
| 368 | &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); | ||
| 369 | &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); | ||
| 370 | &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); | ||
| 371 | &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); | ||
| 372 | &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); | ||
| 373 | &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); | ||
| 374 | &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); | ||
| 375 | &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); | ||
| 376 | |||
| 377 | $code.=<<___; | ||
| 378 | { .mmb; add $h0=$h0,$E | ||
| 379 | nop.m 0 | ||
| 380 | br.ctop.dptk.many .Lhtop };; | ||
| 381 | .Lhend: | ||
| 382 | { .mmi; add tmp0=4,ctx | ||
| 383 | mov ar.lc=r3 };; | ||
| 384 | { .mmi; st4 [ctx]=$h0,8 | ||
| 385 | st4 [tmp0]=$h1,8 };; | ||
| 386 | { .mmi; st4 [ctx]=$h2,8 | ||
| 387 | st4 [tmp0]=$h3 };; | ||
| 388 | { .mib; st4 [ctx]=$h4,-16 | ||
| 389 | mov pr=r2,0x1ffff | ||
| 390 | br.ret.sptk.many b0 };; | ||
| 391 | .endp sha1_block_asm_host_order# | ||
| 392 | ___ | ||
| 393 | |||
| 394 | |||
| 395 | $code.=<<___; | ||
| 396 | // void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num); | ||
| 397 | .global sha1_block_asm_data_order# | ||
| 398 | .proc sha1_block_asm_data_order# | ||
| 399 | .align 32 | ||
| 400 | sha1_block_asm_data_order: | ||
| 401 | ___ | ||
| 402 | $code.=<<___ if ($big_endian); | ||
| 403 | { .mmi; and r2=3,inp };; | ||
| 404 | { .mib; cmp.eq p6,p0=r0,r2 | ||
| 405 | (p6) br.dptk.many sha1_block_asm_host_order };; | ||
| 406 | ___ | ||
| 407 | $code.=<<___; | ||
| 408 | .prologue | ||
| 409 | .fframe 0 | ||
| 410 | .save ar.pfs,r0 | ||
| 411 | .save ar.lc,r3 | ||
| 412 | { .mmi; alloc tmp1=ar.pfs,3,15,0,0 | ||
| 413 | $ADDP tmp0=4,ctx | ||
| 414 | mov r3=ar.lc } | ||
| 415 | { .mmi; $ADDP ctx=0,ctx | ||
| 416 | $ADDP inp=0,inp | ||
| 417 | mov r2=pr };; | ||
| 418 | tmp4=in2; | ||
| 419 | tmp5=loc13; | ||
| 420 | tmp6=loc14; | ||
| 421 | .body | ||
| 422 | { .mlx; ld4 $h0=[ctx],8 | ||
| 423 | movl $K_00_19=0x5a827999 } | ||
| 424 | { .mlx; ld4 $h1=[tmp0],8 | ||
| 425 | movl $K_20_39=0x6ed9eba1 };; | ||
| 426 | { .mlx; ld4 $h2=[ctx],8 | ||
| 427 | movl $K_40_59=0x8f1bbcdc } | ||
| 428 | { .mlx; ld4 $h3=[tmp0] | ||
| 429 | movl $K_60_79=0xca62c1d6 };; | ||
| 430 | { .mmi; ld4 $h4=[ctx],-16 | ||
| 431 | add in2=-1,in2 // adjust num for ar.lc | ||
| 432 | mov ar.ec=1 };; | ||
| 433 | { .mmi; nop.m 0 | ||
| 434 | add tmp3=1,inp | ||
| 435 | mov ar.lc=in2 };; // brp.loop.imp: too far | ||
| 436 | |||
| 437 | .Ldtop: | ||
| 438 | { .mmi; mov $A=$h0 | ||
| 439 | mov $B=$h1 | ||
| 440 | mux2 tmp6=$h1,0x44 } | ||
| 441 | { .mmi; mov $C=$h2 | ||
| 442 | mov $D=$h3 | ||
| 443 | mov $E=$h4 };; | ||
| 444 | |||
| 445 | ___ | ||
| 446 | |||
| 447 | &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1); | ||
| 448 | &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1); | ||
| 449 | &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1); | ||
| 450 | &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1); | ||
| 451 | &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1); | ||
| 452 | &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1); | ||
| 453 | &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1); | ||
| 454 | &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1); | ||
| 455 | &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1); | ||
| 456 | &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1); | ||
| 457 | &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1); | ||
| 458 | &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1); | ||
| 459 | &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1); | ||
| 460 | &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1); | ||
| 461 | &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1); | ||
| 462 | &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1); | ||
| 463 | |||
| 464 | &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); | ||
| 465 | &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); | ||
| 466 | &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); | ||
| 467 | &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); | ||
| 468 | |||
| 469 | &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); | ||
| 470 | &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); | ||
| 471 | &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); | ||
| 472 | &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); | ||
| 473 | &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); | ||
| 474 | &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); | ||
| 475 | &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); | ||
| 476 | &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); | ||
| 477 | &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); | ||
| 478 | &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); | ||
| 479 | &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); | ||
| 480 | &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); | ||
| 481 | &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); | ||
| 482 | &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); | ||
| 483 | &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); | ||
| 484 | &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); | ||
| 485 | &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); | ||
| 486 | &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); | ||
| 487 | &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); | ||
| 488 | &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); | ||
| 489 | |||
| 490 | &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); | ||
| 491 | &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); | ||
| 492 | &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); | ||
| 493 | &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); | ||
| 494 | &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); | ||
| 495 | &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); | ||
| 496 | &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); | ||
| 497 | &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); | ||
| 498 | &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); | ||
| 499 | &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); | ||
| 500 | &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); | ||
| 501 | &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); | ||
| 502 | &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); | ||
| 503 | &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); | ||
| 504 | &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); | ||
| 505 | &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); | ||
| 506 | &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); | ||
| 507 | &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); | ||
| 508 | &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); | ||
| 509 | &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); | ||
| 510 | |||
| 511 | &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); | ||
| 512 | &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); | ||
| 513 | &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); | ||
| 514 | &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); | ||
| 515 | &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); | ||
| 516 | &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); | ||
| 517 | &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); | ||
| 518 | &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); | ||
| 519 | &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); | ||
| 520 | &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); | ||
| 521 | &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); | ||
| 522 | &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); | ||
| 523 | &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); | ||
| 524 | &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); | ||
| 525 | &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); | ||
| 526 | &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); | ||
| 527 | &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); | ||
| 528 | &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); | ||
| 529 | &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); | ||
| 530 | &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); | ||
| 531 | |||
| 532 | $code.=<<___; | ||
| 533 | { .mmb; add $h0=$h0,$E | ||
| 534 | nop.m 0 | ||
| 535 | br.ctop.dptk.many .Ldtop };; | ||
| 536 | .Ldend: | ||
| 537 | { .mmi; add tmp0=4,ctx | ||
| 538 | mov ar.lc=r3 };; | ||
| 539 | { .mmi; st4 [ctx]=$h0,8 | ||
| 540 | st4 [tmp0]=$h1,8 };; | ||
| 541 | { .mmi; st4 [ctx]=$h2,8 | ||
| 542 | st4 [tmp0]=$h3 };; | ||
| 543 | { .mib; st4 [ctx]=$h4,-16 | ||
| 544 | mov pr=r2,0x1ffff | ||
| 545 | br.ret.sptk.many b0 };; | ||
| 546 | .endp sha1_block_asm_data_order# | ||
| 547 | ___ | ||
| 548 | |||
| 549 | print $code; | ||
| diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h index 3fd54a10cc..79c07b0fd1 100644 --- a/src/lib/libcrypto/sha/sha.h +++ b/src/lib/libcrypto/sha/sha.h | |||
| @@ -69,6 +69,10 @@ extern "C" { | |||
| 69 | #error SHA is disabled. | 69 | #error SHA is disabled. | 
| 70 | #endif | 70 | #endif | 
| 71 | 71 | ||
| 72 | #if defined(OPENSSL_FIPS) | ||
| 73 | #define FIPS_SHA_SIZE_T unsigned long | ||
| 74 | #endif | ||
| 75 | |||
| 72 | /* | 76 | /* | 
| 73 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | 77 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | 
| 74 | * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! | 78 | * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! | 
| @@ -101,6 +105,9 @@ typedef struct SHAstate_st | |||
| 101 | } SHA_CTX; | 105 | } SHA_CTX; | 
| 102 | 106 | ||
| 103 | #ifndef OPENSSL_NO_SHA0 | 107 | #ifndef OPENSSL_NO_SHA0 | 
| 108 | #ifdef OPENSSL_FIPS | ||
| 109 | int private_SHA_Init(SHA_CTX *c); | ||
| 110 | #endif | ||
| 104 | int SHA_Init(SHA_CTX *c); | 111 | int SHA_Init(SHA_CTX *c); | 
| 105 | int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); | 112 | int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); | 
| 106 | int SHA_Final(unsigned char *md, SHA_CTX *c); | 113 | int SHA_Final(unsigned char *md, SHA_CTX *c); | 
| diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c index 182f65982a..1e2009b760 100644 --- a/src/lib/libcrypto/sha/sha1dgst.c +++ b/src/lib/libcrypto/sha/sha1dgst.c | |||
| @@ -62,12 +62,20 @@ | |||
| 62 | #define SHA_1 | 62 | #define SHA_1 | 
| 63 | 63 | ||
| 64 | #include <openssl/opensslv.h> | 64 | #include <openssl/opensslv.h> | 
| 65 | #include <openssl/opensslconf.h> | ||
| 65 | 66 | ||
| 67 | #ifndef OPENSSL_FIPS | ||
| 66 | const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; | 68 | const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; | 
| 67 | 69 | ||
| 68 | /* The implementation is in ../md32_common.h */ | 70 | /* The implementation is in ../md32_common.h */ | 
| 69 | 71 | ||
| 70 | #include "sha_locl.h" | 72 | #include "sha_locl.h" | 
| 71 | 73 | ||
| 74 | #else /* ndef OPENSSL_FIPS */ | ||
| 75 | |||
| 76 | static void *dummy=&dummy; | ||
| 77 | |||
| 78 | #endif /* ndef OPENSSL_FIPS */ | ||
| 79 | |||
| 72 | #endif | 80 | #endif | 
| 73 | 81 | ||
| diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h index 2dd63a62a6..a3623f72da 100644 --- a/src/lib/libcrypto/sha/sha_locl.h +++ b/src/lib/libcrypto/sha/sha_locl.h | |||
| @@ -121,6 +121,11 @@ | |||
| 121 | # define sha1_block_data_order sha1_block_asm_data_order | 121 | # define sha1_block_data_order sha1_block_asm_data_order | 
| 122 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | 122 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | 
| 123 | # define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order | 123 | # define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order | 
| 124 | # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) | ||
| 125 | # define sha1_block_host_order sha1_block_asm_host_order | ||
| 126 | # define DONT_IMPLEMENT_BLOCK_HOST_ORDER | ||
| 127 | # define sha1_block_data_order sha1_block_asm_data_order | ||
| 128 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | ||
| 124 | # endif | 129 | # endif | 
| 125 | # endif | 130 | # endif | 
| 126 | void sha1_block_host_order (SHA_CTX *c, const void *p,int num); | 131 | void sha1_block_host_order (SHA_CTX *c, const void *p,int num); | 
| @@ -138,7 +143,11 @@ | |||
| 138 | #define INIT_DATA_h3 0x10325476UL | 143 | #define INIT_DATA_h3 0x10325476UL | 
| 139 | #define INIT_DATA_h4 0xc3d2e1f0UL | 144 | #define INIT_DATA_h4 0xc3d2e1f0UL | 
| 140 | 145 | ||
| 146 | #if defined(SHA_0) && defined(OPENSSL_FIPS) | ||
| 147 | FIPS_NON_FIPS_MD_Init(SHA) | ||
| 148 | #else | ||
| 141 | int HASH_INIT (SHA_CTX *c) | 149 | int HASH_INIT (SHA_CTX *c) | 
| 150 | #endif | ||
| 142 | { | 151 | { | 
| 143 | c->h0=INIT_DATA_h0; | 152 | c->h0=INIT_DATA_h0; | 
| 144 | c->h1=INIT_DATA_h1; | 153 | c->h1=INIT_DATA_h1; | 
| diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h index ed9ed2c23a..bd1121c279 100644 --- a/src/lib/libcrypto/stack/safestack.h +++ b/src/lib/libcrypto/stack/safestack.h | |||
| @@ -113,6 +113,8 @@ STACK_OF(type) \ | |||
| 113 | ((type * (*)(STACK_OF(type) *))sk_pop)(st) | 113 | ((type * (*)(STACK_OF(type) *))sk_pop)(st) | 
| 114 | #define SKM_sk_sort(type, st) \ | 114 | #define SKM_sk_sort(type, st) \ | 
| 115 | ((void (*)(STACK_OF(type) *))sk_sort)(st) | 115 | ((void (*)(STACK_OF(type) *))sk_sort)(st) | 
| 116 | #define SKM_sk_is_sorted(type, st) \ | ||
| 117 | ((int (*)(const STACK_OF(type) *))sk_is_sorted)(st) | ||
| 116 | 118 | ||
| 117 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 119 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 
| 118 | ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ | 120 | ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ | 
| @@ -187,6 +189,8 @@ STACK_OF(type) \ | |||
| 187 | ((type *)sk_pop(st)) | 189 | ((type *)sk_pop(st)) | 
| 188 | #define SKM_sk_sort(type, st) \ | 190 | #define SKM_sk_sort(type, st) \ | 
| 189 | sk_sort(st) | 191 | sk_sort(st) | 
| 192 | #define SKM_sk_is_sorted(type, st) \ | ||
| 193 | sk_is_sorted(st) | ||
| 190 | 194 | ||
| 191 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 195 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 
| 192 | d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) | 196 | d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) | 
| @@ -223,6 +227,7 @@ STACK_OF(type) \ | |||
| 223 | #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) | 227 | #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) | 
| 224 | #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) | 228 | #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) | 
| 225 | #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) | 229 | #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) | 
| 230 | #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) | ||
| 226 | 231 | ||
| 227 | #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) | 232 | #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) | 
| 228 | #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) | 233 | #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) | 
| @@ -243,6 +248,7 @@ STACK_OF(type) \ | |||
| 243 | #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) | 248 | #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) | 
| 244 | #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) | 249 | #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) | 
| 245 | #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) | 250 | #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) | 
| 251 | #define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) | ||
| 246 | 252 | ||
| 247 | #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) | 253 | #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) | 
| 248 | #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) | 254 | #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) | 
| @@ -263,6 +269,7 @@ STACK_OF(type) \ | |||
| 263 | #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) | 269 | #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) | 
| 264 | #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) | 270 | #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) | 
| 265 | #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) | 271 | #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) | 
| 272 | #define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) | ||
| 266 | 273 | ||
| 267 | #define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) | 274 | #define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) | 
| 268 | #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) | 275 | #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) | 
| @@ -283,6 +290,7 @@ STACK_OF(type) \ | |||
| 283 | #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) | 290 | #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) | 
| 284 | #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) | 291 | #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) | 
| 285 | #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) | 292 | #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) | 
| 293 | #define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) | ||
| 286 | 294 | ||
| 287 | #define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) | 295 | #define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) | 
| 288 | #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) | 296 | #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) | 
| @@ -303,6 +311,7 @@ STACK_OF(type) \ | |||
| 303 | #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) | 311 | #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) | 
| 304 | #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) | 312 | #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) | 
| 305 | #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) | 313 | #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) | 
| 314 | #define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) | ||
| 306 | 315 | ||
| 307 | #define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) | 316 | #define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) | 
| 308 | #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) | 317 | #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) | 
| @@ -323,6 +332,7 @@ STACK_OF(type) \ | |||
| 323 | #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) | 332 | #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) | 
| 324 | #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) | 333 | #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) | 
| 325 | #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) | 334 | #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) | 
| 335 | #define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) | ||
| 326 | 336 | ||
| 327 | #define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) | 337 | #define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) | 
| 328 | #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) | 338 | #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) | 
| @@ -343,6 +353,7 @@ STACK_OF(type) \ | |||
| 343 | #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) | 353 | #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) | 
| 344 | #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) | 354 | #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) | 
| 345 | #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) | 355 | #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) | 
| 356 | #define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) | ||
| 346 | 357 | ||
| 347 | #define sk_BIO_new(st) SKM_sk_new(BIO, (st)) | 358 | #define sk_BIO_new(st) SKM_sk_new(BIO, (st)) | 
| 348 | #define sk_BIO_new_null() SKM_sk_new_null(BIO) | 359 | #define sk_BIO_new_null() SKM_sk_new_null(BIO) | 
| @@ -363,6 +374,7 @@ STACK_OF(type) \ | |||
| 363 | #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) | 374 | #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) | 
| 364 | #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) | 375 | #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) | 
| 365 | #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) | 376 | #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) | 
| 377 | #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) | ||
| 366 | 378 | ||
| 367 | #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) | 379 | #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) | 
| 368 | #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) | 380 | #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) | 
| @@ -383,6 +395,7 @@ STACK_OF(type) \ | |||
| 383 | #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) | 395 | #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) | 
| 384 | #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) | 396 | #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) | 
| 385 | #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) | 397 | #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) | 
| 398 | #define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) | ||
| 386 | 399 | ||
| 387 | #define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) | 400 | #define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) | 
| 388 | #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) | 401 | #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) | 
| @@ -403,6 +416,7 @@ STACK_OF(type) \ | |||
| 403 | #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) | 416 | #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) | 
| 404 | #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) | 417 | #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) | 
| 405 | #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) | 418 | #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) | 
| 419 | #define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) | ||
| 406 | 420 | ||
| 407 | #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) | 421 | #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) | 
| 408 | #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) | 422 | #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) | 
| @@ -423,6 +437,7 @@ STACK_OF(type) \ | |||
| 423 | #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) | 437 | #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) | 
| 424 | #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) | 438 | #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) | 
| 425 | #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) | 439 | #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) | 
| 440 | #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) | ||
| 426 | 441 | ||
| 427 | #define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) | 442 | #define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) | 
| 428 | #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) | 443 | #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) | 
| @@ -443,6 +458,7 @@ STACK_OF(type) \ | |||
| 443 | #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) | 458 | #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) | 
| 444 | #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) | 459 | #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) | 
| 445 | #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) | 460 | #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) | 
| 461 | #define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 446 | 462 | ||
| 447 | #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) | 463 | #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) | 
| 448 | #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) | 464 | #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) | 
| @@ -463,6 +479,7 @@ STACK_OF(type) \ | |||
| 463 | #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) | 479 | #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) | 
| 464 | #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) | 480 | #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) | 
| 465 | #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) | 481 | #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) | 
| 482 | #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) | ||
| 466 | 483 | ||
| 467 | #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) | 484 | #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) | 
| 468 | #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) | 485 | #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) | 
| @@ -483,6 +500,7 @@ STACK_OF(type) \ | |||
| 483 | #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) | 500 | #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) | 
| 484 | #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) | 501 | #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) | 
| 485 | #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) | 502 | #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) | 
| 503 | #define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) | ||
| 486 | 504 | ||
| 487 | #define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) | 505 | #define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) | 
| 488 | #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) | 506 | #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) | 
| @@ -503,6 +521,7 @@ STACK_OF(type) \ | |||
| 503 | #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) | 521 | #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) | 
| 504 | #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) | 522 | #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) | 
| 505 | #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) | 523 | #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) | 
| 524 | #define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) | ||
| 506 | 525 | ||
| 507 | #define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) | 526 | #define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) | 
| 508 | #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) | 527 | #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) | 
| @@ -523,6 +542,7 @@ STACK_OF(type) \ | |||
| 523 | #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) | 542 | #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) | 
| 524 | #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) | 543 | #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) | 
| 525 | #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) | 544 | #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) | 
| 545 | #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) | ||
| 526 | 546 | ||
| 527 | #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) | 547 | #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) | 
| 528 | #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) | 548 | #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) | 
| @@ -543,6 +563,7 @@ STACK_OF(type) \ | |||
| 543 | #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) | 563 | #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) | 
| 544 | #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) | 564 | #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) | 
| 545 | #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) | 565 | #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) | 
| 566 | #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) | ||
| 546 | 567 | ||
| 547 | #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) | 568 | #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) | 
| 548 | #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) | 569 | #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) | 
| @@ -563,6 +584,7 @@ STACK_OF(type) \ | |||
| 563 | #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) | 584 | #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) | 
| 564 | #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) | 585 | #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) | 
| 565 | #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) | 586 | #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) | 
| 587 | #define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) | ||
| 566 | 588 | ||
| 567 | #define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) | 589 | #define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) | 
| 568 | #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) | 590 | #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) | 
| @@ -583,6 +605,7 @@ STACK_OF(type) \ | |||
| 583 | #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) | 605 | #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) | 
| 584 | #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) | 606 | #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) | 
| 585 | #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) | 607 | #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) | 
| 608 | #define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) | ||
| 586 | 609 | ||
| 587 | #define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) | 610 | #define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) | 
| 588 | #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) | 611 | #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) | 
| @@ -603,6 +626,7 @@ STACK_OF(type) \ | |||
| 603 | #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) | 626 | #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) | 
| 604 | #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) | 627 | #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) | 
| 605 | #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) | 628 | #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) | 
| 629 | #define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) | ||
| 606 | 630 | ||
| 607 | #define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) | 631 | #define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) | 
| 608 | #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) | 632 | #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) | 
| @@ -623,6 +647,7 @@ STACK_OF(type) \ | |||
| 623 | #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) | 647 | #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) | 
| 624 | #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) | 648 | #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) | 
| 625 | #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) | 649 | #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) | 
| 650 | #define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) | ||
| 626 | 651 | ||
| 627 | #define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) | 652 | #define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) | 
| 628 | #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) | 653 | #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) | 
| @@ -643,6 +668,7 @@ STACK_OF(type) \ | |||
| 643 | #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) | 668 | #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) | 
| 644 | #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) | 669 | #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) | 
| 645 | #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) | 670 | #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) | 
| 671 | #define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) | ||
| 646 | 672 | ||
| 647 | #define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) | 673 | #define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) | 
| 648 | #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) | 674 | #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) | 
| @@ -663,6 +689,7 @@ STACK_OF(type) \ | |||
| 663 | #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) | 689 | #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) | 
| 664 | #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) | 690 | #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) | 
| 665 | #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) | 691 | #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) | 
| 692 | #define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) | ||
| 666 | 693 | ||
| 667 | #define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) | 694 | #define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) | 
| 668 | #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) | 695 | #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) | 
| @@ -683,6 +710,7 @@ STACK_OF(type) \ | |||
| 683 | #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) | 710 | #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) | 
| 684 | #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) | 711 | #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) | 
| 685 | #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) | 712 | #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) | 
| 713 | #define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) | ||
| 686 | 714 | ||
| 687 | #define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) | 715 | #define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) | 
| 688 | #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) | 716 | #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) | 
| @@ -703,6 +731,7 @@ STACK_OF(type) \ | |||
| 703 | #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) | 731 | #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) | 
| 704 | #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) | 732 | #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) | 
| 705 | #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) | 733 | #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) | 
| 734 | #define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) | ||
| 706 | 735 | ||
| 707 | #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) | 736 | #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) | 
| 708 | #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) | 737 | #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) | 
| @@ -723,6 +752,7 @@ STACK_OF(type) \ | |||
| 723 | #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) | 752 | #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) | 
| 724 | #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) | 753 | #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) | 
| 725 | #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) | 754 | #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) | 
| 755 | #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) | ||
| 726 | 756 | ||
| 727 | #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) | 757 | #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) | 
| 728 | #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) | 758 | #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) | 
| @@ -743,6 +773,7 @@ STACK_OF(type) \ | |||
| 743 | #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) | 773 | #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) | 
| 744 | #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) | 774 | #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) | 
| 745 | #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) | 775 | #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) | 
| 776 | #define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) | ||
| 746 | 777 | ||
| 747 | #define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) | 778 | #define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) | 
| 748 | #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) | 779 | #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) | 
| @@ -763,6 +794,7 @@ STACK_OF(type) \ | |||
| 763 | #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) | 794 | #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) | 
| 764 | #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) | 795 | #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) | 
| 765 | #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) | 796 | #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) | 
| 797 | #define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) | ||
| 766 | 798 | ||
| 767 | #define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) | 799 | #define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) | 
| 768 | #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) | 800 | #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) | 
| @@ -783,6 +815,7 @@ STACK_OF(type) \ | |||
| 783 | #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) | 815 | #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) | 
| 784 | #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) | 816 | #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) | 
| 785 | #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) | 817 | #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) | 
| 818 | #define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) | ||
| 786 | 819 | ||
| 787 | #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) | 820 | #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) | 
| 788 | #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) | 821 | #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) | 
| @@ -803,6 +836,7 @@ STACK_OF(type) \ | |||
| 803 | #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) | 836 | #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) | 
| 804 | #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) | 837 | #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) | 
| 805 | #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) | 838 | #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) | 
| 839 | #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) | ||
| 806 | 840 | ||
| 807 | #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) | 841 | #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) | 
| 808 | #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) | 842 | #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) | 
| @@ -823,6 +857,7 @@ STACK_OF(type) \ | |||
| 823 | #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) | 857 | #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) | 
| 824 | #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) | 858 | #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) | 
| 825 | #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) | 859 | #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) | 
| 860 | #define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) | ||
| 826 | 861 | ||
| 827 | #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) | 862 | #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) | 
| 828 | #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) | 863 | #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) | 
| @@ -843,6 +878,7 @@ STACK_OF(type) \ | |||
| 843 | #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) | 878 | #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) | 
| 844 | #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) | 879 | #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) | 
| 845 | #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) | 880 | #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) | 
| 881 | #define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) | ||
| 846 | 882 | ||
| 847 | #define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) | 883 | #define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) | 
| 848 | #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) | 884 | #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) | 
| @@ -863,6 +899,7 @@ STACK_OF(type) \ | |||
| 863 | #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) | 899 | #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) | 
| 864 | #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) | 900 | #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) | 
| 865 | #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) | 901 | #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) | 
| 902 | #define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) | ||
| 866 | 903 | ||
| 867 | #define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) | 904 | #define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) | 
| 868 | #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) | 905 | #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) | 
| @@ -883,6 +920,7 @@ STACK_OF(type) \ | |||
| 883 | #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) | 920 | #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) | 
| 884 | #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) | 921 | #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) | 
| 885 | #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) | 922 | #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) | 
| 923 | #define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) | ||
| 886 | 924 | ||
| 887 | #define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) | 925 | #define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) | 
| 888 | #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) | 926 | #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) | 
| @@ -903,6 +941,7 @@ STACK_OF(type) \ | |||
| 903 | #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) | 941 | #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) | 
| 904 | #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) | 942 | #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) | 
| 905 | #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) | 943 | #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) | 
| 944 | #define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) | ||
| 906 | 945 | ||
| 907 | #define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) | 946 | #define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) | 
| 908 | #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) | 947 | #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) | 
| @@ -923,6 +962,7 @@ STACK_OF(type) \ | |||
| 923 | #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) | 962 | #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) | 
| 924 | #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) | 963 | #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) | 
| 925 | #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) | 964 | #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) | 
| 965 | #define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) | ||
| 926 | 966 | ||
| 927 | #define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) | 967 | #define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) | 
| 928 | #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) | 968 | #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) | 
| @@ -943,6 +983,7 @@ STACK_OF(type) \ | |||
| 943 | #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) | 983 | #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) | 
| 944 | #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) | 984 | #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) | 
| 945 | #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) | 985 | #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) | 
| 986 | #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) | ||
| 946 | 987 | ||
| 947 | #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) | 988 | #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) | 
| 948 | #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) | 989 | #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) | 
| @@ -963,6 +1004,7 @@ STACK_OF(type) \ | |||
| 963 | #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) | 1004 | #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) | 
| 964 | #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) | 1005 | #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) | 
| 965 | #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) | 1006 | #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) | 
| 1007 | #define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) | ||
| 966 | 1008 | ||
| 967 | #define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) | 1009 | #define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) | 
| 968 | #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) | 1010 | #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) | 
| @@ -983,6 +1025,7 @@ STACK_OF(type) \ | |||
| 983 | #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) | 1025 | #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) | 
| 984 | #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) | 1026 | #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) | 
| 985 | #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) | 1027 | #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) | 
| 1028 | #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) | ||
| 986 | 1029 | ||
| 987 | #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) | 1030 | #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) | 
| 988 | #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) | 1031 | #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) | 
| @@ -1003,6 +1046,7 @@ STACK_OF(type) \ | |||
| 1003 | #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) | 1046 | #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) | 
| 1004 | #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) | 1047 | #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) | 
| 1005 | #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) | 1048 | #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) | 
| 1049 | #define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) | ||
| 1006 | 1050 | ||
| 1007 | #define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) | 1051 | #define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) | 
| 1008 | #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) | 1052 | #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) | 
| @@ -1023,6 +1067,7 @@ STACK_OF(type) \ | |||
| 1023 | #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) | 1067 | #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) | 
| 1024 | #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) | 1068 | #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) | 
| 1025 | #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) | 1069 | #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) | 
| 1070 | #define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) | ||
| 1026 | 1071 | ||
| 1027 | #define sk_X509_new(st) SKM_sk_new(X509, (st)) | 1072 | #define sk_X509_new(st) SKM_sk_new(X509, (st)) | 
| 1028 | #define sk_X509_new_null() SKM_sk_new_null(X509) | 1073 | #define sk_X509_new_null() SKM_sk_new_null(X509) | 
| @@ -1043,6 +1088,7 @@ STACK_OF(type) \ | |||
| 1043 | #define sk_X509_shift(st) SKM_sk_shift(X509, (st)) | 1088 | #define sk_X509_shift(st) SKM_sk_shift(X509, (st)) | 
| 1044 | #define sk_X509_pop(st) SKM_sk_pop(X509, (st)) | 1089 | #define sk_X509_pop(st) SKM_sk_pop(X509, (st)) | 
| 1045 | #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) | 1090 | #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) | 
| 1091 | #define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) | ||
| 1046 | 1092 | ||
| 1047 | #define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) | 1093 | #define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) | 
| 1048 | #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) | 1094 | #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) | 
| @@ -1063,6 +1109,7 @@ STACK_OF(type) \ | |||
| 1063 | #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) | 1109 | #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) | 
| 1064 | #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) | 1110 | #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) | 
| 1065 | #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) | 1111 | #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) | 
| 1112 | #define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) | ||
| 1066 | 1113 | ||
| 1067 | #define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) | 1114 | #define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) | 
| 1068 | #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) | 1115 | #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) | 
| @@ -1083,6 +1130,7 @@ STACK_OF(type) \ | |||
| 1083 | #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) | 1130 | #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) | 
| 1084 | #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) | 1131 | #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) | 
| 1085 | #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) | 1132 | #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) | 
| 1133 | #define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) | ||
| 1086 | 1134 | ||
| 1087 | #define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) | 1135 | #define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) | 
| 1088 | #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) | 1136 | #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) | 
| @@ -1103,6 +1151,7 @@ STACK_OF(type) \ | |||
| 1103 | #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) | 1151 | #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) | 
| 1104 | #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) | 1152 | #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) | 
| 1105 | #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) | 1153 | #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) | 
| 1154 | #define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) | ||
| 1106 | 1155 | ||
| 1107 | #define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) | 1156 | #define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) | 
| 1108 | #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) | 1157 | #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) | 
| @@ -1123,6 +1172,7 @@ STACK_OF(type) \ | |||
| 1123 | #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) | 1172 | #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) | 
| 1124 | #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) | 1173 | #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) | 
| 1125 | #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) | 1174 | #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) | 
| 1175 | #define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) | ||
| 1126 | 1176 | ||
| 1127 | #define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) | 1177 | #define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) | 
| 1128 | #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) | 1178 | #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) | 
| @@ -1143,6 +1193,7 @@ STACK_OF(type) \ | |||
| 1143 | #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) | 1193 | #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) | 
| 1144 | #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) | 1194 | #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) | 
| 1145 | #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) | 1195 | #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) | 
| 1196 | #define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) | ||
| 1146 | 1197 | ||
| 1147 | #define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) | 1198 | #define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) | 
| 1148 | #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) | 1199 | #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) | 
| @@ -1163,6 +1214,7 @@ STACK_OF(type) \ | |||
| 1163 | #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) | 1214 | #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) | 
| 1164 | #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) | 1215 | #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) | 
| 1165 | #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) | 1216 | #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) | 
| 1217 | #define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) | ||
| 1166 | 1218 | ||
| 1167 | #define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) | 1219 | #define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) | 
| 1168 | #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) | 1220 | #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) | 
| @@ -1183,6 +1235,7 @@ STACK_OF(type) \ | |||
| 1183 | #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) | 1235 | #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) | 
| 1184 | #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) | 1236 | #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) | 
| 1185 | #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) | 1237 | #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) | 
| 1238 | #define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) | ||
| 1186 | 1239 | ||
| 1187 | #define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) | 1240 | #define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) | 
| 1188 | #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) | 1241 | #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) | 
| @@ -1203,6 +1256,7 @@ STACK_OF(type) \ | |||
| 1203 | #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) | 1256 | #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) | 
| 1204 | #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) | 1257 | #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) | 
| 1205 | #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) | 1258 | #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) | 
| 1259 | #define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) | ||
| 1206 | 1260 | ||
| 1207 | #define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) | 1261 | #define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) | 
| 1208 | #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) | 1262 | #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) | 
| @@ -1223,6 +1277,7 @@ STACK_OF(type) \ | |||
| 1223 | #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) | 1277 | #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) | 
| 1224 | #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) | 1278 | #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) | 
| 1225 | #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) | 1279 | #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) | 
| 1280 | #define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) | ||
| 1226 | 1281 | ||
| 1227 | #define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) | 1282 | #define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) | 
| 1228 | #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) | 1283 | #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) | 
| @@ -1243,6 +1298,7 @@ STACK_OF(type) \ | |||
| 1243 | #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) | 1298 | #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) | 
| 1244 | #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) | 1299 | #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) | 
| 1245 | #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) | 1300 | #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) | 
| 1301 | #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) | ||
| 1246 | 1302 | ||
| 1247 | #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) | 1303 | #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) | 
| 1248 | #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) | 1304 | #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) | 
| @@ -1263,6 +1319,7 @@ STACK_OF(type) \ | |||
| 1263 | #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) | 1319 | #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) | 
| 1264 | #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) | 1320 | #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) | 
| 1265 | #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) | 1321 | #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) | 
| 1322 | #define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) | ||
| 1266 | 1323 | ||
| 1267 | #define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) | 1324 | #define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) | 
| 1268 | #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) | 1325 | #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) | 
| @@ -1283,6 +1340,7 @@ STACK_OF(type) \ | |||
| 1283 | #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) | 1340 | #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) | 
| 1284 | #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) | 1341 | #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) | 
| 1285 | #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) | 1342 | #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) | 
| 1343 | #define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) | ||
| 1286 | 1344 | ||
| 1287 | #define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) | 1345 | #define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) | 
| 1288 | #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) | 1346 | #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) | 
| @@ -1303,6 +1361,7 @@ STACK_OF(type) \ | |||
| 1303 | #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) | 1361 | #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) | 
| 1304 | #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) | 1362 | #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) | 
| 1305 | #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) | 1363 | #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) | 
| 1364 | #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) | ||
| 1306 | 1365 | ||
| 1307 | #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 1366 | #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | 
| 1308 | SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | 1367 | SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | 
| diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c index 2496f28a8c..c7173eb6ab 100644 --- a/src/lib/libcrypto/stack/stack.c +++ b/src/lib/libcrypto/stack/stack.c | |||
| @@ -191,8 +191,7 @@ char *sk_delete(STACK *st, int loc) | |||
| 191 | char *ret; | 191 | char *ret; | 
| 192 | int i,j; | 192 | int i,j; | 
| 193 | 193 | ||
| 194 | if ((st == NULL) || (st->num == 0) || (loc < 0) | 194 | if(!st || (loc < 0) || (loc >= st->num)) return NULL; | 
| 195 | || (loc >= st->num)) return(NULL); | ||
| 196 | 195 | ||
| 197 | ret=st->data[loc]; | 196 | ret=st->data[loc]; | 
| 198 | if (loc != st->num-1) | 197 | if (loc != st->num-1) | 
| @@ -306,13 +305,13 @@ int sk_num(const STACK *st) | |||
| 306 | 305 | ||
| 307 | char *sk_value(const STACK *st, int i) | 306 | char *sk_value(const STACK *st, int i) | 
| 308 | { | 307 | { | 
| 309 | if(st == NULL) return NULL; | 308 | if(!st || (i < 0) || (i >= st->num)) return NULL; | 
| 310 | return st->data[i]; | 309 | return st->data[i]; | 
| 311 | } | 310 | } | 
| 312 | 311 | ||
| 313 | char *sk_set(STACK *st, int i, char *value) | 312 | char *sk_set(STACK *st, int i, char *value) | 
| 314 | { | 313 | { | 
| 315 | if(st == NULL) return NULL; | 314 | if(!st || (i < 0) || (i >= st->num)) return NULL; | 
| 316 | return (st->data[i] = value); | 315 | return (st->data[i] = value); | 
| 317 | } | 316 | } | 
| 318 | 317 | ||
| @@ -332,3 +331,10 @@ void sk_sort(STACK *st) | |||
| 332 | st->sorted=1; | 331 | st->sorted=1; | 
| 333 | } | 332 | } | 
| 334 | } | 333 | } | 
| 334 | |||
| 335 | int sk_is_sorted(const STACK *st) | ||
| 336 | { | ||
| 337 | if (!st) | ||
| 338 | return 1; | ||
| 339 | return st->sorted; | ||
| 340 | } | ||
| diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h index 8b436ca4b9..7570b85fe8 100644 --- a/src/lib/libcrypto/stack/stack.h +++ b/src/lib/libcrypto/stack/stack.h | |||
| @@ -99,6 +99,7 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, | |||
| 99 | (const char * const *, const char * const *); | 99 | (const char * const *, const char * const *); | 
| 100 | STACK *sk_dup(STACK *st); | 100 | STACK *sk_dup(STACK *st); | 
| 101 | void sk_sort(STACK *st); | 101 | void sk_sort(STACK *st); | 
| 102 | int sk_is_sorted(const STACK *st); | ||
| 102 | 103 | ||
| 103 | #ifdef __cplusplus | 104 | #ifdef __cplusplus | 
| 104 | } | 105 | } | 
| diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl index 1b2915c767..60e534807e 100644 --- a/src/lib/libcrypto/util/mkerr.pl +++ b/src/lib/libcrypto/util/mkerr.pl | |||
| @@ -41,7 +41,8 @@ while (@ARGV) { | |||
| 41 | } | 41 | } | 
| 42 | 42 | ||
| 43 | if($recurse) { | 43 | if($recurse) { | 
| 44 | @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); | 44 | @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips/*.c>, | 
| 45 | <fips/*/*.c>); | ||
| 45 | } else { | 46 | } else { | 
| 46 | @source = @ARGV; | 47 | @source = @ARGV; | 
| 47 | } | 48 | } | 
| @@ -262,7 +263,7 @@ foreach $lib (keys %csrc) | |||
| 262 | } else { | 263 | } else { | 
| 263 | push @out, | 264 | push @out, | 
| 264 | "/* ====================================================================\n", | 265 | "/* ====================================================================\n", | 
| 265 | " * Copyright (c) 2001-2003 The OpenSSL Project. All rights reserved.\n", | 266 | " * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.\n", | 
| 266 | " *\n", | 267 | " *\n", | 
| 267 | " * Redistribution and use in source and binary forms, with or without\n", | 268 | " * Redistribution and use in source and binary forms, with or without\n", | 
| 268 | " * modification, are permitted provided that the following conditions\n", | 269 | " * modification, are permitted provided that the following conditions\n", | 
| @@ -404,7 +405,7 @@ EOF | |||
| 404 | print OUT <<"EOF"; | 405 | print OUT <<"EOF"; | 
| 405 | /* $cfile */ | 406 | /* $cfile */ | 
| 406 | /* ==================================================================== | 407 | /* ==================================================================== | 
| 407 | * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 408 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 
| 408 | * | 409 | * | 
| 409 | * Redistribution and use in source and binary forms, with or without | 410 | * Redistribution and use in source and binary forms, with or without | 
| 410 | * modification, are permitted provided that the following conditions | 411 | * modification, are permitted provided that the following conditions | 
| diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl index 085c50f790..0ca9eb6a76 100644 --- a/src/lib/libcrypto/util/mkstack.pl +++ b/src/lib/libcrypto/util/mkstack.pl | |||
| @@ -84,6 +84,7 @@ while(<IN>) { | |||
| 84 | #define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st)) | 84 | #define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st)) | 
| 85 | #define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st)) | 85 | #define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st)) | 
| 86 | #define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st)) | 86 | #define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st)) | 
| 87 | #define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st)) | ||
| 87 | EOF | 88 | EOF | 
| 88 | } | 89 | } | 
| 89 | foreach $type_thing (sort @asn1setlst) { | 90 | foreach $type_thing (sort @asn1setlst) { | 
| diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index b4b04183d0..a5e0d4aefa 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c | |||
| @@ -150,7 +150,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) | |||
| 150 | x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); | 150 | x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); | 
| 151 | if (x == NULL) | 151 | if (x == NULL) | 
| 152 | { | 152 | { | 
| 153 | if ((ERR_GET_REASON(ERR_peek_error()) == | 153 | if ((ERR_GET_REASON(ERR_peek_last_error()) == | 
| 154 | PEM_R_NO_START_LINE) && (count > 0)) | 154 | PEM_R_NO_START_LINE) && (count > 0)) | 
| 155 | { | 155 | { | 
| 156 | ERR_clear_error(); | 156 | ERR_clear_error(); | 
| @@ -217,7 +217,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) | |||
| 217 | x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); | 217 | x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); | 
| 218 | if (x == NULL) | 218 | if (x == NULL) | 
| 219 | { | 219 | { | 
| 220 | if ((ERR_GET_REASON(ERR_peek_error()) == | 220 | if ((ERR_GET_REASON(ERR_peek_last_error()) == | 
| 221 | PEM_R_NO_START_LINE) && (count > 0)) | 221 | PEM_R_NO_START_LINE) && (count > 0)) | 
| 222 | { | 222 | { | 
| 223 | ERR_clear_error(); | 223 | ERR_clear_error(); | 
| diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 8d0c7e2e17..e8c1a59cf2 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -410,6 +410,7 @@ typedef struct X509_crl_info_st | |||
| 410 | ASN1_TIME *nextUpdate; | 410 | ASN1_TIME *nextUpdate; | 
| 411 | STACK_OF(X509_REVOKED) *revoked; | 411 | STACK_OF(X509_REVOKED) *revoked; | 
| 412 | STACK_OF(X509_EXTENSION) /* [0] */ *extensions; | 412 | STACK_OF(X509_EXTENSION) /* [0] */ *extensions; | 
| 413 | ASN1_ENCODING enc; | ||
| 413 | } X509_CRL_INFO; | 414 | } X509_CRL_INFO; | 
| 414 | 415 | ||
| 415 | struct X509_crl_st | 416 | struct X509_crl_st | 
| @@ -1037,18 +1038,18 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, | |||
| 1037 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | 1038 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | 
| 1038 | unsigned char *bytes, int len, int loc, int set); | 1039 | unsigned char *bytes, int len, int loc, int set); | 
| 1039 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | 1040 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | 
| 1040 | char *field, int type, unsigned char *bytes, int len); | 1041 | const char *field, int type, const unsigned char *bytes, int len); | 
| 1041 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | 1042 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | 
| 1042 | int type,unsigned char *bytes, int len); | 1043 | int type,unsigned char *bytes, int len); | 
| 1043 | int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, | 1044 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, | 
| 1044 | unsigned char *bytes, int len, int loc, int set); | 1045 | const unsigned char *bytes, int len, int loc, int set); | 
| 1045 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | 1046 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | 
| 1046 | ASN1_OBJECT *obj, int type,unsigned char *bytes, | 1047 | ASN1_OBJECT *obj, int type,const unsigned char *bytes, | 
| 1047 | int len); | 1048 | int len); | 
| 1048 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, | 1049 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, | 
| 1049 | ASN1_OBJECT *obj); | 1050 | ASN1_OBJECT *obj); | 
| 1050 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | 1051 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | 
| 1051 | unsigned char *bytes, int len); | 1052 | const unsigned char *bytes, int len); | 
| 1052 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); | 1053 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); | 
| 1053 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | 1054 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | 
| 1054 | 1055 | ||
| diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index f460102f49..030d0966fc 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -254,33 +254,49 @@ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) | |||
| 254 | return 0; | 254 | return 0; | 
| 255 | } | 255 | } | 
| 256 | 256 | ||
| 257 | static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) | ||
| 258 | { | ||
| 259 | int j; | ||
| 260 | j = a->length - b->length; | ||
| 261 | if (j) | ||
| 262 | return j; | ||
| 263 | return memcmp(a->data, b->data, a->length); | ||
| 264 | } | ||
| 265 | |||
| 266 | #define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) | ||
| 267 | |||
| 257 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | 268 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | 
| 258 | { | 269 | { | 
| 259 | int i,j; | 270 | int i,j; | 
| 260 | X509_NAME_ENTRY *na,*nb; | 271 | X509_NAME_ENTRY *na,*nb; | 
| 261 | 272 | ||
| 262 | if (sk_X509_NAME_ENTRY_num(a->entries) | 273 | unsigned long nabit, nbbit; | 
| 263 | != sk_X509_NAME_ENTRY_num(b->entries)) | 274 | |
| 264 | return sk_X509_NAME_ENTRY_num(a->entries) | 275 | j = sk_X509_NAME_ENTRY_num(a->entries) | 
| 265 | -sk_X509_NAME_ENTRY_num(b->entries); | 276 | - sk_X509_NAME_ENTRY_num(b->entries); | 
| 277 | if (j) | ||
| 278 | return j; | ||
| 266 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) | 279 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) | 
| 267 | { | 280 | { | 
| 268 | na=sk_X509_NAME_ENTRY_value(a->entries,i); | 281 | na=sk_X509_NAME_ENTRY_value(a->entries,i); | 
| 269 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); | 282 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); | 
| 270 | j=na->value->type-nb->value->type; | 283 | j=na->value->type-nb->value->type; | 
| 271 | if (j) return(j); | 284 | if (j) | 
| 272 | if (na->value->type == V_ASN1_PRINTABLESTRING) | 285 | { | 
| 286 | nabit = ASN1_tag2bit(na->value->type); | ||
| 287 | nbbit = ASN1_tag2bit(nb->value->type); | ||
| 288 | if (!(nabit & STR_TYPE_CMP) || | ||
| 289 | !(nbbit & STR_TYPE_CMP)) | ||
| 290 | return j; | ||
| 291 | j = asn1_string_memcmp(na->value, nb->value); | ||
| 292 | } | ||
| 293 | else if (na->value->type == V_ASN1_PRINTABLESTRING) | ||
| 273 | j=nocase_spacenorm_cmp(na->value, nb->value); | 294 | j=nocase_spacenorm_cmp(na->value, nb->value); | 
| 274 | else if (na->value->type == V_ASN1_IA5STRING | 295 | else if (na->value->type == V_ASN1_IA5STRING | 
| 275 | && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) | 296 | && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) | 
| 276 | j=nocase_cmp(na->value, nb->value); | 297 | j=nocase_cmp(na->value, nb->value); | 
| 277 | else | 298 | else | 
| 278 | { | 299 | j = asn1_string_memcmp(na->value, nb->value); | 
| 279 | j=na->value->length-nb->value->length; | ||
| 280 | if (j) return(j); | ||
| 281 | j=memcmp(na->value->data,nb->value->data, | ||
| 282 | na->value->length); | ||
| 283 | } | ||
| 284 | if (j) return(j); | 300 | if (j) return(j); | 
| 285 | j=na->set-nb->set; | 301 | j=na->set-nb->set; | 
| 286 | if (j) return(j); | 302 | if (j) return(j); | 
| @@ -306,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x) | |||
| 306 | { | 322 | { | 
| 307 | unsigned long ret=0; | 323 | unsigned long ret=0; | 
| 308 | unsigned char md[16]; | 324 | unsigned char md[16]; | 
| 325 | EVP_MD_CTX md_ctx; | ||
| 309 | 326 | ||
| 310 | /* Make sure X509_NAME structure contains valid cached encoding */ | 327 | /* Make sure X509_NAME structure contains valid cached encoding */ | 
| 311 | i2d_X509_NAME(x,NULL); | 328 | i2d_X509_NAME(x,NULL); | 
| 312 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); | 329 | EVP_MD_CTX_init(&md_ctx); | 
| 330 | EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); | ||
| 331 | EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); | ||
| 332 | EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); | ||
| 333 | EVP_DigestFinal_ex(&md_ctx,md,NULL); | ||
| 334 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 313 | 335 | ||
| 314 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 336 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 
| 315 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 337 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 
| diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c index db051033d9..fb8a78dabe 100644 --- a/src/lib/libcrypto/x509/x509_r2x.c +++ b/src/lib/libcrypto/x509/x509_r2x.c | |||
| @@ -92,8 +92,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) | |||
| 92 | X509_set_subject_name(ret,X509_NAME_dup(xn)); | 92 | X509_set_subject_name(ret,X509_NAME_dup(xn)); | 
| 93 | X509_set_issuer_name(ret,X509_NAME_dup(xn)); | 93 | X509_set_issuer_name(ret,X509_NAME_dup(xn)); | 
| 94 | 94 | ||
| 95 | X509_gmtime_adj(xi->validity->notBefore,0); | 95 | if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) | 
| 96 | X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days); | 96 | goto err; | 
| 97 | if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) | ||
| 98 | goto err; | ||
| 97 | 99 | ||
| 98 | X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); | 100 | X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); | 
| 99 | 101 | ||
| diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 0affa3bf30..59fc6ca548 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
| @@ -118,7 +118,7 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) | |||
| 118 | * used and there may be more: so the list is configurable. | 118 | * used and there may be more: so the list is configurable. | 
| 119 | */ | 119 | */ | 
| 120 | 120 | ||
| 121 | static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef}; | 121 | static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; | 
| 122 | 122 | ||
| 123 | static int *ext_nids = ext_nid_list; | 123 | static int *ext_nids = ext_nid_list; | 
| 124 | 124 | ||
| @@ -143,32 +143,33 @@ void X509_REQ_set_extension_nids(int *nids) | |||
| 143 | } | 143 | } | 
| 144 | 144 | ||
| 145 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | 145 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | 
| 146 | { | 146 | { | 
| 147 | X509_ATTRIBUTE *attr; | 147 | X509_ATTRIBUTE *attr; | 
| 148 | STACK_OF(X509_ATTRIBUTE) *sk; | ||
| 149 | ASN1_TYPE *ext = NULL; | 148 | ASN1_TYPE *ext = NULL; | 
| 150 | int i; | 149 | int idx, *pnid; | 
| 151 | unsigned char *p; | 150 | unsigned char *p; | 
| 152 | if ((req == NULL) || (req->req_info == NULL)) | 151 | |
| 152 | if ((req == NULL) || (req->req_info == NULL) || !ext_nids) | ||
| 153 | return(NULL); | 153 | return(NULL); | 
| 154 | sk=req->req_info->attributes; | 154 | for (pnid = ext_nids; *pnid != NID_undef; pnid++) | 
| 155 | if (!sk) return NULL; | 155 | { | 
| 156 | for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | 156 | idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); | 
| 157 | attr = sk_X509_ATTRIBUTE_value(sk, i); | 157 | if (idx == -1) | 
| 158 | if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) { | 158 | continue; | 
| 159 | if(attr->single) ext = attr->value.single; | 159 | attr = X509_REQ_get_attr(req, idx); | 
| 160 | else if(sk_ASN1_TYPE_num(attr->value.set)) | 160 | if(attr->single) ext = attr->value.single; | 
| 161 | ext = sk_ASN1_TYPE_value(attr->value.set, 0); | 161 | else if(sk_ASN1_TYPE_num(attr->value.set)) | 
| 162 | break; | 162 | ext = sk_ASN1_TYPE_value(attr->value.set, 0); | 
| 163 | break; | ||
| 163 | } | 164 | } | 
| 164 | } | 165 | if(!ext || (ext->type != V_ASN1_SEQUENCE)) | 
| 165 | if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; | 166 | return NULL; | 
| 166 | p = ext->value.sequence->data; | 167 | p = ext->value.sequence->data; | 
| 167 | return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, | 168 | return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, | 
| 168 | ext->value.sequence->length, | 169 | ext->value.sequence->length, | 
| 169 | d2i_X509_EXTENSION, X509_EXTENSION_free, | 170 | d2i_X509_EXTENSION, X509_EXTENSION_free, | 
| 170 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 171 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 
| 171 | } | 172 | } | 
| 172 | 173 | ||
| 173 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | 174 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | 
| 174 | * in case we want to create a non standard one. | 175 | * in case we want to create a non standard one. | 
| diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c index e31ebc6741..f19e66a238 100644 --- a/src/lib/libcrypto/x509/x509_txt.c +++ b/src/lib/libcrypto/x509/x509_txt.c | |||
| @@ -122,8 +122,14 @@ const char *X509_verify_cert_error_string(long n) | |||
| 122 | return("certificate revoked"); | 122 | return("certificate revoked"); | 
| 123 | case X509_V_ERR_INVALID_CA: | 123 | case X509_V_ERR_INVALID_CA: | 
| 124 | return ("invalid CA certificate"); | 124 | return ("invalid CA certificate"); | 
| 125 | case X509_V_ERR_INVALID_NON_CA: | ||
| 126 | return ("invalid non-CA certificate (has CA markings)"); | ||
| 125 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | 127 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | 
| 126 | return ("path length constraint exceeded"); | 128 | return ("path length constraint exceeded"); | 
| 129 | case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: | ||
| 130 | return("proxy path length constraint exceeded"); | ||
| 131 | case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: | ||
| 132 | return("proxy cerificates not allowed, please set the appropriate flag"); | ||
| 127 | case X509_V_ERR_INVALID_PURPOSE: | 133 | case X509_V_ERR_INVALID_PURPOSE: | 
| 128 | return ("unsupported certificate purpose"); | 134 | return ("unsupported certificate purpose"); | 
| 129 | case X509_V_ERR_CERT_UNTRUSTED: | 135 | case X509_V_ERR_CERT_UNTRUSTED: | 
| @@ -140,19 +146,16 @@ const char *X509_verify_cert_error_string(long n) | |||
| 140 | return("authority and issuer serial number mismatch"); | 146 | return("authority and issuer serial number mismatch"); | 
| 141 | case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: | 147 | case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: | 
| 142 | return("key usage does not include certificate signing"); | 148 | return("key usage does not include certificate signing"); | 
| 143 | |||
| 144 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | 149 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | 
| 145 | return("unable to get CRL issuer certificate"); | 150 | return("unable to get CRL issuer certificate"); | 
| 146 | |||
| 147 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: | 151 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: | 
| 148 | return("unhandled critical extension"); | 152 | return("unhandled critical extension"); | 
| 149 | |||
| 150 | case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: | 153 | case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: | 
| 151 | return("key usage does not include CRL signing"); | 154 | return("key usage does not include CRL signing"); | 
| 152 | 155 | case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: | |
| 156 | return("key usage does not include digital signature"); | ||
| 153 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: | 157 | case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: | 
| 154 | return("unhandled critical CRL extension"); | 158 | return("unhandled critical CRL extension"); | 
| 155 | |||
| 156 | default: | 159 | default: | 
| 157 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); | 160 | BIO_snprintf(buf,sizeof buf,"error number %ld",n); | 
| 158 | return(buf); | 161 | return(buf); | 
| diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 2e4d0b823a..e43c861ee7 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -73,7 +73,7 @@ | |||
| 73 | static int null_callback(int ok,X509_STORE_CTX *e); | 73 | static int null_callback(int ok,X509_STORE_CTX *e); | 
| 74 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); | 74 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); | 
| 75 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); | 75 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); | 
| 76 | static int check_chain_purpose(X509_STORE_CTX *ctx); | 76 | static int check_chain_extensions(X509_STORE_CTX *ctx); | 
| 77 | static int check_trust(X509_STORE_CTX *ctx); | 77 | static int check_trust(X509_STORE_CTX *ctx); | 
| 78 | static int check_revocation(X509_STORE_CTX *ctx); | 78 | static int check_revocation(X509_STORE_CTX *ctx); | 
| 79 | static int check_cert(X509_STORE_CTX *ctx); | 79 | static int check_cert(X509_STORE_CTX *ctx); | 
| @@ -281,7 +281,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 281 | } | 281 | } | 
| 282 | 282 | ||
| 283 | /* We have the chain complete: now we need to check its purpose */ | 283 | /* We have the chain complete: now we need to check its purpose */ | 
| 284 | if (ctx->purpose > 0) ok = check_chain_purpose(ctx); | 284 | ok = check_chain_extensions(ctx); | 
| 285 | 285 | ||
| 286 | if (!ok) goto end; | 286 | if (!ok) goto end; | 
| 287 | 287 | ||
| @@ -365,21 +365,39 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | |||
| 365 | else | 365 | else | 
| 366 | return 0; | 366 | return 0; | 
| 367 | } | 367 | } | 
| 368 | 368 | ||
| 369 | 369 | ||
| 370 | /* Check a certificate chains extensions for consistency | 370 | /* Check a certificate chains extensions for consistency | 
| 371 | * with the supplied purpose | 371 | * with the supplied purpose | 
| 372 | */ | 372 | */ | 
| 373 | 373 | ||
| 374 | static int check_chain_purpose(X509_STORE_CTX *ctx) | 374 | static int check_chain_extensions(X509_STORE_CTX *ctx) | 
| 375 | { | 375 | { | 
| 376 | #ifdef OPENSSL_NO_CHAIN_VERIFY | 376 | #ifdef OPENSSL_NO_CHAIN_VERIFY | 
| 377 | return 1; | 377 | return 1; | 
| 378 | #else | 378 | #else | 
| 379 | int i, ok=0; | 379 | int i, ok=0, must_be_ca; | 
| 380 | X509 *x; | 380 | X509 *x; | 
| 381 | int (*cb)(); | 381 | int (*cb)(); | 
| 382 | int proxy_path_length = 0; | ||
| 383 | int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | ||
| 382 | cb=ctx->verify_cb; | 384 | cb=ctx->verify_cb; | 
| 385 | |||
| 386 | /* must_be_ca can have 1 of 3 values: | ||
| 387 | -1: we accept both CA and non-CA certificates, to allow direct | ||
| 388 | use of self-signed certificates (which are marked as CA). | ||
| 389 | 0: we only accept non-CA certificates. This is currently not | ||
| 390 | used, but the possibility is present for future extensions. | ||
| 391 | 1: we only accept CA certificates. This is currently used for | ||
| 392 | all certificates in the chain except the leaf certificate. | ||
| 393 | */ | ||
| 394 | must_be_ca = -1; | ||
| 395 | |||
| 396 | /* A hack to keep people who don't want to modify their software | ||
| 397 | happy */ | ||
| 398 | if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) | ||
| 399 | allow_proxy_certs = 1; | ||
| 400 | |||
| 383 | /* Check all untrusted certificates */ | 401 | /* Check all untrusted certificates */ | 
| 384 | for (i = 0; i < ctx->last_untrusted; i++) | 402 | for (i = 0; i < ctx->last_untrusted; i++) | 
| 385 | { | 403 | { | 
| @@ -394,23 +412,73 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) | |||
| 394 | ok=cb(0,ctx); | 412 | ok=cb(0,ctx); | 
| 395 | if (!ok) goto end; | 413 | if (!ok) goto end; | 
| 396 | } | 414 | } | 
| 397 | ret = X509_check_purpose(x, ctx->purpose, i); | 415 | if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) | 
| 398 | if ((ret == 0) | ||
| 399 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | ||
| 400 | && (ret != 1))) | ||
| 401 | { | 416 | { | 
| 402 | if (i) | 417 | ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; | 
| 418 | ctx->error_depth = i; | ||
| 419 | ctx->current_cert = x; | ||
| 420 | ok=cb(0,ctx); | ||
| 421 | if (!ok) goto end; | ||
| 422 | } | ||
| 423 | ret = X509_check_ca(x); | ||
| 424 | switch(must_be_ca) | ||
| 425 | { | ||
| 426 | case -1: | ||
| 427 | if ((ctx->flags & X509_V_FLAG_X509_STRICT) | ||
| 428 | && (ret != 1) && (ret != 0)) | ||
| 429 | { | ||
| 430 | ret = 0; | ||
| 403 | ctx->error = X509_V_ERR_INVALID_CA; | 431 | ctx->error = X509_V_ERR_INVALID_CA; | 
| 432 | } | ||
| 404 | else | 433 | else | 
| 405 | ctx->error = X509_V_ERR_INVALID_PURPOSE; | 434 | ret = 1; | 
| 435 | break; | ||
| 436 | case 0: | ||
| 437 | if (ret != 0) | ||
| 438 | { | ||
| 439 | ret = 0; | ||
| 440 | ctx->error = X509_V_ERR_INVALID_NON_CA; | ||
| 441 | } | ||
| 442 | else | ||
| 443 | ret = 1; | ||
| 444 | break; | ||
| 445 | default: | ||
| 446 | if ((ret == 0) | ||
| 447 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | ||
| 448 | && (ret != 1))) | ||
| 449 | { | ||
| 450 | ret = 0; | ||
| 451 | ctx->error = X509_V_ERR_INVALID_CA; | ||
| 452 | } | ||
| 453 | else | ||
| 454 | ret = 1; | ||
| 455 | break; | ||
| 456 | } | ||
| 457 | if (ret == 0) | ||
| 458 | { | ||
| 406 | ctx->error_depth = i; | 459 | ctx->error_depth = i; | 
| 407 | ctx->current_cert = x; | 460 | ctx->current_cert = x; | 
| 408 | ok=cb(0,ctx); | 461 | ok=cb(0,ctx); | 
| 409 | if (!ok) goto end; | 462 | if (!ok) goto end; | 
| 410 | } | 463 | } | 
| 464 | if (ctx->purpose > 0) | ||
| 465 | { | ||
| 466 | ret = X509_check_purpose(x, ctx->purpose, | ||
| 467 | must_be_ca > 0); | ||
| 468 | if ((ret == 0) | ||
| 469 | || ((ctx->flags & X509_V_FLAG_X509_STRICT) | ||
| 470 | && (ret != 1))) | ||
| 471 | { | ||
| 472 | ctx->error = X509_V_ERR_INVALID_PURPOSE; | ||
| 473 | ctx->error_depth = i; | ||
| 474 | ctx->current_cert = x; | ||
| 475 | ok=cb(0,ctx); | ||
| 476 | if (!ok) goto end; | ||
| 477 | } | ||
| 478 | } | ||
| 411 | /* Check pathlen */ | 479 | /* Check pathlen */ | 
| 412 | if ((i > 1) && (x->ex_pathlen != -1) | 480 | if ((i > 1) && (x->ex_pathlen != -1) | 
| 413 | && (i > (x->ex_pathlen + 1))) | 481 | && (i > (x->ex_pathlen + proxy_path_length + 1))) | 
| 414 | { | 482 | { | 
| 415 | ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; | 483 | ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; | 
| 416 | ctx->error_depth = i; | 484 | ctx->error_depth = i; | 
| @@ -418,6 +486,32 @@ static int check_chain_purpose(X509_STORE_CTX *ctx) | |||
| 418 | ok=cb(0,ctx); | 486 | ok=cb(0,ctx); | 
| 419 | if (!ok) goto end; | 487 | if (!ok) goto end; | 
| 420 | } | 488 | } | 
| 489 | /* If this certificate is a proxy certificate, the next | ||
| 490 | certificate must be another proxy certificate or a EE | ||
| 491 | certificate. If not, the next certificate must be a | ||
| 492 | CA certificate. */ | ||
| 493 | if (x->ex_flags & EXFLAG_PROXY) | ||
| 494 | { | ||
| 495 | PROXY_CERT_INFO_EXTENSION *pci = | ||
| 496 | X509_get_ext_d2i(x, NID_proxyCertInfo, | ||
| 497 | NULL, NULL); | ||
| 498 | if (pci->pcPathLengthConstraint && | ||
| 499 | ASN1_INTEGER_get(pci->pcPathLengthConstraint) | ||
| 500 | < i) | ||
| 501 | { | ||
| 502 | PROXY_CERT_INFO_EXTENSION_free(pci); | ||
| 503 | ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; | ||
| 504 | ctx->error_depth = i; | ||
| 505 | ctx->current_cert = x; | ||
| 506 | ok=cb(0,ctx); | ||
| 507 | if (!ok) goto end; | ||
| 508 | } | ||
| 509 | PROXY_CERT_INFO_EXTENSION_free(pci); | ||
| 510 | proxy_path_length++; | ||
| 511 | must_be_ca = 0; | ||
| 512 | } | ||
| 513 | else | ||
| 514 | must_be_ca = 1; | ||
| 421 | } | 515 | } | 
| 422 | ok = 1; | 516 | ok = 1; | 
| 423 | end: | 517 | end: | 
| @@ -627,6 +721,15 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | |||
| 627 | X509_EXTENSION *ext; | 721 | X509_EXTENSION *ext; | 
| 628 | /* Look for serial number of certificate in CRL */ | 722 | /* Look for serial number of certificate in CRL */ | 
| 629 | rtmp.serialNumber = X509_get_serialNumber(x); | 723 | rtmp.serialNumber = X509_get_serialNumber(x); | 
| 724 | /* Sort revoked into serial number order if not already sorted. | ||
| 725 | * Do this under a lock to avoid race condition. | ||
| 726 | */ | ||
| 727 | if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) | ||
| 728 | { | ||
| 729 | CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); | ||
| 730 | sk_X509_REVOKED_sort(crl->crl->revoked); | ||
| 731 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); | ||
| 732 | } | ||
| 630 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); | 733 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); | 
| 631 | /* If found assume revoked: want something cleverer than | 734 | /* If found assume revoked: want something cleverer than | 
| 632 | * this to handle entry extensions in V2 CRLs. | 735 | * this to handle entry extensions in V2 CRLs. | 
| @@ -772,6 +875,7 @@ static int internal_verify(X509_STORE_CTX *ctx) | |||
| 772 | } | 875 | } | 
| 773 | 876 | ||
| 774 | /* The last error (if any) is still in the error value */ | 877 | /* The last error (if any) is still in the error value */ | 
| 878 | ctx->current_issuer=xi; | ||
| 775 | ctx->current_cert=xs; | 879 | ctx->current_cert=xs; | 
| 776 | ok=(*cb)(1,ctx); | 880 | ok=(*cb)(1,ctx); | 
| 777 | if (!ok) goto end; | 881 | if (!ok) goto end; | 
| @@ -851,7 +955,8 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) | |||
| 851 | atm.length=sizeof(buff2); | 955 | atm.length=sizeof(buff2); | 
| 852 | atm.data=(unsigned char *)buff2; | 956 | atm.data=(unsigned char *)buff2; | 
| 853 | 957 | ||
| 854 | X509_time_adj(&atm,-offset*60, cmp_time); | 958 | if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL) | 
| 959 | return 0; | ||
| 855 | 960 | ||
| 856 | if (ctm->type == V_ASN1_UTCTIME) | 961 | if (ctm->type == V_ASN1_UTCTIME) | 
| 857 | { | 962 | { | 
| diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 198495884c..7fd1f0bc4d 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -276,7 +276,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 276 | #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 | 276 | #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 | 
| 277 | #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 | 277 | #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 | 
| 278 | #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 | 278 | #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 | 
| 279 | #define X509_V_ERR_CERT_NOT_YET_VALID 9 | 279 | #define X509_V_ERR_CERT_NOT_YET_VALID 9 | 
| 280 | #define X509_V_ERR_CERT_HAS_EXPIRED 10 | 280 | #define X509_V_ERR_CERT_HAS_EXPIRED 10 | 
| 281 | #define X509_V_ERR_CRL_NOT_YET_VALID 11 | 281 | #define X509_V_ERR_CRL_NOT_YET_VALID 11 | 
| 282 | #define X509_V_ERR_CRL_HAS_EXPIRED 12 | 282 | #define X509_V_ERR_CRL_HAS_EXPIRED 12 | 
| @@ -306,6 +306,10 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 306 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 | 306 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 | 
| 307 | #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 | 307 | #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 | 
| 308 | #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 | 308 | #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 | 
| 309 | #define X509_V_ERR_INVALID_NON_CA 37 | ||
| 310 | #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 | ||
| 311 | #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 | ||
| 312 | #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 | ||
| 309 | 313 | ||
| 310 | /* The application is not happy */ | 314 | /* The application is not happy */ | 
| 311 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 315 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 
| @@ -324,6 +328,8 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ | |||
| 324 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 | 328 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 | 
| 325 | /* Disable workarounds for broken certificates */ | 329 | /* Disable workarounds for broken certificates */ | 
| 326 | #define X509_V_FLAG_X509_STRICT 0x20 | 330 | #define X509_V_FLAG_X509_STRICT 0x20 | 
| 331 | /* Enable proxy certificate validation */ | ||
| 332 | #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 | ||
| 327 | 333 | ||
| 328 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | 334 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | 
| 329 | X509_NAME *name); | 335 | X509_NAME *name); | 
| diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c index 6cac440ea9..9d1646d5c8 100644 --- a/src/lib/libcrypto/x509/x509cset.c +++ b/src/lib/libcrypto/x509/x509cset.c | |||
| @@ -129,6 +129,7 @@ int X509_CRL_sort(X509_CRL *c) | |||
| 129 | r=sk_X509_REVOKED_value(c->crl->revoked,i); | 129 | r=sk_X509_REVOKED_value(c->crl->revoked,i); | 
| 130 | r->sequence=i; | 130 | r->sequence=i; | 
| 131 | } | 131 | } | 
| 132 | c->crl->enc.modified = 1; | ||
| 132 | return 1; | 133 | return 1; | 
| 133 | } | 134 | } | 
| 134 | 135 | ||
| diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index 4c20e03ece..068abfe5f0 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c | |||
| @@ -195,8 +195,8 @@ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | |||
| 195 | return ret; | 195 | return ret; | 
| 196 | } | 196 | } | 
| 197 | 197 | ||
| 198 | int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, | 198 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, | 
| 199 | unsigned char *bytes, int len, int loc, int set) | 199 | const unsigned char *bytes, int len, int loc, int set) | 
| 200 | { | 200 | { | 
| 201 | X509_NAME_ENTRY *ne; | 201 | X509_NAME_ENTRY *ne; | 
| 202 | int ret; | 202 | int ret; | 
| @@ -273,7 +273,7 @@ err: | |||
| 273 | } | 273 | } | 
| 274 | 274 | ||
| 275 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | 275 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | 
| 276 | char *field, int type, unsigned char *bytes, int len) | 276 | const char *field, int type, const unsigned char *bytes, int len) | 
| 277 | { | 277 | { | 
| 278 | ASN1_OBJECT *obj; | 278 | ASN1_OBJECT *obj; | 
| 279 | X509_NAME_ENTRY *nentry; | 279 | X509_NAME_ENTRY *nentry; | 
| @@ -309,7 +309,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | |||
| 309 | } | 309 | } | 
| 310 | 310 | ||
| 311 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | 311 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | 
| 312 | ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) | 312 | ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) | 
| 313 | { | 313 | { | 
| 314 | X509_NAME_ENTRY *ret; | 314 | X509_NAME_ENTRY *ret; | 
| 315 | 315 | ||
| @@ -347,7 +347,7 @@ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) | |||
| 347 | } | 347 | } | 
| 348 | 348 | ||
| 349 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | 349 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | 
| 350 | unsigned char *bytes, int len) | 350 | const unsigned char *bytes, int len) | 
| 351 | { | 351 | { | 
| 352 | int i; | 352 | int i; | 
| 353 | 353 | ||
| diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index fb5015cd4d..ac6dea493a 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c | |||
| @@ -103,6 +103,7 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) | |||
| 103 | 103 | ||
| 104 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) | 104 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) | 
| 105 | { | 105 | { | 
| 106 | x->crl->enc.modified = 1; | ||
| 106 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, | 107 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, | 
| 107 | x->sig_alg, x->signature, x->crl,pkey,md)); | 108 | x->sig_alg, x->signature, x->crl,pkey,md)); | 
| 108 | } | 109 | } | 
| diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h index 5442480595..d8328ac468 100644 --- a/src/lib/libcrypto/x509v3/ext_dat.h +++ b/src/lib/libcrypto/x509v3/ext_dat.h | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. | 
| 4 | */ | 4 | */ | 
| 5 | /* ==================================================================== | 5 | /* ==================================================================== | 
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | 
| 7 | * | 7 | * | 
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | 
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | 
| @@ -60,10 +60,11 @@ | |||
| 60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | 60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | 
| 61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; | 61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; | 
| 62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | 62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | 
| 63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld; | 63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; | 
| 64 | extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; | ||
| 64 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; | 65 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; | 
| 65 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; | 66 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; | 
| 66 | extern X509V3_EXT_METHOD v3_crl_hold; | 67 | extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; | 
| 67 | 68 | ||
| 68 | /* This table will be searched using OBJ_bsearch so it *must* kept in | 69 | /* This table will be searched using OBJ_bsearch so it *must* kept in | 
| 69 | * order of the ext_nid values. | 70 | * order of the ext_nid values. | 
| @@ -89,6 +90,7 @@ static X509V3_EXT_METHOD *standard_exts[] = { | |||
| 89 | &v3_akey_id, | 90 | &v3_akey_id, | 
| 90 | &v3_crld, | 91 | &v3_crld, | 
| 91 | &v3_ext_ku, | 92 | &v3_ext_ku, | 
| 93 | &v3_delta_crl, | ||
| 92 | &v3_crl_reason, | 94 | &v3_crl_reason, | 
| 93 | #ifndef OPENSSL_NO_OCSP | 95 | #ifndef OPENSSL_NO_OCSP | 
| 94 | &v3_crl_invdate, | 96 | &v3_crl_invdate, | 
| @@ -105,8 +107,9 @@ static X509V3_EXT_METHOD *standard_exts[] = { | |||
| 105 | #endif | 107 | #endif | 
| 106 | &v3_sinfo, | 108 | &v3_sinfo, | 
| 107 | #ifndef OPENSSL_NO_OCSP | 109 | #ifndef OPENSSL_NO_OCSP | 
| 108 | &v3_crl_hold | 110 | &v3_crl_hold, | 
| 109 | #endif | 111 | #endif | 
| 112 | &v3_pci, | ||
| 110 | }; | 113 | }; | 
| 111 | 114 | ||
| 112 | /* Number of standard extensions */ | 115 | /* Number of standard extensions */ | 
| diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c index 16cf125562..274965306d 100644 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ b/src/lib/libcrypto/x509v3/v3_bitst.c | |||
| @@ -124,7 +124,12 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
| 124 | for(bnam = method->usr_data; bnam->lname; bnam++) { | 124 | for(bnam = method->usr_data; bnam->lname; bnam++) { | 
| 125 | if(!strcmp(bnam->sname, val->name) || | 125 | if(!strcmp(bnam->sname, val->name) || | 
| 126 | !strcmp(bnam->lname, val->name) ) { | 126 | !strcmp(bnam->lname, val->name) ) { | 
| 127 | ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1); | 127 | if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { | 
| 128 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, | ||
| 129 | ERR_R_MALLOC_FAILURE); | ||
| 130 | M_ASN1_BIT_STRING_free(bs); | ||
| 131 | return NULL; | ||
| 132 | } | ||
| 128 | break; | 133 | break; | 
| 129 | } | 134 | } | 
| 130 | } | 135 | } | 
| diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c index f9414456de..9683afa47c 100644 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ b/src/lib/libcrypto/x509v3/v3_ia5.c | |||
| @@ -82,7 +82,10 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | |||
| 82 | { | 82 | { | 
| 83 | char *tmp; | 83 | char *tmp; | 
| 84 | if(!ia5 || !ia5->length) return NULL; | 84 | if(!ia5 || !ia5->length) return NULL; | 
| 85 | if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; | 85 | if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { | 
| 86 | X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); | ||
| 87 | return NULL; | ||
| 88 | } | ||
| 86 | memcpy(tmp, ia5->data, ia5->length); | 89 | memcpy(tmp, ia5->data, ia5->length); | 
| 87 | tmp[ia5->length] = 0; | 90 | tmp[ia5->length] = 0; | 
| 88 | return tmp; | 91 | return tmp; | 
| diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c index f34cbfb731..7a43b4717b 100644 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ b/src/lib/libcrypto/x509v3/v3_int.c | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 1999. | 3 | * project 1999. | 
| 4 | */ | 4 | */ | 
| 5 | /* ==================================================================== | 5 | /* ==================================================================== | 
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | 
| 7 | * | 7 | * | 
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without | 
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions | 
| @@ -61,9 +61,16 @@ | |||
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> | 
| 62 | 62 | ||
| 63 | X509V3_EXT_METHOD v3_crl_num = { | 63 | X509V3_EXT_METHOD v3_crl_num = { | 
| 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), | 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), | 
| 65 | 0,0,0,0, | 65 | 0,0,0,0, | 
| 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 
| 67 | 0, | 67 | 0, | 
| 68 | 0,0,0,0, NULL}; | 68 | 0,0,0,0, NULL}; | 
| 69 | |||
| 70 | X509V3_EXT_METHOD v3_delta_crl = { | ||
| 71 | NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), | ||
| 72 | 0,0,0,0, | ||
| 73 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | ||
| 74 | 0, | ||
| 75 | 0,0,0,0, NULL}; | ||
| 69 | 76 | ||
| diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c new file mode 100644 index 0000000000..b32d968619 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pci.c | |||
| @@ -0,0 +1,313 @@ | |||
| 1 | /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Contributed to the OpenSSL Project 2004 | ||
| 3 | * by Richard Levitte (richard@levitte.org) | ||
| 4 | */ | ||
| 5 | /* Copyright (c) 2004 Kungliga Tekniska Högskolan | ||
| 6 | * (Royal Institute of Technology, Stockholm, Sweden). | ||
| 7 | * All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in the | ||
| 18 | * documentation and/or other materials provided with the distribution. | ||
| 19 | * | ||
| 20 | * 3. Neither the name of the Institute nor the names of its contributors | ||
| 21 | * may be used to endorse or promote products derived from this software | ||
| 22 | * without specific prior written permission. | ||
| 23 | * | ||
| 24 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | ||
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | ||
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 34 | * SUCH DAMAGE. | ||
| 35 | */ | ||
| 36 | |||
| 37 | #include <stdio.h> | ||
| 38 | #include "cryptlib.h" | ||
| 39 | #include <openssl/conf.h> | ||
| 40 | #include <openssl/x509v3.h> | ||
| 41 | |||
| 42 | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, | ||
| 43 | BIO *out, int indent); | ||
| 44 | static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | ||
| 45 | X509V3_CTX *ctx, char *str); | ||
| 46 | |||
| 47 | X509V3_EXT_METHOD v3_pci = | ||
| 48 | { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), | ||
| 49 | 0,0,0,0, | ||
| 50 | 0,0, | ||
| 51 | NULL, NULL, | ||
| 52 | (X509V3_EXT_I2R)i2r_pci, | ||
| 53 | (X509V3_EXT_R2I)r2i_pci, | ||
| 54 | NULL, | ||
| 55 | }; | ||
| 56 | |||
| 57 | static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, | ||
| 58 | BIO *out, int indent) | ||
| 59 | { | ||
| 60 | BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); | ||
| 61 | if (pci->pcPathLengthConstraint) | ||
| 62 | i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); | ||
| 63 | else | ||
| 64 | BIO_printf(out, "infinite"); | ||
| 65 | BIO_puts(out, "\n"); | ||
| 66 | BIO_printf(out, "%*sPolicy Language: ", indent, ""); | ||
| 67 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); | ||
| 68 | BIO_puts(out, "\n"); | ||
| 69 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) | ||
| 70 | BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", | ||
| 71 | pci->proxyPolicy->policy->data); | ||
| 72 | return 1; | ||
| 73 | } | ||
| 74 | |||
| 75 | static int process_pci_value(CONF_VALUE *val, | ||
| 76 | ASN1_OBJECT **language, ASN1_INTEGER **pathlen, | ||
| 77 | ASN1_OCTET_STRING **policy) | ||
| 78 | { | ||
| 79 | int free_policy = 0; | ||
| 80 | |||
| 81 | if (strcmp(val->name, "language") == 0) | ||
| 82 | { | ||
| 83 | if (*language) | ||
| 84 | { | ||
| 85 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); | ||
| 86 | X509V3_conf_err(val); | ||
| 87 | return 0; | ||
| 88 | } | ||
| 89 | if (!(*language = OBJ_txt2obj(val->value, 0))) | ||
| 90 | { | ||
| 91 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 92 | X509V3_conf_err(val); | ||
| 93 | return 0; | ||
| 94 | } | ||
| 95 | } | ||
| 96 | else if (strcmp(val->name, "pathlen") == 0) | ||
| 97 | { | ||
| 98 | if (*pathlen) | ||
| 99 | { | ||
| 100 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); | ||
| 101 | X509V3_conf_err(val); | ||
| 102 | return 0; | ||
| 103 | } | ||
| 104 | if (!X509V3_get_value_int(val, pathlen)) | ||
| 105 | { | ||
| 106 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_PATH_LENGTH); | ||
| 107 | X509V3_conf_err(val); | ||
| 108 | return 0; | ||
| 109 | } | ||
| 110 | } | ||
| 111 | else if (strcmp(val->name, "policy") == 0) | ||
| 112 | { | ||
| 113 | unsigned char *tmp_data = NULL; | ||
| 114 | long val_len; | ||
| 115 | if (!*policy) | ||
| 116 | { | ||
| 117 | *policy = ASN1_OCTET_STRING_new(); | ||
| 118 | if (!*policy) | ||
| 119 | { | ||
| 120 | X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | ||
| 121 | X509V3_conf_err(val); | ||
| 122 | return 0; | ||
| 123 | } | ||
| 124 | free_policy = 1; | ||
| 125 | } | ||
| 126 | if (strncmp(val->value, "hex:", 4) == 0) | ||
| 127 | { | ||
| 128 | unsigned char *tmp_data2 = | ||
| 129 | string_to_hex(val->value + 4, &val_len); | ||
| 130 | |||
| 131 | if (!tmp_data2) goto err; | ||
| 132 | |||
| 133 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 134 | (*policy)->length + val_len + 1); | ||
| 135 | if (tmp_data) | ||
| 136 | { | ||
| 137 | (*policy)->data = tmp_data; | ||
| 138 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 139 | tmp_data2, val_len); | ||
| 140 | (*policy)->length += val_len; | ||
| 141 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 142 | } | ||
| 143 | } | ||
| 144 | else if (strncmp(val->value, "file:", 5) == 0) | ||
| 145 | { | ||
| 146 | unsigned char buf[2048]; | ||
| 147 | int n; | ||
| 148 | BIO *b = BIO_new_file(val->value + 5, "r"); | ||
| 149 | if (!b) | ||
| 150 | { | ||
| 151 | X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB); | ||
| 152 | X509V3_conf_err(val); | ||
| 153 | goto err; | ||
| 154 | } | ||
| 155 | while((n = BIO_read(b, buf, sizeof(buf))) > 0 | ||
| 156 | || (n == 0 && BIO_should_retry(b))) | ||
| 157 | { | ||
| 158 | if (!n) continue; | ||
| 159 | |||
| 160 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 161 | (*policy)->length + n + 1); | ||
| 162 | |||
| 163 | if (!tmp_data) | ||
| 164 | break; | ||
| 165 | |||
| 166 | (*policy)->data = tmp_data; | ||
| 167 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 168 | buf, n); | ||
| 169 | (*policy)->length += n; | ||
| 170 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 171 | } | ||
| 172 | |||
| 173 | if (n < 0) | ||
| 174 | { | ||
| 175 | X509V3err(X509V3_F_R2I_PCI,ERR_R_BIO_LIB); | ||
| 176 | X509V3_conf_err(val); | ||
| 177 | goto err; | ||
| 178 | } | ||
| 179 | } | ||
| 180 | else if (strncmp(val->value, "text:", 5) == 0) | ||
| 181 | { | ||
| 182 | val_len = strlen(val->value + 5); | ||
| 183 | tmp_data = OPENSSL_realloc((*policy)->data, | ||
| 184 | (*policy)->length + val_len + 1); | ||
| 185 | if (tmp_data) | ||
| 186 | { | ||
| 187 | (*policy)->data = tmp_data; | ||
| 188 | memcpy(&(*policy)->data[(*policy)->length], | ||
| 189 | val->value + 5, val_len); | ||
| 190 | (*policy)->length += val_len; | ||
| 191 | (*policy)->data[(*policy)->length] = '\0'; | ||
| 192 | } | ||
| 193 | } | ||
| 194 | else | ||
| 195 | { | ||
| 196 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); | ||
| 197 | X509V3_conf_err(val); | ||
| 198 | goto err; | ||
| 199 | } | ||
| 200 | if (!tmp_data) | ||
| 201 | { | ||
| 202 | X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | ||
| 203 | X509V3_conf_err(val); | ||
| 204 | goto err; | ||
| 205 | } | ||
| 206 | } | ||
| 207 | return 1; | ||
| 208 | err: | ||
| 209 | if (free_policy) | ||
| 210 | { | ||
| 211 | ASN1_OCTET_STRING_free(*policy); | ||
| 212 | *policy = NULL; | ||
| 213 | } | ||
| 214 | return 0; | ||
| 215 | } | ||
| 216 | |||
| 217 | static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, | ||
| 218 | X509V3_CTX *ctx, char *value) | ||
| 219 | { | ||
| 220 | PROXY_CERT_INFO_EXTENSION *pci = NULL; | ||
| 221 | STACK_OF(CONF_VALUE) *vals; | ||
| 222 | ASN1_OBJECT *language = NULL; | ||
| 223 | ASN1_INTEGER *pathlen = NULL; | ||
| 224 | ASN1_OCTET_STRING *policy = NULL; | ||
| 225 | int i, j; | ||
| 226 | |||
| 227 | vals = X509V3_parse_list(value); | ||
| 228 | for (i = 0; i < sk_CONF_VALUE_num(vals); i++) | ||
| 229 | { | ||
| 230 | CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); | ||
| 231 | if (!cnf->name || (*cnf->name != '@' && !cnf->value)) | ||
| 232 | { | ||
| 233 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); | ||
| 234 | X509V3_conf_err(cnf); | ||
| 235 | goto err; | ||
| 236 | } | ||
| 237 | if (*cnf->name == '@') | ||
| 238 | { | ||
| 239 | STACK_OF(CONF_VALUE) *sect; | ||
| 240 | int success_p = 1; | ||
| 241 | |||
| 242 | sect = X509V3_get_section(ctx, cnf->name + 1); | ||
| 243 | if (!sect) | ||
| 244 | { | ||
| 245 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); | ||
| 246 | X509V3_conf_err(cnf); | ||
| 247 | goto err; | ||
| 248 | } | ||
| 249 | for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) | ||
| 250 | { | ||
| 251 | success_p = | ||
| 252 | process_pci_value(sk_CONF_VALUE_value(sect, j), | ||
| 253 | &language, &pathlen, &policy); | ||
| 254 | } | ||
| 255 | X509V3_section_free(ctx, sect); | ||
| 256 | if (!success_p) | ||
| 257 | goto err; | ||
| 258 | } | ||
| 259 | else | ||
| 260 | { | ||
| 261 | if (!process_pci_value(cnf, | ||
| 262 | &language, &pathlen, &policy)) | ||
| 263 | { | ||
| 264 | X509V3_conf_err(cnf); | ||
| 265 | goto err; | ||
| 266 | } | ||
| 267 | } | ||
| 268 | } | ||
| 269 | |||
| 270 | /* Language is mandatory */ | ||
| 271 | if (!language) | ||
| 272 | { | ||
| 273 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); | ||
| 274 | goto err; | ||
| 275 | } | ||
| 276 | i = OBJ_obj2nid(language); | ||
| 277 | if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) | ||
| 278 | { | ||
| 279 | X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); | ||
| 280 | goto err; | ||
| 281 | } | ||
| 282 | |||
| 283 | pci = PROXY_CERT_INFO_EXTENSION_new(); | ||
| 284 | if (!pci) | ||
| 285 | { | ||
| 286 | X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | ||
| 287 | goto err; | ||
| 288 | } | ||
| 289 | pci->proxyPolicy = PROXY_POLICY_new(); | ||
| 290 | if (!pci->proxyPolicy) | ||
| 291 | { | ||
| 292 | X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); | ||
| 293 | goto err; | ||
| 294 | } | ||
| 295 | |||
| 296 | pci->proxyPolicy->policyLanguage = language; language = NULL; | ||
| 297 | pci->proxyPolicy->policy = policy; policy = NULL; | ||
| 298 | pci->pcPathLengthConstraint = pathlen; pathlen = NULL; | ||
| 299 | goto end; | ||
| 300 | err: | ||
| 301 | if (language) { ASN1_OBJECT_free(language); language = NULL; } | ||
| 302 | if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } | ||
| 303 | if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } | ||
| 304 | if (pci && pci->proxyPolicy) | ||
| 305 | { | ||
| 306 | PROXY_POLICY_free(pci->proxyPolicy); | ||
| 307 | pci->proxyPolicy = NULL; | ||
| 308 | } | ||
| 309 | if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } | ||
| 310 | end: | ||
| 311 | sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); | ||
| 312 | return pci; | ||
| 313 | } | ||
| diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c new file mode 100644 index 0000000000..bb362e0e5a --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pcia.c | |||
| @@ -0,0 +1,55 @@ | |||
| 1 | /* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ | ||
| 2 | /* Contributed to the OpenSSL Project 2004 | ||
| 3 | * by Richard Levitte (richard@levitte.org) | ||
| 4 | */ | ||
| 5 | /* Copyright (c) 2004 Kungliga Tekniska Högskolan | ||
| 6 | * (Royal Institute of Technology, Stockholm, Sweden). | ||
| 7 | * All rights reserved. | ||
| 8 | * | ||
| 9 | * Redistribution and use in source and binary forms, with or without | ||
| 10 | * modification, are permitted provided that the following conditions | ||
| 11 | * are met: | ||
| 12 | * | ||
| 13 | * 1. Redistributions of source code must retain the above copyright | ||
| 14 | * notice, this list of conditions and the following disclaimer. | ||
| 15 | * | ||
| 16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 17 | * notice, this list of conditions and the following disclaimer in the | ||
| 18 | * documentation and/or other materials provided with the distribution. | ||
| 19 | * | ||
| 20 | * 3. Neither the name of the Institute nor the names of its contributors | ||
| 21 | * may be used to endorse or promote products derived from this software | ||
| 22 | * without specific prior written permission. | ||
| 23 | * | ||
| 24 | * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND | ||
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE | ||
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 34 | * SUCH DAMAGE. | ||
| 35 | */ | ||
| 36 | |||
| 37 | #include <openssl/asn1.h> | ||
| 38 | #include <openssl/asn1t.h> | ||
| 39 | #include <openssl/x509v3.h> | ||
| 40 | |||
| 41 | ASN1_SEQUENCE(PROXY_POLICY) = | ||
| 42 | { | ||
| 43 | ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), | ||
| 44 | ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) | ||
| 45 | } ASN1_SEQUENCE_END(PROXY_POLICY) | ||
| 46 | |||
| 47 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) | ||
| 48 | |||
| 49 | ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = | ||
| 50 | { | ||
| 51 | ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), | ||
| 52 | ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) | ||
| 53 | } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) | ||
| 54 | |||
| 55 | IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | ||
| diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index b3d1ae5d1c..bbdf6da493 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
| @@ -63,7 +63,6 @@ | |||
| 63 | 63 | ||
| 64 | static void x509v3_cache_extensions(X509 *x); | 64 | static void x509v3_cache_extensions(X509 *x); | 
| 65 | 65 | ||
| 66 | static int ca_check(const X509 *x); | ||
| 67 | static int check_ssl_ca(const X509 *x); | 66 | static int check_ssl_ca(const X509 *x); | 
| 68 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); | 67 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); | 
| 69 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); | 68 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); | 
| @@ -286,7 +285,8 @@ int X509_supported_extension(X509_EXTENSION *ex) | |||
| 286 | NID_key_usage, /* 83 */ | 285 | NID_key_usage, /* 83 */ | 
| 287 | NID_subject_alt_name, /* 85 */ | 286 | NID_subject_alt_name, /* 85 */ | 
| 288 | NID_basic_constraints, /* 87 */ | 287 | NID_basic_constraints, /* 87 */ | 
| 289 | NID_ext_key_usage /* 126 */ | 288 | NID_ext_key_usage, /* 126 */ | 
| 289 | NID_proxyCertInfo /* 661 */ | ||
| 290 | }; | 290 | }; | 
| 291 | 291 | ||
| 292 | int ex_nid; | 292 | int ex_nid; | 
| @@ -307,6 +307,7 @@ int X509_supported_extension(X509_EXTENSION *ex) | |||
| 307 | static void x509v3_cache_extensions(X509 *x) | 307 | static void x509v3_cache_extensions(X509 *x) | 
| 308 | { | 308 | { | 
| 309 | BASIC_CONSTRAINTS *bs; | 309 | BASIC_CONSTRAINTS *bs; | 
| 310 | PROXY_CERT_INFO_EXTENSION *pci; | ||
| 310 | ASN1_BIT_STRING *usage; | 311 | ASN1_BIT_STRING *usage; | 
| 311 | ASN1_BIT_STRING *ns; | 312 | ASN1_BIT_STRING *ns; | 
| 312 | EXTENDED_KEY_USAGE *extusage; | 313 | EXTENDED_KEY_USAGE *extusage; | 
| @@ -335,6 +336,16 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 335 | BASIC_CONSTRAINTS_free(bs); | 336 | BASIC_CONSTRAINTS_free(bs); | 
| 336 | x->ex_flags |= EXFLAG_BCONS; | 337 | x->ex_flags |= EXFLAG_BCONS; | 
| 337 | } | 338 | } | 
| 339 | /* Handle proxy certificates */ | ||
| 340 | if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { | ||
| 341 | if (x->ex_flags & EXFLAG_CA | ||
| 342 | || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 | ||
| 343 | || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { | ||
| 344 | x->ex_flags |= EXFLAG_INVALID; | ||
| 345 | } | ||
| 346 | PROXY_CERT_INFO_EXTENSION_free(pci); | ||
| 347 | x->ex_flags |= EXFLAG_PROXY; | ||
| 348 | } | ||
| 338 | /* Handle key usage */ | 349 | /* Handle key usage */ | 
| 339 | if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { | 350 | if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { | 
| 340 | if(usage->length > 0) { | 351 | if(usage->length > 0) { | 
| @@ -426,7 +437,7 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 426 | #define ns_reject(x, usage) \ | 437 | #define ns_reject(x, usage) \ | 
| 427 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) | 438 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) | 
| 428 | 439 | ||
| 429 | static int ca_check(const X509 *x) | 440 | static int check_ca(const X509 *x) | 
| 430 | { | 441 | { | 
| 431 | /* keyUsage if present should allow cert signing */ | 442 | /* keyUsage if present should allow cert signing */ | 
| 432 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; | 443 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; | 
| @@ -435,25 +446,37 @@ static int ca_check(const X509 *x) | |||
| 435 | /* If basicConstraints says not a CA then say so */ | 446 | /* If basicConstraints says not a CA then say so */ | 
| 436 | else return 0; | 447 | else return 0; | 
| 437 | } else { | 448 | } else { | 
| 449 | /* we support V1 roots for... uh, I don't really know why. */ | ||
| 438 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 450 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 
| 439 | /* If key usage present it must have certSign so tolerate it */ | 451 | /* If key usage present it must have certSign so tolerate it */ | 
| 440 | else if (x->ex_flags & EXFLAG_KUSAGE) return 4; | 452 | else if (x->ex_flags & EXFLAG_KUSAGE) return 4; | 
| 441 | else return 2; | 453 | /* Older certificates could have Netscape-specific CA types */ | 
| 454 | else if (x->ex_flags & EXFLAG_NSCERT | ||
| 455 | && x->ex_nscert & NS_ANY_CA) return 5; | ||
| 456 | /* can this still be regarded a CA certificate? I doubt it */ | ||
| 457 | return 0; | ||
| 442 | } | 458 | } | 
| 443 | } | 459 | } | 
| 444 | 460 | ||
| 461 | int X509_check_ca(X509 *x) | ||
| 462 | { | ||
| 463 | if(!(x->ex_flags & EXFLAG_SET)) { | ||
| 464 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | ||
| 465 | x509v3_cache_extensions(x); | ||
| 466 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | ||
| 467 | } | ||
| 468 | |||
| 469 | return check_ca(x); | ||
| 470 | } | ||
| 471 | |||
| 445 | /* Check SSL CA: common checks for SSL client and server */ | 472 | /* Check SSL CA: common checks for SSL client and server */ | 
| 446 | static int check_ssl_ca(const X509 *x) | 473 | static int check_ssl_ca(const X509 *x) | 
| 447 | { | 474 | { | 
| 448 | int ca_ret; | 475 | int ca_ret; | 
| 449 | ca_ret = ca_check(x); | 476 | ca_ret = check_ca(x); | 
| 450 | if(!ca_ret) return 0; | 477 | if(!ca_ret) return 0; | 
| 451 | /* check nsCertType if present */ | 478 | /* check nsCertType if present */ | 
| 452 | if(x->ex_flags & EXFLAG_NSCERT) { | 479 | if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret; | 
| 453 | if(x->ex_nscert & NS_SSL_CA) return ca_ret; | ||
| 454 | return 0; | ||
| 455 | } | ||
| 456 | if(ca_ret != 2) return ca_ret; | ||
| 457 | else return 0; | 480 | else return 0; | 
| 458 | } | 481 | } | 
| 459 | 482 | ||
| @@ -498,14 +521,10 @@ static int purpose_smime(const X509 *x, int ca) | |||
| 498 | if(xku_reject(x,XKU_SMIME)) return 0; | 521 | if(xku_reject(x,XKU_SMIME)) return 0; | 
| 499 | if(ca) { | 522 | if(ca) { | 
| 500 | int ca_ret; | 523 | int ca_ret; | 
| 501 | ca_ret = ca_check(x); | 524 | ca_ret = check_ca(x); | 
| 502 | if(!ca_ret) return 0; | 525 | if(!ca_ret) return 0; | 
| 503 | /* check nsCertType if present */ | 526 | /* check nsCertType if present */ | 
| 504 | if(x->ex_flags & EXFLAG_NSCERT) { | 527 | if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret; | 
| 505 | if(x->ex_nscert & NS_SMIME_CA) return ca_ret; | ||
| 506 | return 0; | ||
| 507 | } | ||
| 508 | if(ca_ret != 2) return ca_ret; | ||
| 509 | else return 0; | 528 | else return 0; | 
| 510 | } | 529 | } | 
| 511 | if(x->ex_flags & EXFLAG_NSCERT) { | 530 | if(x->ex_flags & EXFLAG_NSCERT) { | 
| @@ -539,7 +558,7 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) | |||
| 539 | { | 558 | { | 
| 540 | if(ca) { | 559 | if(ca) { | 
| 541 | int ca_ret; | 560 | int ca_ret; | 
| 542 | if((ca_ret = ca_check(x)) != 2) return ca_ret; | 561 | if((ca_ret = check_ca(x)) != 2) return ca_ret; | 
| 543 | else return 0; | 562 | else return 0; | 
| 544 | } | 563 | } | 
| 545 | if(ku_reject(x, KU_CRL_SIGN)) return 0; | 564 | if(ku_reject(x, KU_CRL_SIGN)) return 0; | 
| @@ -552,17 +571,9 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) | |||
| 552 | 571 | ||
| 553 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) | 572 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) | 
| 554 | { | 573 | { | 
| 555 | /* Must be a valid CA */ | 574 | /* Must be a valid CA. Should we really support the "I don't know" | 
| 556 | if(ca) { | 575 | value (2)? */ | 
| 557 | int ca_ret; | 576 | if(ca) return check_ca(x); | 
| 558 | ca_ret = ca_check(x); | ||
| 559 | if(ca_ret != 2) return ca_ret; | ||
| 560 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
| 561 | if(x->ex_nscert & NS_ANY_CA) return ca_ret; | ||
| 562 | return 0; | ||
| 563 | } | ||
| 564 | return 0; | ||
| 565 | } | ||
| 566 | /* leaf certificate is checked in OCSP_verify() */ | 577 | /* leaf certificate is checked in OCSP_verify() */ | 
| 567 | return 1; | 578 | return 1; | 
| 568 | } | 579 | } | 
| @@ -624,7 +635,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) | |||
| 624 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | 635 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | 
| 625 | } | 636 | } | 
| 626 | } | 637 | } | 
| 627 | if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; | 638 | if(subject->ex_flags & EXFLAG_PROXY) | 
| 639 | { | ||
| 640 | if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) | ||
| 641 | return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; | ||
| 642 | } | ||
| 643 | else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) | ||
| 644 | return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; | ||
| 628 | return X509_V_OK; | 645 | return X509_V_OK; | 
| 629 | } | 646 | } | 
| 630 | 647 | ||
| diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c index 6458e95bb9..2df0c3ef01 100644 --- a/src/lib/libcrypto/x509v3/v3err.c +++ b/src/lib/libcrypto/x509v3/v3err.c | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | /* crypto/x509v3/v3err.c */ | 1 | /* crypto/x509v3/v3err.c */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| 5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | 
| 6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | 
| @@ -72,12 +72,14 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 72 | {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, | 72 | {ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, | 
| 73 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, | 73 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, | 
| 74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, | 74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, | 
| 75 | {ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"}, | ||
| 75 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, | 76 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, | 
| 76 | {ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, | 77 | {ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, | 
| 77 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, | 78 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, | 
| 78 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, | 79 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, | 
| 79 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, | 80 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, | 
| 80 | {ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, | 81 | {ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, | 
| 82 | {ERR_PACK(0,X509V3_F_R2I_PCI,0), "R2I_PCI"}, | ||
| 81 | {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, | 83 | {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, | 
| 82 | {ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, | 84 | {ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, | 
| 83 | {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, | 85 | {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, | 
| @@ -128,6 +130,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 128 | {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, | 130 | {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, | 
| 129 | {X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, | 131 | {X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, | 
| 130 | {X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, | 132 | {X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, | 
| 133 | {X509V3_R_INCORRECT_POLICY_SYNTAX_TAG ,"incorrect policy syntax tag"}, | ||
| 131 | {X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, | 134 | {X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, | 
| 132 | {X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, | 135 | {X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, | 
| 133 | {X509V3_R_INVALID_NAME ,"invalid name"}, | 136 | {X509V3_R_INVALID_NAME ,"invalid name"}, | 
| @@ -139,6 +142,8 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 139 | {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, | 142 | {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, | 
| 140 | {X509V3_R_INVALID_OPTION ,"invalid option"}, | 143 | {X509V3_R_INVALID_OPTION ,"invalid option"}, | 
| 141 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, | 144 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, | 
| 145 | {X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER,"invalid proxy policy identifier"}, | ||
| 146 | {X509V3_R_INVALID_PROXY_POLICY_SETTING ,"invalid proxy policy setting"}, | ||
| 142 | {X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, | 147 | {X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, | 
| 143 | {X509V3_R_INVALID_SECTION ,"invalid section"}, | 148 | {X509V3_R_INVALID_SECTION ,"invalid section"}, | 
| 144 | {X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, | 149 | {X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, | 
| @@ -149,9 +154,16 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 149 | {X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, | 154 | {X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, | 
| 150 | {X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, | 155 | {X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, | 
| 151 | {X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, | 156 | {X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, | 
| 157 | {X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED,"no proxy cert policy language defined"}, | ||
| 152 | {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, | 158 | {X509V3_R_NO_PUBLIC_KEY ,"no public key"}, | 
| 153 | {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, | 159 | {X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, | 
| 154 | {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, | 160 | {X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, | 
| 161 | {X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED,"policy language alreadty defined"}, | ||
| 162 | {X509V3_R_POLICY_PATH_LENGTH ,"policy path length"}, | ||
| 163 | {X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED,"policy path length alreadty defined"}, | ||
| 164 | {X509V3_R_POLICY_SYNTAX_NOT ,"policy syntax not"}, | ||
| 165 | {X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED,"policy syntax not currently supported"}, | ||
| 166 | {X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY,"policy when proxy language requires no policy"}, | ||
| 155 | {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, | 167 | {X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, | 
| 156 | {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, | 168 | {X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, | 
| 157 | {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, | 169 | {X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, | 
| diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h index fb07a19016..e6d91251c2 100644 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ b/src/lib/libcrypto/x509v3/x509v3.h | |||
| @@ -287,6 +287,23 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; | |||
| 287 | DECLARE_STACK_OF(POLICYINFO) | 287 | DECLARE_STACK_OF(POLICYINFO) | 
| 288 | DECLARE_ASN1_SET_OF(POLICYINFO) | 288 | DECLARE_ASN1_SET_OF(POLICYINFO) | 
| 289 | 289 | ||
| 290 | /* Proxy certificate structures, see RFC 3820 */ | ||
| 291 | typedef struct PROXY_POLICY_st | ||
| 292 | { | ||
| 293 | ASN1_OBJECT *policyLanguage; | ||
| 294 | ASN1_OCTET_STRING *policy; | ||
| 295 | } PROXY_POLICY; | ||
| 296 | |||
| 297 | typedef struct PROXY_CERT_INFO_EXTENSION_st | ||
| 298 | { | ||
| 299 | ASN1_INTEGER *pcPathLengthConstraint; | ||
| 300 | PROXY_POLICY *proxyPolicy; | ||
| 301 | } PROXY_CERT_INFO_EXTENSION; | ||
| 302 | |||
| 303 | DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) | ||
| 304 | DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) | ||
| 305 | |||
| 306 | |||
| 290 | #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ | 307 | #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ | 
| 291 | ",name:", val->name, ",value:", val->value); | 308 | ",name:", val->name, ",value:", val->value); | 
| 292 | 309 | ||
| @@ -325,6 +342,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) | |||
| 325 | #define EXFLAG_INVALID 0x80 | 342 | #define EXFLAG_INVALID 0x80 | 
| 326 | #define EXFLAG_SET 0x100 | 343 | #define EXFLAG_SET 0x100 | 
| 327 | #define EXFLAG_CRITICAL 0x200 | 344 | #define EXFLAG_CRITICAL 0x200 | 
| 345 | #define EXFLAG_PROXY 0x400 | ||
| 328 | 346 | ||
| 329 | #define KU_DIGITAL_SIGNATURE 0x0080 | 347 | #define KU_DIGITAL_SIGNATURE 0x0080 | 
| 330 | #define KU_NON_REPUDIATION 0x0040 | 348 | #define KU_NON_REPUDIATION 0x0040 | 
| @@ -527,6 +545,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | |||
| 527 | 545 | ||
| 528 | int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); | 546 | int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); | 
| 529 | 547 | ||
| 548 | int X509_check_ca(X509 *x); | ||
| 530 | int X509_check_purpose(X509 *x, int id, int ca); | 549 | int X509_check_purpose(X509 *x, int id, int ca); | 
| 531 | int X509_supported_extension(X509_EXTENSION *ex); | 550 | int X509_supported_extension(X509_EXTENSION *ex); | 
| 532 | int X509_PURPOSE_set(int *p, int purpose); | 551 | int X509_PURPOSE_set(int *p, int purpose); | 
| @@ -564,12 +583,14 @@ void ERR_load_X509V3_strings(void); | |||
| 564 | #define X509V3_F_DO_EXT_I2D 135 | 583 | #define X509V3_F_DO_EXT_I2D 135 | 
| 565 | #define X509V3_F_HEX_TO_STRING 111 | 584 | #define X509V3_F_HEX_TO_STRING 111 | 
| 566 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 | 585 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 | 
| 586 | #define X509V3_F_I2S_ASN1_IA5STRING 142 | ||
| 567 | #define X509V3_F_I2S_ASN1_INTEGER 120 | 587 | #define X509V3_F_I2S_ASN1_INTEGER 120 | 
| 568 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 | 588 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 | 
| 569 | #define X509V3_F_NOTICE_SECTION 132 | 589 | #define X509V3_F_NOTICE_SECTION 132 | 
| 570 | #define X509V3_F_NREF_NOS 133 | 590 | #define X509V3_F_NREF_NOS 133 | 
| 571 | #define X509V3_F_POLICY_SECTION 131 | 591 | #define X509V3_F_POLICY_SECTION 131 | 
| 572 | #define X509V3_F_R2I_CERTPOL 130 | 592 | #define X509V3_F_R2I_CERTPOL 130 | 
| 593 | #define X509V3_F_R2I_PCI 142 | ||
| 573 | #define X509V3_F_S2I_ASN1_IA5STRING 100 | 594 | #define X509V3_F_S2I_ASN1_IA5STRING 100 | 
| 574 | #define X509V3_F_S2I_ASN1_INTEGER 108 | 595 | #define X509V3_F_S2I_ASN1_INTEGER 108 | 
| 575 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 | 596 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 | 
| @@ -617,6 +638,7 @@ void ERR_load_X509V3_strings(void); | |||
| 617 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 | 638 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 | 
| 618 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 | 639 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 | 
| 619 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 | 640 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 | 
| 641 | #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 153 | ||
| 620 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 | 642 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 | 
| 621 | #define X509V3_R_INVALID_EXTENSION_STRING 105 | 643 | #define X509V3_R_INVALID_EXTENSION_STRING 105 | 
| 622 | #define X509V3_R_INVALID_NAME 106 | 644 | #define X509V3_R_INVALID_NAME 106 | 
| @@ -628,6 +650,8 @@ void ERR_load_X509V3_strings(void); | |||
| 628 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 | 650 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 | 
| 629 | #define X509V3_R_INVALID_OPTION 138 | 651 | #define X509V3_R_INVALID_OPTION 138 | 
| 630 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | 652 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | 
| 653 | #define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER 147 | ||
| 654 | #define X509V3_R_INVALID_PROXY_POLICY_SETTING 151 | ||
| 631 | #define X509V3_R_INVALID_PURPOSE 146 | 655 | #define X509V3_R_INVALID_PURPOSE 146 | 
| 632 | #define X509V3_R_INVALID_SECTION 135 | 656 | #define X509V3_R_INVALID_SECTION 135 | 
| 633 | #define X509V3_R_INVALID_SYNTAX 143 | 657 | #define X509V3_R_INVALID_SYNTAX 143 | 
| @@ -638,9 +662,16 @@ void ERR_load_X509V3_strings(void); | |||
| 638 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 | 662 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 | 
| 639 | #define X509V3_R_NO_ISSUER_DETAILS 127 | 663 | #define X509V3_R_NO_ISSUER_DETAILS 127 | 
| 640 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 | 664 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 | 
| 665 | #define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 148 | ||
| 641 | #define X509V3_R_NO_PUBLIC_KEY 114 | 666 | #define X509V3_R_NO_PUBLIC_KEY 114 | 
| 642 | #define X509V3_R_NO_SUBJECT_DETAILS 125 | 667 | #define X509V3_R_NO_SUBJECT_DETAILS 125 | 
| 643 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 | 668 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 | 
| 669 | #define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 149 | ||
| 670 | #define X509V3_R_POLICY_PATH_LENGTH 152 | ||
| 671 | #define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 150 | ||
| 672 | #define X509V3_R_POLICY_SYNTAX_NOT 154 | ||
| 673 | #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 155 | ||
| 674 | #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156 | ||
| 644 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 | 675 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 | 
| 645 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 | 676 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 | 
| 646 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 | 677 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 | 
