From 05552533f486a700413f5b1fd925ae0f2c26d8a8 Mon Sep 17 00:00:00 2001 From: djm <> Date: Fri, 9 Jan 2009 12:14:08 +0000 Subject: import openssl-0.9.8j --- src/lib/libcrypto/camellia/Makefile | 2 +- src/lib/libcrypto/cms/Makefile | 2 +- src/lib/libcrypto/ecdh/Makefile | 35 +- src/lib/libcrypto/ecdsa/Makefile | 49 +- src/lib/libcrypto/fips_err.h | 137 +++++ src/lib/libcrypto/jpake/Makefile | 64 ++ src/lib/libcrypto/jpake/jpake.c | 483 +++++++++++++++ src/lib/libcrypto/jpake/jpake.h | 129 ++++ src/lib/libcrypto/jpake/jpake_err.c | 105 ++++ src/lib/libcrypto/jpake/jpaketest.c | 192 ++++++ src/lib/libcrypto/pqueue/Makefile | 2 +- src/lib/libcrypto/seed/Makefile | 2 +- src/lib/libcrypto/store/Makefile | 18 +- src/lib/libcrypto/util/copy.pl | 11 + src/lib/libcrypto/x509v3/v3_addr.c | 13 +- src/lib/libcrypto/x509v3/v3_asid.c | 2 +- src/lib/libssl/src/Makefile.shared | 18 +- src/lib/libssl/src/crypto/aes/asm/aes-586.pl | 3 +- src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl | 7 +- src/lib/libssl/src/crypto/asn1/asn1_gen.c | 2 +- src/lib/libssl/src/crypto/asn1/asn_mime.c | 2 + src/lib/libssl/src/crypto/bio/bss_dgram.c | 64 +- src/lib/libssl/src/crypto/bn/bn_gf2m.c | 6 +- src/lib/libssl/src/crypto/bn/bn_nist.c | 776 ++++++++++++++---------- src/lib/libssl/src/crypto/bn/bn_x931p.c | 40 +- src/lib/libssl/src/crypto/buffer/buf_str.c | 116 ++++ src/lib/libssl/src/crypto/camellia/Makefile | 2 +- src/lib/libssl/src/crypto/camellia/camellia.h | 5 + src/lib/libssl/src/crypto/camellia/cmll_misc.c | 13 + src/lib/libssl/src/crypto/cms/Makefile | 2 +- src/lib/libssl/src/crypto/cms/cms_sd.c | 2 +- src/lib/libssl/src/crypto/cms/cms_smime.c | 9 +- src/lib/libssl/src/crypto/ec/ec_key.c | 16 +- src/lib/libssl/src/crypto/ecdh/Makefile | 35 +- src/lib/libssl/src/crypto/ecdsa/Makefile | 49 +- src/lib/libssl/src/crypto/evp/e_camellia.c | 2 +- src/lib/libssl/src/crypto/fips_err.h | 137 +++++ src/lib/libssl/src/crypto/jpake/Makefile | 64 ++ src/lib/libssl/src/crypto/jpake/jpake.c | 483 +++++++++++++++ src/lib/libssl/src/crypto/jpake/jpake.h | 129 ++++ src/lib/libssl/src/crypto/jpake/jpake_err.c | 105 ++++ src/lib/libssl/src/crypto/jpake/jpaketest.c | 192 ++++++ src/lib/libssl/src/crypto/o_init.c | 86 +++ src/lib/libssl/src/crypto/pqueue/Makefile | 2 +- src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl | 2 + src/lib/libssl/src/crypto/rsa/rsa_pss.c | 6 +- src/lib/libssl/src/crypto/rsa/rsa_x931.c | 2 +- src/lib/libssl/src/crypto/seed/Makefile | 2 +- src/lib/libssl/src/crypto/sha/sha256.c | 10 + src/lib/libssl/src/crypto/sha/sha512.c | 12 +- src/lib/libssl/src/crypto/store/Makefile | 18 +- src/lib/libssl/src/crypto/x509/x509_vpm.c | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_cache.c | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_data.c | 10 +- src/lib/libssl/src/crypto/x509v3/pcy_int.h | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_lib.c | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_map.c | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_node.c | 2 +- src/lib/libssl/src/crypto/x509v3/pcy_tree.c | 20 +- src/lib/libssl/src/crypto/x509v3/v3_addr.c | 13 +- src/lib/libssl/src/crypto/x509v3/v3_asid.c | 2 +- src/lib/libssl/src/crypto/x509v3/v3_ncons.c | 2 +- src/lib/libssl/src/crypto/x509v3/v3_pcons.c | 2 +- src/lib/libssl/src/crypto/x509v3/v3_pmaps.c | 2 +- src/lib/libssl/src/engines/Makefile | 198 +++--- src/lib/libssl/src/engines/e_aep.c | 8 +- src/lib/libssl/src/engines/e_chil.c | 12 +- src/lib/libssl/src/engines/e_chil_err.c | 1 - src/lib/libssl/src/engines/e_chil_err.h | 1 - src/lib/libssl/src/engines/e_gmp.c | 15 +- src/lib/libssl/src/ssl/d1_clnt.c | 3 +- src/lib/libssl/src/ssl/d1_enc.c | 19 +- src/lib/libssl/src/ssl/d1_lib.c | 1 + src/lib/libssl/src/ssl/d1_pkt.c | 22 +- src/lib/libssl/src/ssl/d1_srvr.c | 6 +- src/lib/libssl/src/ssl/dtls1.h | 7 + src/lib/libssl/src/test/igetest.c | 4 +- src/lib/libssl/src/util/copy.pl | 11 + src/lib/libssl/test/igetest.c | 4 +- 79 files changed, 3434 insertions(+), 606 deletions(-) create mode 100644 src/lib/libcrypto/fips_err.h create mode 100644 src/lib/libcrypto/jpake/Makefile create mode 100644 src/lib/libcrypto/jpake/jpake.c create mode 100644 src/lib/libcrypto/jpake/jpake.h create mode 100644 src/lib/libcrypto/jpake/jpake_err.c create mode 100644 src/lib/libcrypto/jpake/jpaketest.c create mode 100644 src/lib/libssl/src/crypto/buffer/buf_str.c create mode 100644 src/lib/libssl/src/crypto/fips_err.h create mode 100644 src/lib/libssl/src/crypto/jpake/Makefile create mode 100644 src/lib/libssl/src/crypto/jpake/jpake.c create mode 100644 src/lib/libssl/src/crypto/jpake/jpake.h create mode 100644 src/lib/libssl/src/crypto/jpake/jpake_err.c create mode 100644 src/lib/libssl/src/crypto/jpake/jpaketest.c create mode 100644 src/lib/libssl/src/crypto/o_init.c diff --git a/src/lib/libcrypto/camellia/Makefile b/src/lib/libcrypto/camellia/Makefile index 1579de5ce5..dfb12951fd 100644 --- a/src/lib/libcrypto/camellia/Makefile +++ b/src/lib/libcrypto/camellia/Makefile @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile index e39c310b6c..1c137e0cff 100644 --- a/src/lib/libcrypto/cms/Makefile +++ b/src/lib/libcrypto/cms/Makefile @@ -37,7 +37,7 @@ test: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile index 95aa69fea5..7a7b618eeb 100644 --- a/src/lib/libcrypto/ecdh/Makefile +++ b/src/lib/libcrypto/ecdh/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -84,20 +84,31 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/src/lib/libcrypto/ecdsa/Makefile b/src/lib/libcrypto/ecdsa/Makefile index 16a93cd3ae..4865f3c8d6 100644 --- a/src/lib/libcrypto/ecdsa/Makefile +++ b/src/lib/libcrypto/ecdsa/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -92,13 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_lib.o: ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h @@ -110,16 +115,28 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_sign.o: ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/src/lib/libcrypto/fips_err.h b/src/lib/libcrypto/fips_err.h new file mode 100644 index 0000000000..b328616858 --- /dev/null +++ b/src/lib/libcrypto/fips_err.h @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason) + +static ERR_STRING_DATA FIPS_str_functs[]= + { +{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, +{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, +{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, +{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"}, +{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"}, +{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, +{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, +{ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"}, +{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"}, +{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, +{0,NULL} + }; + +static ERR_STRING_DATA FIPS_str_reasons[]= + { +{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"}, +{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"}, +{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, +{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"}, +{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"}, +{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"}, +{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, +{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"}, +{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"}, +{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"}, +{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"}, +{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"}, +{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"}, +{0,NULL} + }; + +#endif + +void ERR_load_FIPS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,FIPS_str_functs); + ERR_load_strings(0,FIPS_str_reasons); + } +#endif + } diff --git a/src/lib/libcrypto/jpake/Makefile b/src/lib/libcrypto/jpake/Makefile new file mode 100644 index 0000000000..a4a1402f2e --- /dev/null +++ b/src/lib/libcrypto/jpake/Makefile @@ -0,0 +1,64 @@ +DIR=jpake +TOP=../.. + +CFLAGS= $(INCLUDES) $(CFLAG) + +LIB=$(TOP)/libcrypto.a +LIBOBJ=jpake.o jpake_err.o +LIBSRC=jpake.c jpake_err.c + +EXHEADER=jpake.h +TEST=jpaketest.c + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + +jpaketest: top jpaketest.c $(LIB) + $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB) +# DO NOT DELETE THIS LINE -- make depend depends on it. + +jpake.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +jpake.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +jpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +jpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +jpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +jpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +jpake.o: ../../include/openssl/symhacks.h jpake.c jpake.h +jpake_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +jpake_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +jpake_err.o: ../../include/openssl/err.h ../../include/openssl/jpake.h +jpake_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +jpake_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +jpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +jpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +jpake_err.o: jpake_err.c diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c new file mode 100644 index 0000000000..577b7ef375 --- /dev/null +++ b/src/lib/libcrypto/jpake/jpake.c @@ -0,0 +1,483 @@ +#include "jpake.h" + +#include +#include +#include +#include +#include + +/* + * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or + * Bob's (x3, x4, x1, x2). If you see what I mean. + */ + +typedef struct + { + char *name; /* Must be unique */ + char *peer_name; + BIGNUM *p; + BIGNUM *g; + BIGNUM *q; + BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ + BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ + } JPAKE_CTX_PUBLIC; + +struct JPAKE_CTX + { + JPAKE_CTX_PUBLIC p; + BIGNUM *secret; /* The shared secret */ + BN_CTX *ctx; + BIGNUM *xa; /* Alice's x1 or Bob's x3 */ + BIGNUM *xb; /* Alice's x2 or Bob's x4 */ + BIGNUM *key; /* The calculated (shared) key */ + }; + +static void JPAKE_ZKP_init(JPAKE_ZKP *zkp) + { + zkp->gr = BN_new(); + zkp->b = BN_new(); + } + +static void JPAKE_ZKP_release(JPAKE_ZKP *zkp) + { + BN_free(zkp->b); + BN_free(zkp->gr); + } + +/* Two birds with one stone - make the global name as expected */ +#define JPAKE_STEP_PART_init JPAKE_STEP2_init +#define JPAKE_STEP_PART_release JPAKE_STEP2_release + +void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p) + { + p->gx = BN_new(); + JPAKE_ZKP_init(&p->zkpx); + } + +void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p) + { + JPAKE_ZKP_release(&p->zkpx); + BN_free(p->gx); + } + +void JPAKE_STEP1_init(JPAKE_STEP1 *s1) + { + JPAKE_STEP_PART_init(&s1->p1); + JPAKE_STEP_PART_init(&s1->p2); + } + +void JPAKE_STEP1_release(JPAKE_STEP1 *s1) + { + JPAKE_STEP_PART_release(&s1->p2); + JPAKE_STEP_PART_release(&s1->p1); + } + +static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name, + const char *peer_name, const BIGNUM *p, + const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) + { + ctx->p.name = OPENSSL_strdup(name); + ctx->p.peer_name = OPENSSL_strdup(peer_name); + ctx->p.p = BN_dup(p); + ctx->p.g = BN_dup(g); + ctx->p.q = BN_dup(q); + ctx->secret = BN_dup(secret); + + ctx->p.gxc = BN_new(); + ctx->p.gxd = BN_new(); + + ctx->xa = BN_new(); + ctx->xb = BN_new(); + ctx->key = BN_new(); + ctx->ctx = BN_CTX_new(); + } + +static void JPAKE_CTX_release(JPAKE_CTX *ctx) + { + BN_CTX_free(ctx->ctx); + BN_clear_free(ctx->key); + BN_clear_free(ctx->xb); + BN_clear_free(ctx->xa); + + BN_free(ctx->p.gxd); + BN_free(ctx->p.gxc); + + BN_clear_free(ctx->secret); + BN_free(ctx->p.q); + BN_free(ctx->p.g); + BN_free(ctx->p.p); + OPENSSL_free(ctx->p.peer_name); + OPENSSL_free(ctx->p.name); + + memset(ctx, '\0', sizeof *ctx); + } + +JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) + { + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + + JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret); + + return ctx; + } + +void JPAKE_CTX_free(JPAKE_CTX *ctx) + { + JPAKE_CTX_release(ctx); + OPENSSL_free(ctx); + } + +static void hashlength(SHA_CTX *sha, size_t l) + { + unsigned char b[2]; + + assert(l <= 0xffff); + b[0] = l >> 8; + b[1] = l&0xff; + SHA1_Update(sha, b, 2); + } + +static void hashstring(SHA_CTX *sha, const char *string) + { + size_t l = strlen(string); + + hashlength(sha, l); + SHA1_Update(sha, string, l); + } + +static void hashbn(SHA_CTX *sha, const BIGNUM *bn) + { + size_t l = BN_num_bytes(bn); + unsigned char *bin = OPENSSL_malloc(l); + + hashlength(sha, l); + BN_bn2bin(bn, bin); + SHA1_Update(sha, bin, l); + OPENSSL_free(bin); + } + +/* h=hash(g, g^r, g^x, name) */ +static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, + const char *proof_name) + { + unsigned char md[SHA_DIGEST_LENGTH]; + SHA_CTX sha; + + /* + * XXX: hash should not allow moving of the boundaries - Java code + * is flawed in this respect. Length encoding seems simplest. + */ + SHA1_Init(&sha); + hashbn(&sha, zkpg); + assert(!BN_is_zero(p->zkpx.gr)); + hashbn(&sha, p->zkpx.gr); + hashbn(&sha, p->gx); + hashstring(&sha, proof_name); + SHA1_Final(md, &sha); + BN_bin2bn(md, SHA_DIGEST_LENGTH, h); + } + +/* + * Prove knowledge of x + * Note that p->gx has already been calculated + */ +static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, + const BIGNUM *zkpg, JPAKE_CTX *ctx) + { + BIGNUM *r = BN_new(); + BIGNUM *h = BN_new(); + BIGNUM *t = BN_new(); + + /* + * r in [0,q) + * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform + */ + BN_rand_range(r, ctx->p.q); + /* g^r */ + BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx); + + /* h=hash... */ + zkp_hash(h, zkpg, p, ctx->p.name); + + /* b = r - x*h */ + BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx); + BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx); + + /* cleanup */ + BN_free(t); + BN_free(h); + BN_free(r); + } + +static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, + JPAKE_CTX *ctx) + { + BIGNUM *h = BN_new(); + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + BIGNUM *t3 = BN_new(); + int ret = 0; + + zkp_hash(h, zkpg, p, ctx->p.peer_name); + + /* t1 = g^b */ + BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx); + /* t2 = (g^x)^h = g^{hx} */ + BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx); + /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ + BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx); + + /* verify t3 == g^r */ + if(BN_cmp(t3, p->zkpx.gr) == 0) + ret = 1; + else + JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); + + /* cleanup */ + BN_free(t3); + BN_free(t2); + BN_free(t1); + BN_free(h); + + return ret; + } + +static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x, + const BIGNUM *g, JPAKE_CTX *ctx) + { + BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx); + generate_zkp(p, x, g, ctx); + } + +/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */ +static void genrand(JPAKE_CTX *ctx) + { + BIGNUM *qm1; + + /* xa in [0, q) */ + BN_rand_range(ctx->xa, ctx->p.q); + + /* q-1 */ + qm1 = BN_new(); + BN_copy(qm1, ctx->p.q); + BN_sub_word(qm1, 1); + + /* ... and xb in [0, q-1) */ + BN_rand_range(ctx->xb, qm1); + /* [1, q) */ + BN_add_word(ctx->xb, 1); + + /* cleanup */ + BN_free(qm1); + } + +int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) + { + genrand(ctx); + generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); + generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); + + return 1; + } + +int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) + { + /* verify their ZKP(xc) */ + if(!verify_zkp(&received->p1, ctx->p.g, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); + return 0; + } + + /* verify their ZKP(xd) */ + if(!verify_zkp(&received->p2, ctx->p.g, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); + return 0; + } + + /* g^xd != 1 */ + if(BN_is_one(received->p2.gx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); + return 0; + } + + /* Save the bits we need for later */ + BN_copy(ctx->p.gxc, received->p1.gx); + BN_copy(ctx->p.gxd, received->p2.gx); + + return 1; + } + + +int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + + /* + * X = g^{(xa + xc + xd) * xb * s} + * t1 = g^xa + */ + BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx); + /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ + BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx); + /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ + BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx); + /* t2 = xb * s */ + BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); + + /* + * ZKP(xb * s) + * XXX: this is kinda funky, because we're using + * + * g' = g^{xa + xc + xd} + * + * as the generator, which means X is g'^{xb * s} + * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} + */ + generate_step_part(send, t2, t1, ctx); + + /* cleanup */ + BN_free(t1); + BN_free(t2); + + return 1; + } + +/* gx = g^{xc + xa + xb} * xd * s */ +static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + BIGNUM *t3 = BN_new(); + + /* + * K = (gx/g^{xb * xd * s})^{xb} + * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} + * = (g^{(xa + xc) * xd * s})^{xb} + * = g^{(xa + xc) * xb * xd * s} + * [which is the same regardless of who calculates it] + */ + + /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ + BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx); + /* t2 = -s = q-s */ + BN_sub(t2, ctx->p.q, ctx->secret); + /* t3 = t1^t2 = g^{-xb * xd * s} */ + BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx); + /* t1 = gx * t3 = X/g^{xb * xd * s} */ + BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx); + /* K = t1^{xb} */ + BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx); + + /* cleanup */ + BN_free(t3); + BN_free(t2); + BN_free(t1); + + return 1; + } + +int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + int ret = 0; + + /* + * g' = g^{xc + xa + xb} [from our POV] + * t1 = xa + xb + */ + BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx); + /* t2 = g^{t1} = g^{xa+xb} */ + BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx); + /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ + BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx); + + if(verify_zkp(received, t1, ctx)) + ret = 1; + else + JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED); + + compute_key(ctx, received->gx); + + /* cleanup */ + BN_free(t2); + BN_free(t1); + + return ret; + } + +static void quickhashbn(unsigned char *md, const BIGNUM *bn) + { + SHA_CTX sha; + + SHA1_Init(&sha); + hashbn(&sha, bn); + SHA1_Final(md, &sha); + } + +void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) + {} + +int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) + { + quickhashbn(send->hhk, ctx->key); + SHA1(send->hhk, sizeof send->hhk, send->hhk); + + return 1; + } + +int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) + { + unsigned char hhk[SHA_DIGEST_LENGTH]; + + quickhashbn(hhk, ctx->key); + SHA1(hhk, sizeof hhk, hhk); + if(memcmp(hhk, received->hhk, sizeof hhk)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); + return 0; + } + return 1; + } + +void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a) + {} + +void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b) + {} + +int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx) + { + quickhashbn(send->hk, ctx->key); + + return 1; + } + +int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) + { + unsigned char hk[SHA_DIGEST_LENGTH]; + + quickhashbn(hk, ctx->key); + if(memcmp(hk, received->hk, sizeof hk)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); + return 0; + } + return 1; + } + +void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) + {} + +const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) + { + return ctx->key; + } + diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h new file mode 100644 index 0000000000..693ea188cb --- /dev/null +++ b/src/lib/libcrypto/jpake/jpake.h @@ -0,0 +1,129 @@ +/* + * Implement J-PAKE, as described in + * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf + * + * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. + */ + +#ifndef HEADER_JPAKE_H +#define HEADER_JPAKE_H + +#include + +#ifdef OPENSSL_NO_JPAKE +#error JPAKE is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +typedef struct JPAKE_CTX JPAKE_CTX; + +/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ +typedef struct + { + BIGNUM *gr; /* g^r (r random) */ + BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ + } JPAKE_ZKP; + +typedef struct + { + BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ + JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ + } JPAKE_STEP_PART; + +typedef struct + { + JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ + JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ + } JPAKE_STEP1; + +typedef JPAKE_STEP_PART JPAKE_STEP2; + +typedef struct + { + unsigned char hhk[SHA_DIGEST_LENGTH]; + } JPAKE_STEP3A; + +typedef struct + { + unsigned char hk[SHA_DIGEST_LENGTH]; + } JPAKE_STEP3B; + +/* Parameters are copied */ +JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret); +void JPAKE_CTX_free(JPAKE_CTX *ctx); + +/* + * Note that JPAKE_STEP1 can be used multiple times before release + * without another init. + */ +void JPAKE_STEP1_init(JPAKE_STEP1 *s1); +int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); +int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); +void JPAKE_STEP1_release(JPAKE_STEP1 *s1); + +/* + * Note that JPAKE_STEP2 can be used multiple times before release + * without another init. + */ +void JPAKE_STEP2_init(JPAKE_STEP2 *s2); +int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); +int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); +void JPAKE_STEP2_release(JPAKE_STEP2 *s2); + +/* + * Optionally verify the shared key. If the shared secrets do not + * match, the two ends will disagree about the shared key, but + * otherwise the protocol will succeed. + */ +void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); +int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); +int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); +void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); + +void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); +int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); +int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); +void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); + +/* + * the return value belongs to the library and will be released when + * ctx is released, and will change when a new handshake is performed. + */ +const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_JPAKE_strings(void); + +/* Error codes for the JPAKE functions. */ + +/* Function codes. */ +#define JPAKE_F_JPAKE_STEP1_PROCESS 101 +#define JPAKE_F_JPAKE_STEP2_PROCESS 102 +#define JPAKE_F_JPAKE_STEP3A_PROCESS 103 +#define JPAKE_F_JPAKE_STEP3B_PROCESS 104 +#define JPAKE_F_VERIFY_ZKP 100 + +/* Reason codes. */ +#define JPAKE_R_G_TO_THE_X4_IS_ONE 105 +#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 +#define JPAKE_R_HASH_OF_KEY_MISMATCH 107 +#define JPAKE_R_VERIFY_B_FAILED 102 +#define JPAKE_R_VERIFY_X3_FAILED 103 +#define JPAKE_R_VERIFY_X4_FAILED 104 +#define JPAKE_R_ZKP_VERIFY_FAILED 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c new file mode 100644 index 0000000000..1b95067967 --- /dev/null +++ b/src/lib/libcrypto/jpake/jpake_err.c @@ -0,0 +1,105 @@ +/* crypto/jpake/jpake_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason) + +static ERR_STRING_DATA JPAKE_str_functs[]= + { +{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, +{ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"}, +{0,NULL} + }; + +static ERR_STRING_DATA JPAKE_str_reasons[]= + { +{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, +{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, +{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, +{ERR_REASON(JPAKE_R_VERIFY_B_FAILED) ,"verify b failed"}, +{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED) ,"verify x3 failed"}, +{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED) ,"verify x4 failed"}, +{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED) ,"zkp verify failed"}, +{0,NULL} + }; + +#endif + +void ERR_load_JPAKE_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) + { + ERR_load_strings(0,JPAKE_str_functs); + ERR_load_strings(0,JPAKE_str_reasons); + } +#endif + } diff --git a/src/lib/libcrypto/jpake/jpaketest.c b/src/lib/libcrypto/jpake/jpaketest.c new file mode 100644 index 0000000000..792fc49eb4 --- /dev/null +++ b/src/lib/libcrypto/jpake/jpaketest.c @@ -0,0 +1,192 @@ +#include + +#ifdef OPENSSL_NO_JPAKE + +#include + +int main(int argc, char *argv[]) +{ + printf("No J-PAKE support\n"); + return(0); +} + +#else + +#include +#include + +static void showbn(const char *name, const BIGNUM *bn) + { + fputs(name, stdout); + fputs(" = ", stdout); + BN_print_fp(stdout, bn); + putc('\n', stdout); + } + +static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) + { + JPAKE_STEP1 alice_s1; + JPAKE_STEP1 bob_s1; + JPAKE_STEP2 alice_s2; + JPAKE_STEP2 bob_s2; + JPAKE_STEP3A alice_s3a; + JPAKE_STEP3B bob_s3b; + + /* Alice -> Bob: step 1 */ + puts("A->B s1"); + JPAKE_STEP1_init(&alice_s1); + JPAKE_STEP1_generate(&alice_s1, alice); + if(!JPAKE_STEP1_process(bob, &alice_s1)) + { + printf("Bob fails to process Alice's step 1\n"); + ERR_print_errors_fp(stdout); + return 1; + } + JPAKE_STEP1_release(&alice_s1); + + /* Bob -> Alice: step 1 */ + puts("B->A s1"); + JPAKE_STEP1_init(&bob_s1); + JPAKE_STEP1_generate(&bob_s1, bob); + if(!JPAKE_STEP1_process(alice, &bob_s1)) + { + printf("Alice fails to process Bob's step 1\n"); + ERR_print_errors_fp(stdout); + return 2; + } + JPAKE_STEP1_release(&bob_s1); + + /* Alice -> Bob: step 2 */ + puts("A->B s2"); + JPAKE_STEP2_init(&alice_s2); + JPAKE_STEP2_generate(&alice_s2, alice); + if(!JPAKE_STEP2_process(bob, &alice_s2)) + { + printf("Bob fails to process Alice's step 2\n"); + ERR_print_errors_fp(stdout); + return 3; + } + JPAKE_STEP2_release(&alice_s2); + + /* Bob -> Alice: step 2 */ + puts("B->A s2"); + JPAKE_STEP2_init(&bob_s2); + JPAKE_STEP2_generate(&bob_s2, bob); + if(!JPAKE_STEP2_process(alice, &bob_s2)) + { + printf("Alice fails to process Bob's step 2\n"); + ERR_print_errors_fp(stdout); + return 4; + } + JPAKE_STEP2_release(&bob_s2); + + showbn("Alice's key", JPAKE_get_shared_key(alice)); + showbn("Bob's key ", JPAKE_get_shared_key(bob)); + + /* Alice -> Bob: step 3a */ + puts("A->B s3a"); + JPAKE_STEP3A_init(&alice_s3a); + JPAKE_STEP3A_generate(&alice_s3a, alice); + if(!JPAKE_STEP3A_process(bob, &alice_s3a)) + { + printf("Bob fails to process Alice's step 3a\n"); + ERR_print_errors_fp(stdout); + return 5; + } + JPAKE_STEP3A_release(&alice_s3a); + + /* Bob -> Alice: step 3b */ + puts("B->A s3b"); + JPAKE_STEP3B_init(&bob_s3b); + JPAKE_STEP3B_generate(&bob_s3b, bob); + if(!JPAKE_STEP3B_process(alice, &bob_s3b)) + { + printf("Alice fails to process Bob's step 3b\n"); + ERR_print_errors_fp(stdout); + return 6; + } + JPAKE_STEP3B_release(&bob_s3b); + + return 0; + } + +int main(int argc, char **argv) + { + JPAKE_CTX *alice; + JPAKE_CTX *bob; + BIGNUM *p = NULL; + BIGNUM *g = NULL; + BIGNUM *q = NULL; + BIGNUM *secret = BN_new(); + BIO *bio_err; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* + BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); + BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); + BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); + */ + /* + p = BN_new(); + BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); + */ + /* Use a safe prime for p (that we found earlier) */ + BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); + showbn("p", p); + g = BN_new(); + BN_set_word(g, 2); + showbn("g", g); + q = BN_new(); + BN_rshift1(q, p); + showbn("q", q); + + BN_rand(secret, 32, -1, 0); + + /* A normal run, expect this to work... */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if(run_jpake(alice, bob) != 0) + { + fprintf(stderr, "Plain JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + /* Now give Alice and Bob different secrets */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + BN_add_word(secret, 1); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if(run_jpake(alice, bob) != 5) + { + fprintf(stderr, "Mismatched secret JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + BN_free(secret); + BN_free(q); + BN_free(g); + BN_free(p); + + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + + return 0; + } + +#endif diff --git a/src/lib/libcrypto/pqueue/Makefile b/src/lib/libcrypto/pqueue/Makefile index d0c39d25ce..36bfc349aa 100644 --- a/src/lib/libcrypto/pqueue/Makefile +++ b/src/lib/libcrypto/pqueue/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/seed/Makefile b/src/lib/libcrypto/seed/Makefile index f9de27b288..ffaeb84218 100644 --- a/src/lib/libcrypto/seed/Makefile +++ b/src/lib/libcrypto/seed/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/store/Makefile b/src/lib/libcrypto/store/Makefile index 0dcfd7857a..c9f5d001a3 100644 --- a/src/lib/libcrypto/store/Makefile +++ b/src/lib/libcrypto/store/Makefile @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h -str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -str_lib.o: str_lib.c str_locl.h +str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libcrypto/util/copy.pl b/src/lib/libcrypto/util/copy.pl index e20b45530a..eba6d5815e 100644 --- a/src/lib/libcrypto/util/copy.pl +++ b/src/lib/libcrypto/util/copy.pl @@ -8,9 +8,16 @@ use Fcntl; # Perl script 'copy' comment. On Windows the built in "copy" command also # copies timestamps: this messes up Makefile dependencies. +my $stripcr = 0; + my $arg; foreach $arg (@ARGV) { + if ($arg eq "-stripcr") + { + $stripcr = 1; + next; + } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... foreach (glob $arg) { @@ -49,6 +56,10 @@ foreach (@filelist) || die "Can't Open $dfile"; while (sysread IN, $buf, 10240) { + if ($stripcr) + { + $buf =~ tr/\015//d; + } syswrite(OUT, $buf, length($buf)); } close(IN); diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c index ed9847b307..a37f844d3c 100644 --- a/src/lib/libcrypto/x509v3/v3_addr.c +++ b/src/lib/libcrypto/x509v3/v3_addr.c @@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, return NULL; switch (afi) { case IANA_AFI_IPV4: - sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); break; case IANA_AFI_IPV6: - sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); break; } f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; @@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, if (!make_addressRange(&merged, a_min, b_max, length)) return 0; sk_IPAddressOrRange_set(aors, i, merged); - sk_IPAddressOrRange_delete(aors, i + 1); + (void)sk_IPAddressOrRange_delete(aors, i + 1); IPAddressOrRange_free(a); IPAddressOrRange_free(b); --i; @@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) v3_addr_get_afi(f))) return 0; } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); assert(v3_addr_is_canonical(addr)); return 1; @@ -1122,7 +1123,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 1; if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; - sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); @@ -1183,7 +1184,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); - sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ret = 0; @@ -1209,7 +1210,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } continue; } - sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c index 271930f967..abd497ed1f 100644 --- a/src/lib/libcrypto/x509v3/v3_asid.c +++ b/src/lib/libcrypto/x509v3/v3_asid.c @@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) break; } ASIdOrRange_free(b); - sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); + (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); i--; continue; } diff --git a/src/lib/libssl/src/Makefile.shared b/src/lib/libssl/src/Makefile.shared index 97035a3c01..3183436ac6 100644 --- a/src/lib/libssl/src/Makefile.shared +++ b/src/lib/libssl/src/Makefile.shared @@ -101,15 +101,13 @@ LINK_SO= \ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${SHAREDCMD} $${SHAREDFLAGS} \ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ - ) && $(SYMLINK_SO); \ - ( $(SET_X); rm -f lib$(LIBNAME).exp ) + ) && $(SYMLINK_SO) SYMLINK_SO= \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ @@ -202,8 +200,10 @@ link_app.bsd: # to use native NSModule(3) API and refers to dlfcn as termporary hack. link_o.darwin: @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.so; \ + SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \ + SHLIB=$${SHLIB:-lib$(LIBNAME)}; \ + SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \ + SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ @@ -491,23 +491,23 @@ link_app.hpux: link_o.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || :; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ $(LINK_SO_O); link_a.aix: @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || : ; \ + OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ SHLIB=lib$(LIBNAME).so; \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ + SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ $(LINK_SO_A_VIA_O) link_app.aix: LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl index 89fa261794..3bc46a968e 100644 --- a/src/lib/libssl/src/crypto/aes/asm/aes-586.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-586.pl @@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &align (4); &set_label("enc_tail"); - &push ($key eq "edi" ? $key : ""); # push ivp + &mov ($s0,$key eq "edi" ? $key : ""); &mov ($key,$_out); # load out + &push ($s0); # push ivp &mov ($s1,16); &sub ($s1,$s2); &cmp ($key,$acc); # compare with inp diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl index 44e0bf8cae..f616f1751f 100755 --- a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl +++ b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl @@ -1198,19 +1198,20 @@ AES_cbc_encrypt: ret .align 4 .Lcbc_enc_tail: - cmp $inp,$out - je .Lcbc_enc_in_place + mov %rax,%r11 + mov %rcx,%r12 mov %r10,%rcx mov $inp,%rsi mov $out,%rdi .long 0xF689A4F3 # rep movsb -.Lcbc_enc_in_place: mov \$16,%rcx # zero tail sub %r10,%rcx xor %rax,%rax .long 0xF689AAF3 # rep stosb mov $out,$inp # this is not a mistake! movq \$16,$_len # len=16 + mov %r11,%rax + mov %r12,%rcx jmp .Lcbc_enc_loop # one more spin... #----------------------------- DECRYPT -----------------------------# .align 16 diff --git a/src/lib/libssl/src/crypto/asn1/asn1_gen.c b/src/lib/libssl/src/crypto/asn1/asn1_gen.c index 26c832781e..2da38292c8 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_gen.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* asn1_gen.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2002. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/asn1/asn_mime.c b/src/lib/libssl/src/crypto/asn1/asn_mime.c index fe7c4ec7ab..bc80b20d63 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_mime.c +++ b/src/lib/libssl/src/crypto/asn1/asn_mime.c @@ -526,6 +526,8 @@ int SMIME_text(BIO *in, BIO *out) sk_MIME_HEADER_pop_free(headers, mime_hdr_free); while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) BIO_write(out, iobuf, len); + if (len < 0) + return 0; return 1; } diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c index ea2c3fff63..c3da6dc82f 100644 --- a/src/lib/libssl/src/crypto/bio/bss_dgram.c +++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c @@ -82,7 +82,7 @@ static int dgram_new(BIO *h); static int dgram_free(BIO *data); static int dgram_clear(BIO *bio); -int BIO_dgram_should_retry(int s); +static int BIO_dgram_should_retry(int s); static BIO_METHOD methods_dgramp= { @@ -345,30 +345,90 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) memcpy(&(data->peer), to, sizeof(struct sockaddr)); break; +#if defined(SO_RCVTIMEO) case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif +#if defined(SO_SNDTIMEO) case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + struct timeval *tv = (struct timeval *)ptr; + int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; + if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, sizeof(timeout)) < 0) + { perror("setsockopt"); ret = -1; } + } +#else if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, sizeof(struct timeval)) < 0) { perror("setsockopt"); ret = -1; } +#endif break; case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: +#ifdef OPENSSL_SYS_WINDOWS + { + int timeout, sz = sizeof(timeout); + struct timeval *tv = (struct timeval *)ptr; + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + (void*)&timeout, &sz) < 0) + { perror("getsockopt"); ret = -1; } + else + { + tv->tv_sec = timeout / 1000; + tv->tv_usec = (timeout % 1000) * 1000; + ret = sizeof(*tv); + } + } +#else if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, (void *)&ret) < 0) { perror("getsockopt"); ret = -1; } +#endif break; +#endif case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: /* fall-through */ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: +#ifdef OPENSSL_SYS_WINDOWS + if ( data->_errno == WSAETIMEDOUT) +#else if ( data->_errno == EAGAIN) +#endif { ret = 1; data->_errno = 0; @@ -403,7 +463,7 @@ static int dgram_puts(BIO *bp, const char *str) return(ret); } -int BIO_dgram_should_retry(int i) +static int BIO_dgram_should_retry(int i) { int err; diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c index 6a793857e1..306f029f27 100644 --- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c +++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c @@ -384,7 +384,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) if (zz == 0) break; d1 = BN_BITS2 - d0; - if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ + /* clear up the top d1 bits */ + if (d0) + z[dN] = (z[dN] << d1) >> d1; + else + z[dN] = 0; z[0] ^= zz; /* reduction t^0 component */ for (k = 1; p[k] != 0; k++) diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c index e14232fdbb..2ca5b01391 100644 --- a/src/lib/libssl/src/crypto/bn/bn_nist.c +++ b/src/lib/libssl/src/crypto/bn/bn_nist.c @@ -59,109 +59,266 @@ #include "bn_lcl.h" #include "cryptlib.h" + #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 #define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 #define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 +/* pre-computed tables are "carry-less" values of modulus*(i+1) */ #if BN_BITS2 == 64 -static const BN_ULONG _nist_p_192[] = - {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL}; -static const BN_ULONG _nist_p_224[] = +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL, + 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}; -static const BN_ULONG _nist_p_256[] = + 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}, + {0x0000000000000002ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */ + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL, + 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, - 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}; -static const BN_ULONG _nist_p_384[] = - {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}; + 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}, + {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFE00000002ULL}, + {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFD00000003ULL}, + {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFC00000004ULL}, + {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFB00000005ULL}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL, + 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL, + 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL, + 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL, + 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL + }; #elif BN_BITS2 == 32 -static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF}; -static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000, + 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { + {0x00000001,0x00000000,0x00000000,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0x00000002,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002, + 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000, + 0x00000000,0x00000000,0x00000001,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001, + 0x00000000,0x00000000,0x00000002,0xFFFFFFFE}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002, + 0x00000000,0x00000000,0x00000003,0xFFFFFFFD}, + {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003, + 0x00000000,0x00000000,0x00000004,0xFFFFFFFC}, + {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004, + 0x00000000,0x00000000,0x00000005,0xFFFFFFFB}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001, + 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001, + 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE, + 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000, + 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF + }; +#else +#error "unsupported BN_BITS2" #endif + +static const BIGNUM _bignum_nist_p_192 = + { + (BN_ULONG *)_nist_p_192[0], + BN_NIST_192_TOP, + BN_NIST_192_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_224 = + { + (BN_ULONG *)_nist_p_224[0], + BN_NIST_224_TOP, + BN_NIST_224_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_256 = + { + (BN_ULONG *)_nist_p_256[0], + BN_NIST_256_TOP, + BN_NIST_256_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_384 = + { + (BN_ULONG *)_nist_p_384[0], + BN_NIST_384_TOP, + BN_NIST_384_TOP, + 0, + BN_FLG_STATIC_DATA + }; + +static const BIGNUM _bignum_nist_p_521 = + { + (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, + BN_NIST_521_TOP, + 0, + BN_FLG_STATIC_DATA + }; + + const BIGNUM *BN_get0_nist_prime_192(void) { - static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, - BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_192; + return &_bignum_nist_p_192; } const BIGNUM *BN_get0_nist_prime_224(void) { - static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, - BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_224; + return &_bignum_nist_p_224; } const BIGNUM *BN_get0_nist_prime_256(void) { - static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, - BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_256; + return &_bignum_nist_p_256; } const BIGNUM *BN_get0_nist_prime_384(void) { - static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, - BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_384; + return &_bignum_nist_p_384; } const BIGNUM *BN_get0_nist_prime_521(void) { - static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; - return &const_nist_521; + return &_bignum_nist_p_521; } -#define BN_NIST_ADD_ONE(a) while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a); static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - for (i = (max) - (top); i != 0; i--) - *_tmp1++ = (BN_ULONG) 0; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + +#ifdef BN_DEBUG + OPENSSL_assert(top <= max); +#endif + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + for (i = (max) - (top); i != 0; i--) + *_tmp1++ = (BN_ULONG) 0; + } static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) - { + { int i; - BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); - for (i = (top); i != 0; i--) - *_tmp1++ = *_tmp2++; - } + BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + for (i = (top); i != 0; i--) + *_tmp1++ = *_tmp2++; + } #if BN_BITS2 == 64 #define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -/* TBD */ -#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +/* + * two following macros are implemented under assumption that they + * are called in a sequence with *ascending* n, i.e. as they are... + */ +#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ + :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) +#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); +#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) #else #define bn_cp_64(to, n, from, m) \ { \ @@ -182,9 +339,9 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) #define nist_set_192(to, from, a1, a2, a3) \ { \ - if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\ + bn_cp_64(to, 0, from, (a3) - 3) \ bn_cp_64(to, 1, from, (a2) - 3) \ - if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\ + bn_cp_64(to, 2, from, (a1) - 3) \ } int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, @@ -198,6 +355,16 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_192_TOP], *res; size_t mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + + field = &_bignum_nist_p_192; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -208,9 +375,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a) ? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_192_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_192_TOP)) @@ -224,23 +388,26 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); nist_set_192(t_d, buf, 0, 3, 3); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 4, 4, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 5, 5, 5) - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); + else + carry = 1; + + /* + * we need 'if (carry==0 || result>=modulus) result-=modulus;' + * as comparison implies subtraction, we can write + * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' + * this is what happens below, but without explicit if:-) a. + */ + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); @@ -248,21 +415,22 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, return 1; } +typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int); + #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ { \ - if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\ - if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\ - if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\ - if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\ - if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\ - if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\ - if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\ + bn_cp_32(to, 0, from, (a7) - 7) \ + bn_cp_32(to, 1, from, (a6) - 7) \ + bn_cp_32(to, 2, from, (a5) - 7) \ + bn_cp_32(to, 3, from, (a4) - 7) \ + bn_cp_32(to, 4, from, (a3) - 7) \ + bn_cp_32(to, 5, from, (a2) - 7) \ + bn_cp_32(to, 6, from, (a1) - 7) \ } int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; @@ -271,6 +439,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_224_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + + + field = &_bignum_nist_p_224; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -281,9 +461,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_224_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_224_TOP)) @@ -294,67 +471,77 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else r_d = a_d; +#if BN_BITS2==64 + /* copy upper 256 bits of 448 bit number ... */ + nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); + /* ... and right shift by 32 to obtain upper 224 bits */ + nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); + /* truncate lower part to 224 bits too */ + r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; +#else nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); - +#endif nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_cp_bn(r_d, res, BN_NIST_224_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#if BN_BITS2==64 + carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); +#endif + u.f = bn_sub_words; + if (carry > 0) + { + carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP); +#if BN_BITS2==64 + carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1; #endif + } + else if (carry < 0) + { + /* it's a bit more comlicated logic in this case. + * if bn_add_words yields no carry, then result + * has to be adjusted by unconditionally *adding* + * the modulus. but if it does, then result has + * to be compared to the modulus and conditionally + * adjusted by *subtracting* the latter. */ + carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + /* otherwise it's effectively same as in BN_nist_mod_192... */ + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); r->top = BN_NIST_224_TOP; bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ { \ - if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ - if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\ - if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\ - if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\ - if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\ - if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\ - if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\ - if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\ + bn_cp_32(to, 0, from, (a8) - 8) \ + bn_cp_32(to, 1, from, (a7) - 8) \ + bn_cp_32(to, 2, from, (a6) - 8) \ + bn_cp_32(to, 3, from, (a5) - 8) \ + bn_cp_32(to, 4, from, (a4) - 8) \ + bn_cp_32(to, 5, from, (a3) - 8) \ + bn_cp_32(to, 6, from, (a2) - 8) \ + bn_cp_32(to, 7, from, (a1) - 8) \ } int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; @@ -363,6 +550,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_256_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + + field = &_bignum_nist_p_256; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -373,9 +571,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_256_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_256_TOP)) @@ -391,111 +586,84 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /*S1*/ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0); - carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); + carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + /* left shift */ + { + register BN_ULONG *ap,t,c; + ap = t_d; + c=0; + for (i = BN_NIST_256_TOP; i != 0; --i) + { + t= *ap; + *(ap++)=((t<<1)|c)&BN_MASK2; + c=(t & BN_TBIT)?1:0; + } + carry <<= 1; + carry |= c; + } + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S3*/ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S4*/ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D1*/ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D2*/ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D3*/ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D4*/ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP); + else if (carry < 0) + { + carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_256_TOP); r->top = BN_NIST_256_TOP; bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ { \ - if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ - if (a11 != 0) bn_cp_32(to, 1, from, (a11) - 12) else bn_32_set_0(to, 1)\ - if (a10 != 0) bn_cp_32(to, 2, from, (a10) - 12) else bn_32_set_0(to, 2)\ - if (a9 != 0) bn_cp_32(to, 3, from, (a9) - 12) else bn_32_set_0(to, 3)\ - if (a8 != 0) bn_cp_32(to, 4, from, (a8) - 12) else bn_32_set_0(to, 4)\ - if (a7 != 0) bn_cp_32(to, 5, from, (a7) - 12) else bn_32_set_0(to, 5)\ - if (a6 != 0) bn_cp_32(to, 6, from, (a6) - 12) else bn_32_set_0(to, 6)\ - if (a5 != 0) bn_cp_32(to, 7, from, (a5) - 12) else bn_32_set_0(to, 7)\ - if (a4 != 0) bn_cp_32(to, 8, from, (a4) - 12) else bn_32_set_0(to, 8)\ - if (a3 != 0) bn_cp_32(to, 9, from, (a3) - 12) else bn_32_set_0(to, 9)\ - if (a2 != 0) bn_cp_32(to, 10, from, (a2) - 12) else bn_32_set_0(to, 10)\ - if (a1 != 0) bn_cp_32(to, 11, from, (a1) - 12) else bn_32_set_0(to, 11)\ + bn_cp_32(to, 0, from, (a12) - 12) \ + bn_cp_32(to, 1, from, (a11) - 12) \ + bn_cp_32(to, 2, from, (a10) - 12) \ + bn_cp_32(to, 3, from, (a9) - 12) \ + bn_cp_32(to, 4, from, (a8) - 12) \ + bn_cp_32(to, 5, from, (a7) - 12) \ + bn_cp_32(to, 6, from, (a6) - 12) \ + bn_cp_32(to, 7, from, (a5) - 12) \ + bn_cp_32(to, 8, from, (a4) - 12) \ + bn_cp_32(to, 9, from, (a3) - 12) \ + bn_cp_32(to, 10, from, (a2) - 12) \ + bn_cp_32(to, 11, from, (a1) - 12) \ } int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; @@ -504,6 +672,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_384_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + + + field = &_bignum_nist_p_384; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -514,9 +694,6 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else if (i > 0) return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (top == BN_NIST_384_TOP) - return BN_usub(r, a, field); - if (r != a) { if (!bn_wexpand(r, BN_NIST_384_TOP)) @@ -544,149 +721,116 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } *ap=c; } - carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), t_d, BN_NIST_256_TOP); - /* - * we need if (result>=modulus) subtract(result,modulus); - * in n-bit space this can be expressed as - * if (carry || result>=modulus) subtract(result,modulus); - * the catch is that comparison implies subtraction and - * therefore one can write tmp=subtract(result,modulus); - * and then if(carry || !borrow) result=tmp; this's what - * happens below, but without explicit if:-) a. - */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - /*S2 */ - carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S5*/ nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP); + else if (carry < 0) + { + carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif r->top = BN_NIST_384_TOP; bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } +#define BN_NIST_521_RSHIFT (521%BN_BITS2) +#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) +#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) + int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 64 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 32 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#endif - int top, ret = 0; - BN_ULONG *r_d; - BIGNUM *tmp; - - /* check whether a reduction is necessary */ - top = a->top; - if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && - (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) - return (r == a)? 1 : (BN_copy(r ,a) != NULL); + int top = a->top, i; + BN_ULONG *r_d, *a_d = a->d, + t_d[BN_NIST_521_TOP], + val,tmp,*res; + size_t mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + 0,BN_FLG_STATIC_DATA }; - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (!tmp) - goto err; + field = &_bignum_nist_p_521; /* just to make sure */ - if (!bn_wexpand(tmp, BN_NIST_521_TOP)) - goto err; - nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) + return BN_nnmod(r, a, field, ctx); - tmp->top = BN_NIST_521_TOP; - tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; - bn_correct_top(tmp); + i = BN_ucmp(field, a); + if (i == 0) + { + BN_zero(r); + return 1; + } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (!BN_rshift(r, a, 521)) - goto err; + if (r != a) + { + if (!bn_wexpand(r,BN_NIST_521_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d,a_d, BN_NIST_521_TOP); + } + else + r_d = a_d; - if (!BN_uadd(r, tmp, r)) - goto err; - top = r->top; - r_d = r->d; - if (top == BN_NIST_521_TOP && - (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) + /* upper 521 bits, copy ... */ + nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP); + /* ... and right shift */ + for (val=t_d[0],i=0; id[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; + tmp = val>>BN_NIST_521_RSHIFT; + val = t_d[i+1]; + t_d[i] = (tmp | val<>BN_NIST_521_RSHIFT; + /* lower 521 bits */ + r_d[i] &= BN_NIST_521_TOP_MASK; + + bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); + mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d,res,BN_NIST_521_TOP); + r->top = BN_NIST_521_TOP; bn_correct_top(r); - ret = 1; -err: - BN_CTX_end(ctx); - - bn_check_top(r); - return ret; + return 1; } diff --git a/src/lib/libssl/src/crypto/bn/bn_x931p.c b/src/lib/libssl/src/crypto/bn/bn_x931p.c index c64410dd3a..04c5c874ec 100644 --- a/src/lib/libssl/src/crypto/bn/bn_x931p.c +++ b/src/lib/libssl/src/crypto/bn/bn_x931p.c @@ -1,5 +1,5 @@ /* bn_x931p.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ /* ==================================================================== @@ -59,18 +59,15 @@ #include #include -#ifdef OPENSSL_FIPS - /* X9.31 routines for prime derivation */ - /* X9.31 prime derivation. This is used to generate the primes pi * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd * integers. */ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - void (*cb)(int, int, void *), void *cb_arg) + BN_GENCB *cb) { int i = 0; if (!BN_copy(pi, Xpi)) @@ -80,16 +77,14 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, for(;;) { i++; - if (cb) - cb(0, i, cb_arg); + BN_GENCB_call(cb, 0, i); /* NB 27 MR is specificed in X9.31 */ - if (BN_is_prime_fasttest(pi, 27, cb, ctx, cb_arg, 1)) + if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) break; if (!BN_add_word(pi, 2)) return 0; } - if (cb) - cb(2, i, cb_arg); + BN_GENCB_call(cb, 2, i); return 1; } @@ -98,10 +93,9 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, * not NULL they will be returned too: this is needed for testing. */ -int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - void (*cb)(int, int, void *), void *cb_arg, +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *e, BN_CTX *ctx) + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) { int ret = 0; @@ -124,10 +118,10 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, pm1 = BN_CTX_get(ctx); - if (!bn_x931_derive_pi(p1, Xp1, ctx, cb, cb_arg)) + if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) goto err; - if (!bn_x931_derive_pi(p2, Xp2, ctx, cb, cb_arg)) + if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) goto err; if (!BN_mul(p1p2, p1, p2, ctx)) @@ -166,8 +160,7 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, for (;;) { int i = 1; - if (cb) - cb(0, i++, cb_arg); + BN_GENCB_call(cb, 0, i++); if (!BN_copy(pm1, p)) goto err; if (!BN_sub_word(pm1, 1)) @@ -179,14 +172,13 @@ int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, * offering similar or better guarantees 50 MR is considerably * better. */ - && BN_is_prime_fasttest(p, 50, cb, ctx, cb_arg, 1)) + && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) break; if (!BN_add(p, p, p1p2)) goto err; } - if (cb) - cb(3, 0, cb_arg); + BN_GENCB_call(cb, 3, 0); ret = 1; @@ -248,11 +240,11 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) * are generated using the previous function and supplied as input. */ -int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, - void (*cb)(int, int, void *), void *cb_arg) + BN_GENCB *cb) { int ret = 0; @@ -266,8 +258,7 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, goto error; if (!BN_rand(Xp2, 101, 0, 0)) goto error; - if (!BN_X931_derive_prime(p, p1, p2, cb, cb_arg, - Xp, Xp1, Xp2, e, ctx)) + if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) goto error; ret = 1; @@ -279,4 +270,3 @@ int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, } -#endif diff --git a/src/lib/libssl/src/crypto/buffer/buf_str.c b/src/lib/libssl/src/crypto/buffer/buf_str.c new file mode 100644 index 0000000000..28dd1e401e --- /dev/null +++ b/src/lib/libssl/src/crypto/buffer/buf_str.c @@ -0,0 +1,116 @@ +/* crypto/buffer/buf_str.c */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include + +char *BUF_strdup(const char *str) + { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) + { + char *ret; + + if (str == NULL) return(NULL); + + ret=OPENSSL_malloc(siz+1); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + BUF_strlcpy(ret,str,siz+1); + return(ret); + } + +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + +size_t BUF_strlcpy(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 1 && *src; size--) + { + *dst++ = *src++; + l++; + } + if (size) + *dst = '\0'; + return l + strlen(src); + } + +size_t BUF_strlcat(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 0 && *dst; size--, dst++) + l++; + return l + BUF_strlcpy(dst, src, size); + } diff --git a/src/lib/libssl/src/crypto/camellia/Makefile b/src/lib/libssl/src/crypto/camellia/Makefile index 1579de5ce5..dfb12951fd 100644 --- a/src/lib/libssl/src/crypto/camellia/Makefile +++ b/src/lib/libssl/src/crypto/camellia/Makefile @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/camellia/camellia.h b/src/lib/libssl/src/crypto/camellia/camellia.h index 3c8a359543..b8a8b6e10b 100644 --- a/src/lib/libssl/src/crypto/camellia/camellia.h +++ b/src/lib/libssl/src/crypto/camellia/camellia.h @@ -87,6 +87,11 @@ struct camellia_key_st typedef struct camellia_key_st CAMELLIA_KEY; +#ifdef OPENSSL_FIPS +int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); +#endif + int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key); diff --git a/src/lib/libssl/src/crypto/camellia/cmll_misc.c b/src/lib/libssl/src/crypto/camellia/cmll_misc.c index f1047b54e0..2cd7aba9bb 100644 --- a/src/lib/libssl/src/crypto/camellia/cmll_misc.c +++ b/src/lib/libssl/src/crypto/camellia/cmll_misc.c @@ -52,11 +52,24 @@ #include #include #include "cmll_locl.h" +#include +#ifdef OPENSSL_FIPS +#include +#endif const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT; int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) +#ifdef OPENSSL_FIPS + { + if (FIPS_mode()) + FIPS_BAD_ABORT(CAMELLIA) + return private_Camellia_set_key(userKey, bits, key); + } +int private_Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key) +#endif { if (!userKey || !key) { diff --git a/src/lib/libssl/src/crypto/cms/Makefile b/src/lib/libssl/src/crypto/cms/Makefile index e39c310b6c..1c137e0cff 100644 --- a/src/lib/libssl/src/crypto/cms/Makefile +++ b/src/lib/libssl/src/crypto/cms/Makefile @@ -37,7 +37,7 @@ test: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/cms/cms_sd.c b/src/lib/libssl/src/crypto/cms/cms_sd.c index 591bfbec33..cdac3b870d 100644 --- a/src/lib/libssl/src/crypto/cms/cms_sd.c +++ b/src/lib/libssl/src/crypto/cms/cms_sd.c @@ -830,7 +830,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) cms_fixup_mctx(&mctx, si->pkey); r = EVP_VerifyFinal(&mctx, si->signature->data, si->signature->length, si->pkey); - if (!r) + if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: EVP_MD_CTX_cleanup(&mctx); diff --git a/src/lib/libssl/src/crypto/cms/cms_smime.c b/src/lib/libssl/src/crypto/cms/cms_smime.c index f79c504e91..b9463f9abb 100644 --- a/src/lib/libssl/src/crypto/cms/cms_smime.c +++ b/src/lib/libssl/src/crypto/cms/cms_smime.c @@ -68,7 +68,10 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) if (out == NULL) tmpout = BIO_new(BIO_s_null()); else if (flags & CMS_TEXT) + { tmpout = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(tmpout, 0); + } else tmpout = out; @@ -89,11 +92,13 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) if (!BIO_get_cipher_status(in)) goto err; } + if (i < 0) + goto err; break; } - if (tmpout) - BIO_write(tmpout, buf, i); + if (tmpout && (BIO_write(tmpout, buf, i) != i)) + goto err; } if(flags & CMS_TEXT) diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c index 3d6c900b95..12fb0e6d6d 100644 --- a/src/lib/libssl/src/crypto/ec/ec_key.c +++ b/src/lib/libssl/src/crypto/ec/ec_key.c @@ -296,7 +296,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) { int ok = 0; BN_CTX *ctx = NULL; - BIGNUM *order = NULL; + const BIGNUM *order = NULL; EC_POINT *point = NULL; if (!eckey || !eckey->group || !eckey->pub_key) @@ -307,8 +307,6 @@ int EC_KEY_check_key(const EC_KEY *eckey) if ((ctx = BN_CTX_new()) == NULL) goto err; - if ((order = BN_new()) == NULL) - goto err; if ((point = EC_POINT_new(eckey->group)) == NULL) goto err; @@ -319,17 +317,13 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; } /* testing whether pub_key * order is the point at infinity */ - if (!EC_GROUP_get_order(eckey->group, order, ctx)) + order = &eckey->group->order; + if (BN_is_zero(order)) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); goto err; } - if (!EC_POINT_copy(point, eckey->pub_key)) - { - ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); - goto err; - } - if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx)) + if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); goto err; @@ -366,8 +360,6 @@ int EC_KEY_check_key(const EC_KEY *eckey) err: if (ctx != NULL) BN_CTX_free(ctx); - if (order != NULL) - BN_free(order); if (point != NULL) EC_POINT_free(point); return(ok); diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile index 95aa69fea5..7a7b618eeb 100644 --- a/src/lib/libssl/src/crypto/ecdh/Makefile +++ b/src/lib/libssl/src/crypto/ecdh/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -84,20 +84,31 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/src/lib/libssl/src/crypto/ecdsa/Makefile b/src/lib/libssl/src/crypto/ecdsa/Makefile index 16a93cd3ae..4865f3c8d6 100644 --- a/src/lib/libssl/src/crypto/ecdsa/Makefile +++ b/src/lib/libssl/src/crypto/ecdsa/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -92,13 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_err.o: ecs_err.c ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_lib.o: ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h @@ -110,16 +115,28 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_sign.o: ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/src/lib/libssl/src/crypto/evp/e_camellia.c b/src/lib/libssl/src/crypto/evp/e_camellia.c index a7b40d1c60..365d397164 100644 --- a/src/lib/libssl/src/crypto/evp/e_camellia.c +++ b/src/lib/libssl/src/crypto/evp/e_camellia.c @@ -93,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, EVP_CIPHER_get_asn1_iv, NULL) -#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0) IMPLEMENT_CAMELLIA_CFBR(128,1) IMPLEMENT_CAMELLIA_CFBR(192,1) diff --git a/src/lib/libssl/src/crypto/fips_err.h b/src/lib/libssl/src/crypto/fips_err.h new file mode 100644 index 0000000000..b328616858 --- /dev/null +++ b/src/lib/libssl/src/crypto/fips_err.h @@ -0,0 +1,137 @@ +/* crypto/fips_err.h */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason) + +static ERR_STRING_DATA FIPS_str_functs[]= + { +{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, +{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, +{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"}, +{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"}, +{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"}, +{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"}, +{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, +{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"}, +{ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"}, +{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, +{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, +{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"}, +{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, +{0,NULL} + }; + +static ERR_STRING_DATA FIPS_str_reasons[]= + { +{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"}, +{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"}, +{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, +{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"}, +{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"}, +{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"}, +{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"}, +{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, +{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"}, +{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"}, +{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"}, +{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"}, +{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"}, +{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"}, +{0,NULL} + }; + +#endif + +void ERR_load_FIPS_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) + { + ERR_load_strings(0,FIPS_str_functs); + ERR_load_strings(0,FIPS_str_reasons); + } +#endif + } diff --git a/src/lib/libssl/src/crypto/jpake/Makefile b/src/lib/libssl/src/crypto/jpake/Makefile new file mode 100644 index 0000000000..a4a1402f2e --- /dev/null +++ b/src/lib/libssl/src/crypto/jpake/Makefile @@ -0,0 +1,64 @@ +DIR=jpake +TOP=../.. + +CFLAGS= $(INCLUDES) $(CFLAG) + +LIB=$(TOP)/libcrypto.a +LIBOBJ=jpake.o jpake_err.o +LIBSRC=jpake.c jpake_err.c + +EXHEADER=jpake.h +TEST=jpaketest.c + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + +jpaketest: top jpaketest.c $(LIB) + $(CC) $(CFLAGS) -Wall -Werror -g -o jpaketest jpaketest.c $(LIB) +# DO NOT DELETE THIS LINE -- make depend depends on it. + +jpake.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +jpake.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +jpake.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +jpake.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +jpake.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +jpake.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +jpake.o: ../../include/openssl/symhacks.h jpake.c jpake.h +jpake_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +jpake_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +jpake_err.o: ../../include/openssl/err.h ../../include/openssl/jpake.h +jpake_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +jpake_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +jpake_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +jpake_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +jpake_err.o: jpake_err.c diff --git a/src/lib/libssl/src/crypto/jpake/jpake.c b/src/lib/libssl/src/crypto/jpake/jpake.c new file mode 100644 index 0000000000..577b7ef375 --- /dev/null +++ b/src/lib/libssl/src/crypto/jpake/jpake.c @@ -0,0 +1,483 @@ +#include "jpake.h" + +#include +#include +#include +#include +#include + +/* + * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or + * Bob's (x3, x4, x1, x2). If you see what I mean. + */ + +typedef struct + { + char *name; /* Must be unique */ + char *peer_name; + BIGNUM *p; + BIGNUM *g; + BIGNUM *q; + BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */ + BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */ + } JPAKE_CTX_PUBLIC; + +struct JPAKE_CTX + { + JPAKE_CTX_PUBLIC p; + BIGNUM *secret; /* The shared secret */ + BN_CTX *ctx; + BIGNUM *xa; /* Alice's x1 or Bob's x3 */ + BIGNUM *xb; /* Alice's x2 or Bob's x4 */ + BIGNUM *key; /* The calculated (shared) key */ + }; + +static void JPAKE_ZKP_init(JPAKE_ZKP *zkp) + { + zkp->gr = BN_new(); + zkp->b = BN_new(); + } + +static void JPAKE_ZKP_release(JPAKE_ZKP *zkp) + { + BN_free(zkp->b); + BN_free(zkp->gr); + } + +/* Two birds with one stone - make the global name as expected */ +#define JPAKE_STEP_PART_init JPAKE_STEP2_init +#define JPAKE_STEP_PART_release JPAKE_STEP2_release + +void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p) + { + p->gx = BN_new(); + JPAKE_ZKP_init(&p->zkpx); + } + +void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p) + { + JPAKE_ZKP_release(&p->zkpx); + BN_free(p->gx); + } + +void JPAKE_STEP1_init(JPAKE_STEP1 *s1) + { + JPAKE_STEP_PART_init(&s1->p1); + JPAKE_STEP_PART_init(&s1->p2); + } + +void JPAKE_STEP1_release(JPAKE_STEP1 *s1) + { + JPAKE_STEP_PART_release(&s1->p2); + JPAKE_STEP_PART_release(&s1->p1); + } + +static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name, + const char *peer_name, const BIGNUM *p, + const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) + { + ctx->p.name = OPENSSL_strdup(name); + ctx->p.peer_name = OPENSSL_strdup(peer_name); + ctx->p.p = BN_dup(p); + ctx->p.g = BN_dup(g); + ctx->p.q = BN_dup(q); + ctx->secret = BN_dup(secret); + + ctx->p.gxc = BN_new(); + ctx->p.gxd = BN_new(); + + ctx->xa = BN_new(); + ctx->xb = BN_new(); + ctx->key = BN_new(); + ctx->ctx = BN_CTX_new(); + } + +static void JPAKE_CTX_release(JPAKE_CTX *ctx) + { + BN_CTX_free(ctx->ctx); + BN_clear_free(ctx->key); + BN_clear_free(ctx->xb); + BN_clear_free(ctx->xa); + + BN_free(ctx->p.gxd); + BN_free(ctx->p.gxc); + + BN_clear_free(ctx->secret); + BN_free(ctx->p.q); + BN_free(ctx->p.g); + BN_free(ctx->p.p); + OPENSSL_free(ctx->p.peer_name); + OPENSSL_free(ctx->p.name); + + memset(ctx, '\0', sizeof *ctx); + } + +JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret) + { + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + + JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret); + + return ctx; + } + +void JPAKE_CTX_free(JPAKE_CTX *ctx) + { + JPAKE_CTX_release(ctx); + OPENSSL_free(ctx); + } + +static void hashlength(SHA_CTX *sha, size_t l) + { + unsigned char b[2]; + + assert(l <= 0xffff); + b[0] = l >> 8; + b[1] = l&0xff; + SHA1_Update(sha, b, 2); + } + +static void hashstring(SHA_CTX *sha, const char *string) + { + size_t l = strlen(string); + + hashlength(sha, l); + SHA1_Update(sha, string, l); + } + +static void hashbn(SHA_CTX *sha, const BIGNUM *bn) + { + size_t l = BN_num_bytes(bn); + unsigned char *bin = OPENSSL_malloc(l); + + hashlength(sha, l); + BN_bn2bin(bn, bin); + SHA1_Update(sha, bin, l); + OPENSSL_free(bin); + } + +/* h=hash(g, g^r, g^x, name) */ +static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p, + const char *proof_name) + { + unsigned char md[SHA_DIGEST_LENGTH]; + SHA_CTX sha; + + /* + * XXX: hash should not allow moving of the boundaries - Java code + * is flawed in this respect. Length encoding seems simplest. + */ + SHA1_Init(&sha); + hashbn(&sha, zkpg); + assert(!BN_is_zero(p->zkpx.gr)); + hashbn(&sha, p->zkpx.gr); + hashbn(&sha, p->gx); + hashstring(&sha, proof_name); + SHA1_Final(md, &sha); + BN_bin2bn(md, SHA_DIGEST_LENGTH, h); + } + +/* + * Prove knowledge of x + * Note that p->gx has already been calculated + */ +static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, + const BIGNUM *zkpg, JPAKE_CTX *ctx) + { + BIGNUM *r = BN_new(); + BIGNUM *h = BN_new(); + BIGNUM *t = BN_new(); + + /* + * r in [0,q) + * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform + */ + BN_rand_range(r, ctx->p.q); + /* g^r */ + BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx); + + /* h=hash... */ + zkp_hash(h, zkpg, p, ctx->p.name); + + /* b = r - x*h */ + BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx); + BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx); + + /* cleanup */ + BN_free(t); + BN_free(h); + BN_free(r); + } + +static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, + JPAKE_CTX *ctx) + { + BIGNUM *h = BN_new(); + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + BIGNUM *t3 = BN_new(); + int ret = 0; + + zkp_hash(h, zkpg, p, ctx->p.peer_name); + + /* t1 = g^b */ + BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx); + /* t2 = (g^x)^h = g^{hx} */ + BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx); + /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */ + BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx); + + /* verify t3 == g^r */ + if(BN_cmp(t3, p->zkpx.gr) == 0) + ret = 1; + else + JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); + + /* cleanup */ + BN_free(t3); + BN_free(t2); + BN_free(t1); + BN_free(h); + + return ret; + } + +static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x, + const BIGNUM *g, JPAKE_CTX *ctx) + { + BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx); + generate_zkp(p, x, g, ctx); + } + +/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */ +static void genrand(JPAKE_CTX *ctx) + { + BIGNUM *qm1; + + /* xa in [0, q) */ + BN_rand_range(ctx->xa, ctx->p.q); + + /* q-1 */ + qm1 = BN_new(); + BN_copy(qm1, ctx->p.q); + BN_sub_word(qm1, 1); + + /* ... and xb in [0, q-1) */ + BN_rand_range(ctx->xb, qm1); + /* [1, q) */ + BN_add_word(ctx->xb, 1); + + /* cleanup */ + BN_free(qm1); + } + +int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx) + { + genrand(ctx); + generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx); + generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx); + + return 1; + } + +int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received) + { + /* verify their ZKP(xc) */ + if(!verify_zkp(&received->p1, ctx->p.g, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED); + return 0; + } + + /* verify their ZKP(xd) */ + if(!verify_zkp(&received->p2, ctx->p.g, ctx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED); + return 0; + } + + /* g^xd != 1 */ + if(BN_is_one(received->p2.gx)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE); + return 0; + } + + /* Save the bits we need for later */ + BN_copy(ctx->p.gxc, received->p1.gx); + BN_copy(ctx->p.gxd, received->p2.gx); + + return 1; + } + + +int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + + /* + * X = g^{(xa + xc + xd) * xb * s} + * t1 = g^xa + */ + BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx); + /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */ + BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx); + /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */ + BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx); + /* t2 = xb * s */ + BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx); + + /* + * ZKP(xb * s) + * XXX: this is kinda funky, because we're using + * + * g' = g^{xa + xc + xd} + * + * as the generator, which means X is g'^{xb * s} + * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} + */ + generate_step_part(send, t2, t1, ctx); + + /* cleanup */ + BN_free(t1); + BN_free(t2); + + return 1; + } + +/* gx = g^{xc + xa + xb} * xd * s */ +static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + BIGNUM *t3 = BN_new(); + + /* + * K = (gx/g^{xb * xd * s})^{xb} + * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} + * = (g^{(xa + xc) * xd * s})^{xb} + * = g^{(xa + xc) * xb * xd * s} + * [which is the same regardless of who calculates it] + */ + + /* t1 = (g^{xd})^{xb} = g^{xb * xd} */ + BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx); + /* t2 = -s = q-s */ + BN_sub(t2, ctx->p.q, ctx->secret); + /* t3 = t1^t2 = g^{-xb * xd * s} */ + BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx); + /* t1 = gx * t3 = X/g^{xb * xd * s} */ + BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx); + /* K = t1^{xb} */ + BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx); + + /* cleanup */ + BN_free(t3); + BN_free(t2); + BN_free(t1); + + return 1; + } + +int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received) + { + BIGNUM *t1 = BN_new(); + BIGNUM *t2 = BN_new(); + int ret = 0; + + /* + * g' = g^{xc + xa + xb} [from our POV] + * t1 = xa + xb + */ + BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx); + /* t2 = g^{t1} = g^{xa+xb} */ + BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx); + /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */ + BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx); + + if(verify_zkp(received, t1, ctx)) + ret = 1; + else + JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED); + + compute_key(ctx, received->gx); + + /* cleanup */ + BN_free(t2); + BN_free(t1); + + return ret; + } + +static void quickhashbn(unsigned char *md, const BIGNUM *bn) + { + SHA_CTX sha; + + SHA1_Init(&sha); + hashbn(&sha, bn); + SHA1_Final(md, &sha); + } + +void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) + {} + +int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) + { + quickhashbn(send->hhk, ctx->key); + SHA1(send->hhk, sizeof send->hhk, send->hhk); + + return 1; + } + +int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) + { + unsigned char hhk[SHA_DIGEST_LENGTH]; + + quickhashbn(hhk, ctx->key); + SHA1(hhk, sizeof hhk, hhk); + if(memcmp(hhk, received->hhk, sizeof hhk)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); + return 0; + } + return 1; + } + +void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a) + {} + +void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b) + {} + +int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx) + { + quickhashbn(send->hk, ctx->key); + + return 1; + } + +int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) + { + unsigned char hk[SHA_DIGEST_LENGTH]; + + quickhashbn(hk, ctx->key); + if(memcmp(hk, received->hk, sizeof hk)) + { + JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); + return 0; + } + return 1; + } + +void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b) + {} + +const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx) + { + return ctx->key; + } + diff --git a/src/lib/libssl/src/crypto/jpake/jpake.h b/src/lib/libssl/src/crypto/jpake/jpake.h new file mode 100644 index 0000000000..693ea188cb --- /dev/null +++ b/src/lib/libssl/src/crypto/jpake/jpake.h @@ -0,0 +1,129 @@ +/* + * Implement J-PAKE, as described in + * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf + * + * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. + */ + +#ifndef HEADER_JPAKE_H +#define HEADER_JPAKE_H + +#include + +#ifdef OPENSSL_NO_JPAKE +#error JPAKE is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +typedef struct JPAKE_CTX JPAKE_CTX; + +/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */ +typedef struct + { + BIGNUM *gr; /* g^r (r random) */ + BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */ + } JPAKE_ZKP; + +typedef struct + { + BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */ + JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */ + } JPAKE_STEP_PART; + +typedef struct + { + JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */ + JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */ + } JPAKE_STEP1; + +typedef JPAKE_STEP_PART JPAKE_STEP2; + +typedef struct + { + unsigned char hhk[SHA_DIGEST_LENGTH]; + } JPAKE_STEP3A; + +typedef struct + { + unsigned char hk[SHA_DIGEST_LENGTH]; + } JPAKE_STEP3B; + +/* Parameters are copied */ +JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, + const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, + const BIGNUM *secret); +void JPAKE_CTX_free(JPAKE_CTX *ctx); + +/* + * Note that JPAKE_STEP1 can be used multiple times before release + * without another init. + */ +void JPAKE_STEP1_init(JPAKE_STEP1 *s1); +int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx); +int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received); +void JPAKE_STEP1_release(JPAKE_STEP1 *s1); + +/* + * Note that JPAKE_STEP2 can be used multiple times before release + * without another init. + */ +void JPAKE_STEP2_init(JPAKE_STEP2 *s2); +int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx); +int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received); +void JPAKE_STEP2_release(JPAKE_STEP2 *s2); + +/* + * Optionally verify the shared key. If the shared secrets do not + * match, the two ends will disagree about the shared key, but + * otherwise the protocol will succeed. + */ +void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a); +int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx); +int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received); +void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a); + +void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b); +int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx); +int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received); +void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b); + +/* + * the return value belongs to the library and will be released when + * ctx is released, and will change when a new handshake is performed. + */ +const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_JPAKE_strings(void); + +/* Error codes for the JPAKE functions. */ + +/* Function codes. */ +#define JPAKE_F_JPAKE_STEP1_PROCESS 101 +#define JPAKE_F_JPAKE_STEP2_PROCESS 102 +#define JPAKE_F_JPAKE_STEP3A_PROCESS 103 +#define JPAKE_F_JPAKE_STEP3B_PROCESS 104 +#define JPAKE_F_VERIFY_ZKP 100 + +/* Reason codes. */ +#define JPAKE_R_G_TO_THE_X4_IS_ONE 105 +#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106 +#define JPAKE_R_HASH_OF_KEY_MISMATCH 107 +#define JPAKE_R_VERIFY_B_FAILED 102 +#define JPAKE_R_VERIFY_X3_FAILED 103 +#define JPAKE_R_VERIFY_X4_FAILED 104 +#define JPAKE_R_ZKP_VERIFY_FAILED 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libssl/src/crypto/jpake/jpake_err.c b/src/lib/libssl/src/crypto/jpake/jpake_err.c new file mode 100644 index 0000000000..1b95067967 --- /dev/null +++ b/src/lib/libssl/src/crypto/jpake/jpake_err.c @@ -0,0 +1,105 @@ +/* crypto/jpake/jpake_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason) + +static ERR_STRING_DATA JPAKE_str_functs[]= + { +{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, +{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, +{ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"}, +{0,NULL} + }; + +static ERR_STRING_DATA JPAKE_str_reasons[]= + { +{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"}, +{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"}, +{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"}, +{ERR_REASON(JPAKE_R_VERIFY_B_FAILED) ,"verify b failed"}, +{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED) ,"verify x3 failed"}, +{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED) ,"verify x4 failed"}, +{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED) ,"zkp verify failed"}, +{0,NULL} + }; + +#endif + +void ERR_load_JPAKE_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) + { + ERR_load_strings(0,JPAKE_str_functs); + ERR_load_strings(0,JPAKE_str_reasons); + } +#endif + } diff --git a/src/lib/libssl/src/crypto/jpake/jpaketest.c b/src/lib/libssl/src/crypto/jpake/jpaketest.c new file mode 100644 index 0000000000..792fc49eb4 --- /dev/null +++ b/src/lib/libssl/src/crypto/jpake/jpaketest.c @@ -0,0 +1,192 @@ +#include + +#ifdef OPENSSL_NO_JPAKE + +#include + +int main(int argc, char *argv[]) +{ + printf("No J-PAKE support\n"); + return(0); +} + +#else + +#include +#include + +static void showbn(const char *name, const BIGNUM *bn) + { + fputs(name, stdout); + fputs(" = ", stdout); + BN_print_fp(stdout, bn); + putc('\n', stdout); + } + +static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob) + { + JPAKE_STEP1 alice_s1; + JPAKE_STEP1 bob_s1; + JPAKE_STEP2 alice_s2; + JPAKE_STEP2 bob_s2; + JPAKE_STEP3A alice_s3a; + JPAKE_STEP3B bob_s3b; + + /* Alice -> Bob: step 1 */ + puts("A->B s1"); + JPAKE_STEP1_init(&alice_s1); + JPAKE_STEP1_generate(&alice_s1, alice); + if(!JPAKE_STEP1_process(bob, &alice_s1)) + { + printf("Bob fails to process Alice's step 1\n"); + ERR_print_errors_fp(stdout); + return 1; + } + JPAKE_STEP1_release(&alice_s1); + + /* Bob -> Alice: step 1 */ + puts("B->A s1"); + JPAKE_STEP1_init(&bob_s1); + JPAKE_STEP1_generate(&bob_s1, bob); + if(!JPAKE_STEP1_process(alice, &bob_s1)) + { + printf("Alice fails to process Bob's step 1\n"); + ERR_print_errors_fp(stdout); + return 2; + } + JPAKE_STEP1_release(&bob_s1); + + /* Alice -> Bob: step 2 */ + puts("A->B s2"); + JPAKE_STEP2_init(&alice_s2); + JPAKE_STEP2_generate(&alice_s2, alice); + if(!JPAKE_STEP2_process(bob, &alice_s2)) + { + printf("Bob fails to process Alice's step 2\n"); + ERR_print_errors_fp(stdout); + return 3; + } + JPAKE_STEP2_release(&alice_s2); + + /* Bob -> Alice: step 2 */ + puts("B->A s2"); + JPAKE_STEP2_init(&bob_s2); + JPAKE_STEP2_generate(&bob_s2, bob); + if(!JPAKE_STEP2_process(alice, &bob_s2)) + { + printf("Alice fails to process Bob's step 2\n"); + ERR_print_errors_fp(stdout); + return 4; + } + JPAKE_STEP2_release(&bob_s2); + + showbn("Alice's key", JPAKE_get_shared_key(alice)); + showbn("Bob's key ", JPAKE_get_shared_key(bob)); + + /* Alice -> Bob: step 3a */ + puts("A->B s3a"); + JPAKE_STEP3A_init(&alice_s3a); + JPAKE_STEP3A_generate(&alice_s3a, alice); + if(!JPAKE_STEP3A_process(bob, &alice_s3a)) + { + printf("Bob fails to process Alice's step 3a\n"); + ERR_print_errors_fp(stdout); + return 5; + } + JPAKE_STEP3A_release(&alice_s3a); + + /* Bob -> Alice: step 3b */ + puts("B->A s3b"); + JPAKE_STEP3B_init(&bob_s3b); + JPAKE_STEP3B_generate(&bob_s3b, bob); + if(!JPAKE_STEP3B_process(alice, &bob_s3b)) + { + printf("Alice fails to process Bob's step 3b\n"); + ERR_print_errors_fp(stdout); + return 6; + } + JPAKE_STEP3B_release(&bob_s3b); + + return 0; + } + +int main(int argc, char **argv) + { + JPAKE_CTX *alice; + JPAKE_CTX *bob; + BIGNUM *p = NULL; + BIGNUM *g = NULL; + BIGNUM *q = NULL; + BIGNUM *secret = BN_new(); + BIO *bio_err; + + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + ERR_load_crypto_strings(); + + /* + BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); + BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); + BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5"); + */ + /* + p = BN_new(); + BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL); + */ + /* Use a safe prime for p (that we found earlier) */ + BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); + showbn("p", p); + g = BN_new(); + BN_set_word(g, 2); + showbn("g", g); + q = BN_new(); + BN_rshift1(q, p); + showbn("q", q); + + BN_rand(secret, 32, -1, 0); + + /* A normal run, expect this to work... */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if(run_jpake(alice, bob) != 0) + { + fprintf(stderr, "Plain JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + /* Now give Alice and Bob different secrets */ + alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret); + BN_add_word(secret, 1); + bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret); + + if(run_jpake(alice, bob) != 5) + { + fprintf(stderr, "Mismatched secret JPAKE run failed\n"); + return 1; + } + + JPAKE_CTX_free(bob); + JPAKE_CTX_free(alice); + + BN_free(secret); + BN_free(q); + BN_free(g); + BN_free(p); + + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + ERR_free_strings(); + CRYPTO_mem_leaks(bio_err); + + return 0; + } + +#endif diff --git a/src/lib/libssl/src/crypto/o_init.c b/src/lib/libssl/src/crypto/o_init.c new file mode 100644 index 0000000000..00ed65a6cf --- /dev/null +++ b/src/lib/libssl/src/crypto/o_init.c @@ -0,0 +1,86 @@ +/* o_init.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +/* Perform any essential OpenSSL initialization operations. + * Currently only sets FIPS callbacks + */ + +void OPENSSL_init(void) + { +#ifdef OPENSSL_FIPS + static int done = 0; + if (!done) + { + int_ERR_lib_init(); +#ifdef CRYPTO_MDEBUG + CRYPTO_malloc_debug_init(); +#endif +#ifdef OPENSSL_ENGINE + int_EVP_MD_init_engine_callbacks(); + int_EVP_CIPHER_init_engine_callbacks(); + int_RAND_init_engine_callbacks(); +#endif + done = 1; + } +#endif + } + + diff --git a/src/lib/libssl/src/crypto/pqueue/Makefile b/src/lib/libssl/src/crypto/pqueue/Makefile index d0c39d25ce..36bfc349aa 100644 --- a/src/lib/libssl/src/crypto/pqueue/Makefile +++ b/src/lib/libssl/src/crypto/pqueue/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl index 2d47320485..00c6fa28aa 100755 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl @@ -359,6 +359,8 @@ ___ $code =~ s/#([bwd])/$1/gm; +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne ""); + print $code; close STDOUT; diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pss.c b/src/lib/libssl/src/crypto/rsa/rsa_pss.c index e19d18c5b9..9b993aca49 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_pss.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_pss.c @@ -1,5 +1,5 @@ /* rsa_pss.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ /* ==================================================================== @@ -81,7 +81,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX ctx; unsigned char H_[EVP_MAX_MD_SIZE]; - hLen = EVP_MD_size(Hash); + hLen = M_EVP_MD_size(Hash); /* * Negative sLen has special meanings: * -1 sLen == hLen @@ -176,7 +176,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, unsigned char *H, *salt = NULL, *p; EVP_MD_CTX ctx; - hLen = EVP_MD_size(Hash); + hLen = M_EVP_MD_size(Hash); /* * Negative sLen has special meanings: * -1 sLen == hLen diff --git a/src/lib/libssl/src/crypto/rsa/rsa_x931.c b/src/lib/libssl/src/crypto/rsa/rsa_x931.c index e918654176..21548e37ed 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_x931.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_x931.c @@ -1,5 +1,5 @@ /* rsa_x931.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/seed/Makefile b/src/lib/libssl/src/crypto/seed/Makefile index f9de27b288..ffaeb84218 100644 --- a/src/lib/libssl/src/crypto/seed/Makefile +++ b/src/lib/libssl/src/crypto/seed/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/sha/sha256.c b/src/lib/libssl/src/crypto/sha/sha256.c index 867f90cc97..3256a83e98 100644 --- a/src/lib/libssl/src/crypto/sha/sha256.c +++ b/src/lib/libssl/src/crypto/sha/sha256.c @@ -12,12 +12,19 @@ #include #include +#ifdef OPENSSL_FIPS +#include +#endif + #include const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; int SHA224_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; @@ -29,6 +36,9 @@ int SHA224_Init (SHA256_CTX *c) int SHA256_Init (SHA256_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; diff --git a/src/lib/libssl/src/crypto/sha/sha512.c b/src/lib/libssl/src/crypto/sha/sha512.c index 987fc07c99..f5ed468b85 100644 --- a/src/lib/libssl/src/crypto/sha/sha512.c +++ b/src/lib/libssl/src/crypto/sha/sha512.c @@ -5,6 +5,10 @@ * ==================================================================== */ #include +#ifdef OPENSSL_FIPS +#include +#endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /* * IMPLEMENTATION NOTES. @@ -61,6 +65,9 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; int SHA384_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0xcbbb9d5dc1059ed8); c->h[1]=U64(0x629a292a367cd507); c->h[2]=U64(0x9159015a3070dd17); @@ -76,6 +83,9 @@ int SHA384_Init (SHA512_CTX *c) int SHA512_Init (SHA512_CTX *c) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif c->h[0]=U64(0x6a09e667f3bcc908); c->h[1]=U64(0xbb67ae8584caa73b); c->h[2]=U64(0x3c6ef372fe94f82b); @@ -327,7 +337,7 @@ static const SHA_LONG64 K512[80] = { ((SHA_LONG64)hi)<<32|lo; }) # else # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ + unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ diff --git a/src/lib/libssl/src/crypto/store/Makefile b/src/lib/libssl/src/crypto/store/Makefile index 0dcfd7857a..c9f5d001a3 100644 --- a/src/lib/libssl/src/crypto/store/Makefile +++ b/src/lib/libssl/src/crypto/store/Makefile @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -89,14 +89,14 @@ str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h -str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -str_lib.o: str_lib.c str_locl.h +str_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +str_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +str_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +str_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +str_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +str_lib.o: ../../include/openssl/stack.h ../../include/openssl/store.h +str_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +str_lib.o: ../../include/openssl/x509_vfy.h str_lib.c str_locl.h str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libssl/src/crypto/x509/x509_vpm.c b/src/lib/libssl/src/crypto/x509/x509_vpm.c index e9db6d62a7..c92e65936f 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vpm.c +++ b/src/lib/libssl/src/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* x509_vpm.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_cache.c b/src/lib/libssl/src/crypto/x509v3/pcy_cache.c index c18beb89f5..1030931b71 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_cache.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_cache.c @@ -1,5 +1,5 @@ /* pcy_cache.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_data.c b/src/lib/libssl/src/crypto/x509v3/pcy_data.c index 614d2b4935..fb392b901f 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_data.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* pcy_data.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== @@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) X509_POLICY_DATA *ret; if (!policy && !id) return NULL; + if (id) + { + id = OBJ_dup(id); + if (!id) + return NULL; + } ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); if (!ret) return NULL; @@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) if (!ret->expected_policy_set) { OPENSSL_free(ret); + if (id) + ASN1_OBJECT_free(id); return NULL; } diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_int.h b/src/lib/libssl/src/crypto/x509v3/pcy_int.h index ba62a209da..3780de4fcd 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_int.h +++ b/src/lib/libssl/src/crypto/x509v3/pcy_int.h @@ -1,5 +1,5 @@ /* pcy_int.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_lib.c b/src/lib/libssl/src/crypto/x509v3/pcy_lib.c index dae4840bc5..93bfd92703 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_lib.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_lib.c @@ -1,5 +1,5 @@ /* pcy_lib.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_map.c b/src/lib/libssl/src/crypto/x509v3/pcy_map.c index 35221e8ba8..f28796e6d4 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_map.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_map.c @@ -1,5 +1,5 @@ /* pcy_map.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_node.c b/src/lib/libssl/src/crypto/x509v3/pcy_node.c index dcc1554e29..6587cb05ab 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_node.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_node.c @@ -1,5 +1,5 @@ /* pcy_node.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c index 4fda1d419a..6c87a7f506 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -1,5 +1,5 @@ /* pcy_tree.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== @@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, ret = 2; if (explicit_policy > 0) { - explicit_policy--; - if (!(x->ex_flags & EXFLAG_SS) - && (cache->explicit_skip != -1) + if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) explicit_policy = cache->explicit_skip; } @@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Any matching allowed if certificate is self * issued and not the last in the chain. */ - if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) level->flags |= X509_V_FLAG_INHIBIT_ANY; } else { - any_skip--; - if ((cache->any_skip > 0) + if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; + if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) any_skip = cache->any_skip; } @@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, else { map_skip--; - if ((cache->map_skip > 0) + if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) map_skip = cache->map_skip; } @@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, if (data == NULL) return 0; - data->qualifier_set = curr->anyPolicy->data->qualifier_set; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; if (!level_add_node(curr, data, node, tree)) { diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c index ed9847b307..a37f844d3c 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c @@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, return NULL; switch (afi) { case IANA_AFI_IPV4: - sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); break; case IANA_AFI_IPV6: - sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); + (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); break; } f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; @@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, if (!make_addressRange(&merged, a_min, b_max, length)) return 0; sk_IPAddressOrRange_set(aors, i, merged); - sk_IPAddressOrRange_delete(aors, i + 1); + (void)sk_IPAddressOrRange_delete(aors, i + 1); IPAddressOrRange_free(a); IPAddressOrRange_free(b); --i; @@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) v3_addr_get_afi(f))) return 0; } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); assert(v3_addr_is_canonical(addr)); return 1; @@ -1122,7 +1123,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) return 1; if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) return 0; - sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); @@ -1183,7 +1184,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } if (!v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); - sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); ret = 0; @@ -1209,7 +1210,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, } continue; } - sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); + (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); diff --git a/src/lib/libssl/src/crypto/x509v3/v3_asid.c b/src/lib/libssl/src/crypto/x509v3/v3_asid.c index 271930f967..abd497ed1f 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_asid.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_asid.c @@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) break; } ASIdOrRange_free(b); - sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); + (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); i--; continue; } diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c index 42e7f5a879..4e706be3e1 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* v3_ncons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c index 13248c2ada..86c0ff70e6 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_pcons.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_pcons.c @@ -1,5 +1,5 @@ /* v3_pcons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c index 626303264f..da03bbc35d 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_pmaps.c @@ -1,5 +1,5 @@ /* v3_pmaps.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile index 88f8390d0e..002d40c964 100644 --- a/src/lib/libssl/src/engines/Makefile +++ b/src/lib/libssl/src/engines/Makefile @@ -20,7 +20,7 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec +LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi LIBSRC= e_4758cca.c \ e_aep.c \ @@ -30,7 +30,8 @@ LIBSRC= e_4758cca.c \ e_chil.c \ e_nuron.c \ e_sureware.c \ - e_ubsec.c + e_ubsec.c \ + e_capi.c LIBOBJ= e_4758cca.o \ e_aep.o \ e_atalla.o \ @@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \ e_chil.o \ e_nuron.o \ e_sureware.o \ - e_ubsec.o + e_ubsec.o \ + e_capi.o SRC= $(LIBSRC) @@ -52,7 +54,8 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \ e_chil_err.c e_chil_err.h \ e_nuron_err.c e_nuron_err.h \ e_sureware_err.c e_sureware_err.h \ - e_ubsec_err.c e_ubsec_err.h + e_ubsec_err.c e_ubsec_err.h \ + e_capi_err.c e_capi_err.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -143,38 +146,61 @@ e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h -e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h -e_4758cca.o: vendor_defns/hw_4758_cca.h +e_4758cca.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_4758cca.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c +e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h -e_aep.o: vendor_defns/aep.h +e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_aep.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_aep.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_aep.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_aep.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c +e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c -e_atalla.o: e_atalla_err.h vendor_defns/atalla.h +e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_atalla.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_atalla.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_atalla.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_atalla.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c +e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h +e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_capi.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -182,42 +208,63 @@ e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h -e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h -e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h -e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c -e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h +e_chil.o: ../include/openssl/fips.h ../include/openssl/lhash.h +e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h +e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h +e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h +e_chil.o: vendor_defns/hwcryptohook.h e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_cswift.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_cswift.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_cswift.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c -e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h -e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h -e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c +e_cswift.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_cswift.o: ../include/openssl/x509_vfy.h e_cswift.c e_cswift_err.c +e_cswift.o: e_cswift_err.h vendor_defns/cswift.h +e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h +e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h +e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +e_gmp.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_gmp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_gmp.c e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h +e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_nuron.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_nuron.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_nuron.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_nuron.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c +e_nuron.o: e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -225,25 +272,30 @@ e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h -e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h -e_sureware.o: vendor_defns/sureware.h +e_sureware.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h +e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_sureware.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c +e_sureware.o: e_sureware_err.h vendor_defns/sureware.h e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h -e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h -e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h -e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h -e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h -e_ubsec.o: vendor_defns/hw_ubsec.h +e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_ubsec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_ubsec.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_ubsec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c +e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h diff --git a/src/lib/libssl/src/engines/e_aep.c b/src/lib/libssl/src/engines/e_aep.c index ffdc354cdc..e24e4b424e 100644 --- a/src/lib/libssl/src/engines/e_aep.c +++ b/src/lib/libssl/src/engines/e_aep.c @@ -867,10 +867,12 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); -#ifndef NETWARE_CLIB - curr_pid = getpid(); -#else +#ifdef NETWARE_CLIB curr_pid = GetThreadID(); +#elif defined(_WIN32) + curr_pid = _getpid(); +#else + curr_pid = getpid(); #endif /*Check if this is the first time this is being called from the current diff --git a/src/lib/libssl/src/engines/e_chil.c b/src/lib/libssl/src/engines/e_chil.c index 26108caa64..e1847622ea 100644 --- a/src/lib/libssl/src/engines/e_chil.c +++ b/src/lib/libssl/src/engines/e_chil.c @@ -1,6 +1,6 @@ /* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */ /* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe - * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com) + * (geoff@geoffthorpe.net) and Dr Stephen N Henson (steve@openssl.org) * for the OpenSSL project 2000. */ /* ==================================================================== @@ -164,11 +164,11 @@ static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { ENGINE_CMD_FLAG_STRING}, {HWCRHK_CMD_FORK_CHECK, "FORK_CHECK", - "Turns fork() checking on or off (boolean)", + "Turns fork() checking on (non-zero) or off (zero)", ENGINE_CMD_FLAG_NUMERIC}, {HWCRHK_CMD_THREAD_LOCKING, "THREAD_LOCKING", - "Turns thread-safe locking on or off (boolean)", + "Turns thread-safe locking on (zero) or off (non-zero)", ENGINE_CMD_FLAG_NUMERIC}, {HWCRHK_CMD_SET_USER_INTERFACE, "SET_USER_INTERFACE", @@ -589,12 +589,6 @@ static int hwcrhk_init(ENGINE *e) hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; } - else if (CRYPTO_get_locking_callback() != NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING); - ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); - goto err; - } } /* Try and get a context - if not, we may have a DSO but no diff --git a/src/lib/libssl/src/engines/e_chil_err.c b/src/lib/libssl/src/engines/e_chil_err.c index 3fec95a272..c5983b2fd5 100644 --- a/src/lib/libssl/src/engines/e_chil_err.c +++ b/src/lib/libssl/src/engines/e_chil_err.c @@ -90,7 +90,6 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]= {ERR_REASON(HWCRHK_R_CHIL_ERROR) ,"chil error"}, {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, {ERR_REASON(HWCRHK_R_DSO_FAILURE) ,"dso failure"}, -{ERR_REASON(HWCRHK_R_LOCKING_MISSING) ,"locking missing"}, {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"}, {ERR_REASON(HWCRHK_R_NOT_INITIALISED) ,"not initialised"}, {ERR_REASON(HWCRHK_R_NOT_LOADED) ,"not loaded"}, diff --git a/src/lib/libssl/src/engines/e_chil_err.h b/src/lib/libssl/src/engines/e_chil_err.h index 051854950a..3c42a02393 100644 --- a/src/lib/libssl/src/engines/e_chil_err.h +++ b/src/lib/libssl/src/engines/e_chil_err.h @@ -88,7 +88,6 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line); #define HWCRHK_R_CHIL_ERROR 102 #define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 #define HWCRHK_R_DSO_FAILURE 104 -#define HWCRHK_R_LOCKING_MISSING 114 #define HWCRHK_R_MISSING_KEY_COMPONENTS 105 #define HWCRHK_R_NOT_INITIALISED 106 #define HWCRHK_R_NOT_LOADED 107 diff --git a/src/lib/libssl/src/engines/e_gmp.c b/src/lib/libssl/src/engines/e_gmp.c index e62e6fcd07..a1a2d2bda6 100644 --- a/src/lib/libssl/src/engines/e_gmp.c +++ b/src/lib/libssl/src/engines/e_gmp.c @@ -451,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) } #endif +#endif /* !OPENSSL_NO_GMP */ + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ -#ifndef ENGINE_NO_DYNAMIC_SUPPORT +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +IMPLEMENT_DYNAMIC_CHECK_FN() +#ifndef OPENSSL_NO_GMP static int bind_fn(ENGINE *e, const char *id) { if(id && (strcmp(id, engine_e_gmp_id) != 0)) @@ -462,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id) return 0; return 1; } -IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ +#else +OPENSSL_EXPORT +int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; } +#endif +#endif /* OPENSSL_NO_DYNAMIC_ENGINE */ -#endif /* !OPENSSL_NO_GMP */ #endif /* !OPENSSL_NO_HW */ - diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c index 5e59dc845a..49c6760d19 100644 --- a/src/lib/libssl/src/ssl/d1_clnt.c +++ b/src/lib/libssl/src/ssl/d1_clnt.c @@ -1095,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s) * ssl->rwstate=SSL_X509_LOOKUP; return(-1); * We then get retied later */ i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); + i = ssl_do_client_cert_cb(s, &x509, &pkey); if (i < 0) { s->rwstate=SSL_X509_LOOKUP; diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c index cbff7495c5..cf3332e4e4 100644 --- a/src/lib/libssl/src/ssl/d1_enc.c +++ b/src/lib/libssl/src/ssl/d1_enc.c @@ -115,12 +115,16 @@ #include #include "ssl_locl.h" +#ifndef OPENSSL_NO_COMP #include +#endif #include #include #include #include - +#ifdef KSSL_DEBUG +#include +#endif int dtls1_enc(SSL *s, int send) { @@ -202,10 +206,11 @@ int dtls1_enc(SSL *s, int send) { unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", + (void *)ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, + (unsigned long)DES_KEY_SZ, + (unsigned long)DES_SCHEDULE_SZ, ds->cipher->iv_len); printf("\t\tIV: "); for (i=0; icipher->iv_len; i++) printf("%02X", ds->iv[i]); @@ -230,10 +235,10 @@ int dtls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { - unsigned long i; + unsigned long ki; printf("\trec->data="); - for (i=0; idata[i]); printf("\n"); + for (ki=0; kidata[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c index fc088b4148..3568e97a87 100644 --- a/src/lib/libssl/src/ssl/d1_lib.c +++ b/src/lib/libssl/src/ssl/d1_lib.c @@ -106,6 +106,7 @@ int dtls1_new(SSL *s) pq_64bit_init(&(d1->bitmap.map)); pq_64bit_init(&(d1->bitmap.max_seq_num)); + d1->next_bitmap.length = d1->bitmap.length; pq_64bit_init(&(d1->next_bitmap.map)); pq_64bit_init(&(d1->next_bitmap.max_seq_num)); diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c index 377696deac..eb56cf987b 100644 --- a/src/lib/libssl/src/ssl/d1_pkt.c +++ b/src/lib/libssl/src/ssl/d1_pkt.c @@ -597,6 +597,7 @@ again: /* check whether this is a repeat, or aged record */ if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { + rr->length = 0; s->packet_length=0; /* dump this record */ goto again; /* get another record */ } @@ -811,6 +812,14 @@ start: * may be fragmented--don't always expect dest_maxlen bytes */ if ( rr->length < dest_maxlen) { +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + /* + * for normal alerts rr->length is 2, while + * dest_maxlen is 7 if we were to handle this + * non-existing alert... + */ + FIX ME +#endif s->rstate=SSL_ST_READ_HEADER; rr->length = 0; goto start; @@ -1251,7 +1260,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len) else s->s3->wnum += i; - return tot + i; + return i; } int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) @@ -1576,7 +1585,7 @@ int dtls1_dispatch_alert(SSL *s) { int i,j; void (*cb)(const SSL *ssl,int type,int val)=NULL; - unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; unsigned char *ptr = &buf[0]; s->s3->alert_dispatch=0; @@ -1585,6 +1594,7 @@ int dtls1_dispatch_alert(SSL *s) *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) { s2n(s->d1->handshake_read_seq, ptr); @@ -1600,6 +1610,7 @@ int dtls1_dispatch_alert(SSL *s) #endif l2n3(s->d1->r_msg_hdr.frag_off, ptr); } +#endif i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); if (i <= 0) @@ -1609,8 +1620,11 @@ int dtls1_dispatch_alert(SSL *s) } else { - if ( s->s3->send_alert[0] == SSL3_AL_FATAL || - s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) + if (s->s3->send_alert[0] == SSL3_AL_FATAL +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE + || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +#endif + ) (void)BIO_flush(s->wbio); if (s->msg_callback) diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 927b01f3c4..0bbf8ae7f3 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c @@ -732,7 +732,7 @@ int dtls1_send_server_hello(SSL *s) d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); - s->state=SSL3_ST_CW_CLNT_HELLO_B; + s->state=SSL3_ST_SW_SRVR_HELLO_B; /* number of bytes to write */ s->init_num=p-buf; s->init_off=0; @@ -741,7 +741,7 @@ int dtls1_send_server_hello(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_HELLO_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } @@ -765,7 +765,7 @@ int dtls1_send_server_done(SSL *s) dtls1_buffer_message(s, 0); } - /* SSL3_ST_CW_CLNT_HELLO_B */ + /* SSL3_ST_SW_SRVR_DONE_B */ return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); } diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h index a663cf85f2..f159d37110 100644 --- a/src/lib/libssl/src/ssl/dtls1.h +++ b/src/lib/libssl/src/ssl/dtls1.h @@ -70,7 +70,10 @@ extern "C" { #define DTLS1_VERSION 0xFEFF #define DTLS1_BAD_VER 0x0100 +#if 0 +/* this alert description is not specified anywhere... */ #define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +#endif /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 32 @@ -84,7 +87,11 @@ extern "C" { #define DTLS1_CCS_HEADER_LENGTH 1 +#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE #define DTLS1_AL_HEADER_LENGTH 7 +#else +#define DTLS1_AL_HEADER_LENGTH 2 +#endif typedef struct dtls1_bitmap_st diff --git a/src/lib/libssl/src/test/igetest.c b/src/lib/libssl/src/test/igetest.c index 95452d0965..a2578d09c5 100644 --- a/src/lib/libssl/src/test/igetest.c +++ b/src/lib/libssl/src/test/igetest.c @@ -190,7 +190,7 @@ static struct bi_ige_test const bi_ige_test_vectors[] = { static int run_test_vectors(void) { - int n; + unsigned int n; int errs = 0; for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n) @@ -292,7 +292,7 @@ int main(int argc, char **argv) unsigned char iv[AES_BLOCK_SIZE*4]; unsigned char saved_iv[AES_BLOCK_SIZE*4]; int err = 0; - int n; + unsigned int n; unsigned matches; assert(BIG_TEST_SIZE >= TEST_SIZE); diff --git a/src/lib/libssl/src/util/copy.pl b/src/lib/libssl/src/util/copy.pl index e20b45530a..eba6d5815e 100644 --- a/src/lib/libssl/src/util/copy.pl +++ b/src/lib/libssl/src/util/copy.pl @@ -8,9 +8,16 @@ use Fcntl; # Perl script 'copy' comment. On Windows the built in "copy" command also # copies timestamps: this messes up Makefile dependencies. +my $stripcr = 0; + my $arg; foreach $arg (@ARGV) { + if ($arg eq "-stripcr") + { + $stripcr = 1; + next; + } $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob... foreach (glob $arg) { @@ -49,6 +56,10 @@ foreach (@filelist) || die "Can't Open $dfile"; while (sysread IN, $buf, 10240) { + if ($stripcr) + { + $buf =~ tr/\015//d; + } syswrite(OUT, $buf, length($buf)); } close(IN); diff --git a/src/lib/libssl/test/igetest.c b/src/lib/libssl/test/igetest.c index 95452d0965..a2578d09c5 100644 --- a/src/lib/libssl/test/igetest.c +++ b/src/lib/libssl/test/igetest.c @@ -190,7 +190,7 @@ static struct bi_ige_test const bi_ige_test_vectors[] = { static int run_test_vectors(void) { - int n; + unsigned int n; int errs = 0; for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n) @@ -292,7 +292,7 @@ int main(int argc, char **argv) unsigned char iv[AES_BLOCK_SIZE*4]; unsigned char saved_iv[AES_BLOCK_SIZE*4]; int err = 0; - int n; + unsigned int n; unsigned matches; assert(BIG_TEST_SIZE >= TEST_SIZE); -- cgit v1.2.3-55-g6feb