From 2a6851ef8adb0e84ff2515493d3704a13c6256b0 Mon Sep 17 00:00:00 2001 From: markus <> Date: Thu, 5 Sep 2002 22:45:21 +0000 Subject: import openssl-0.9.7-beta3 --- src/lib/libcrypto/asn1/a_utctm.c | 3 +- src/lib/libcrypto/bn/bntest.c | 2 +- src/lib/libcrypto/des/des_old.h | 4 +- src/lib/libcrypto/des/read_pwd.c | 2 +- src/lib/libcrypto/ebcdic.c | 4 +- src/lib/libcrypto/ec/ectest.c | 6 +- src/lib/libcrypto/engine/hw_4758_cca.c | 29 +- src/lib/libcrypto/engine/hw_aep.c | 28 +- src/lib/libcrypto/engine/hw_atalla.c | 27 +- src/lib/libcrypto/engine/hw_cswift.c | 43 +- src/lib/libcrypto/engine/hw_ncipher.c | 33 +- src/lib/libcrypto/engine/hw_nuron.c | 27 +- src/lib/libcrypto/engine/hw_ubsec.c | 26 +- src/lib/libcrypto/evp/evp_test.c | 4 +- src/lib/libcrypto/objects/obj_dat.h | 797 ++++++++++++++++++++- src/lib/libcrypto/objects/obj_mac.h | 551 ++++++++++++++ src/lib/libcrypto/perlasm/x86nasm.pl | 2 +- src/lib/libcrypto/pkcs7/verify.c | 5 +- src/lib/libcrypto/rand/rand_egd.c | 2 +- src/lib/libcrypto/rand/rand_unix.c | 2 + src/lib/libcrypto/symhacks.h | 2 +- src/lib/libcrypto/util/dirname.pl | 18 + src/lib/libcrypto/util/domd | 4 +- src/lib/libcrypto/util/libeay.num | 30 +- src/lib/libcrypto/util/mk1mf.pl | 2 +- src/lib/libcrypto/util/mkdef.pl | 50 +- src/lib/libcrypto/util/mklink.pl | 15 +- src/lib/libcrypto/util/pl/BC-32.pl | 42 +- src/lib/libcrypto/util/pl/OS2-EMX.pl | 79 +- src/lib/libcrypto/util/pl/VC-32.pl | 36 +- src/lib/libcrypto/util/pod2mantest | 7 +- src/lib/libcrypto/util/point.sh | 6 +- src/lib/libssl/src/CHANGES | 133 +++- src/lib/libssl/src/Configure | 70 +- src/lib/libssl/src/FAQ | 79 +- src/lib/libssl/src/INSTALL | 16 +- src/lib/libssl/src/INSTALL.DJGPP | 32 + src/lib/libssl/src/INSTALL.OS2 | 9 + src/lib/libssl/src/INSTALL.W32 | 36 +- src/lib/libssl/src/Makefile.org | 40 +- src/lib/libssl/src/NEWS | 15 +- src/lib/libssl/src/PROBLEMS | 88 +-- src/lib/libssl/src/README | 19 +- src/lib/libssl/src/README.ENGINE | 8 +- src/lib/libssl/src/apps/CA.pl | 2 +- src/lib/libssl/src/apps/apps.c | 21 +- src/lib/libssl/src/apps/apps.h | 8 +- src/lib/libssl/src/apps/ca.c | 10 +- src/lib/libssl/src/apps/dgst.c | 56 +- src/lib/libssl/src/apps/enc.c | 2 +- src/lib/libssl/src/apps/nseq.c | 2 +- src/lib/libssl/src/apps/ocsp.c | 20 +- src/lib/libssl/src/apps/openssl.c | 2 +- src/lib/libssl/src/apps/pkcs7.c | 2 +- src/lib/libssl/src/apps/s_client.c | 10 +- src/lib/libssl/src/apps/s_server.c | 10 +- src/lib/libssl/src/apps/s_time.c | 6 +- src/lib/libssl/src/apps/x509.c | 2 + src/lib/libssl/src/config | 31 +- src/lib/libssl/src/crypto/aes/aes_locl.h | 3 - src/lib/libssl/src/crypto/asn1/a_strex.c | 11 +- src/lib/libssl/src/crypto/asn1/a_utctm.c | 3 +- src/lib/libssl/src/crypto/asn1/asn1.h | 1 + src/lib/libssl/src/crypto/asn1/asn1_lib.c | 11 +- src/lib/libssl/src/crypto/asn1/n_pkey.c | 4 + src/lib/libssl/src/crypto/asn1/t_pkey.c | 88 ++- src/lib/libssl/src/crypto/bio/b_sock.c | 4 + src/lib/libssl/src/crypto/bio/bio.h | 3 + src/lib/libssl/src/crypto/bio/bio_err.c | 1 + src/lib/libssl/src/crypto/bio/bss_file.c | 6 + src/lib/libssl/src/crypto/bn/bn_lib.c | 6 + src/lib/libssl/src/crypto/bn/bn_mul.c | 2 +- src/lib/libssl/src/crypto/bn/bntest.c | 2 +- src/lib/libssl/src/crypto/conf/conf.h | 8 +- src/lib/libssl/src/crypto/conf/conf_def.c | 3 +- src/lib/libssl/src/crypto/conf/conf_lib.c | 5 +- src/lib/libssl/src/crypto/conf/conf_mod.c | 2 +- src/lib/libssl/src/crypto/cryptlib.c | 8 + src/lib/libssl/src/crypto/cryptlib.h | 8 + src/lib/libssl/src/crypto/des/des_old.h | 4 +- src/lib/libssl/src/crypto/des/read_pwd.c | 2 +- src/lib/libssl/src/crypto/ebcdic.c | 4 +- src/lib/libssl/src/crypto/ec/ectest.c | 6 +- src/lib/libssl/src/crypto/engine/eng_cnf.c | 2 +- src/lib/libssl/src/crypto/engine/eng_dyn.c | 24 +- src/lib/libssl/src/crypto/engine/eng_fat.c | 2 +- src/lib/libssl/src/crypto/engine/hw_4758_cca.c | 29 +- src/lib/libssl/src/crypto/engine/hw_aep.c | 28 +- src/lib/libssl/src/crypto/engine/hw_atalla.c | 27 +- src/lib/libssl/src/crypto/engine/hw_cswift.c | 43 +- src/lib/libssl/src/crypto/engine/hw_ncipher.c | 33 +- src/lib/libssl/src/crypto/engine/hw_nuron.c | 27 +- src/lib/libssl/src/crypto/engine/hw_ubsec.c | 26 +- src/lib/libssl/src/crypto/err/err.c | 1 + src/lib/libssl/src/crypto/err/err.h | 1 + src/lib/libssl/src/crypto/evp/c_all.c | 2 + src/lib/libssl/src/crypto/evp/evp.h | 56 ++ src/lib/libssl/src/crypto/evp/evp_pbe.c | 2 +- src/lib/libssl/src/crypto/evp/evp_test.c | 4 +- src/lib/libssl/src/crypto/evp/p5_crpt.c | 2 +- src/lib/libssl/src/crypto/evp/p5_crpt2.c | 2 +- src/lib/libssl/src/crypto/objects/obj_dat.c | 2 +- src/lib/libssl/src/crypto/objects/obj_dat.h | 797 ++++++++++++++++++++- src/lib/libssl/src/crypto/objects/obj_mac.h | 551 ++++++++++++++ src/lib/libssl/src/crypto/objects/obj_mac.num | 138 ++++ src/lib/libssl/src/crypto/objects/objects.txt | 148 ++++ src/lib/libssl/src/crypto/opensslv.h | 4 +- src/lib/libssl/src/crypto/pem/pem2.h | 2 + src/lib/libssl/src/crypto/pem/pem_pkey.c | 1 + src/lib/libssl/src/crypto/perlasm/x86asm.pl | 6 + src/lib/libssl/src/crypto/perlasm/x86nasm.pl | 2 +- src/lib/libssl/src/crypto/pkcs12/pkcs12.h | 4 +- src/lib/libssl/src/crypto/pkcs7/verify.c | 5 +- src/lib/libssl/src/crypto/rand/rand.h | 5 + src/lib/libssl/src/crypto/rand/rand_egd.c | 2 +- src/lib/libssl/src/crypto/rand/rand_unix.c | 2 + src/lib/libssl/src/crypto/rsa/rsa.h | 3 + src/lib/libssl/src/crypto/symhacks.h | 2 +- src/lib/libssl/src/crypto/ui/ui_openssl.c | 2 +- src/lib/libssl/src/crypto/ui/ui_util.c | 7 +- src/lib/libssl/src/crypto/x509v3/ext_dat.h | 4 +- src/lib/libssl/src/crypto/x509v3/v3_info.c | 1 + src/lib/libssl/src/doc/apps/ciphers.pod | 24 + src/lib/libssl/src/doc/apps/crl2pkcs7.pod | 5 +- src/lib/libssl/src/doc/crypto/BN_rand.pod | 2 +- src/lib/libssl/src/doc/crypto/BN_zero.pod | 3 + .../libssl/src/doc/crypto/DH_get_ex_new_index.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod | 11 +- src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod | 5 + src/lib/libssl/src/doc/crypto/EVP_SignInit.pod | 4 +- src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod | 2 +- src/lib/libssl/src/doc/crypto/RSA_check_key.pod | 32 +- src/lib/libssl/src/doc/crypto/err.pod | 2 +- src/lib/libssl/src/doc/crypto/hmac.pod | 3 + src/lib/libssl/src/doc/crypto/lhash.pod | 5 + src/lib/libssl/src/doc/crypto/rsa.pod | 2 +- .../src/doc/ssl/SSL_CTX_sess_set_cache_size.pod | 4 +- .../libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod | 2 +- .../libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod | 2 +- .../src/doc/ssl/SSL_CTX_set_client_cert_cb.pod | 50 +- src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | 19 +- src/lib/libssl/src/doc/ssl/SSL_accept.pod | 1 + src/lib/libssl/src/doc/ssl/SSL_connect.pod | 1 + src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod | 75 ++ src/lib/libssl/src/doc/ssl/SSL_get_error.pod | 2 +- .../libssl/src/doc/ssl/SSL_set_connect_state.pod | 1 + src/lib/libssl/src/doc/ssl/SSL_write.pod | 3 + src/lib/libssl/src/doc/ssl/ssl.pod | 1 + src/lib/libssl/src/e_os.h | 12 +- src/lib/libssl/src/e_os2.h | 21 +- src/lib/libssl/src/install.com | 2 +- src/lib/libssl/src/ms/do_masm.bat | 20 +- src/lib/libssl/src/ms/do_nasm.bat | 21 +- src/lib/libssl/src/os2/OS2-EMX.cmd | 5 + src/lib/libssl/src/ssl/s23_clnt.c | 2 +- src/lib/libssl/src/ssl/s23_pkt.c | 2 +- src/lib/libssl/src/ssl/s23_srvr.c | 2 +- src/lib/libssl/src/ssl/s2_clnt.c | 8 + src/lib/libssl/src/ssl/s2_lib.c | 10 +- src/lib/libssl/src/ssl/s2_srvr.c | 14 + src/lib/libssl/src/ssl/s3_both.c | 2 +- src/lib/libssl/src/ssl/s3_clnt.c | 15 +- src/lib/libssl/src/ssl/s3_enc.c | 23 +- src/lib/libssl/src/ssl/s3_lib.c | 8 +- src/lib/libssl/src/ssl/s3_pkt.c | 2 +- src/lib/libssl/src/ssl/s3_srvr.c | 20 +- src/lib/libssl/src/ssl/ssl-lib.com | 2 +- src/lib/libssl/src/ssl/ssl.h | 46 +- src/lib/libssl/src/ssl/ssl_asn1.c | 4 +- src/lib/libssl/src/ssl/ssl_ciph.c | 15 +- src/lib/libssl/src/ssl/ssl_err.c | 4 +- src/lib/libssl/src/ssl/ssl_lib.c | 4 +- src/lib/libssl/src/ssl/ssl_locl.h | 15 +- src/lib/libssl/src/ssl/ssl_rsa.c | 2 +- src/lib/libssl/src/ssl/ssl_sess.c | 2 + src/lib/libssl/src/ssl/t1_clnt.c | 2 +- src/lib/libssl/src/ssl/t1_enc.c | 27 +- src/lib/libssl/src/ssl/t1_srvr.c | 2 +- src/lib/libssl/src/ssl/tls1.h | 31 +- src/lib/libssl/src/test/dummytest.c | 47 ++ src/lib/libssl/src/test/maketests.com | 30 +- src/lib/libssl/src/test/tcrl | 6 +- src/lib/libssl/src/test/testca | 6 +- src/lib/libssl/src/test/testgen | 6 +- src/lib/libssl/src/test/tpkcs7 | 6 +- src/lib/libssl/src/test/tpkcs7d | 6 +- src/lib/libssl/src/test/treq | 6 +- src/lib/libssl/src/test/trsa | 6 +- src/lib/libssl/src/test/tsid | 6 +- src/lib/libssl/src/test/tx509 | 6 +- src/lib/libssl/src/tools/c_rehash | 6 +- src/lib/libssl/src/tools/c_rehash.in | 4 +- src/lib/libssl/src/util/dirname.pl | 18 + src/lib/libssl/src/util/domd | 4 +- src/lib/libssl/src/util/libeay.num | 30 +- src/lib/libssl/src/util/mk1mf.pl | 2 +- src/lib/libssl/src/util/mkdef.pl | 50 +- src/lib/libssl/src/util/mklink.pl | 15 +- src/lib/libssl/src/util/pl/BC-32.pl | 42 +- src/lib/libssl/src/util/pl/OS2-EMX.pl | 79 +- src/lib/libssl/src/util/pl/VC-32.pl | 36 +- src/lib/libssl/src/util/pod2mantest | 7 +- src/lib/libssl/src/util/point.sh | 6 +- src/lib/libssl/test/dummytest.c | 47 ++ src/lib/libssl/test/maketests.com | 30 +- 205 files changed, 5180 insertions(+), 746 deletions(-) create mode 100644 src/lib/libcrypto/util/dirname.pl create mode 100644 src/lib/libssl/src/INSTALL.DJGPP create mode 100644 src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod create mode 100644 src/lib/libssl/src/test/dummytest.c create mode 100644 src/lib/libssl/src/util/dirname.pl create mode 100644 src/lib/libssl/test/dummytest.c diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c index ed2d827db2..dbb4a42c9d 100644 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ b/src/lib/libcrypto/asn1/a_utctm.c @@ -222,6 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { struct tm *tm; + struct tm data; int offset; int year; @@ -238,7 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) t -= offset*60; /* FIXME: may overflow in extreme cases */ - { struct tm data; tm = OPENSSL_gmtime(&t, &data); } + tm = OPENSSL_gmtime(&t, &data); #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c index 443cf420e5..8158a67374 100644 --- a/src/lib/libcrypto/bn/bntest.c +++ b/src/lib/libcrypto/bn/bntest.c @@ -925,7 +925,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) /* r := a^t mod b */ b->neg=0; - if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; /* XXX should be BN_mod_exp_recp, but ..._recp triggers a bug that must be fixed */ + if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; b->neg=1; if (BN_is_word(r, 1)) diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h index 3778f93c15..51b987422a 100644 --- a/src/lib/libcrypto/des/des_old.h +++ b/src/lib/libcrypto/des/des_old.h @@ -173,7 +173,7 @@ typedef struct _ossl_old_des_ks_struct DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ DES_crypt((b),(s)) -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) #define crypt(b,s)\ DES_crypt((b),(s)) #endif @@ -366,7 +366,7 @@ int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule _ossl_old_des_cblock *iv); char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); char *_ossl_old_des_crypt(const char *buf,const char *salt); -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#if !defined(PERL5) && !defined(NeXT) char *_ossl_old_crypt(const char *buf,const char *salt); #endif void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c index 00000190f8..9061935f21 100644 --- a/src/lib/libcrypto/des/read_pwd.c +++ b/src/lib/libcrypto/des/read_pwd.c @@ -246,7 +246,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, long status; unsigned short channel = 0; #else -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) TTY_STRUCT tty_orig,tty_new; #endif #endif diff --git a/src/lib/libcrypto/ebcdic.c b/src/lib/libcrypto/ebcdic.c index bc968ea807..d1bece87f7 100644 --- a/src/lib/libcrypto/ebcdic.c +++ b/src/lib/libcrypto/ebcdic.c @@ -211,8 +211,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) } #else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) +#include +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) static void *dummy=&dummy; #endif #endif diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c index 243cd83fb5..eab46cc080 100644 --- a/src/lib/libcrypto/ec/ectest.c +++ b/src/lib/libcrypto/ec/ectest.c @@ -75,8 +75,8 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur exit(1); \ } while (0) - -void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +#if 0 +static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { clock_t clck; int i, j; @@ -138,7 +138,7 @@ void timings(EC_GROUP *group, int multi, BN_CTX *ctx) BN_free(s); BN_free(s0); } - +#endif int main(int argc, char *argv[]) { diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c index 77d3d2ffdf..1053c52082 100644 --- a/src/lib/libcrypto/engine/hw_4758_cca.c +++ b/src/lib/libcrypto/engine/hw_4758_cca.c @@ -124,8 +124,24 @@ static F_RANDOMNUMBERGENERATE randomNumberGenerate; /* static variables */ /*------------------*/ -static const char def_CCA4758_LIB_NAME[] = CCA_LIB_NAME; -static const char *CCA4758_LIB_NAME = def_CCA4758_LIB_NAME; +static const char *CCA4758_LIB_NAME = NULL; +static const char *get_CCA4758_LIB_NAME(void) + { + if(CCA4758_LIB_NAME) + return CCA4758_LIB_NAME; + return CCA_LIB_NAME; + } +static void free_CCA4758_LIB_NAME(void) + { + if(CCA4758_LIB_NAME) + OPENSSL_free((void*)CCA4758_LIB_NAME); + CCA4758_LIB_NAME = NULL; + } +static long set_CCA4758_LIB_NAME(const char *name) + { + free_CCA4758_LIB_NAME(); + return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } #ifndef OPENSSL_NO_RSA static const char* n_keyRecordRead = CSNDKRR; static const char* n_digitalSignatureGenerate = CSNDDSG; @@ -232,6 +248,7 @@ void ENGINE_load_4758cca(void) static int ibm_4758_cca_destroy(ENGINE *e) { ERR_unload_CCA4758_strings(); + free_CCA4758_LIB_NAME(); return 1; } @@ -243,7 +260,7 @@ static int ibm_4758_cca_init(ENGINE *e) goto err; } - dso = DSO_load(NULL, CCA4758_LIB_NAME , NULL, 0); + dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0); if(!dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); @@ -299,7 +316,8 @@ err: static int ibm_4758_cca_finish(ENGINE *e) { - if(dso) + free_CCA4758_LIB_NAME(); + if(!dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED); @@ -340,8 +358,7 @@ static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) CCA4758_R_ALREADY_LOADED); return 0; } - CCA4758_LIB_NAME = (const char *)p; - return 1; + return set_CCA4758_LIB_NAME((const char *)p); default: break; } diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c index cf4507cff1..8b8380a582 100644 --- a/src/lib/libcrypto/engine/hw_aep.c +++ b/src/lib/libcrypto/engine/hw_aep.c @@ -60,7 +60,7 @@ #include #include -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) #include #include #else @@ -71,6 +71,7 @@ typedef int pid_t; #include #include #include +#include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_AEP @@ -363,7 +364,24 @@ static DSO *aep_dso = NULL; /* These are the static string constants for the DSO file name and the function * symbol names to bind to. */ -static const char *AEP_LIBNAME = "aep"; +static const char *AEP_LIBNAME = NULL; +static const char *get_AEP_LIBNAME(void) + { + if(AEP_LIBNAME) + return AEP_LIBNAME; + return "aep"; + } +static void free_AEP_LIBNAME(void) + { + if(AEP_LIBNAME) + OPENSSL_free((void*)AEP_LIBNAME); + AEP_LIBNAME = NULL; + } +static long set_AEP_LIBNAME(const char *name) + { + free_AEP_LIBNAME(); + return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); + } static const char *AEP_F1 = "AEP_ModExp"; static const char *AEP_F2 = "AEP_ModExpCrt"; @@ -412,7 +430,7 @@ static int aep_init(ENGINE *e) } /* Attempt to load libaep.so. */ - aep_dso = DSO_load(NULL, AEP_LIBNAME, NULL, 0); + aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0); if(aep_dso == NULL) { @@ -474,6 +492,7 @@ static int aep_init(ENGINE *e) /* Destructor (complements the "ENGINE_aep()" constructor) */ static int aep_destroy(ENGINE *e) { + free_AEP_LIBNAME(); ERR_unload_AEPHK_strings(); return 1; } @@ -549,8 +568,7 @@ static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) AEPHK_R_ALREADY_LOADED); return 0; } - AEP_LIBNAME = (const char *)p; - return 1; + return set_AEP_LIBNAME((const char*)p); default: break; } diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c index 696cfcf156..6151c46902 100644 --- a/src/lib/libcrypto/engine/hw_atalla.c +++ b/src/lib/libcrypto/engine/hw_atalla.c @@ -286,8 +286,24 @@ static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL * atasi.dll on win32). For the purposes of testing, I have created a symbollic * link called "libatasi.so" so that we can use native name-translation - a * better solution will be needed. */ -static const char def_ATALLA_LIBNAME[] = "atasi"; -static const char *ATALLA_LIBNAME = def_ATALLA_LIBNAME; +static const char *ATALLA_LIBNAME = NULL; +static const char *get_ATALLA_LIBNAME(void) + { + if(ATALLA_LIBNAME) + return ATALLA_LIBNAME; + return "atasi"; + } +static void free_ATALLA_LIBNAME(void) + { + if(ATALLA_LIBNAME) + OPENSSL_free((void*)ATALLA_LIBNAME); + ATALLA_LIBNAME = NULL; + } +static long set_ATALLA_LIBNAME(const char *name) + { + free_ATALLA_LIBNAME(); + return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *ATALLA_F1 = "ASI_GetHardwareConfig"; static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn"; static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; @@ -295,6 +311,7 @@ static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; /* Destructor (complements the "ENGINE_atalla()" constructor) */ static int atalla_destroy(ENGINE *e) { + free_ATALLA_LIBNAME(); /* Unload the atalla error strings so any error state including our * functs or reasons won't lead to a segfault (they simply get displayed * without corresponding string data because none will be found). */ @@ -324,7 +341,7 @@ static int atalla_init(ENGINE *e) * drivers really use - for now a symbollic link needs to be * created on the host system from libatasi.so to atasi.so on * unix variants. */ - atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0); + atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0); if(atalla_dso == NULL) { ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); @@ -364,6 +381,7 @@ err: static int atalla_finish(ENGINE *e) { + free_ATALLA_LIBNAME(); if(atalla_dso == NULL) { ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED); @@ -397,8 +415,7 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED); return 0; } - ATALLA_LIBNAME = (const char *)p; - return 1; + return set_ATALLA_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c index d8b380550f..f5c897bdbb 100644 --- a/src/lib/libcrypto/engine/hw_cswift.c +++ b/src/lib/libcrypto/engine/hw_cswift.c @@ -280,8 +280,24 @@ t_swSimpleRequest *p_CSwift_SimpleRequest = NULL; t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL; /* Used in the DSO operations. */ -static const char def_CSWIFT_LIBNAME[] = "swift"; -static const char *CSWIFT_LIBNAME = def_CSWIFT_LIBNAME; +static const char *CSWIFT_LIBNAME = NULL; +static const char *get_CSWIFT_LIBNAME(void) + { + if(CSWIFT_LIBNAME) + return CSWIFT_LIBNAME; + return "swift"; + } +static void free_CSWIFT_LIBNAME(void) + { + if(CSWIFT_LIBNAME) + OPENSSL_free((void*)CSWIFT_LIBNAME); + CSWIFT_LIBNAME = NULL; + } +static long set_CSWIFT_LIBNAME(const char *name) + { + free_CSWIFT_LIBNAME(); + return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *CSWIFT_F1 = "swAcquireAccContext"; static const char *CSWIFT_F2 = "swAttachKeyParam"; static const char *CSWIFT_F3 = "swSimpleRequest"; @@ -313,6 +329,7 @@ static void release_context(SW_CONTEXT_HANDLE hac) /* Destructor (complements the "ENGINE_cswift()" constructor) */ static int cswift_destroy(ENGINE *e) { + free_CSWIFT_LIBNAME(); ERR_unload_CSWIFT_strings(); return 1; } @@ -332,7 +349,7 @@ static int cswift_init(ENGINE *e) goto err; } /* Attempt to load libswift.so/swift.dll/whatever. */ - cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0); + cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0); if(cswift_dso == NULL) { CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); @@ -377,6 +394,7 @@ err: static int cswift_finish(ENGINE *e) { + free_CSWIFT_LIBNAME(); if(cswift_dso == NULL) { CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED); @@ -411,8 +429,7 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED); return 0; } - CSWIFT_LIBNAME = (const char *)p; - return 1; + return set_CSWIFT_LIBNAME((const char *)p); default: break; } @@ -484,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -501,7 +518,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -591,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -608,7 +625,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -723,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -741,7 +758,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -835,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -857,7 +874,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c index 4762a54e3d..a43d4360f2 100644 --- a/src/lib/libcrypto/engine/hw_ncipher.c +++ b/src/lib/libcrypto/engine/hw_ncipher.c @@ -59,9 +59,9 @@ #include #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" #include #include #include @@ -109,11 +109,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DH /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* RAND stuff */ static int hwcrhk_rand_bytes(unsigned char *buf, int num); @@ -422,8 +424,24 @@ static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; /* Used in the DSO operations. */ -static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk"; -static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME; +static const char *HWCRHK_LIBNAME = NULL; +static void free_HWCRHK_LIBNAME(void) + { + if(HWCRHK_LIBNAME) + OPENSSL_free((void*)HWCRHK_LIBNAME); + HWCRHK_LIBNAME = NULL; + } +static const char *get_HWCRHK_LIBNAME(void) + { + if(HWCRHK_LIBNAME) + return HWCRHK_LIBNAME; + return "nfhwcrhk"; + } +static long set_HWCRHK_LIBNAME(const char *name) + { + free_HWCRHK_LIBNAME(); + return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; @@ -469,6 +487,7 @@ static void release_context(HWCryptoHook_ContextHandle hac) /* Destructor (complements the "ENGINE_ncipher()" constructor) */ static int hwcrhk_destroy(ENGINE *e) { + free_HWCRHK_LIBNAME(); ERR_unload_HWCRHK_strings(); return 1; } @@ -494,7 +513,7 @@ static int hwcrhk_init(ENGINE *e) goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0); + hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); @@ -586,6 +605,7 @@ err: static int hwcrhk_finish(ENGINE *e) { int to_return = 1; + free_HWCRHK_LIBNAME(); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED); @@ -634,8 +654,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } - HWCRHK_LIBNAME = (const char *)p; - return 1; + return set_HWCRHK_LIBNAME((const char *)p); case ENGINE_CTRL_SET_LOGSTREAM: { BIO *bio = (BIO *)p; @@ -1040,6 +1059,7 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return hwcrhk_mod_exp(r, a, p, m, ctx); } +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -1047,6 +1067,7 @@ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, { return hwcrhk_mod_exp(r, a, p, m, ctx); } +#endif /* Random bytes are good */ static int hwcrhk_rand_bytes(unsigned char *buf, int num) diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c index 2672012154..130b6d8b40 100644 --- a/src/lib/libcrypto/engine/hw_nuron.c +++ b/src/lib/libcrypto/engine/hw_nuron.c @@ -69,8 +69,24 @@ #define NURON_LIB_NAME "nuron engine" #include "hw_nuron_err.c" -static const char def_NURON_LIBNAME[] = "nuronssl"; -static const char *NURON_LIBNAME = def_NURON_LIBNAME; +static const char *NURON_LIBNAME = NULL; +static const char *get_NURON_LIBNAME(void) + { + if(NURON_LIBNAME) + return NURON_LIBNAME; + return "nuronssl"; + } +static void free_NURON_LIBNAME(void) + { + if(NURON_LIBNAME) + OPENSSL_free((void*)NURON_LIBNAME); + NURON_LIBNAME = NULL; + } +static long set_NURON_LIBNAME(const char *name) + { + free_NURON_LIBNAME(); + return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *NURON_F1 = "nuron_mod_exp"; /* The definitions for control commands specific to this engine */ @@ -90,6 +106,7 @@ static DSO *pvDSOHandle = NULL; static int nuron_destroy(ENGINE *e) { + free_NURON_LIBNAME(); ERR_unload_NURON_strings(); return 1; } @@ -102,7 +119,7 @@ static int nuron_init(ENGINE *e) return 0; } - pvDSOHandle = DSO_load(NULL, NURON_LIBNAME, NULL, + pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL, DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); if(!pvDSOHandle) { @@ -122,6 +139,7 @@ static int nuron_init(ENGINE *e) static int nuron_finish(ENGINE *e) { + free_NURON_LIBNAME(); if(pvDSOHandle == NULL) { NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED); @@ -153,8 +171,7 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED); return 0; } - NURON_LIBNAME = (const char *)p; - return 1; + return set_NURON_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c index 743c06043c..63397f868c 100644 --- a/src/lib/libcrypto/engine/hw_ubsec.c +++ b/src/lib/libcrypto/engine/hw_ubsec.c @@ -304,7 +304,24 @@ static int max_key_len = 1024; /* ??? */ * symbol names to bind to. */ -static const char *UBSEC_LIBNAME = "ubsec"; +static const char *UBSEC_LIBNAME = NULL; +static const char *get_UBSEC_LIBNAME(void) + { + if(UBSEC_LIBNAME) + return UBSEC_LIBNAME; + return "ubsec"; + } +static void free_UBSEC_LIBNAME(void) + { + if(UBSEC_LIBNAME) + OPENSSL_free((void*)UBSEC_LIBNAME); + UBSEC_LIBNAME = NULL; + } +static long set_UBSEC_LIBNAME(const char *name) + { + free_UBSEC_LIBNAME(); + return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *UBSEC_F1 = "ubsec_bytes_to_bits"; static const char *UBSEC_F2 = "ubsec_bits_to_bytes"; static const char *UBSEC_F3 = "ubsec_open"; @@ -328,6 +345,7 @@ static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl"; /* Destructor (complements the "ENGINE_ubsec()" constructor) */ static int ubsec_destroy(ENGINE *e) { + free_UBSEC_LIBNAME(); ERR_unload_UBSEC_strings(); return 1; } @@ -364,7 +382,7 @@ static int ubsec_init(ENGINE *e) /* * Attempt to load libubsec.so/ubsec.dll/whatever. */ - ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0); + ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0); if(ubsec_dso == NULL) { UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); @@ -459,6 +477,7 @@ err: static int ubsec_finish(ENGINE *e) { + free_UBSEC_LIBNAME(); if(ubsec_dso == NULL) { UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED); @@ -508,8 +527,7 @@ static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED); return 0; } - UBSEC_LIBNAME = (const char *)p; - return 1; + return set_UBSEC_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index 1bfffb34cf..90294ef686 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim) } static unsigned char *ustrsep(char **p,const char *sep) - { return (unsigned char *)sstrsep((char **)p,sep); } + { return (unsigned char *)sstrsep(p,sep); } static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, @@ -358,7 +358,7 @@ int main(int argc,char **argv) p[-1] = '\0'; encdec = -1; } else { - encdec = atoi(strsep(&p,"\n")); + encdec = atoi(sstrsep(&p,"\n")); } diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h index 39cfcda783..30812c8aa6 100644 --- a/src/lib/libcrypto/objects/obj_dat.h +++ b/src/lib/libcrypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 510 -#define NUM_SN 507 -#define NUM_LN 507 -#define NUM_OBJ 481 +#define NUM_NID 645 +#define NUM_SN 641 +#define NUM_LN 641 +#define NUM_OBJ 615 -static unsigned char lvalues[3881]={ +static unsigned char lvalues[4435]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -549,6 +549,140 @@ static unsigned char lvalues[3881]={ 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3863] OBJ_id_hex_partial_message */ 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3870] OBJ_id_hex_multipart_message */ 0x55,0x04,0x2C, /* [3877] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3880] OBJ_pseudonym */ +0x67,0x2A, /* [3883] OBJ_id_set */ +0x67,0x2A,0x00, /* [3885] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3888] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3891] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3894] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3897] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3900] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3903] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3907] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3911] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3915] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3919] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3923] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3927] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3931] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3935] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3939] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3943] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3947] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3951] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3955] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3959] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3963] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3967] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3971] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3975] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3979] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3983] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3987] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3991] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [3995] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [3999] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4003] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4007] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4011] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4015] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4019] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4023] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4027] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4031] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4035] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4039] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4043] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4047] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4051] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4055] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4059] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4063] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4067] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4071] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4075] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4079] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4083] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4087] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4091] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4095] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4099] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4103] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4107] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4111] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4115] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4119] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4123] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4127] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4131] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4135] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4139] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4143] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4147] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4151] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4155] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4159] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4163] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4167] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4171] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4175] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4179] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4183] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4187] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4191] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4195] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4199] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4203] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4207] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4211] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4215] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4219] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4223] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4227] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4231] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4235] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4239] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4243] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4247] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4251] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4255] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4259] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4263] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4267] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4271] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4275] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4279] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4283] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4287] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4291] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4295] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4299] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4303] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4307] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4311] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4315] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4319] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4323] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4328] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4333] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4338] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4343] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4348] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4353] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4358] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4364] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4370] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4376] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4382] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4388] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4392] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4396] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4400] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4404] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4408] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1334,6 +1468,257 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ NID_id_hex_multipart_message,7,&(lvalues[3870]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, 3,&(lvalues[3877]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{"id-set","Secure Electronic Transactions",NID_id_set,2, + &(lvalues[3883]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0}, +{"set-certExt","certificate extensions",NID_set_certExt,3, + &(lvalues[3897]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0}, +{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, + &(lvalues[3907]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0}, +{"setct-PIDataUnsigned","setct-PIDataUnsigned", + NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0}, +{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, + &(lvalues[3931]),0}, +{"setct-AuthResBaggage","setct-AuthResBaggage", + NID_setct_AuthResBaggage,4,&(lvalues[3935]),0}, +{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", + NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0}, +{"setct-AuthRevResBaggage","setct-AuthRevResBaggage", + NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0}, +{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, + &(lvalues[3947]),0}, +{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, + &(lvalues[3951]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0}, +{"setct-PResData","setct-PResData",NID_setct_PResData,4, + &(lvalues[3959]),0}, +{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, + &(lvalues[3963]),0}, +{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, + &(lvalues[3967]),0}, +{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, + &(lvalues[3971]),0}, +{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, + &(lvalues[3975]),0}, +{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, + &(lvalues[3979]),0}, +{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, + &(lvalues[3983]),0}, +{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", + NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0}, +{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, + 4,&(lvalues[3991]),0}, +{"setct-AuthRevResData","setct-AuthRevResData", + NID_setct_AuthRevResData,4,&(lvalues[3995]),0}, +{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, + 4,&(lvalues[3999]),0}, +{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, + &(lvalues[4003]),0}, +{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, + &(lvalues[4007]),0}, +{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, + &(lvalues[4011]),0}, +{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, + &(lvalues[4015]),0}, +{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, + 4,&(lvalues[4019]),0}, +{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, + 4,&(lvalues[4023]),0}, +{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, + &(lvalues[4027]),0}, +{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, + &(lvalues[4031]),0}, +{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, + &(lvalues[4035]),0}, +{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, + 4,&(lvalues[4039]),0}, +{"setct-CredRevReqTBSX","setct-CredRevReqTBSX", + NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0}, +{"setct-CredRevResData","setct-CredRevResData", + NID_setct_CredRevResData,4,&(lvalues[4047]),0}, +{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, + &(lvalues[4051]),0}, +{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, + &(lvalues[4055]),0}, +{"setct-BatchAdminReqData","setct-BatchAdminReqData", + NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0}, +{"setct-BatchAdminResData","setct-BatchAdminResData", + NID_setct_BatchAdminResData,4,&(lvalues[4063]),0}, +{"setct-CardCInitResTBS","setct-CardCInitResTBS", + NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0}, +{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", + NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0}, +{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, + 4,&(lvalues[4075]),0}, +{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, + &(lvalues[4079]),0}, +{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, + &(lvalues[4083]),0}, +{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, + &(lvalues[4087]),0}, +{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, + 4,&(lvalues[4091]),0}, +{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, + &(lvalues[4095]),0}, +{"setct-PIDualSignedTBE","setct-PIDualSignedTBE", + NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0}, +{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, + 4,&(lvalues[4103]),0}, +{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, + &(lvalues[4107]),0}, +{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, + &(lvalues[4111]),0}, +{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, + &(lvalues[4115]),0}, +{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, + &(lvalues[4119]),0}, +{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, + &(lvalues[4123]),0}, +{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, + &(lvalues[4127]),0}, +{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0}, +{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, + 4,&(lvalues[4135]),0}, +{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, + 4,&(lvalues[4139]),0}, +{"setct-AuthRevResTBEB","setct-AuthRevResTBEB", + NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0}, +{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, + &(lvalues[4147]),0}, +{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, + &(lvalues[4151]),0}, +{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, + &(lvalues[4155]),0}, +{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, + &(lvalues[4159]),0}, +{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, + 4,&(lvalues[4163]),0}, +{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, + &(lvalues[4167]),0}, +{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, + &(lvalues[4171]),0}, +{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, + &(lvalues[4175]),0}, +{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, + &(lvalues[4179]),0}, +{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, + 4,&(lvalues[4183]),0}, +{"setct-CredRevReqTBEX","setct-CredRevReqTBEX", + NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0}, +{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, + 4,&(lvalues[4191]),0}, +{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", + NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0}, +{"setct-BatchAdminResTBE","setct-BatchAdminResTBE", + NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0}, +{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, + 4,&(lvalues[4203]),0}, +{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, + &(lvalues[4207]),0}, +{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, + &(lvalues[4211]),0}, +{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, + &(lvalues[4215]),0}, +{"setct-CRLNotificationTBS","setct-CRLNotificationTBS", + NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0}, +{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", + NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0}, +{"setct-BCIDistributionTBS","setct-BCIDistributionTBS", + NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0}, +{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, + &(lvalues[4231]),0}, +{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, + &(lvalues[4235]),0}, +{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, + &(lvalues[4239]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0}, +{"setext-cv","additional verification",NID_setext_cv,4, + &(lvalues[4251]),0}, +{"set-policy-root","set-policy-root",NID_set_policy_root,4, + &(lvalues[4255]),0}, +{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, + &(lvalues[4259]),0}, +{"setCext-certType","setCext-certType",NID_setCext_certType,4, + &(lvalues[4263]),0}, +{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, + &(lvalues[4267]),0}, +{"setCext-cCertRequired","setCext-cCertRequired", + NID_setCext_cCertRequired,4,&(lvalues[4271]),0}, +{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, + &(lvalues[4275]),0}, +{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, + &(lvalues[4279]),0}, +{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, + &(lvalues[4283]),0}, +{"setCext-PGWYcapabilities","setCext-PGWYcapabilities", + NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0}, +{"setCext-TokenIdentifier","setCext-TokenIdentifier", + NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0}, +{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, + &(lvalues[4295]),0}, +{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, + &(lvalues[4299]),0}, +{"setCext-IssuerCapabilities","setCext-IssuerCapabilities", + NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0}, +{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, + 4,&(lvalues[4311]),0}, +{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, + &(lvalues[4315]),0}, +{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, + &(lvalues[4319]),0}, +{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, + &(lvalues[4323]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0}, +{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, + &(lvalues[4333]),0}, +{"setAttr-Token-B0Prime","setAttr-Token-B0Prime", + NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0}, +{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, + &(lvalues[4343]),0}, +{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, + &(lvalues[4348]),0}, +{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, + &(lvalues[4353]),0}, +{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, + 6,&(lvalues[4358]),0}, +{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, + &(lvalues[4364]),0}, +{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, + &(lvalues[4370]),0}, +{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, + &(lvalues[4376]),0}, +{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, + 6,&(lvalues[4382]),0}, +{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, + &(lvalues[4388]),0}, +{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, + &(lvalues[4392]),0}, +{"set-brand-AmericanExpress","set-brand-AmericanExpress", + NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0}, +{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, + &(lvalues[4404]),0}, +{"set-brand-MasterCard","set-brand-MasterCard", + NID_set_brand_MasterCard,4,&(lvalues[4408]),0}, +{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, + &(lvalues[4412]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, +{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", + NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1366,6 +1751,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[367]),/* "CrlID" */ &(nid_objs[391]),/* "DC" */ &(nid_objs[31]),/* "DES-CBC" */ +&(nid_objs[643]),/* "DES-CDMF" */ &(nid_objs[30]),/* "DES-CFB" */ &(nid_objs[29]),/* "DES-ECB" */ &(nid_objs[32]),/* "DES-EDE" */ @@ -1642,6 +2028,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[314]),/* "id-regInfo" */ &(nid_objs[322]),/* "id-regInfo-certReq" */ &(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ +&(nid_objs[512]),/* "id-set" */ &(nid_objs[191]),/* "id-smime-aa" */ &(nid_objs[215]),/* "id-smime-aa-contentHint" */ &(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ @@ -1798,6 +2185,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[415]),/* "prime256v1" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ @@ -1806,6 +2194,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[448]),/* "room" */ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[ 6]),/* "rsaEncryption" */ +&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ &(nid_objs[377]),/* "rsaSignature" */ &(nid_objs[ 1]),/* "rsadsi" */ &(nid_objs[482]),/* "sOARecord" */ @@ -1821,6 +2210,136 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[129]),/* "serverAuth" */ &(nid_objs[371]),/* "serviceLocator" */ +&(nid_objs[625]),/* "set-addPolicy" */ +&(nid_objs[515]),/* "set-attr" */ +&(nid_objs[518]),/* "set-brand" */ +&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +&(nid_objs[637]),/* "set-brand-Diners" */ +&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +&(nid_objs[639]),/* "set-brand-JCB" */ +&(nid_objs[641]),/* "set-brand-MasterCard" */ +&(nid_objs[642]),/* "set-brand-Novus" */ +&(nid_objs[640]),/* "set-brand-Visa" */ +&(nid_objs[517]),/* "set-certExt" */ +&(nid_objs[513]),/* "set-ctype" */ +&(nid_objs[514]),/* "set-msgExt" */ +&(nid_objs[516]),/* "set-policy" */ +&(nid_objs[607]),/* "set-policy-root" */ +&(nid_objs[624]),/* "set-rootKeyThumb" */ +&(nid_objs[620]),/* "setAttr-Cert" */ +&(nid_objs[631]),/* "setAttr-GenCryptgrm" */ +&(nid_objs[623]),/* "setAttr-IssCap" */ +&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +&(nid_objs[621]),/* "setAttr-PGWYcap" */ +&(nid_objs[635]),/* "setAttr-SecDevSig" */ +&(nid_objs[632]),/* "setAttr-T2Enc" */ +&(nid_objs[633]),/* "setAttr-T2cleartxt" */ +&(nid_objs[634]),/* "setAttr-TokICCsig" */ +&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +&(nid_objs[626]),/* "setAttr-Token-EMV" */ +&(nid_objs[622]),/* "setAttr-TokenType" */ +&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +&(nid_objs[618]),/* "setCext-TokenType" */ +&(nid_objs[617]),/* "setCext-Track2Data" */ +&(nid_objs[611]),/* "setCext-cCertRequired" */ +&(nid_objs[609]),/* "setCext-certType" */ +&(nid_objs[608]),/* "setCext-hashedRoot" */ +&(nid_objs[610]),/* "setCext-merchData" */ +&(nid_objs[613]),/* "setCext-setExt" */ +&(nid_objs[614]),/* "setCext-setQualf" */ +&(nid_objs[612]),/* "setCext-tunneling" */ +&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +&(nid_objs[570]),/* "setct-AuthReqTBE" */ +&(nid_objs[534]),/* "setct-AuthReqTBS" */ +&(nid_objs[527]),/* "setct-AuthResBaggage" */ +&(nid_objs[571]),/* "setct-AuthResTBE" */ +&(nid_objs[572]),/* "setct-AuthResTBEX" */ +&(nid_objs[535]),/* "setct-AuthResTBS" */ +&(nid_objs[536]),/* "setct-AuthResTBSX" */ +&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +&(nid_objs[542]),/* "setct-AuthRevResData" */ +&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +&(nid_objs[559]),/* "setct-BatchAdminResData" */ +&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +&(nid_objs[580]),/* "setct-CapReqTBE" */ +&(nid_objs[581]),/* "setct-CapReqTBEX" */ +&(nid_objs[544]),/* "setct-CapReqTBS" */ +&(nid_objs[545]),/* "setct-CapReqTBSX" */ +&(nid_objs[546]),/* "setct-CapResData" */ +&(nid_objs[582]),/* "setct-CapResTBE" */ +&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +&(nid_objs[549]),/* "setct-CapRevResData" */ +&(nid_objs[585]),/* "setct-CapRevResTBE" */ +&(nid_objs[538]),/* "setct-CapTokenData" */ +&(nid_objs[530]),/* "setct-CapTokenSeq" */ +&(nid_objs[574]),/* "setct-CapTokenTBE" */ +&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +&(nid_objs[539]),/* "setct-CapTokenTBS" */ +&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +&(nid_objs[563]),/* "setct-CertReqData" */ +&(nid_objs[595]),/* "setct-CertReqTBE" */ +&(nid_objs[596]),/* "setct-CertReqTBEX" */ +&(nid_objs[564]),/* "setct-CertReqTBS" */ +&(nid_objs[565]),/* "setct-CertResData" */ +&(nid_objs[597]),/* "setct-CertResTBE" */ +&(nid_objs[586]),/* "setct-CredReqTBE" */ +&(nid_objs[587]),/* "setct-CredReqTBEX" */ +&(nid_objs[550]),/* "setct-CredReqTBS" */ +&(nid_objs[551]),/* "setct-CredReqTBSX" */ +&(nid_objs[552]),/* "setct-CredResData" */ +&(nid_objs[588]),/* "setct-CredResTBE" */ +&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +&(nid_objs[555]),/* "setct-CredRevResData" */ +&(nid_objs[591]),/* "setct-CredRevResTBE" */ +&(nid_objs[567]),/* "setct-ErrorTBS" */ +&(nid_objs[526]),/* "setct-HODInput" */ +&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +&(nid_objs[522]),/* "setct-OIData" */ +&(nid_objs[519]),/* "setct-PANData" */ +&(nid_objs[521]),/* "setct-PANOnly" */ +&(nid_objs[520]),/* "setct-PANToken" */ +&(nid_objs[556]),/* "setct-PCertReqData" */ +&(nid_objs[557]),/* "setct-PCertResTBS" */ +&(nid_objs[523]),/* "setct-PI" */ +&(nid_objs[532]),/* "setct-PI-TBS" */ +&(nid_objs[524]),/* "setct-PIData" */ +&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +&(nid_objs[531]),/* "setct-PInitResData" */ +&(nid_objs[533]),/* "setct-PResData" */ +&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +&(nid_objs[562]),/* "setct-RegFormResTBS" */ +&(nid_objs[606]),/* "setext-cv" */ +&(nid_objs[601]),/* "setext-genCrypt" */ +&(nid_objs[602]),/* "setext-miAuth" */ +&(nid_objs[604]),/* "setext-pinAny" */ +&(nid_objs[603]),/* "setext-pinSecure" */ +&(nid_objs[605]),/* "setext-track2" */ &(nid_objs[52]),/* "signingTime" */ &(nid_objs[454]),/* "simpleSecurityObject" */ &(nid_objs[496]),/* "singleLevelQuality" */ @@ -1866,6 +2385,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[430]),/* "Hold Instruction Code" */ &(nid_objs[431]),/* "Hold Instruction None" */ &(nid_objs[433]),/* "Hold Instruction Reject" */ +&(nid_objs[634]),/* "ICC or token signature" */ &(nid_objs[294]),/* "IPSec End System" */ &(nid_objs[295]),/* "IPSec Tunnel" */ &(nid_objs[296]),/* "IPSec User" */ @@ -1914,6 +2434,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[188]),/* "S/MIME" */ &(nid_objs[167]),/* "S/MIME Capabilities" */ &(nid_objs[387]),/* "SNMPv2" */ +&(nid_objs[512]),/* "Secure Electronic Transactions" */ &(nid_objs[386]),/* "Security" */ &(nid_objs[394]),/* "Selected Attribute Types" */ &(nid_objs[143]),/* "Strong Extranet ID" */ @@ -1948,6 +2469,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[288]),/* "ac-targeting" */ &(nid_objs[446]),/* "account" */ &(nid_objs[364]),/* "ad dvcs" */ +&(nid_objs[606]),/* "additional verification" */ &(nid_objs[419]),/* "aes-128-cbc" */ &(nid_objs[421]),/* "aes-128-cfb" */ &(nid_objs[418]),/* "aes-128-ecb" */ @@ -1977,10 +2499,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[111]),/* "cast5-ofb" */ &(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[517]),/* "certificate extensions" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ &(nid_objs[395]),/* "clearance" */ +&(nid_objs[633]),/* "cleartext track 2" */ &(nid_objs[13]),/* "commonName" */ +&(nid_objs[513]),/* "content types" */ &(nid_objs[50]),/* "contentType" */ &(nid_objs[53]),/* "countersignature" */ &(nid_objs[14]),/* "countryName" */ @@ -1991,6 +2516,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[434]),/* "data" */ &(nid_objs[390]),/* "dcObject" */ &(nid_objs[31]),/* "des-cbc" */ +&(nid_objs[643]),/* "des-cdmf" */ &(nid_objs[30]),/* "des-cfb" */ &(nid_objs[29]),/* "des-ecb" */ &(nid_objs[32]),/* "des-ede" */ @@ -2027,12 +2553,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[297]),/* "dvcs" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ &(nid_objs[48]),/* "emailAddress" */ +&(nid_objs[632]),/* "encrypted track 2" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ &(nid_objs[462]),/* "favouriteDrink" */ &(nid_objs[453]),/* "friendlyCountry" */ &(nid_objs[490]),/* "friendlyCountryName" */ &(nid_objs[156]),/* "friendlyName" */ +&(nid_objs[631]),/* "generate cryptogram" */ &(nid_objs[509]),/* "generationQualifier" */ +&(nid_objs[601]),/* "generic cryptogram" */ &(nid_objs[99]),/* "givenName" */ &(nid_objs[163]),/* "hmacWithSHA1" */ &(nid_objs[486]),/* "homePostalAddress" */ @@ -2214,6 +2743,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ +&(nid_objs[623]),/* "issuer capabilities" */ &(nid_objs[492]),/* "janetMailbox" */ &(nid_objs[393]),/* "joint-iso-ccitt" */ &(nid_objs[150]),/* "keyBag" */ @@ -2234,6 +2764,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[ 8]),/* "md5WithRSAEncryption" */ &(nid_objs[95]),/* "mdc2" */ &(nid_objs[96]),/* "mdc2WithRSA" */ +&(nid_objs[602]),/* "merchant initiated auth" */ +&(nid_objs[514]),/* "message extensions" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[506]),/* "mime-mhs-bodies" */ &(nid_objs[505]),/* "mime-mhs-headings" */ @@ -2247,6 +2779,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ &(nid_objs[374]),/* "path" */ +&(nid_objs[621]),/* "payment gateway capabilities" */ &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ &(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */ &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ @@ -2293,6 +2826,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[413]),/* "prime239v2" */ &(nid_objs[414]),/* "prime239v3" */ &(nid_objs[415]),/* "prime256v1" */ +&(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ @@ -2317,6 +2851,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[19]),/* "rsa" */ &(nid_objs[ 6]),/* "rsaEncryption" */ +&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ &(nid_objs[377]),/* "rsaSignature" */ &(nid_objs[124]),/* "run length compression" */ &(nid_objs[482]),/* "sOARecord" */ @@ -2327,7 +2862,125 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[159]),/* "sdsiCertificate" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[635]),/* "secure device signature" */ &(nid_objs[105]),/* "serialNumber" */ +&(nid_objs[625]),/* "set-addPolicy" */ +&(nid_objs[515]),/* "set-attr" */ +&(nid_objs[518]),/* "set-brand" */ +&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +&(nid_objs[637]),/* "set-brand-Diners" */ +&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +&(nid_objs[639]),/* "set-brand-JCB" */ +&(nid_objs[641]),/* "set-brand-MasterCard" */ +&(nid_objs[642]),/* "set-brand-Novus" */ +&(nid_objs[640]),/* "set-brand-Visa" */ +&(nid_objs[516]),/* "set-policy" */ +&(nid_objs[607]),/* "set-policy-root" */ +&(nid_objs[624]),/* "set-rootKeyThumb" */ +&(nid_objs[620]),/* "setAttr-Cert" */ +&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +&(nid_objs[626]),/* "setAttr-Token-EMV" */ +&(nid_objs[622]),/* "setAttr-TokenType" */ +&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +&(nid_objs[618]),/* "setCext-TokenType" */ +&(nid_objs[617]),/* "setCext-Track2Data" */ +&(nid_objs[611]),/* "setCext-cCertRequired" */ +&(nid_objs[609]),/* "setCext-certType" */ +&(nid_objs[608]),/* "setCext-hashedRoot" */ +&(nid_objs[610]),/* "setCext-merchData" */ +&(nid_objs[613]),/* "setCext-setExt" */ +&(nid_objs[614]),/* "setCext-setQualf" */ +&(nid_objs[612]),/* "setCext-tunneling" */ +&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +&(nid_objs[570]),/* "setct-AuthReqTBE" */ +&(nid_objs[534]),/* "setct-AuthReqTBS" */ +&(nid_objs[527]),/* "setct-AuthResBaggage" */ +&(nid_objs[571]),/* "setct-AuthResTBE" */ +&(nid_objs[572]),/* "setct-AuthResTBEX" */ +&(nid_objs[535]),/* "setct-AuthResTBS" */ +&(nid_objs[536]),/* "setct-AuthResTBSX" */ +&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +&(nid_objs[542]),/* "setct-AuthRevResData" */ +&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +&(nid_objs[559]),/* "setct-BatchAdminResData" */ +&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +&(nid_objs[580]),/* "setct-CapReqTBE" */ +&(nid_objs[581]),/* "setct-CapReqTBEX" */ +&(nid_objs[544]),/* "setct-CapReqTBS" */ +&(nid_objs[545]),/* "setct-CapReqTBSX" */ +&(nid_objs[546]),/* "setct-CapResData" */ +&(nid_objs[582]),/* "setct-CapResTBE" */ +&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +&(nid_objs[549]),/* "setct-CapRevResData" */ +&(nid_objs[585]),/* "setct-CapRevResTBE" */ +&(nid_objs[538]),/* "setct-CapTokenData" */ +&(nid_objs[530]),/* "setct-CapTokenSeq" */ +&(nid_objs[574]),/* "setct-CapTokenTBE" */ +&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +&(nid_objs[539]),/* "setct-CapTokenTBS" */ +&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +&(nid_objs[563]),/* "setct-CertReqData" */ +&(nid_objs[595]),/* "setct-CertReqTBE" */ +&(nid_objs[596]),/* "setct-CertReqTBEX" */ +&(nid_objs[564]),/* "setct-CertReqTBS" */ +&(nid_objs[565]),/* "setct-CertResData" */ +&(nid_objs[597]),/* "setct-CertResTBE" */ +&(nid_objs[586]),/* "setct-CredReqTBE" */ +&(nid_objs[587]),/* "setct-CredReqTBEX" */ +&(nid_objs[550]),/* "setct-CredReqTBS" */ +&(nid_objs[551]),/* "setct-CredReqTBSX" */ +&(nid_objs[552]),/* "setct-CredResData" */ +&(nid_objs[588]),/* "setct-CredResTBE" */ +&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +&(nid_objs[555]),/* "setct-CredRevResData" */ +&(nid_objs[591]),/* "setct-CredRevResTBE" */ +&(nid_objs[567]),/* "setct-ErrorTBS" */ +&(nid_objs[526]),/* "setct-HODInput" */ +&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +&(nid_objs[522]),/* "setct-OIData" */ +&(nid_objs[519]),/* "setct-PANData" */ +&(nid_objs[521]),/* "setct-PANOnly" */ +&(nid_objs[520]),/* "setct-PANToken" */ +&(nid_objs[556]),/* "setct-PCertReqData" */ +&(nid_objs[557]),/* "setct-PCertResTBS" */ +&(nid_objs[523]),/* "setct-PI" */ +&(nid_objs[532]),/* "setct-PI-TBS" */ +&(nid_objs[524]),/* "setct-PIData" */ +&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +&(nid_objs[531]),/* "setct-PInitResData" */ +&(nid_objs[533]),/* "setct-PResData" */ +&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +&(nid_objs[562]),/* "setct-RegFormResTBS" */ +&(nid_objs[604]),/* "setext-pinAny" */ +&(nid_objs[603]),/* "setext-pinSecure" */ +&(nid_objs[605]),/* "setext-track2" */ &(nid_objs[41]),/* "sha" */ &(nid_objs[64]),/* "sha1" */ &(nid_objs[115]),/* "sha1WithRSA" */ @@ -2369,6 +3022,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ &(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ +&(nid_objs[512]),/* OBJ_id_set 2 23 42 */ &(nid_objs[435]),/* OBJ_pss 0 9 2342 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ @@ -2389,6 +3043,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ &(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ &(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ +&(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ &(nid_objs[400]),/* OBJ_role 2 5 4 72 */ &(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ &(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ @@ -2408,6 +3063,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ +&(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ +&(nid_objs[514]),/* OBJ_set_msgExt 2 23 42 1 */ +&(nid_objs[515]),/* OBJ_set_attr 2 23 42 3 */ +&(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ +&(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ +&(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ &(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ @@ -2420,6 +3081,117 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ +&(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ +&(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ +&(nid_objs[522]),/* OBJ_setct_OIData 2 23 42 0 3 */ +&(nid_objs[523]),/* OBJ_setct_PI 2 23 42 0 4 */ +&(nid_objs[524]),/* OBJ_setct_PIData 2 23 42 0 5 */ +&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +&(nid_objs[526]),/* OBJ_setct_HODInput 2 23 42 0 7 */ +&(nid_objs[527]),/* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +&(nid_objs[530]),/* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +&(nid_objs[531]),/* OBJ_setct_PInitResData 2 23 42 0 12 */ +&(nid_objs[532]),/* OBJ_setct_PI_TBS 2 23 42 0 13 */ +&(nid_objs[533]),/* OBJ_setct_PResData 2 23 42 0 14 */ +&(nid_objs[534]),/* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +&(nid_objs[535]),/* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +&(nid_objs[536]),/* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +&(nid_objs[538]),/* OBJ_setct_CapTokenData 2 23 42 0 20 */ +&(nid_objs[539]),/* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +&(nid_objs[542]),/* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +&(nid_objs[544]),/* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +&(nid_objs[545]),/* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +&(nid_objs[546]),/* OBJ_setct_CapResData 2 23 42 0 28 */ +&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +&(nid_objs[549]),/* OBJ_setct_CapRevResData 2 23 42 0 31 */ +&(nid_objs[550]),/* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +&(nid_objs[551]),/* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +&(nid_objs[552]),/* OBJ_setct_CredResData 2 23 42 0 34 */ +&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +&(nid_objs[555]),/* OBJ_setct_CredRevResData 2 23 42 0 37 */ +&(nid_objs[556]),/* OBJ_setct_PCertReqData 2 23 42 0 38 */ +&(nid_objs[557]),/* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +&(nid_objs[559]),/* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +&(nid_objs[562]),/* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +&(nid_objs[563]),/* OBJ_setct_CertReqData 2 23 42 0 45 */ +&(nid_objs[564]),/* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +&(nid_objs[565]),/* OBJ_setct_CertResData 2 23 42 0 47 */ +&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +&(nid_objs[567]),/* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +&(nid_objs[570]),/* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +&(nid_objs[571]),/* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +&(nid_objs[572]),/* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +&(nid_objs[574]),/* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +&(nid_objs[580]),/* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +&(nid_objs[581]),/* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +&(nid_objs[582]),/* OBJ_setct_CapResTBE 2 23 42 0 64 */ +&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +&(nid_objs[585]),/* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +&(nid_objs[586]),/* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +&(nid_objs[587]),/* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +&(nid_objs[588]),/* OBJ_setct_CredResTBE 2 23 42 0 70 */ +&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +&(nid_objs[591]),/* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +&(nid_objs[595]),/* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +&(nid_objs[596]),/* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +&(nid_objs[597]),/* OBJ_setct_CertResTBE 2 23 42 0 79 */ +&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +&(nid_objs[601]),/* OBJ_setext_genCrypt 2 23 42 1 1 */ +&(nid_objs[602]),/* OBJ_setext_miAuth 2 23 42 1 3 */ +&(nid_objs[603]),/* OBJ_setext_pinSecure 2 23 42 1 4 */ +&(nid_objs[604]),/* OBJ_setext_pinAny 2 23 42 1 5 */ +&(nid_objs[605]),/* OBJ_setext_track2 2 23 42 1 7 */ +&(nid_objs[606]),/* OBJ_setext_cv 2 23 42 1 8 */ +&(nid_objs[620]),/* OBJ_setAttr_Cert 2 23 42 3 0 */ +&(nid_objs[621]),/* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +&(nid_objs[622]),/* OBJ_setAttr_TokenType 2 23 42 3 2 */ +&(nid_objs[623]),/* OBJ_setAttr_IssCap 2 23 42 3 3 */ +&(nid_objs[607]),/* OBJ_set_policy_root 2 23 42 5 0 */ +&(nid_objs[608]),/* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +&(nid_objs[609]),/* OBJ_setCext_certType 2 23 42 7 1 */ +&(nid_objs[610]),/* OBJ_setCext_merchData 2 23 42 7 2 */ +&(nid_objs[611]),/* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +&(nid_objs[612]),/* OBJ_setCext_tunneling 2 23 42 7 4 */ +&(nid_objs[613]),/* OBJ_setCext_setExt 2 23 42 7 5 */ +&(nid_objs[614]),/* OBJ_setCext_setQualf 2 23 42 7 6 */ +&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +&(nid_objs[617]),/* OBJ_setCext_Track2Data 2 23 42 7 9 */ +&(nid_objs[618]),/* OBJ_setCext_TokenType 2 23 42 7 10 */ +&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +&(nid_objs[640]),/* OBJ_set_brand_Visa 2 23 42 8 4 */ +&(nid_objs[641]),/* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +&(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ +&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +&(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ &(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ &(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ &(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ @@ -2440,6 +3212,14 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ &(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ &(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ +&(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +&(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ +&(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +&(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ @@ -2448,6 +3228,11 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[505]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ &(nid_objs[506]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ &(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +&(nid_objs[632]),/* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +&(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +&(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ &(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ &(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ &(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ @@ -2490,6 +3275,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ &(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +&(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ &(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ &(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ &(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ @@ -2611,6 +3397,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ &(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h index 6d77fcba3f..899db8325c 100644 --- a/src/lib/libcrypto/objects/obj_mac.h +++ b/src/lib/libcrypto/objects/obj_mac.h @@ -1654,6 +1654,10 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + #define SN_role "role" #define LN_role "role" #define NID_role 400 @@ -2305,3 +2309,550 @@ #define NID_documentPublisher 502 #define OBJ_documentPublisher OBJ_pilotAttributeType,56L +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set 2L,23L,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl index b4da364bbf..519d8a5867 100644 --- a/src/lib/libcrypto/perlasm/x86nasm.pl +++ b/src/lib/libcrypto/perlasm/x86nasm.pl @@ -209,7 +209,7 @@ sub using486 sub main'file { - push(@out, "segment .text\n"); + push(@out, "segment .text use32\n"); } sub main'function_begin diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c index 5f7afe8933..b40f26032e 100644 --- a/src/lib/libcrypto/pkcs7/verify.c +++ b/src/lib/libcrypto/pkcs7/verify.c @@ -179,10 +179,11 @@ char *argv[]; { ASN1_UTCTIME *tm; char *str1,*str2; + int rc; si=sk_PKCS7_SIGNER_INFO_value(sk,i); - i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); - if (i <= 0) + rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); + if (rc <= 0) goto err; printf("signer info\n"); if ((tm=get_signed_time(si)) != NULL) diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index 97ed12cf67..abc3ac27d5 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(__DJGPP__) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index 5a78009e9a..ec09d74603 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c @@ -109,6 +109,8 @@ * */ +#define USE_SOCKETS +#include "e_os.h" #include "cryptlib.h" #include #include "rand_lcl.h" diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h index de0f452b47..774162fec9 100644 --- a/src/lib/libcrypto/symhacks.h +++ b/src/lib/libcrypto/symhacks.h @@ -247,7 +247,7 @@ /* Case insensiteve linking causes problems.... */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) #undef ERR_load_CRYPTO_strings #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings #undef OCSP_crlID_new diff --git a/src/lib/libcrypto/util/dirname.pl b/src/lib/libcrypto/util/dirname.pl new file mode 100644 index 0000000000..d7a66d96ac --- /dev/null +++ b/src/lib/libcrypto/util/dirname.pl @@ -0,0 +1,18 @@ +#!/usr/local/bin/perl + +if ($#ARGV < 0) { + die "dirname.pl: too few arguments\n"; +} elsif ($#ARGV > 0) { + die "dirname.pl: too many arguments\n"; +} + +my $d = $ARGV[0]; + +if ($d =~ m|.*/.*|) { + $d =~ s|/[^/]*$||; +} else { + $d = "."; +} + +print $d,"\n"; +exit(0); diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd index aa99cb0523..8cbe383c16 100644 --- a/src/lib/libcrypto/util/domd +++ b/src/lib/libcrypto/util/domd @@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp - perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new + ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@ - perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new + ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new fi mv Makefile.new Makefile.ssl # unfake the presence of Kerberos diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index b74749e5de..512185e257 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -701,7 +701,7 @@ bn_mul_words 707 EXIST::FUNCTION: BN_uadd 708 EXIST::FUNCTION: BN_usub 709 EXIST::FUNCTION: bn_sqr_words 710 EXIST::FUNCTION: -_ossl_old_crypt 711 EXIST:!NeXT,!PERL5,!__FreeBSD__:FUNCTION:DES +_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: d2i_ASN1_HEADER 714 EXIST::FUNCTION: @@ -984,8 +984,8 @@ BIO_ghbn_ctrl 1003 EXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: -ERR_load_CRYPTO_strings 1009 EXIST:!VMS,!WIN16:FUNCTION: -ERR_load_CRYPTOlib_strings 1009 EXIST:VMS,WIN16:FUNCTION: +ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION: +ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION: EVP_PKEY_bits 1010 EXIST::FUNCTION: MD5_Transform 1011 EXIST::FUNCTION:MD5 SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1 @@ -1216,7 +1216,7 @@ name_cmp 1239 EXIST::FUNCTION: str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: -BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION: +BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION: BIO_f_reliable 1244 EXIST::FUNCTION:BIO PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: @@ -2732,8 +2732,8 @@ EC_POINT_point2oct 3178 EXIST::FUNCTION:EC KRB5_APREQ_free 3179 EXIST::FUNCTION: ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_crlID_new 3181 EXIST:!VMS,!WIN16:FUNCTION: -OCSP_crlID2_new 3181 EXIST:VMS,WIN16:FUNCTION: +OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: +OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: ENGINE_set_default_string 3184 EXIST::FUNCTION: @@ -2774,3 +2774,21 @@ AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES ENGINE_load_4758cca 3218 EXIST::FUNCTION: _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES +EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES +EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES +EVP_aes_128_cfb 3222 EXIST::FUNCTION:AES +EVP_aes_256_cfb 3223 EXIST::FUNCTION:AES +EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES +EVP_aes_192_cfb 3225 EXIST::FUNCTION:AES +CONF_modules_free 3226 EXIST::FUNCTION: +NCONF_default 3227 EXIST::FUNCTION: +OPENSSL_no_config 3228 EXIST::FUNCTION: +NCONF_WIN32 3229 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION: +EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES +i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: +EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index 8b6b2e668a..c9271bbffe 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl @@ -100,7 +100,7 @@ $out_def="out"; $inc_def="outinc"; $tmp_def="tmp"; -$mkdir="mkdir"; +$mkdir="-mkdir"; ($ssl,$crypto)=("ssl","crypto"); $ranlib="echo ranlib"; diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index 071036a6d2..adfd447dd3 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl @@ -43,8 +43,8 @@ # EXPORT_VAR_AS_FUNCTION). This script assumes renaming of symbols is found # in the file crypto/symhacks.h. # The semantics for the platforms is that every item is checked against the -# enviroment. For the negative items ("!FOO"), if any of them is false -# (i.e. "FOO" is true) in the enviroment, the corresponding symbol can't be +# environment. For the negative items ("!FOO"), if any of them is false +# (i.e. "FOO" is true) in the environment, the corresponding symbol can't be # used. For the positive itms, if all of them are false in the environment, # the corresponding symbol can't be used. Any combination of positive and # negative items are possible, and of course leave room for some redundancy. @@ -58,6 +58,7 @@ my $debug=0; my $crypto_num= "util/libeay.num"; my $ssl_num= "util/ssleay.num"; +my $libname; my $do_update = 0; my $do_rewrite = 1; @@ -73,12 +74,13 @@ my $VMS=0; my $W32=0; my $W16=0; my $NT=0; +my $OS2=0; # Set this to make typesafe STACK definitions appear in DEF my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", "EXPORT_VAR_AS_FUNCTION" ); -my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT" ); +my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "RIPEMD", @@ -126,11 +128,18 @@ foreach (@ARGV, split(/ /, $options)) $VMSAlpha=1; } $VMS=1 if $_ eq "VMS"; + $OS2=1 if $_ eq "OS2"; $do_ssl=1 if $_ eq "ssleay"; - $do_ssl=1 if $_ eq "ssl"; + if ($_ eq "ssl") { + $do_ssl=1; + $libname=$_ + } $do_crypto=1 if $_ eq "libeay"; - $do_crypto=1 if $_ eq "crypto"; + if ($_ eq "crypto") { + $do_crypto=1; + $libname=$_; + } $do_update=1 if $_ eq "update"; $do_rewrite=1 if $_ eq "rewrite"; $do_ctest=1 if $_ eq "ctest"; @@ -170,8 +179,17 @@ foreach (@ARGV, split(/ /, $options)) } +if (!$libname) { + if ($do_ssl) { + $libname="SSLEAY"; + } + if ($do_crypto) { + $libname="LIBEAY"; + } +} + # If no platform is given, assume WIN32 -if ($W32 + $W16 + $VMS == 0) { +if ($W32 + $W16 + $VMS + $OS2 == 0) { $W32 = 1; } @@ -182,7 +200,7 @@ if ($W16) { if (!$do_ssl && !$do_crypto) { - print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ]\n"; + print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n"; exit(1); } @@ -305,10 +323,10 @@ EOF } else { - &print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_symbols) + &print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols) if $do_ssl == 1; - &print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_symbols) + &print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols) if $do_crypto == 1; } @@ -995,6 +1013,7 @@ sub is_valid if ($keyword eq "WIN32" && $W32) { return 1; } if ($keyword eq "WIN16" && $W16) { return 1; } if ($keyword eq "WINNT" && $NT) { return 1; } + if ($keyword eq "OS2" && $OS2) { return 1; } # Special platforms: # EXPORT_VAR_AS_FUNCTION means that global variables # will be represented as functions. This currently @@ -1092,24 +1111,27 @@ sub print_def_file { (*OUT,my $name,*nums,my @symbols)=@_; my $n = 1; my @e; my @r; my @v; my $prev=""; + my $liboptions=""; if ($W32) { $name.="32"; } - else + elsif ($W16) { $name.="16"; } + elsif ($OS2) + { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } print OUT <<"EOF"; ; ; Definition file for the DLL version of the $name library from OpenSSL ; -LIBRARY $name +LIBRARY $name $liboptions DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' EOF - if (!$W32) { + if ($W16) { print <<"EOF"; CODE PRELOAD MOVEABLE DATA PRELOAD MOVEABLE SINGLE @@ -1148,10 +1170,10 @@ EOF print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n"; } $prev = $s2; # To warn about duplicates... - if($v) { + if($v && !$OS2) { printf OUT " %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n; } else { - printf OUT " %s%-39s @%d\n",($W32)?"":"_",$s2,$n; + printf OUT " %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n; } } } diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl index 9e9c9a5146..9386da7aa4 100644 --- a/src/lib/libcrypto/util/mklink.pl +++ b/src/lib/libcrypto/util/mklink.pl @@ -18,10 +18,10 @@ my $from = shift; my @files = @ARGV; -my @from_path = split(/\//, $from); +my @from_path = split(/[\\\/]/, $from); my $pwd = `pwd`; chop($pwd); -my @pwd_path = split(/\//, $pwd); +my @pwd_path = split(/[\\\/]/, $pwd); my @to_path = (); @@ -54,7 +54,16 @@ foreach $file (@files) { if ($symlink_exists) { symlink("$to/$file", "$from/$file") or $err = " [$!]"; } else { - system ("cp", "$file", "$from/$file") and $err = " [$!]"; + unlink "$from/$file"; + open (OLD, "<$file") or die "Can't open $file: $!"; + open (NEW, ">$from/$file") or die "Can't open $from/$file: $!"; + binmode(OLD); + binmode(NEW); + while () { + print NEW $_; + } + close (OLD) or die "Can't close $file: $!"; + close (NEW) or die "Can't close $from/$file: $!"; } print $file . " => $from/$file$err\n"; } diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl index 78d60616a6..bd7a9d9301 100644 --- a/src/lib/libcrypto/util/pl/BC-32.pl +++ b/src/lib/libcrypto/util/pl/BC-32.pl @@ -18,7 +18,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; @@ -51,9 +51,9 @@ $lfile=''; $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; -$asm='n_o_T_a_s_m'; +$asm='nasmw'; $asm.=" /Zi" if $debug; -$afile='/Fo'; +$afile='-f obj -o'; $bn_mulw_obj=''; $bn_mulw_src=''; @@ -64,24 +64,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_mulw_obj='crypto\bn\asm\bn-win32.obj'; - $bn_mulw_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_mulw_obj='crypto\bn\asm\bn_win32.obj'; + $bn_mulw_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl index 57180556ca..d695dda623 100644 --- a/src/lib/libcrypto/util/pl/OS2-EMX.pl +++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl @@ -10,18 +10,20 @@ $rm='rm -f'; # C compiler stuff $cc='gcc'; -$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmt -Wall "; +$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall "; +$cflags.="-Zomf " if $shlib; +$shl_cflag="-Zdll"; if ($debug) { $cflags.="-g "; } -$obj='.o'; +$obj=$shlib ? '.obj' : '.o'; $ofile='-o '; # EXE linking stuff $link='${CC}'; -$lflags='${CFLAGS} -Zbsd-signals'; +$lflags='${CFLAGS} -Zbsd-signals -s'; $efile='-o '; $exep='.exe'; $ex_libs="-lsocket"; @@ -30,12 +32,12 @@ $ex_libs="-lsocket"; $mklib='ar r'; $mlflags=''; $ranlib="ar s"; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; +$plib=''; +$libp=$shlib ? ".lib" : ".a"; +$shlibp=$shlib ? ".dll" : ".a"; $lfile=''; -$asm='as'; +$asm=$shlib ? 'as -Zomf' : 'as'; $afile='-o '; $bn_asm_obj=""; $bn_asm_src=""; @@ -46,24 +48,32 @@ $bf_enc_src=""; if (!$no_asm) { - $bn_asm_obj='crypto\bn\asm\bn-os2.o crypto\bn\asm\co-os2.o'; - $bn_asm_src='crypto\bn\asm\bn-os2.asm crypto\bn\asm\co-os2.asm'; - $des_enc_obj='crypto\des\asm\d-os2.o crypto\des\asm\y-os2.o'; - $des_enc_src='crypto\des\asm\d-os2.asm crypto\des\asm\y-os2.asm'; - $bf_enc_obj='crypto\bf\asm\b-os2.o'; - $bf_enc_src='crypto\bf\asm\b-os2.asm'; - $cast_enc_obj='crypto\cast\asm\c-os2.o'; - $cast_enc_src='crypto\cast\asm\c-os2.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-os2.o'; - $rc4_enc_src='crypto\rc4\asm\r4-os2.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-os2.o'; - $rc5_enc_src='crypto\rc5\asm\r5-os2.asm'; - $md5_asm_obj='crypto\md5\asm\m5-os2.o'; - $md5_asm_src='crypto\md5\asm\m5-os2.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-os2.o'; - $sha1_asm_src='crypto\sha\asm\s1-os2.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-os2.o'; - $rmd160_asm_src='crypto\ripemd\asm\rm-os2.asm'; + $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; + $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; + $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; + $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; + $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; + $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; + $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; + $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; + $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; + $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; + $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; + $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; + $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; + $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; + $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; + $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; + $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; + $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; + } + +if ($shlib) + { + $mlflags.=" $lflags -Zdll"; + $lib_cflag=" -D_DLL"; + $out_def="out_dll"; + $tmp_def="tmp_dll"; } sub do_lib_rule @@ -76,9 +86,20 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; + if (!$shlib) + { + $ret.="\t\$(RM) $target\n"; + $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; + $ret.="\t\$(RANLIB) $target\n\n"; + } + else + { + local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; + $ex.=' -lsocket'; + $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; + $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n"; + $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n"; + } } sub do_link_rule @@ -89,7 +110,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; return($ret); } diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index 50bfb34385..d6e3a11530 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl @@ -66,24 +66,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_asm_obj='crypto\bn\asm\bn-win32.obj'; - $bn_asm_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest index 79aefafac0..e01c6192a7 100644 --- a/src/lib/libcrypto/util/pod2mantest +++ b/src/lib/libcrypto/util/pod2mantest @@ -11,9 +11,10 @@ IFS=: -try_without_dir=true +if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi +try_without_dir=false # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. -for dir in dummy:$PATH; do +for dir in dummy${IFS}$PATH; do if [ "$try_without_dir" = true ]; then # first iteration pod2man=pod2man @@ -47,7 +48,7 @@ done echo "No working pod2man found. Consider installing a new version." >&2 if [ "$1" = ignore ]; then echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 - echo "util/pod2man.pl" + echo "../../util/pod2man.pl" exit 0 fi exit 1 diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh index 47543c88e2..ce7dcc56df 100644 --- a/src/lib/libcrypto/util/point.sh +++ b/src/lib/libcrypto/util/point.sh @@ -1,6 +1,10 @@ #!/bin/sh rm -f $2 -ln -s $1 $2 +if test "$OSTYPE" = msdosdjgpp; then + cp $1 $2 +else + ln -s $1 $2 +fi echo "$2 => $1" diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index d63996c70d..5c80970b52 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES @@ -2,7 +2,50 @@ OpenSSL CHANGES _______________ - Changes between 0.9.6d and 0.9.7 [XX xxx 2002] + Changes between 0.9.6e and 0.9.7 [XX xxx 2002] + + *) Make sure tests can be performed even if the corresponding algorithms + have been removed entirely. This was also the last step to make + OpenSSL compilable with DJGPP under all reasonable conditions. + [Richard Levitte, Doug Kaufman ] + + *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT + to allow version independent disabling of normally unselected ciphers, + which may be activated as a side-effect of selecting a single cipher. + + (E.g., cipher list string "RSA" enables ciphersuites that are left + out of "ALL" because they do not provide symmetric encryption. + "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.) + [Lutz Jaenicke, Bodo Moeller] + + *) Add appropriate support for separate platform-dependent build + directories. The recommended way to make a platform-dependent + build directory is the following (tested on Linux), maybe with + some local tweaks: + + # Place yourself outside of the OpenSSL source tree. In + # this example, the environment variable OPENSSL_SOURCE + # is assumed to contain the absolute OpenSSL source directory. + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do + mkdir -p `dirname $F` + ln -s $OPENSSL_SOURCE/$F $F + done + + To be absolutely sure not to disturb the source tree, a "make clean" + is a good thing. If it isn't successfull, don't worry about it, + it probably means the source directory is very clean. + [Richard Levitte] + + *) Make sure any ENGINE control commands make local copies of string + pointers passed to them whenever necessary. Otherwise it is possible + the caller may have overwritten (or deallocated) the original string + data when a later ENGINE operation tries to use the stored values. + [Götz Babin-Ebell ] + + *) Improve diagnostics in file reading and command-line digests. + [Ben Laurie aided and abetted by Solar Designer ] *) Add AES modes CFB and OFB to the object database. Correct an error in AES-CFB decryption. @@ -29,6 +72,8 @@ form for "surname", serialNumber has no short form. Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; therefore remove "mail" short name for "internet 7". + The OID for unique identifiers in X509 certificates is + x500UniqueIdentifier, not uniqueIdentifier. Some more OID additions. (Michael Bell ) [Lutz Jaenicke] @@ -335,6 +380,10 @@ By default, clients may request session resumption even during renegotiation (if session ID contexts permit); with this option, session resumption is possible only in the first handshake. + + SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes + more bits available for options that should not be part of + SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION). [Bodo Moeller] *) Add some demos for certificate and certificate request creation. @@ -455,8 +504,8 @@ [Bodo Moeller, Lutz Jaenicke] *) Rationalise EVP so it can be extended: don't include a union of - cipher/digest structures, add init/cleanup functions. This also reduces - the number of header dependencies. + cipher/digest structures, add init/cleanup functions for EVP_MD_CTX + (similar to those existing for EVP_CIPHER_CTX). Usage example: EVP_MD_CTX md; @@ -1040,14 +1089,15 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k handle the new API. Currently only ECB, CBC modes supported. Add new AES OIDs. - Add TLS AES ciphersuites as described in the "AES Ciphersuites - for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet - official, they are not enabled by default and are not even part - of the "ALL" ciphersuite alias; for now, they must be explicitly - requested by specifying the new "AESdraft" ciphersuite alias. If - you want the default ciphersuite list plus the new ciphersuites, - use "DEFAULT:AESdraft:@STRENGTH". - [Ben Laurie, Steve Henson, Bodo Moeller] + Add TLS AES ciphersuites as described in RFC3268, "Advanced + Encryption Standard (AES) Ciphersuites for Transport Layer + Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were + not enabled by default and were not part of the "ALL" ciphersuite + alias because they were not yet official; they could be + explicitly requested by specifying the "AESdraft" ciphersuite + group alias. In the final release of OpenSSL 0.9.7, the group + alias is called "AES" and is part of "ALL".) + [Ben Laurie, Steve Henson, Bodo Moeller] *) New function OCSP_copy_nonce() to copy nonce value (if present) from request to response. @@ -1617,11 +1667,70 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] - Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] + Changes between 0.9.6d and 0.9.6e [30 Jul 2002] + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. + [Steve Henson, Adi Stav , James Yonan ] + + *) Fix cipher selection routines: ciphers without encryption had no flags + for the cipher strength set and where therefore not handled correctly + by the selection routines (PR #130). + [Lutz Jaenicke] *) Fix EVP_dsa_sha macro. [Nils Larsch] + *) New option + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure + that was added in OpenSSL 0.9.6d. + + As the countermeasure turned out to be incompatible with some + broken SSL implementations, the new option is part of SSL_OP_ALL. + SSL_OP_ALL is usually employed when compatibility with weird SSL + implementations is desired (e.g. '-bugs' option to 's_client' and + 's_server'), so the new option is automatically set in many + applications. + [Bodo Moeller] + + *) Changes in security patch: + + Changes marked "(CHATS)" were sponsored by the Defense Advanced + Research Projects Agency (DARPA) and Air Force Research Laboratory, + Air Force Materiel Command, USAF, under agreement number + F30602-01-2-0537. + + *) Add various sanity checks to asn1_get_length() to reject + the ASN1 length bytes if they exceed sizeof(long), will appear + negative or the content length exceeds the length of the + supplied buffer. (CAN-2002-0659) + [Steve Henson, Adi Stav , James Yonan ] + + *) Assertions for various potential buffer overflows, not known to + happen in practice. + [Ben Laurie (CHATS)] + + *) Various temporary buffers to hold ASCII versions of integers were + too small for 64 bit platforms. (CAN-2002-0655) + [Matthew Byng-Maddick and Ben Laurie (CHATS)> + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized master key in Kerberos-enabled versions. + (CAN-2002-0657) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL3 protocol - an attacker could + supply an oversized session ID to a client. (CAN-2002-0656) + [Ben Laurie (CHATS)] + + *) Remote buffer overflow in SSL2 protocol - an attacker could + supply an oversized client master key. (CAN-2002-0656) + [Ben Laurie (CHATS)] + + Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 986db2f614..74bd8877e5 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure @@ -134,7 +134,7 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", +"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", @@ -145,8 +145,8 @@ my %table=( "debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -169,11 +169,11 @@ my %table=( "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 # but keep the assembler modules. "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -256,6 +256,9 @@ my %table=( "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# 64bit PARISC for GCC without optimization, which seems to make problems. +# Submitted by +"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # IA-64 targets # I have no idea if this one actually works, feedback needed. @@ -410,13 +413,13 @@ my %table=( "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # UnixWare 2.0x fails destest with -O -"unixware-2.0","cc:-DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", # UnixWare 2.1 -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", -"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", +"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", # UnixWare 7 "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -509,10 +512,16 @@ my %table=( # and its library files in util/pl/*) "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", +# UWIN +"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", + # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", +# DJGPP +"DJGPP", "gcc:-I/dev/env/DJDIR/watt32/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/DJDIR/watt32/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::", + # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::", "ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::", @@ -534,8 +543,8 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", -"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### Sony NEWS-OS 4.x "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", @@ -637,6 +646,7 @@ my $libs; my $target; my $options; my $symlink; +my $make_depend=0; my %withargs=(); my @argvcopy=@ARGV; @@ -894,6 +904,7 @@ print "Configuring for $target\n"; my $IsWindows=scalar grep /^$target$/,@WinTargets; $exe_ext=".exe" if ($target eq "Cygwin"); +$exe_ext=".exe" if ($target eq "DJGPP"); $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; @@ -901,7 +912,7 @@ chop $openssldir if $openssldir =~ /\/$/; chop $prefix if $prefix =~ /\/$/; $openssldir=$prefix . "/ssl" if $openssldir eq ""; -$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//; +$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; print "IsWindows=$IsWindows\n"; @@ -1151,7 +1162,8 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) } open(IN,'$Makefile") || die "unable to create $Makefile:$!\n"; +unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; +open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; my $sdirs=0; while () @@ -1225,6 +1237,8 @@ while () } close(IN); close(OUT); +rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; +rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; print "CC =$cc\n"; print "CFLAG =$cflags\n"; @@ -1295,7 +1309,8 @@ foreach (sort split(/\s+/,$bn_ops)) } open(IN,'crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n"; +unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new"; +open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; @@ -1389,6 +1404,8 @@ while () } close(IN); close(OUT); +rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; +rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; # Fix the date @@ -1428,11 +1445,13 @@ if($IsWindows) { EOF close(OUT); } else { - (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $? - if $symlink; - ### (system 'make depend') == 0 or exit $? if $depflags ne ""; - # Run "make depend" manually if you want to be able to delete - # the source code files of ciphers you left out. + my $make_command = "make -f Makefile.ssl PERL=\'$perl\'"; + my $make_targets = ""; + $make_targets .= " links" if $symlink; + $make_targets .= " depend" if $depflags ne "" && $make_depend; + $make_targets .= " gentests" if $symlink; + (system $make_command.$make_targets) == 0 or exit $? + if $make_targets ne ""; if ( $perl =~ m@^/@) { &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); &dofile("apps/der_chop",$perl,'^#!/', '#!%s'); @@ -1442,7 +1461,16 @@ EOF &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); - } + } + if ($depflags ne "" && !$make_depend) { + print <. -OpenSSL 0.9.6d was released on May 9, 2002. +OpenSSL 0.9.6e was released on July 30, 2002. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a /dev/random device and make sure it gets used, usually through $RANDFILE. There are probably similar patches for the other Solaris -versions. However, be warned that /dev/random is usually a blocking -device, which may have some effects on OpenSSL. +versions. An official statement from Sun with respect to /dev/random +support can be found at + http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski +However, be warned that /dev/random is usually a blocking device, which +may have some effects on OpenSSL. * Why do I get an "unable to write 'random state'" error message? @@ -459,6 +466,64 @@ under 'Program Files'). This needs to be done prior to running NMAKE, and the changes are only valid for the current DOS session. +* What is special about OpenSSL on Redhat? + +Red Hat Linux (release 7.0 and later) include a preinstalled limited +version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 +is disabled in this version. The same may apply to other Linux distributions. +Users may therefore wish to install more or all of the features left out. + +To do this you MUST ensure that you do not overwrite the openssl that is in +/usr/bin on your Red Hat machine. Several packages depend on this file, +including sendmail and ssh. /usr/local/bin is a good alternative choice. The +libraries that come with Red Hat 7.0 onwards have different names and so are +not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and +/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and +/lib/libcrypto.so.2 respectively). + +Please note that we have been advised by Red Hat attempting to recompile the +openssl rpm with all the cryptography enabled will not work. All other +packages depend on the original Red Hat supplied openssl package. It is also +worth noting that due to the way Red Hat supplies its packages, updates to +openssl on each distribution never change the package version, only the +build number. For example, on Red Hat 7.1, the latest openssl package has +version number 0.9.6 and build number 9 even though it contains all the +relevant updates in packages up to and including 0.9.6b. + +A possible way around this is to persuade Red Hat to produce a non-US +version of Red Hat Linux. + +FYI: Patent numbers and expiry dates of US patents: +MDC-2: 4,908,861 13/03/2007 +IDEA: 5,214,703 25/05/2010 +RC5: 5,724,428 03/03/2015 + + +* Why does the OpenSSL compilation fail on MacOS X? + +If the failure happens when trying to build the "openssl" binary, with +a large number of undefined symbols, it's very probable that you have +OpenSSL 0.9.6b delivered with the operating system (you can find out by +running '/usr/bin/openssl version') and that you were trying to build +OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in +MacOS X has a misfeature that's quite difficult to go around. +Look in the file PROBLEMS for a more detailed explanation and for possible +solutions. + + +* Why does the OpenSSL test suite fail on MacOS X? + +If the failure happens when running 'make test' and the RC4 test fails, +it's very probable that you have OpenSSL 0.9.6b delivered with the +operating system (you can find out by running '/usr/bin/openssl version') +and that you were trying to build OpenSSL 0.9.6d. The problem is that +the loader ('ld') in MacOS X has a misfeature that's quite difficult to +go around and has linked the programs "openssl" and the test programs +with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the +libraries you just built. +Look in the file PROBLEMS for a more detailed explanation and for possible +solutions. + [PROG] ======================================================================== * Is OpenSSL thread-safe? @@ -624,5 +689,13 @@ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the SSL_CTX_set_verify() function to enable the use of client certificates. +* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? + +For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier +versions, uniqueIdentifier was incorrectly used for X.509 certificates. +The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier. +Change your code to use the new name when compiling against OpenSSL 0.9.7. + + =============================================================================== diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL index 7eaa8147c3..af86485e00 100644 --- a/src/lib/libssl/src/INSTALL +++ b/src/lib/libssl/src/INSTALL @@ -2,8 +2,10 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described - in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.] + [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) + is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. + This document describes installation on operating systems in the Unix + family.] To install OpenSSL, you will need: @@ -137,8 +139,11 @@ the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. + message will be recorded in the request tracker publicly readable + via http://www.openssl.org/rt2.html and will be forwarded to a public + mailing list). Include the output of "make report" in your message. + Please check out the request tracker. Maybe the bug was already + reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] @@ -156,7 +161,8 @@ try removing any compiler optimization flags from the CFLAGS line in Makefile.ssl and run "make clean; make". Please send a bug report to , including the output of - "make report". + "make report" in order to be added to the request tracker at + http://www.openssl.org/rt2.html. 4. If everything tests ok, install OpenSSL with diff --git a/src/lib/libssl/src/INSTALL.DJGPP b/src/lib/libssl/src/INSTALL.DJGPP new file mode 100644 index 0000000000..0120b946b5 --- /dev/null +++ b/src/lib/libssl/src/INSTALL.DJGPP @@ -0,0 +1,32 @@ + + + INSTALLATION ON THE DOS PLATFORM WITH DJGPP + ------------------------------------------- + + Openssl has been ported to DOS, but only with long filename support. If + you wish to compile on native DOS with 8+3 filenames, you will have to + tweak the installation yourself, including renaming files with illegal + or duplicate names. + + You should have a full DJGPP environment installed, including the + latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package + requires that PERL and BC also be installed. + + All of these can be obtained from the usual DJGPP mirror sites, such as + "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to have + the WATT-32 networking package installed before you try to compile + openssl. This can be obtained from "http://www.bgnett.no/~giva/". The + Makefile assumes that the WATT-32 code is in directory "watt32" under + /dev/env/DJDIR. + + To compile openssl, start your BASH shell. Then configure for DOS by + running "./Configure" with appropriate arguments. The basic syntax for + DOS is: + ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP + + You may run out of DPMI selectors when running in a DOS box under + Windows. If so, just close the BASH shell, go back to Windows, and + restart BASH. Then run "make" again. + + Building openssl under DJGPP has been tested with DJGPP 2.03, + GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01. diff --git a/src/lib/libssl/src/INSTALL.OS2 b/src/lib/libssl/src/INSTALL.OS2 index d4cc0e319b..530316db18 100644 --- a/src/lib/libssl/src/INSTALL.OS2 +++ b/src/lib/libssl/src/INSTALL.OS2 @@ -20,3 +20,12 @@ If that finishes successfully you will find the libraries and programs in the "out" directory. + + Alternatively, you can make a dynamic build that puts the library code into + crypto.dll and ssl.dll by running + + > make -f os2-emx-dll.mak + + This will build the above mentioned dlls and a matching pair of import + libraries in the "out_dll" directory along with the set of test programs + and the openssl application. diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32 index d85d81b0fd..3de6544fc5 100644 --- a/src/lib/libssl/src/INSTALL.W32 +++ b/src/lib/libssl/src/INSTALL.W32 @@ -94,6 +94,18 @@ You can also build a static version of the library using the Makefile ms\nt.mak + Borland C++ builder 5 + --------------------- + + * Configure for building with Borland Builder: + > perl Configure BC-32 + + * Create the appropriate makefile + > ms\do_nasm + + * Build + > make -f ms\bcb.mak + Borland C++ builder 3 and 4 --------------------------- @@ -140,17 +152,17 @@ GNU C (Cygwin) -------------- - Cygwin provides a bash shell and GNU tools environment running on - NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL - with Cygwin is closer to a GNU bash environment such as Linux rather - than other W32 makes that are based on a single makefile approach. - Cygwin implements Posix/Unix calls through cygwin1.dll, and is - contrasted to Mingw32 which links dynamically to msvcrt.dll or - crtdll.dll. + Cygwin provides a bash shell and GNU tools environment running + on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. + Consequently, a make of OpenSSL with Cygwin is closer to a GNU + bash environment such as Linux than to other W32 makes which are + based on a single makefile approach. Cygwin implements Posix/Unix + calls through cygwin1.dll, and is contrasted to Mingw32 which links + dynamically to msvcrt.dll or crtdll.dll. To build OpenSSL using Cygwin: - * Install Cygwin (see http://sourceware.cygnus.com/cygwin) + * Install Cygwin (see http://cygwin.com/) * Install Perl and ensure it is in the path (recent Cygwin perl (version 5.6.1-2 of the latter has been reported to work) or @@ -176,13 +188,9 @@ stripping of carriage returns. To avoid this ensure that a binary mount is used, e.g. mount -b c:\somewhere /home. - As of version 1.1.1 Cygwin is relatively unstable in its handling - of cr/lf issues. These make procedures succeeded with versions 1.1 and - the snapshot 20000524 (Slow!). - - "bc" is not provided in the Cygwin distribution. This causes a + "bc" is not provided in older Cygwin distribution. This causes a non-fatal error in "make test" but is otherwise harmless. If - desired, GNU bc can be built with Cygwin without change. + desired and needed, GNU bc can be built with Cygwin without change. Installation diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index 3ed232fcf9..8808dd7922 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org @@ -435,6 +435,7 @@ do_hpux-shared: -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Fl lib$$i.a -ldld -lc ) || exit 1; \ + chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ done # This assumes that GNU utilities are *not* used @@ -453,6 +454,7 @@ do_hpux64-shared: -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +forceload lib$$i.a -ldl -lc ) || exit 1; \ + chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \ done # The following method is said to work on all platforms. Tests will @@ -562,6 +564,10 @@ links: fi; \ done; +gentests: + @(cd test && echo "generating dummy tests (if needed)..." && \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + dclean: rm -f *.bak @for i in $(DIRS) ;\ @@ -576,8 +582,8 @@ rehash: rehash.time rehash.time: certs @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \ + LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH; \ $(PERL) tools/c_rehash certs) touch rehash.time @@ -585,9 +591,9 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' OPENSSL_DEBUG_MEMORY=on tests ); - @LD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - export LD_LIBRARY_PATH SHLIB_PATH LIBPATH; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); + @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH; \ apps/openssl version -a report: @@ -598,7 +604,7 @@ depend: do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making dependencies $$i..." && \ - $(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' depend ) || exit 1; \ + $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \ fi; \ done; @@ -644,13 +650,19 @@ TABLE: Configure update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE +# Build distribution tar-file. As the list of files returned by "find" is +# pretty long, on several platforms a "too many arguments" error or similar +# would occur. Therefore the list of files is temporarily stored into a file +# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal +# tar does not support the --files-from option. tar: - @$(TAR) $(TARFLAGS) -cvf - \ - `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\ + find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \ + $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \ tardy --user_number=0 --user_name=openssl \ --group_number=0 --group_name=openssl \ --prefix=openssl-$(VERSION) - |\ gzip --best >../$(TARFILE).gz; \ + rm -f ../$(TARFILE).list; \ ls -l ../$(TARFILE).gz tar-snap: @@ -665,7 +677,7 @@ dist: $(PERL) Configure dist @$(MAKE) dist_pem_h @$(MAKE) SDIRS='${SDIRS}' clean - @$(MAKE) tar + @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar dist_pem_h: (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) @@ -707,7 +719,7 @@ install: all install_docs ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ c=`echo $$i | sed 's/^lib/cyg/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ @@ -732,8 +744,8 @@ install_docs: fn=`basename $$i .pod`; \ if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ - (cd `dirname $$i`; \ - sh -c "`cd ../../util; ./pod2mantest ignore` \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ @@ -742,8 +754,8 @@ install_docs: fn=`basename $$i .pod`; \ if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ - (cd `dirname $$i`; \ - sh -c "`cd ../../util; ./pod2mantest ignore` \ + (cd `$(PERL) util/dirname.pl $$i`; \ + sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \ --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \ diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index bf8f031a29..9531ba9c6e 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS @@ -21,9 +21,8 @@ against libdes providing similar functions having the same name). Provide macros for backward compatibility (will be removed in the future). - o Unifiy handling of cryptographic algorithms (software and - engine) to be available via EVP routines for asymmetric and - symmetric ciphers. + o Unify handling of cryptographic algorithms (software and engine) + to be available via EVP routines for asymmetric and symmetric ciphers. o NCONF: new configuration handling routines. o Change API to use more 'const' modifiers to improve error checking and help optimizers. @@ -31,6 +30,7 @@ o Reworked parts of the BIGNUM code. o Support for new engines: Broadcom ubsec, Accelerated Encryption Processing, IBM 4758. + o Extended and corrected OID (object identifier) table. o PRNG: query at more locations for a random device, automatic query for EGD style random sources at several locations. o SSL/TLS: allow optional cipher choice according to server's preference. @@ -38,7 +38,12 @@ o SSL/TLS: support Kerberos cipher suites (RFC2712). o SSL/TLS: allow more precise control of renegotiations and sessions. o SSL/TLS: add callback to retrieve SSL/TLS messages. - o SSL/TLS: add draft AES ciphersuites (disabled unless explicitly requested). + o SSL/TLS: support AES cipher suites (RFC3268). + + Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e: + + o Important security related bugfixes. + o Various SSL/TLS library bugfixes. Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d: @@ -91,7 +96,7 @@ o Bug fixes for Win32, HP/UX and Irix. o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and memory checking routines. - o Bug fixes for RSA operations in threaded enviroments. + o Bug fixes for RSA operations in threaded environments. o Bug fixes in misc. openssl applications. o Remove a few potential memory leaks. o Add tighter checks of BIGNUM routines. diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS index d78e2d9a23..70e591a1d1 100644 --- a/src/lib/libssl/src/PROBLEMS +++ b/src/lib/libssl/src/PROBLEMS @@ -1,50 +1,40 @@ -If you have any problems with SSLeay then please take the following -steps: - - Remove the ASM version of the BN routines (edit Configure) - Remove the compiler optimisation flags - Add in the compiler debug flags (-g) - -Note: if using gcc then remove -fomit-frame-pointer before you try - to debug things. - -If you wish to report a bug then please include the following information -in any bug report: - - SSLeay Details - - Version, most of these details can be got from the - 'ssleay version -a' command. - Operating System Details - - OS Name - - OS Version - - Hardware platform - Compiler Details - - Name - - Version - Application Details - - Name - - Version - Problem Description - - include steps that will reproduce the problem (if known) - Stack Traceback (if the application dumps core) - -For example: - - SSLeay-0.5.1a - SunOS 5.3, SPARC, SunC 3.0 - SSLtelnet-0.7 - - Core dumps when using telnet with SSL support in bn_mul() with - the following stack trackback - ... - - -Report the bug to either - ssleay@mincom.oz.au (Eric and Tim) -or - ssl-bugs@mincom.oz.au (mailing list of active developers) - - -Tim Hudson -tjh@mincom.oz.au +* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X. + + + NOTE: The problem described here only applies when OpenSSL isn't built + with shared library support (i.e. without the "shared" configuration + option). If you build with shared library support, you will have no + problems as long as you set up DYLD_LIBRARY_PATH properly at all times. + + +This is really a misfeature in ld, which seems to look for .dylib libraries +along the whole library path before it bothers looking for .a libraries. This +means that -L switches won't matter unless OpenSSL is built with shared +library support. + +The workaround may be to change the following lines in apps/Makefile.ssl and +test/Makefile.ssl: + + LIBCRYPTO=-L.. -lcrypto + LIBSSL=-L.. -lssl + +to: + + LIBCRYPTO=../libcrypto.a + LIBSSL=../libssl.a + +It's possible that something similar is needed for shared library support +as well. That hasn't been well tested yet. + + +Another solution that many seem to recommend is to move the libraries +/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different +directory, build and install OpenSSL and anything that depends on your +build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their +original places. Note that the version numbers on those two libraries +may differ on your machine. + + +As long as Apple doesn't fix the problem with ld, this problem building +OpenSSL will remain as is. diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index 8933063c1d..5394a17e3e 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.7-beta1 01 Jun 2002 + OpenSSL 0.9.7-beta3 30 Jul 2002 Copyright (c) 1998-2002 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -122,6 +122,13 @@ lists the functions; you will probably have to look at the code to work out how to use them. Look at the example programs. + PROBLEMS + -------- + + For some platforms, there are some known problems that may affect the user + or application author. We try to collect those in doc/PROBLEMS, with current + thoughts on how they should be solved in a future of OpenSSL. + SUPPORT ------- @@ -146,11 +153,13 @@ - Problem Description (steps that will reproduce the problem, if known) - Stack Traceback (if the application dumps core) - Report the bug to the OpenSSL project at: + Report the bug to the OpenSSL project via the Request Tracker + (http://www.openssl.org/rt2.html) by mail to: openssl-bugs@openssl.org - Note that mail to openssl-bugs@openssl.org is forwarded to a public + Note that mail to openssl-bugs@openssl.org is recorded in the publicly + readable request tracker database and is forwarded to a public mailing list. Confidential mail may be sent to openssl-security@openssl.org (PGP key available from the key servers). @@ -164,7 +173,9 @@ textual explanation of what your patch does. Note: For legal reasons, contributions from the US can be accepted only - if a copy of the patch is sent to crypt@bxa.doc.gov + if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov; + see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] + and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)). The preferred format for changes is "diff -u" output. You might generate it like this: diff --git a/src/lib/libssl/src/README.ENGINE b/src/lib/libssl/src/README.ENGINE index 643d0cb51f..0ff8333709 100644 --- a/src/lib/libssl/src/README.ENGINE +++ b/src/lib/libssl/src/README.ENGINE @@ -154,7 +154,7 @@ shared-library that contains the ENGINE implementation, and "NO_VCHECK" might possibly be useful if there is a minor version conflict and you (or a vendor helpdesk) is convinced you can safely ignore it. - "ENGINE_ID" is probably only needed if a shared-library implements + "ID" is probably only needed if a shared-library implements multiple ENGINEs, but if you know the engine id you expect to be using, it doesn't hurt to specify it (and this provides a sanity check if nothing else). "LIST_ADD" is only required if you actually wish the @@ -174,7 +174,7 @@ ENGINE *e = ENGINE_by_id("dynamic"); ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0); - ENGINE_ctrl_cmd_string(e, "ENGINE_ID", "foo", 0); + ENGINE_ctrl_cmd_string(e, "ID", "foo", 0); ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0); ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0); @@ -184,7 +184,7 @@ openssl engine dynamic \ -pre SO_PATH:/lib/libfoo.so \ - -pre ENGINE_ID:foo \ + -pre ID:foo \ -pre LOAD \ -pre "CMD_FOO:some input data" @@ -192,7 +192,7 @@ openssl engine -vvvv dynamic \ -pre SO_PATH:/lib/libfoo.so \ - -pre ENGINE_ID:foo \ + -pre ID:foo \ -pre LOAD Applications that support the ENGINE API and more specifically, the diff --git a/src/lib/libssl/src/apps/CA.pl b/src/lib/libssl/src/apps/CA.pl index 669a016b84..915fa5beca 100644 --- a/src/lib/libssl/src/apps/CA.pl +++ b/src/lib/libssl/src/apps/CA.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl5 # # CA - wrapper around ca to make it easier to use ... basically ca requires # some setup stuff to be done before you can use it and this makes diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index aca750b1f0..a302119d7f 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c @@ -129,7 +129,11 @@ #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp #else -#include +# ifdef NO_STRINGS_H + int strcasecmp(); +# else +# include +# endif /* NO_STRINGS_H */ #endif #ifdef OPENSSL_SYS_WINDOWS @@ -490,7 +494,7 @@ static int ui_close(UI *ui) { return UI_method_get_closer(UI_OpenSSL())(ui); } -int setup_ui_method() +int setup_ui_method(void) { ui_method = UI_create_method("OpenSSL application user interface"); UI_method_set_opener(ui_method, ui_open); @@ -499,7 +503,7 @@ int setup_ui_method() UI_method_set_closer(ui_method, ui_close); return 0; } -void destroy_ui_method() +void destroy_ui_method(void) { if(ui_method) { @@ -925,7 +929,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, } #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) -EVP_PKEY * +static EVP_PKEY * load_netscape_key(BIO *err, BIO *key, const char *file, const char *key_descrip, int format) { @@ -1213,7 +1217,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_T void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) { - char buf[256]; + char *buf; char mline = 0; int indent = 0; if(title) BIO_puts(out, title); @@ -1222,9 +1226,10 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags) indent = 4; } if(lflags == XN_FLAG_COMPAT) { - X509_NAME_oneline(nm,buf,256); - BIO_puts(out,buf); + buf = X509_NAME_oneline(nm, 0, 0); + BIO_puts(out, buf); BIO_puts(out, "\n"); + OPENSSL_free(buf); } else { if(mline) BIO_puts(out, "\n"); X509_NAME_print_ex(out, nm, indent, lflags); @@ -1263,7 +1268,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) } /* Try to load an engine in a shareable library */ -ENGINE *try_load_engine(BIO *err, const char *engine, int debug) +static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { ENGINE *e = ENGINE_by_id("dynamic"); if (e) diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index 5b3836ab22..a88902ac13 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h @@ -134,10 +134,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, * (see e_os.h). The string is * destroyed! */ -#ifdef OPENSSL_NO_STDIO -BIO_METHOD *BIO_s_file(); -#endif - #ifdef OPENSSL_SYS_WIN32 #define rename(from,to) WIN32_rename((from),(to)) int WIN32_rename(char *oldname,char *newname); @@ -217,8 +213,8 @@ typedef struct pw_cb_data int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); -int setup_ui_method(); -void destroy_ui_method(); +int setup_ui_method(void); +void destroy_ui_method(void); int should_retry(int i); int args_from_file(char *file, int *argc, char **argv[]); diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index 51d9470aa1..322956de57 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c @@ -80,7 +80,11 @@ #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp #else -#include +# ifdef NO_STRINGS_H + int strcasecmp(); +# else +# include +# endif /* NO_STRINGS_H */ #endif #ifndef W_OK @@ -1450,13 +1454,13 @@ bad: } if ((crldays == 0) && (crlhours == 0)) { - BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n"); + BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); goto err; } if (verbose) BIO_printf(bio_err,"making CRL\n"); if ((crl=X509_CRL_new()) == NULL) goto err; - if (!X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x509))) goto err; + if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; tmptm = ASN1_TIME_new(); if (!tmptm) goto err; diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index 0620b32bb4..e21c3d83ac 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c @@ -73,8 +73,9 @@ #undef PROG #define PROG dgst_main -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen); +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, + const char *file); int MAIN(int, char **); @@ -319,22 +320,36 @@ int MAIN(int argc, char **argv) if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); - do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, siglen); + err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, + siglen,"","(stdin)"); } else { name=OBJ_nid2sn(md->type); for (i=0; i 0) BIO_printf(out, "Verified OK\n"); - else if(i == 0) BIO_printf(out, "Verification Failure\n"); + if(i > 0) + BIO_printf(out, "Verified OK\n"); + else if(i == 0) + { + BIO_printf(out, "Verification Failure\n"); + return 1; + } else { BIO_printf(bio_err, "Error Verifying Data\n"); ERR_print_errors(bio_err); + return 1; } - return; + return 0; } if(key) { @@ -386,7 +414,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); - return; + return 1; } } else @@ -395,6 +423,7 @@ void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, if(binout) BIO_write(out, buf, len); else { + BIO_write(out,title,strlen(title)); for (i=0; i #include +#include "apps.h" #include #include -#include "apps.h" #undef PROG #define PROG nseq_main diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index c87edbc44b..49a156a1cf 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c @@ -58,11 +58,11 @@ #include #include +#include "apps.h" #include #include #include #include -#include "apps.h" /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) @@ -553,8 +553,8 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-port num port to run responder on\n"); BIO_printf (bio_err, "-index file certificate status index file\n"); BIO_printf (bio_err, "-CA file CA certificate\n"); - BIO_printf (bio_err, "-rsigner file responder certificate to sign requests with\n"); - BIO_printf (bio_err, "-rkey file responder key to sign requests with\n"); + BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n"); + BIO_printf (bio_err, "-rkey file responder key to sign responses with\n"); BIO_printf (bio_err, "-rother file other certificates to include in response\n"); BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n"); BIO_printf (bio_err, "-nmin n number of minutes before next update\n"); @@ -676,6 +676,18 @@ int MAIN(int argc, char **argv) if (req_text && req) OCSP_REQUEST_print(out, req, 0); + if (reqout) + { + derbio = BIO_new_file(reqout, "wb"); + if(!derbio) + { + BIO_printf(bio_err, "Error opening file %s\n", reqout); + goto end; + } + i2d_OCSP_REQUEST_bio(derbio, req); + BIO_free(derbio); + } + if (ridx_filename && (!rkey || !rsigner || !rca_cert)) { BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n"); @@ -809,6 +821,8 @@ int MAIN(int argc, char **argv) if (!store) store = setup_verify(bio_err, CAfile, CApath); + if (!store) + goto end; if (verify_certfile) { verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM, diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c index c17458ef7c..1c4a4291aa 100644 --- a/src/lib/libssl/src/apps/openssl.c +++ b/src/lib/libssl/src/apps/openssl.c @@ -114,6 +114,7 @@ #include #include #define OPENSSL_C /* tells apps.h to use complete apps_startup() */ +#include "apps.h" #include #include #include @@ -123,7 +124,6 @@ #include #include #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ -#include "apps.h" #include "progs.h" #include "s_apps.h" #include diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c index 1cc91509a2..0cced40f0f 100644 --- a/src/lib/libssl/src/apps/pkcs7.c +++ b/src/lib/libssl/src/apps/pkcs7.c @@ -89,7 +89,7 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; - int ret=0; + int ret=1; char *engine=NULL; apps_startup(); diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index 9c0dbc2bf6..658a79d390 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c @@ -433,6 +433,11 @@ bad: goto end; } + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + + e = setup_engine(bio_err, engine_id, 1); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -455,11 +460,6 @@ bad: } } - OpenSSL_add_ssl_algorithms(); - SSL_load_error_strings(); - - e = setup_engine(bio_err, engine_id, 1); - ctx=SSL_CTX_new(meth); if (ctx == NULL) { diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 78d90fad55..497abf44ef 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c @@ -683,6 +683,11 @@ bad: goto end; } + SSL_load_error_strings(); + OpenSSL_add_ssl_algorithms(); + + e = setup_engine(bio_err, engine_id, 1); + if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { @@ -715,11 +720,6 @@ bad: s_dkey_file=NULL; } - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); - - e = setup_engine(bio_err, engine_id, 1); - ctx=SSL_CTX_new(meth); if (ctx == NULL) { diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c index 2fb853d071..752158460a 100644 --- a/src/lib/libssl/src/apps/s_time.c +++ b/src/lib/libssl/src/apps/s_time.c @@ -85,7 +85,7 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) +#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) #define TIMES #endif @@ -109,10 +109,6 @@ #include #endif -#ifdef _AIX -#include -#endif - #if defined(sun) || defined(__ultrix) #define _POSIX_SOURCE #include diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index dce5f32630..a797da0ffa 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c @@ -915,8 +915,10 @@ bad: BIO_printf(bio_err,"Generating certificate request\n"); +#ifndef OPENSSL_NO_DSA if (pk->type == EVP_PKEY_DSA) digest=EVP_dss1(); +#endif rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index 3d443da6fb..972cdb70a3 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config @@ -390,18 +390,30 @@ exit 0 # figure out if gcc is available and if so we use it otherwise # we fallback to whatever cc does on the system -GCCVER=`(gcc --version) 2>/dev/null` +GCCVER=`(gcc -dumpversion) 2>/dev/null` if [ "$GCCVER" != "" ]; then CC=gcc - # then strip off whatever prefix Cygnus prepends the number with... - GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'` + # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion + # does give us what we want though, so we use that. We just just the + # major and minor version numbers. # peak single digit before and after first dot, e.g. 2.95.1 gives 29 GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` else CC=cc fi GCCVER=${GCCVER:-0} - +if [ "$SYSTEM" = "HP-UX" ];then + # By default gcc is a ILP32 compiler (with long long == 64). + GCC_BITS="32" + if [ $GCCVER -ge 30 ]; then + # PA64 support only came in with gcc 3.0.x. + # We look for the preprocessor symbol __LP64__ indicating + # 64bit bit long and pointer. sizeof(int) == 32 on HPUX64. + if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then + GCC_BITS="64" + fi + fi +fi if [ "$SYSTEM" = "SunOS" ]; then if [ $GCCVER -ge 30 ]; then # 64-bit ABI isn't officially supported in gcc 3.0, but it appears @@ -659,7 +671,16 @@ EOF RM*-siemens-sysv4) OUT="ReliantUNIX" ;; *-siemens-sysv4) OUT="SINIX" ;; *-hpux1*) - OUT="hpux-parisc-$CC" + if [ $CC = "gcc" ]; + then + if [ $GCC_BITS = "64" ]; then + OUT="hpux64-parisc-gcc" + else + OUT="hpux-parisc-gcc" + fi + else + OUT="hpux-parisc-$CC" + fi KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null` KERNEL_BITS=${KERNEL_BITS:-32} CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null` diff --git a/src/lib/libssl/src/crypto/aes/aes_locl.h b/src/lib/libssl/src/crypto/aes/aes_locl.h index 541d1d6e84..18fc2d0747 100644 --- a/src/lib/libssl/src/crypto/aes/aes_locl.h +++ b/src/lib/libssl/src/crypto/aes/aes_locl.h @@ -60,10 +60,7 @@ #include #include - -#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) #include -#endif #ifdef _MSC_VER # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c index 128aa7e772..8dab29dca1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_strex.c +++ b/src/lib/libssl/src/crypto/asn1/a_strex.c @@ -77,8 +77,8 @@ /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. */ - -int send_mem_chars(void *arg, const void *buf, int len) +#if 0 /* never used */ +static int send_mem_chars(void *arg, const void *buf, int len) { unsigned char **out = arg; if(!out) return 1; @@ -86,15 +86,16 @@ int send_mem_chars(void *arg, const void *buf, int len) *out += len; return 1; } +#endif -int send_bio_chars(void *arg, const void *buf, int len) +static int send_bio_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(BIO_write(arg, buf, len) != len) return 0; return 1; } -int send_fp_chars(void *arg, const void *buf, int len) +static int send_fp_chars(void *arg, const void *buf, int len) { if(!arg) return 1; if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; @@ -240,7 +241,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen * #01234 format. */ -int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) +static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) { /* Placing the ASN1_STRING in a temp ASN1_TYPE allows * the DER encoding to readily obtained diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c index ed2d827db2..dbb4a42c9d 100644 --- a/src/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c @@ -222,6 +222,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) { struct tm *tm; + struct tm data; int offset; int year; @@ -238,7 +239,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) t -= offset*60; /* FIXME: may overflow in extreme cases */ - { struct tm data; tm = OPENSSL_gmtime(&t, &data); } + tm = OPENSSL_gmtime(&t, &data); #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 year = g2(s->data); diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index 0d1713f8dd..dbb30f4f22 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h @@ -773,6 +773,7 @@ int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) DECLARE_ASN1_FUNCTIONS(ASN1_NULL) DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index 830ff2af3c..422685a3b4 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c @@ -59,6 +59,7 @@ #include #include "cryptlib.h" #include +#include static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); static void asn1_put_length(unsigned char **pp, int length); @@ -123,15 +124,13 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, (int)(omax+ *pp)); #endif -#if 0 - if ((p+ *plength) > (omax+ *pp)) + if (*plength > (omax - (*pp - p))) { ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ ret|=0x80; } -#endif *pp=p; return(ret|inf); err: @@ -158,6 +157,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) i= *p&0x7f; if (*(p++) & 0x80) { + if (i > sizeof(long)) + return 0; if (max-- == 0) return(0); while (i-- > 0) { @@ -169,6 +170,8 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) else ret=i; } + if (ret < 0) + return 0; *pp=p; *rl=ret; return(1); @@ -406,7 +409,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) void asn1_add_error(unsigned char *address, int offset) { - char buf1[16],buf2[16]; + char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; sprintf(buf1,"%lu",(unsigned long)address); sprintf(buf2,"%d",offset); diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c index 49f80fffd2..9146ee02c9 100644 --- a/src/lib/libssl/src/crypto/asn1/n_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c @@ -92,6 +92,8 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { @@ -100,6 +102,8 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(NETSCAPE_PKEY) +DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c index 8060115202..2d46914cb1 100644 --- a/src/lib/libssl/src/crypto/asn1/t_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c @@ -96,10 +96,34 @@ int RSA_print(BIO *bp, const RSA *x, int off) char str[128]; const char *s; unsigned char *m=NULL; - int i,ret=0; + int ret=0; + size_t buf_len=0, i; - i=RSA_size(x); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); + if (x->n) + buf_len = (size_t)BN_num_bytes(x->n); + if (x->e) + if (buf_len < (i = (size_t)BN_num_bytes(x->e))) + buf_len = i; + if (x->d) + if (buf_len < (i = (size_t)BN_num_bytes(x->d))) + buf_len = i; + if (x->p) + if (buf_len < (i = (size_t)BN_num_bytes(x->p))) + buf_len = i; + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->dmp1) + if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) + buf_len = i; + if (x->dmq1) + if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) + buf_len = i; + if (x->iqmp) + if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) + buf_len = i; + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); @@ -161,22 +185,25 @@ int DSA_print(BIO *bp, const DSA *x, int off) { char str[128]; unsigned char *m=NULL; - int i,ret=0; - BIGNUM *bn=NULL; + int ret=0; + size_t buf_len=0,i; - if (x->p != NULL) - bn=x->p; - else if (x->priv_key != NULL) - bn=x->priv_key; - else if (x->pub_key != NULL) - bn=x->pub_key; - - /* larger than needed but what the hell :-) */ - if (bn != NULL) - i=BN_num_bytes(bn)*2; - else - i=256; - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + if (x->priv_key) + if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) + buf_len = i; + if (x->pub_key) + if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) + buf_len = i; + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); @@ -281,10 +308,15 @@ int DHparams_print_fp(FILE *fp, const DH *x) int DHparams_print(BIO *bp, const DH *x) { unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,i,ret=0; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0, i; - i=BN_num_bytes(x->p); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { reason=ERR_R_MALLOC_FAILURE; @@ -334,10 +366,18 @@ int DSAparams_print_fp(FILE *fp, const DSA *x) int DSAparams_print(BIO *bp, const DSA *x) { unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,i,ret=0; + int reason=ERR_R_BUF_LIB,ret=0; + size_t buf_len=0,i; - i=BN_num_bytes(x->p); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); + if (x->p) + buf_len = (size_t)BN_num_bytes(x->p); + if (x->q) + if (buf_len < (i = (size_t)BN_num_bytes(x->q))) + buf_len = i; + if (x->g) + if (buf_len < (i = (size_t)BN_num_bytes(x->g))) + buf_len = i; + m=(unsigned char *)OPENSSL_malloc(buf_len+10); if (m == NULL) { reason=ERR_R_MALLOC_FAILURE; diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c index dcaef68ea7..45bd7c47e8 100644 --- a/src/lib/libssl/src/crypto/bio/b_sock.c +++ b/src/lib/libssl/src/crypto/bio/b_sock.c @@ -484,7 +484,11 @@ int BIO_socket_ioctl(int fd, long type, unsigned long *arg) { int i; +#ifdef __DJGPP__ + i=ioctlsocket(fd,type,(char *)arg); +#else i=ioctlsocket(fd,type,arg); +#endif /* __DJGPP__ */ if (i < 0) SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); return(i); diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h index b122c7069d..c5caf253c9 100644 --- a/src/lib/libssl/src/crypto/bio/bio.h +++ b/src/lib/libssl/src/crypto/bio/bio.h @@ -554,7 +554,9 @@ BIO_METHOD *BIO_s_socket(void); BIO_METHOD *BIO_s_connect(void); BIO_METHOD *BIO_s_accept(void); BIO_METHOD *BIO_s_fd(void); +#ifndef OPENSSL_SYS_OS2 BIO_METHOD *BIO_s_log(void); +#endif BIO_METHOD *BIO_s_bio(void); BIO_METHOD *BIO_s_null(void); BIO_METHOD *BIO_f_null(void); @@ -647,6 +649,7 @@ void ERR_load_BIO_strings(void); #define BIO_F_CONN_CTRL 127 #define BIO_F_CONN_STATE 115 #define BIO_F_FILE_CTRL 116 +#define BIO_F_FILE_READ 130 #define BIO_F_LINEBUFFER_CTRL 129 #define BIO_F_MEM_READ 128 #define BIO_F_MEM_WRITE 117 diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c index 99ca3cd0da..68a119d895 100644 --- a/src/lib/libssl/src/crypto/bio/bio_err.c +++ b/src/lib/libssl/src/crypto/bio/bio_err.c @@ -91,6 +91,7 @@ static ERR_STRING_DATA BIO_str_functs[]= {ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, {ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, {ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, +{ERR_PACK(0,BIO_F_FILE_READ,0), "FILE_READ"}, {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, {ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, {ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c index 8b3ff278d9..826b361fa2 100644 --- a/src/lib/libssl/src/crypto/bio/bss_file.c +++ b/src/lib/libssl/src/crypto/bio/bss_file.c @@ -162,6 +162,12 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) if (b->init && (out != NULL)) { ret=fread(out,1,(int)outl,(FILE *)b->ptr); + if(ret == 0 && ferror((FILE *)b->ptr)) + { + SYSerr(SYS_F_FREAD,get_last_sys_error()); + BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); + ret=-1; + } } return(ret); } diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c index a016cb7f53..8abe095af2 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lib.c +++ b/src/lib/libssl/src/crypto/bn/bn_lib.c @@ -397,6 +397,12 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words) { BIGNUM *r = NULL; + /* This function does not work if + * words <= b->dmax && top < words + * because BN_dup() does not preserve 'dmax'! + * (But bn_dup_expand() is not used anywhere yet.) + */ + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c index fd598b8b3d..b03458d002 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mul.c +++ b/src/lib/libssl/src/crypto/bn/bn_mul.c @@ -66,7 +66,7 @@ #include "cryptlib.h" #include "bn_lcl.h" -#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__))/* Assembler implementation exists only for x86 */ +#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__)) || defined(__DJGPP__) /* Assembler implementation exists only for x86 */ /* Here follows specialised variants of bn_add_words() and bn_sub_words(). They have the property performing operations on arrays of different sizes. The sizes of those arrays is expressed through diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c index 443cf420e5..8158a67374 100644 --- a/src/lib/libssl/src/crypto/bn/bntest.c +++ b/src/lib/libssl/src/crypto/bn/bntest.c @@ -925,7 +925,7 @@ int test_kron(BIO *bp, BN_CTX *ctx) /* r := a^t mod b */ b->neg=0; - if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; /* XXX should be BN_mod_exp_recp, but ..._recp triggers a bug that must be fixed */ + if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; b->neg=1; if (BN_is_word(r, 1)) diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h index 3c03fb19c0..f4671442ab 100644 --- a/src/lib/libssl/src/crypto/conf/conf.h +++ b/src/lib/libssl/src/crypto/conf/conf.h @@ -129,6 +129,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out); int CONF_dump_bio(LHASH *conf, BIO *out); void OPENSSL_config(const char *config_name); +void OPENSSL_no_config(void); /* New conf code. The semantics are different from the functions above. If that wasn't the case, the above functions would have been replaced */ @@ -141,10 +142,10 @@ struct conf_st }; CONF *NCONF_new(CONF_METHOD *meth); -CONF_METHOD *NCONF_default(); -CONF_METHOD *NCONF_WIN32(); +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); #if 0 /* Just to give you an idea of what I have in mind */ -CONF_METHOD *NCONF_XML(); +CONF_METHOD *NCONF_XML(void); #endif void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); @@ -176,6 +177,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); +void CONF_modules_free(void); int CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc); diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c index 31f2766246..5e194de60e 100644 --- a/src/lib/libssl/src/crypto/conf/conf_def.c +++ b/src/lib/libssl/src/crypto/conf/conf_def.c @@ -67,6 +67,7 @@ #include "conf_def.h" #include #include +#include "cryptlib.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); @@ -208,12 +209,12 @@ static int def_load(CONF *conf, const char *name, long *line) static int def_load_bio(CONF *conf, BIO *in, long *line) { #define BUFSIZE 512 - char btmp[16]; int bufnum=0,i,ii; BUF_MEM *buff=NULL; char *s,*p,*end; int again,n; long eline=0; + char btmp[DECIMAL_SIZE(eline)+1]; CONF_VALUE *v=NULL,*tv; CONF_VALUE *sv=NULL; char *section=NULL,*buf; diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c index 7998f34c7b..6a3cf109dd 100644 --- a/src/lib/libssl/src/crypto/conf/conf_lib.c +++ b/src/lib/libssl/src/crypto/conf/conf_lib.c @@ -382,8 +382,9 @@ int NCONF_dump_bio(const CONF *conf, BIO *out) return conf->meth->dump(conf, out); } + /* This function should be avoided */ -#undef NCONF_get_number +#if 0 long NCONF_get_number(CONF *conf,char *group,char *name) { int status; @@ -397,4 +398,4 @@ long NCONF_get_number(CONF *conf,char *group,char *name) } return ret; } - +#endif diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index f92babc2e2..edcc08921c 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c @@ -230,7 +230,7 @@ static int module_run(const CONF *cnf, char *name, char *value, { if (!(flags & CONF_MFLAGS_SILENT)) { - char rcode[10]; + char rcode[DECIMAL_SIZE(ret)+1]; CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); sprintf(rcode, "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c index 612b3b93b4..d301b376f7 100644 --- a/src/lib/libssl/src/crypto/cryptlib.c +++ b/src/lib/libssl/src/crypto/cryptlib.c @@ -492,3 +492,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, #endif #endif + +void OpenSSLDie(const char *file,int line,const char *assertion) + { + fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); + abort(); + } + diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h index a0489e57fc..985a6d377c 100644 --- a/src/lib/libssl/src/crypto/cryptlib.h +++ b/src/lib/libssl/src/crypto/cryptlib.h @@ -89,6 +89,14 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +/* size of string represenations */ +#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +#define HEX_SIZE(type) ((sizeof(type)*2) + +/* die if we have to */ +void OpenSSLDie(const char *file,int line,const char *assertion); +#define die(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) + #ifdef __cplusplus } #endif diff --git a/src/lib/libssl/src/crypto/des/des_old.h b/src/lib/libssl/src/crypto/des/des_old.h index 3778f93c15..51b987422a 100644 --- a/src/lib/libssl/src/crypto/des/des_old.h +++ b/src/lib/libssl/src/crypto/des/des_old.h @@ -173,7 +173,7 @@ typedef struct _ossl_old_des_ks_struct DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ DES_crypt((b),(s)) -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) #define crypt(b,s)\ DES_crypt((b),(s)) #endif @@ -366,7 +366,7 @@ int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule _ossl_old_des_cblock *iv); char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); char *_ossl_old_des_crypt(const char *buf,const char *salt); -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) +#if !defined(PERL5) && !defined(NeXT) char *_ossl_old_crypt(const char *buf,const char *salt); #endif void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, diff --git a/src/lib/libssl/src/crypto/des/read_pwd.c b/src/lib/libssl/src/crypto/des/read_pwd.c index 00000190f8..9061935f21 100644 --- a/src/lib/libssl/src/crypto/des/read_pwd.c +++ b/src/lib/libssl/src/crypto/des/read_pwd.c @@ -246,7 +246,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, long status; unsigned short channel = 0; #else -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) TTY_STRUCT tty_orig,tty_new; #endif #endif diff --git a/src/lib/libssl/src/crypto/ebcdic.c b/src/lib/libssl/src/crypto/ebcdic.c index bc968ea807..d1bece87f7 100644 --- a/src/lib/libssl/src/crypto/ebcdic.c +++ b/src/lib/libssl/src/crypto/ebcdic.c @@ -211,8 +211,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) } #else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) +#include +#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) static void *dummy=&dummy; #endif #endif diff --git a/src/lib/libssl/src/crypto/ec/ectest.c b/src/lib/libssl/src/crypto/ec/ectest.c index 243cd83fb5..eab46cc080 100644 --- a/src/lib/libssl/src/crypto/ec/ectest.c +++ b/src/lib/libssl/src/crypto/ec/ectest.c @@ -75,8 +75,8 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur exit(1); \ } while (0) - -void timings(EC_GROUP *group, int multi, BN_CTX *ctx) +#if 0 +static void timings(EC_GROUP *group, int multi, BN_CTX *ctx) { clock_t clck; int i, j; @@ -138,7 +138,7 @@ void timings(EC_GROUP *group, int multi, BN_CTX *ctx) BN_free(s); BN_free(s0); } - +#endif int main(int argc, char *argv[]) { diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c index 8c0ae8a1ad..cdf670901a 100644 --- a/src/lib/libssl/src/crypto/engine/eng_cnf.c +++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c @@ -92,7 +92,7 @@ static int int_engine_init(ENGINE *e) } -int int_engine_configure(char *name, char *value, const CONF *cnf) +static int int_engine_configure(char *name, char *value, const CONF *cnf) { int i; int ret = 0; diff --git a/src/lib/libssl/src/crypto/engine/eng_dyn.c b/src/lib/libssl/src/crypto/engine/eng_dyn.c index 4fefcc0cae..4139a16e76 100644 --- a/src/lib/libssl/src/crypto/engine/eng_dyn.c +++ b/src/lib/libssl/src/crypto/engine/eng_dyn.c @@ -157,6 +157,10 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; if(ctx->dynamic_dso) DSO_free(ctx->dynamic_dso); + if(ctx->DYNAMIC_LIBNAME) + OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); + if(ctx->engine_id) + OPENSSL_free((void*)ctx->engine_id); OPENSSL_free(ctx); } } @@ -169,7 +173,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { dynamic_data_ctx *c; c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); - if(!ctx) + if(!c) { ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); return 0; @@ -310,8 +314,13 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) /* a NULL 'p' or a string of zero-length is the same thing */ if(p && (strlen((const char *)p) < 1)) p = NULL; - ctx->DYNAMIC_LIBNAME = (const char *)p; - return 1; + if(ctx->DYNAMIC_LIBNAME) + OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); + if(p) + ctx->DYNAMIC_LIBNAME = BUF_strdup(p); + else + ctx->DYNAMIC_LIBNAME = NULL; + return (ctx->DYNAMIC_LIBNAME ? 1 : 0); case DYNAMIC_CMD_NO_VCHECK: ctx->no_vcheck = ((i == 0) ? 0 : 1); return 1; @@ -319,8 +328,13 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) /* a NULL 'p' or a string of zero-length is the same thing */ if(p && (strlen((const char *)p) < 1)) p = NULL; - ctx->engine_id = (const char *)p; - return 1; + if(ctx->engine_id) + OPENSSL_free((void*)ctx->engine_id); + if(p) + ctx->engine_id = BUF_strdup(p); + else + ctx->engine_id = NULL; + return (ctx->engine_id ? 1 : 0); case DYNAMIC_CMD_LIST_ADD: if((i < 0) || (i > 2)) { diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c index d49aa7ed40..f7edb5ad32 100644 --- a/src/lib/libssl/src/crypto/engine/eng_fat.c +++ b/src/lib/libssl/src/crypto/engine/eng_fat.c @@ -84,7 +84,7 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) /* Set default algorithms using a string */ -int int_def_cb(const char *alg, int len, void *arg) +static int int_def_cb(const char *alg, int len, void *arg) { unsigned int *pflags = arg; if (!strncmp(alg, "ALL", len)) diff --git a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c index 77d3d2ffdf..1053c52082 100644 --- a/src/lib/libssl/src/crypto/engine/hw_4758_cca.c +++ b/src/lib/libssl/src/crypto/engine/hw_4758_cca.c @@ -124,8 +124,24 @@ static F_RANDOMNUMBERGENERATE randomNumberGenerate; /* static variables */ /*------------------*/ -static const char def_CCA4758_LIB_NAME[] = CCA_LIB_NAME; -static const char *CCA4758_LIB_NAME = def_CCA4758_LIB_NAME; +static const char *CCA4758_LIB_NAME = NULL; +static const char *get_CCA4758_LIB_NAME(void) + { + if(CCA4758_LIB_NAME) + return CCA4758_LIB_NAME; + return CCA_LIB_NAME; + } +static void free_CCA4758_LIB_NAME(void) + { + if(CCA4758_LIB_NAME) + OPENSSL_free((void*)CCA4758_LIB_NAME); + CCA4758_LIB_NAME = NULL; + } +static long set_CCA4758_LIB_NAME(const char *name) + { + free_CCA4758_LIB_NAME(); + return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } #ifndef OPENSSL_NO_RSA static const char* n_keyRecordRead = CSNDKRR; static const char* n_digitalSignatureGenerate = CSNDDSG; @@ -232,6 +248,7 @@ void ENGINE_load_4758cca(void) static int ibm_4758_cca_destroy(ENGINE *e) { ERR_unload_CCA4758_strings(); + free_CCA4758_LIB_NAME(); return 1; } @@ -243,7 +260,7 @@ static int ibm_4758_cca_init(ENGINE *e) goto err; } - dso = DSO_load(NULL, CCA4758_LIB_NAME , NULL, 0); + dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0); if(!dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); @@ -299,7 +316,8 @@ err: static int ibm_4758_cca_finish(ENGINE *e) { - if(dso) + free_CCA4758_LIB_NAME(); + if(!dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED); @@ -340,8 +358,7 @@ static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) CCA4758_R_ALREADY_LOADED); return 0; } - CCA4758_LIB_NAME = (const char *)p; - return 1; + return set_CCA4758_LIB_NAME((const char *)p); default: break; } diff --git a/src/lib/libssl/src/crypto/engine/hw_aep.c b/src/lib/libssl/src/crypto/engine/hw_aep.c index cf4507cff1..8b8380a582 100644 --- a/src/lib/libssl/src/crypto/engine/hw_aep.c +++ b/src/lib/libssl/src/crypto/engine/hw_aep.c @@ -60,7 +60,7 @@ #include #include -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) #include #include #else @@ -71,6 +71,7 @@ typedef int pid_t; #include #include #include +#include #ifndef OPENSSL_NO_HW #ifndef OPENSSL_NO_HW_AEP @@ -363,7 +364,24 @@ static DSO *aep_dso = NULL; /* These are the static string constants for the DSO file name and the function * symbol names to bind to. */ -static const char *AEP_LIBNAME = "aep"; +static const char *AEP_LIBNAME = NULL; +static const char *get_AEP_LIBNAME(void) + { + if(AEP_LIBNAME) + return AEP_LIBNAME; + return "aep"; + } +static void free_AEP_LIBNAME(void) + { + if(AEP_LIBNAME) + OPENSSL_free((void*)AEP_LIBNAME); + AEP_LIBNAME = NULL; + } +static long set_AEP_LIBNAME(const char *name) + { + free_AEP_LIBNAME(); + return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); + } static const char *AEP_F1 = "AEP_ModExp"; static const char *AEP_F2 = "AEP_ModExpCrt"; @@ -412,7 +430,7 @@ static int aep_init(ENGINE *e) } /* Attempt to load libaep.so. */ - aep_dso = DSO_load(NULL, AEP_LIBNAME, NULL, 0); + aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0); if(aep_dso == NULL) { @@ -474,6 +492,7 @@ static int aep_init(ENGINE *e) /* Destructor (complements the "ENGINE_aep()" constructor) */ static int aep_destroy(ENGINE *e) { + free_AEP_LIBNAME(); ERR_unload_AEPHK_strings(); return 1; } @@ -549,8 +568,7 @@ static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) AEPHK_R_ALREADY_LOADED); return 0; } - AEP_LIBNAME = (const char *)p; - return 1; + return set_AEP_LIBNAME((const char*)p); default: break; } diff --git a/src/lib/libssl/src/crypto/engine/hw_atalla.c b/src/lib/libssl/src/crypto/engine/hw_atalla.c index 696cfcf156..6151c46902 100644 --- a/src/lib/libssl/src/crypto/engine/hw_atalla.c +++ b/src/lib/libssl/src/crypto/engine/hw_atalla.c @@ -286,8 +286,24 @@ static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL * atasi.dll on win32). For the purposes of testing, I have created a symbollic * link called "libatasi.so" so that we can use native name-translation - a * better solution will be needed. */ -static const char def_ATALLA_LIBNAME[] = "atasi"; -static const char *ATALLA_LIBNAME = def_ATALLA_LIBNAME; +static const char *ATALLA_LIBNAME = NULL; +static const char *get_ATALLA_LIBNAME(void) + { + if(ATALLA_LIBNAME) + return ATALLA_LIBNAME; + return "atasi"; + } +static void free_ATALLA_LIBNAME(void) + { + if(ATALLA_LIBNAME) + OPENSSL_free((void*)ATALLA_LIBNAME); + ATALLA_LIBNAME = NULL; + } +static long set_ATALLA_LIBNAME(const char *name) + { + free_ATALLA_LIBNAME(); + return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *ATALLA_F1 = "ASI_GetHardwareConfig"; static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn"; static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; @@ -295,6 +311,7 @@ static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; /* Destructor (complements the "ENGINE_atalla()" constructor) */ static int atalla_destroy(ENGINE *e) { + free_ATALLA_LIBNAME(); /* Unload the atalla error strings so any error state including our * functs or reasons won't lead to a segfault (they simply get displayed * without corresponding string data because none will be found). */ @@ -324,7 +341,7 @@ static int atalla_init(ENGINE *e) * drivers really use - for now a symbollic link needs to be * created on the host system from libatasi.so to atasi.so on * unix variants. */ - atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0); + atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0); if(atalla_dso == NULL) { ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); @@ -364,6 +381,7 @@ err: static int atalla_finish(ENGINE *e) { + free_ATALLA_LIBNAME(); if(atalla_dso == NULL) { ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED); @@ -397,8 +415,7 @@ static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED); return 0; } - ATALLA_LIBNAME = (const char *)p; - return 1; + return set_ATALLA_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libssl/src/crypto/engine/hw_cswift.c b/src/lib/libssl/src/crypto/engine/hw_cswift.c index d8b380550f..f5c897bdbb 100644 --- a/src/lib/libssl/src/crypto/engine/hw_cswift.c +++ b/src/lib/libssl/src/crypto/engine/hw_cswift.c @@ -280,8 +280,24 @@ t_swSimpleRequest *p_CSwift_SimpleRequest = NULL; t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL; /* Used in the DSO operations. */ -static const char def_CSWIFT_LIBNAME[] = "swift"; -static const char *CSWIFT_LIBNAME = def_CSWIFT_LIBNAME; +static const char *CSWIFT_LIBNAME = NULL; +static const char *get_CSWIFT_LIBNAME(void) + { + if(CSWIFT_LIBNAME) + return CSWIFT_LIBNAME; + return "swift"; + } +static void free_CSWIFT_LIBNAME(void) + { + if(CSWIFT_LIBNAME) + OPENSSL_free((void*)CSWIFT_LIBNAME); + CSWIFT_LIBNAME = NULL; + } +static long set_CSWIFT_LIBNAME(const char *name) + { + free_CSWIFT_LIBNAME(); + return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *CSWIFT_F1 = "swAcquireAccContext"; static const char *CSWIFT_F2 = "swAttachKeyParam"; static const char *CSWIFT_F3 = "swSimpleRequest"; @@ -313,6 +329,7 @@ static void release_context(SW_CONTEXT_HANDLE hac) /* Destructor (complements the "ENGINE_cswift()" constructor) */ static int cswift_destroy(ENGINE *e) { + free_CSWIFT_LIBNAME(); ERR_unload_CSWIFT_strings(); return 1; } @@ -332,7 +349,7 @@ static int cswift_init(ENGINE *e) goto err; } /* Attempt to load libswift.so/swift.dll/whatever. */ - cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0); + cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0); if(cswift_dso == NULL) { CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); @@ -377,6 +394,7 @@ err: static int cswift_finish(ENGINE *e) { + free_CSWIFT_LIBNAME(); if(cswift_dso == NULL) { CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED); @@ -411,8 +429,7 @@ static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED); return 0; } - CSWIFT_LIBNAME = (const char *)p; - return 1; + return set_CSWIFT_LIBNAME((const char *)p); default: break; } @@ -484,7 +501,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -501,7 +518,7 @@ static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -591,7 +608,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -608,7 +625,7 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, &res, 1)) != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -723,7 +740,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -741,7 +758,7 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -835,7 +852,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, goto err; default: { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); @@ -857,7 +874,7 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, &res, 1); if(sw_status != SW_OK) { - char tmpbuf[20]; + char tmpbuf[DECIMAL_SIZE(sw_status)+1]; CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); sprintf(tmpbuf, "%ld", sw_status); ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); diff --git a/src/lib/libssl/src/crypto/engine/hw_ncipher.c b/src/lib/libssl/src/crypto/engine/hw_ncipher.c index 4762a54e3d..a43d4360f2 100644 --- a/src/lib/libssl/src/crypto/engine/hw_ncipher.c +++ b/src/lib/libssl/src/crypto/engine/hw_ncipher.c @@ -59,9 +59,9 @@ #include #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" #include #include #include @@ -109,11 +109,13 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#ifndef OPENSSL_NO_DH /* DH stuff */ /* This function is alised to mod_exp (with the DH and mont dropped). */ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif /* RAND stuff */ static int hwcrhk_rand_bytes(unsigned char *buf, int num); @@ -422,8 +424,24 @@ static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; /* Used in the DSO operations. */ -static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk"; -static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME; +static const char *HWCRHK_LIBNAME = NULL; +static void free_HWCRHK_LIBNAME(void) + { + if(HWCRHK_LIBNAME) + OPENSSL_free((void*)HWCRHK_LIBNAME); + HWCRHK_LIBNAME = NULL; + } +static const char *get_HWCRHK_LIBNAME(void) + { + if(HWCRHK_LIBNAME) + return HWCRHK_LIBNAME; + return "nfhwcrhk"; + } +static long set_HWCRHK_LIBNAME(const char *name) + { + free_HWCRHK_LIBNAME(); + return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; @@ -469,6 +487,7 @@ static void release_context(HWCryptoHook_ContextHandle hac) /* Destructor (complements the "ENGINE_ncipher()" constructor) */ static int hwcrhk_destroy(ENGINE *e) { + free_HWCRHK_LIBNAME(); ERR_unload_HWCRHK_strings(); return 1; } @@ -494,7 +513,7 @@ static int hwcrhk_init(ENGINE *e) goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0); + hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); @@ -586,6 +605,7 @@ err: static int hwcrhk_finish(ENGINE *e) { int to_return = 1; + free_HWCRHK_LIBNAME(); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED); @@ -634,8 +654,7 @@ static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); return 0; } - HWCRHK_LIBNAME = (const char *)p; - return 1; + return set_HWCRHK_LIBNAME((const char *)p); case ENGINE_CTRL_SET_LOGSTREAM: { BIO *bio = (BIO *)p; @@ -1040,6 +1059,7 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return hwcrhk_mod_exp(r, a, p, m, ctx); } +#ifndef OPENSSL_NO_DH /* This function is aliased to mod_exp (with the dh and mont dropped). */ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -1047,6 +1067,7 @@ static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, { return hwcrhk_mod_exp(r, a, p, m, ctx); } +#endif /* Random bytes are good */ static int hwcrhk_rand_bytes(unsigned char *buf, int num) diff --git a/src/lib/libssl/src/crypto/engine/hw_nuron.c b/src/lib/libssl/src/crypto/engine/hw_nuron.c index 2672012154..130b6d8b40 100644 --- a/src/lib/libssl/src/crypto/engine/hw_nuron.c +++ b/src/lib/libssl/src/crypto/engine/hw_nuron.c @@ -69,8 +69,24 @@ #define NURON_LIB_NAME "nuron engine" #include "hw_nuron_err.c" -static const char def_NURON_LIBNAME[] = "nuronssl"; -static const char *NURON_LIBNAME = def_NURON_LIBNAME; +static const char *NURON_LIBNAME = NULL; +static const char *get_NURON_LIBNAME(void) + { + if(NURON_LIBNAME) + return NURON_LIBNAME; + return "nuronssl"; + } +static void free_NURON_LIBNAME(void) + { + if(NURON_LIBNAME) + OPENSSL_free((void*)NURON_LIBNAME); + NURON_LIBNAME = NULL; + } +static long set_NURON_LIBNAME(const char *name) + { + free_NURON_LIBNAME(); + return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *NURON_F1 = "nuron_mod_exp"; /* The definitions for control commands specific to this engine */ @@ -90,6 +106,7 @@ static DSO *pvDSOHandle = NULL; static int nuron_destroy(ENGINE *e) { + free_NURON_LIBNAME(); ERR_unload_NURON_strings(); return 1; } @@ -102,7 +119,7 @@ static int nuron_init(ENGINE *e) return 0; } - pvDSOHandle = DSO_load(NULL, NURON_LIBNAME, NULL, + pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL, DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); if(!pvDSOHandle) { @@ -122,6 +139,7 @@ static int nuron_init(ENGINE *e) static int nuron_finish(ENGINE *e) { + free_NURON_LIBNAME(); if(pvDSOHandle == NULL) { NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED); @@ -153,8 +171,7 @@ static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED); return 0; } - NURON_LIBNAME = (const char *)p; - return 1; + return set_NURON_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libssl/src/crypto/engine/hw_ubsec.c b/src/lib/libssl/src/crypto/engine/hw_ubsec.c index 743c06043c..63397f868c 100644 --- a/src/lib/libssl/src/crypto/engine/hw_ubsec.c +++ b/src/lib/libssl/src/crypto/engine/hw_ubsec.c @@ -304,7 +304,24 @@ static int max_key_len = 1024; /* ??? */ * symbol names to bind to. */ -static const char *UBSEC_LIBNAME = "ubsec"; +static const char *UBSEC_LIBNAME = NULL; +static const char *get_UBSEC_LIBNAME(void) + { + if(UBSEC_LIBNAME) + return UBSEC_LIBNAME; + return "ubsec"; + } +static void free_UBSEC_LIBNAME(void) + { + if(UBSEC_LIBNAME) + OPENSSL_free((void*)UBSEC_LIBNAME); + UBSEC_LIBNAME = NULL; + } +static long set_UBSEC_LIBNAME(const char *name) + { + free_UBSEC_LIBNAME(); + return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0); + } static const char *UBSEC_F1 = "ubsec_bytes_to_bits"; static const char *UBSEC_F2 = "ubsec_bits_to_bytes"; static const char *UBSEC_F3 = "ubsec_open"; @@ -328,6 +345,7 @@ static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl"; /* Destructor (complements the "ENGINE_ubsec()" constructor) */ static int ubsec_destroy(ENGINE *e) { + free_UBSEC_LIBNAME(); ERR_unload_UBSEC_strings(); return 1; } @@ -364,7 +382,7 @@ static int ubsec_init(ENGINE *e) /* * Attempt to load libubsec.so/ubsec.dll/whatever. */ - ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0); + ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0); if(ubsec_dso == NULL) { UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); @@ -459,6 +477,7 @@ err: static int ubsec_finish(ENGINE *e) { + free_UBSEC_LIBNAME(); if(ubsec_dso == NULL) { UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED); @@ -508,8 +527,7 @@ static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED); return 0; } - UBSEC_LIBNAME = (const char *)p; - return 1; + return set_UBSEC_LIBNAME((const char *)p); default: break; } diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c index 04773d65a6..5abe44e6d5 100644 --- a/src/lib/libssl/src/crypto/err/err.c +++ b/src/lib/libssl/src/crypto/err/err.c @@ -166,6 +166,7 @@ static ERR_STRING_DATA ERR_str_functs[]= {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, #endif {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, + {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, {0,NULL}, }; diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h index cc9bb649ea..988ef81aa0 100644 --- a/src/lib/libssl/src/crypto/err/err.h +++ b/src/lib/libssl/src/crypto/err/err.h @@ -182,6 +182,7 @@ typedef struct err_state_st #define SYS_F_ACCEPT 8 #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ #define SYS_F_OPENDIR 10 +#define SYS_F_FREAD 11 /* reasons */ diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c index 5ffd352ea0..2d3e57c4fa 100644 --- a/src/lib/libssl/src/crypto/evp/c_all.c +++ b/src/lib/libssl/src/crypto/evp/c_all.c @@ -60,12 +60,14 @@ #include "cryptlib.h" #include +#if 0 #undef OpenSSL_add_all_algorithms void OpenSSL_add_all_algorithms(void) { OPENSSL_add_all_algorithms_noconf(); } +#endif void OPENSSL_add_all_algorithms_noconf(void) { diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index fb16de6852..45a25f968d 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h @@ -74,6 +74,48 @@ #ifndef OPENSSL_NO_BIO #include #endif +#ifndef OPENSSL_NO_MD2 +#include +#endif +#ifndef OPENSSL_NO_MD4 +#include +#endif +#ifndef OPENSSL_NO_MD5 +#include +#endif +#ifndef OPENSSL_NO_SHA +#include +#endif +#ifndef OPENSSL_NO_RIPEMD +#include +#endif +#ifndef OPENSSL_NO_DES +#include +#endif +#ifndef OPENSSL_NO_RC4 +#include +#endif +#ifndef OPENSSL_NO_RC2 +#include +#endif +#ifndef OPENSSL_NO_RC5 +#include +#endif +#ifndef OPENSSL_NO_BF +#include +#endif +#ifndef OPENSSL_NO_CAST +#include +#endif +#ifndef OPENSSL_NO_IDEA +#include +#endif +#ifndef OPENSSL_NO_MDC2 +#include +#endif +#ifndef OPENSSL_NO_AES +#include +#endif /* #define EVP_RC2_KEY_SIZE 16 @@ -91,6 +133,18 @@ /* Default PKCS#5 iteration count */ #define PKCS5_DEFAULT_ITER 2048 +#ifndef OPENSSL_NO_RSA +#include +#endif + +#ifndef OPENSSL_NO_DSA +#include +#endif + +#ifndef OPENSSL_NO_DH +#include +#endif + #include #define EVP_PK_RSA 0x0001 @@ -582,6 +636,8 @@ const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ const EVP_CIPHER *EVP_des_ecb(void); const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); const EVP_CIPHER *EVP_des_cfb(void); const EVP_CIPHER *EVP_des_ede_cfb(void); const EVP_CIPHER *EVP_des_ede3_cfb(void); diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c index 06afb9d152..bcd4d29f85 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pbe.c +++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c @@ -57,9 +57,9 @@ */ #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" /* Password based encryption (PBE) functions */ diff --git a/src/lib/libssl/src/crypto/evp/evp_test.c b/src/lib/libssl/src/crypto/evp/evp_test.c index 1bfffb34cf..90294ef686 100644 --- a/src/lib/libssl/src/crypto/evp/evp_test.c +++ b/src/lib/libssl/src/crypto/evp/evp_test.c @@ -118,7 +118,7 @@ static char *sstrsep(char **string, const char *delim) } static unsigned char *ustrsep(char **p,const char *sep) - { return (unsigned char *)sstrsep((char **)p,sep); } + { return (unsigned char *)sstrsep(p,sep); } static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, @@ -358,7 +358,7 @@ int main(int argc,char **argv) p[-1] = '\0'; encdec = -1; } else { - encdec = atoi(strsep(&p,"\n")); + encdec = atoi(sstrsep(&p,"\n")); } diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c index 113c60fedb..27a8286489 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c @@ -58,9 +58,9 @@ #include #include +#include "cryptlib.h" #include #include -#include "cryptlib.h" /* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. */ diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c index 7881860b53..7485d6a278 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c @@ -58,10 +58,10 @@ #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) #include #include +#include "cryptlib.h" #include #include #include -#include "cryptlib.h" /* set this to print out info about the keygen algorithm */ /* #define DEBUG_PKCS5V2 */ diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c index 3ff64bb8d1..02c3719f04 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.c +++ b/src/lib/libssl/src/crypto/objects/obj_dat.c @@ -436,7 +436,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) unsigned long l; unsigned char *p; const char *s; - char tbuf[32]; + char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; if (buf_len <= 0) return(0); diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h index 39cfcda783..30812c8aa6 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.h +++ b/src/lib/libssl/src/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 510 -#define NUM_SN 507 -#define NUM_LN 507 -#define NUM_OBJ 481 +#define NUM_NID 645 +#define NUM_SN 641 +#define NUM_LN 641 +#define NUM_OBJ 615 -static unsigned char lvalues[3881]={ +static unsigned char lvalues[4435]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -549,6 +549,140 @@ static unsigned char lvalues[3881]={ 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3863] OBJ_id_hex_partial_message */ 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3870] OBJ_id_hex_multipart_message */ 0x55,0x04,0x2C, /* [3877] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3880] OBJ_pseudonym */ +0x67,0x2A, /* [3883] OBJ_id_set */ +0x67,0x2A,0x00, /* [3885] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3888] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3891] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3894] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3897] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3900] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3903] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3907] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3911] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3915] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3919] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3923] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3927] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3931] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3935] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3939] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3943] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3947] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3951] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3955] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3959] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3963] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3967] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3971] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3975] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3979] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3983] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3987] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3991] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [3995] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [3999] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4003] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4007] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4011] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4015] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4019] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4023] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4027] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4031] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4035] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4039] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4043] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4047] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4051] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4055] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4059] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4063] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4067] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4071] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4075] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4079] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4083] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4087] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4091] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4095] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4099] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4103] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4107] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4111] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4115] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4119] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4123] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4127] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4131] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4135] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4139] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4143] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4147] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4151] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4155] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4159] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4163] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4167] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4171] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4175] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4179] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4183] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4187] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4191] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4195] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4199] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4203] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4207] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4211] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4215] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4219] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4223] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4227] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4231] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4235] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4239] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4243] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4247] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4251] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4255] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4259] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4263] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4267] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4271] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4275] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4279] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4283] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4287] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4291] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4295] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4299] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4303] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4307] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4311] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4315] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4319] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4323] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4328] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4333] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4338] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4343] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4348] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4353] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4358] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4364] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4370] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4376] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4382] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4388] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4392] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4396] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4400] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4404] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4408] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1334,6 +1468,257 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ NID_id_hex_multipart_message,7,&(lvalues[3870]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, 3,&(lvalues[3877]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3880]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{"id-set","Secure Electronic Transactions",NID_id_set,2, + &(lvalues[3883]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3885]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3888]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3891]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3894]),0}, +{"set-certExt","certificate extensions",NID_set_certExt,3, + &(lvalues[3897]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3900]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3903]),0}, +{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, + &(lvalues[3907]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3911]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3915]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3919]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3923]),0}, +{"setct-PIDataUnsigned","setct-PIDataUnsigned", + NID_setct_PIDataUnsigned,4,&(lvalues[3927]),0}, +{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, + &(lvalues[3931]),0}, +{"setct-AuthResBaggage","setct-AuthResBaggage", + NID_setct_AuthResBaggage,4,&(lvalues[3935]),0}, +{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", + NID_setct_AuthRevReqBaggage,4,&(lvalues[3939]),0}, +{"setct-AuthRevResBaggage","setct-AuthRevResBaggage", + NID_setct_AuthRevResBaggage,4,&(lvalues[3943]),0}, +{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, + &(lvalues[3947]),0}, +{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, + &(lvalues[3951]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3955]),0}, +{"setct-PResData","setct-PResData",NID_setct_PResData,4, + &(lvalues[3959]),0}, +{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, + &(lvalues[3963]),0}, +{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, + &(lvalues[3967]),0}, +{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, + &(lvalues[3971]),0}, +{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, + &(lvalues[3975]),0}, +{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, + &(lvalues[3979]),0}, +{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, + &(lvalues[3983]),0}, +{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", + NID_setct_AcqCardCodeMsg,4,&(lvalues[3987]),0}, +{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, + 4,&(lvalues[3991]),0}, +{"setct-AuthRevResData","setct-AuthRevResData", + NID_setct_AuthRevResData,4,&(lvalues[3995]),0}, +{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, + 4,&(lvalues[3999]),0}, +{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, + &(lvalues[4003]),0}, +{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, + &(lvalues[4007]),0}, +{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, + &(lvalues[4011]),0}, +{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, + &(lvalues[4015]),0}, +{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, + 4,&(lvalues[4019]),0}, +{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, + 4,&(lvalues[4023]),0}, +{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, + &(lvalues[4027]),0}, +{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, + &(lvalues[4031]),0}, +{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, + &(lvalues[4035]),0}, +{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, + 4,&(lvalues[4039]),0}, +{"setct-CredRevReqTBSX","setct-CredRevReqTBSX", + NID_setct_CredRevReqTBSX,4,&(lvalues[4043]),0}, +{"setct-CredRevResData","setct-CredRevResData", + NID_setct_CredRevResData,4,&(lvalues[4047]),0}, +{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, + &(lvalues[4051]),0}, +{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, + &(lvalues[4055]),0}, +{"setct-BatchAdminReqData","setct-BatchAdminReqData", + NID_setct_BatchAdminReqData,4,&(lvalues[4059]),0}, +{"setct-BatchAdminResData","setct-BatchAdminResData", + NID_setct_BatchAdminResData,4,&(lvalues[4063]),0}, +{"setct-CardCInitResTBS","setct-CardCInitResTBS", + NID_setct_CardCInitResTBS,4,&(lvalues[4067]),0}, +{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", + NID_setct_MeAqCInitResTBS,4,&(lvalues[4071]),0}, +{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, + 4,&(lvalues[4075]),0}, +{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, + &(lvalues[4079]),0}, +{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, + &(lvalues[4083]),0}, +{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, + &(lvalues[4087]),0}, +{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, + 4,&(lvalues[4091]),0}, +{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, + &(lvalues[4095]),0}, +{"setct-PIDualSignedTBE","setct-PIDualSignedTBE", + NID_setct_PIDualSignedTBE,4,&(lvalues[4099]),0}, +{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, + 4,&(lvalues[4103]),0}, +{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, + &(lvalues[4107]),0}, +{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, + &(lvalues[4111]),0}, +{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, + &(lvalues[4115]),0}, +{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, + &(lvalues[4119]),0}, +{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, + &(lvalues[4123]),0}, +{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, + &(lvalues[4127]),0}, +{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4131]),0}, +{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, + 4,&(lvalues[4135]),0}, +{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, + 4,&(lvalues[4139]),0}, +{"setct-AuthRevResTBEB","setct-AuthRevResTBEB", + NID_setct_AuthRevResTBEB,4,&(lvalues[4143]),0}, +{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, + &(lvalues[4147]),0}, +{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, + &(lvalues[4151]),0}, +{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, + &(lvalues[4155]),0}, +{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, + &(lvalues[4159]),0}, +{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, + 4,&(lvalues[4163]),0}, +{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, + &(lvalues[4167]),0}, +{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, + &(lvalues[4171]),0}, +{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, + &(lvalues[4175]),0}, +{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, + &(lvalues[4179]),0}, +{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, + 4,&(lvalues[4183]),0}, +{"setct-CredRevReqTBEX","setct-CredRevReqTBEX", + NID_setct_CredRevReqTBEX,4,&(lvalues[4187]),0}, +{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, + 4,&(lvalues[4191]),0}, +{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", + NID_setct_BatchAdminReqTBE,4,&(lvalues[4195]),0}, +{"setct-BatchAdminResTBE","setct-BatchAdminResTBE", + NID_setct_BatchAdminResTBE,4,&(lvalues[4199]),0}, +{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, + 4,&(lvalues[4203]),0}, +{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, + &(lvalues[4207]),0}, +{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, + &(lvalues[4211]),0}, +{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, + &(lvalues[4215]),0}, +{"setct-CRLNotificationTBS","setct-CRLNotificationTBS", + NID_setct_CRLNotificationTBS,4,&(lvalues[4219]),0}, +{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", + NID_setct_CRLNotificationResTBS,4,&(lvalues[4223]),0}, +{"setct-BCIDistributionTBS","setct-BCIDistributionTBS", + NID_setct_BCIDistributionTBS,4,&(lvalues[4227]),0}, +{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, + &(lvalues[4231]),0}, +{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, + &(lvalues[4235]),0}, +{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, + &(lvalues[4239]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4243]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4247]),0}, +{"setext-cv","additional verification",NID_setext_cv,4, + &(lvalues[4251]),0}, +{"set-policy-root","set-policy-root",NID_set_policy_root,4, + &(lvalues[4255]),0}, +{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, + &(lvalues[4259]),0}, +{"setCext-certType","setCext-certType",NID_setCext_certType,4, + &(lvalues[4263]),0}, +{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, + &(lvalues[4267]),0}, +{"setCext-cCertRequired","setCext-cCertRequired", + NID_setCext_cCertRequired,4,&(lvalues[4271]),0}, +{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, + &(lvalues[4275]),0}, +{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, + &(lvalues[4279]),0}, +{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, + &(lvalues[4283]),0}, +{"setCext-PGWYcapabilities","setCext-PGWYcapabilities", + NID_setCext_PGWYcapabilities,4,&(lvalues[4287]),0}, +{"setCext-TokenIdentifier","setCext-TokenIdentifier", + NID_setCext_TokenIdentifier,4,&(lvalues[4291]),0}, +{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, + &(lvalues[4295]),0}, +{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, + &(lvalues[4299]),0}, +{"setCext-IssuerCapabilities","setCext-IssuerCapabilities", + NID_setCext_IssuerCapabilities,4,&(lvalues[4303]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4307]),0}, +{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, + 4,&(lvalues[4311]),0}, +{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, + &(lvalues[4315]),0}, +{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, + &(lvalues[4319]),0}, +{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, + &(lvalues[4323]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4328]),0}, +{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, + &(lvalues[4333]),0}, +{"setAttr-Token-B0Prime","setAttr-Token-B0Prime", + NID_setAttr_Token_B0Prime,5,&(lvalues[4338]),0}, +{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, + &(lvalues[4343]),0}, +{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, + &(lvalues[4348]),0}, +{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, + &(lvalues[4353]),0}, +{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, + 6,&(lvalues[4358]),0}, +{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, + &(lvalues[4364]),0}, +{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, + &(lvalues[4370]),0}, +{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, + &(lvalues[4376]),0}, +{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, + 6,&(lvalues[4382]),0}, +{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, + &(lvalues[4388]),0}, +{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, + &(lvalues[4392]),0}, +{"set-brand-AmericanExpress","set-brand-AmericanExpress", + NID_set_brand_AmericanExpress,4,&(lvalues[4396]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4400]),0}, +{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, + &(lvalues[4404]),0}, +{"set-brand-MasterCard","set-brand-MasterCard", + NID_set_brand_MasterCard,4,&(lvalues[4408]),0}, +{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, + &(lvalues[4412]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, +{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", + NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1366,6 +1751,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[367]),/* "CrlID" */ &(nid_objs[391]),/* "DC" */ &(nid_objs[31]),/* "DES-CBC" */ +&(nid_objs[643]),/* "DES-CDMF" */ &(nid_objs[30]),/* "DES-CFB" */ &(nid_objs[29]),/* "DES-ECB" */ &(nid_objs[32]),/* "DES-EDE" */ @@ -1642,6 +2028,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[314]),/* "id-regInfo" */ &(nid_objs[322]),/* "id-regInfo-certReq" */ &(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ +&(nid_objs[512]),/* "id-set" */ &(nid_objs[191]),/* "id-smime-aa" */ &(nid_objs[215]),/* "id-smime-aa-contentHint" */ &(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ @@ -1798,6 +2185,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[415]),/* "prime256v1" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ +&(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ @@ -1806,6 +2194,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[448]),/* "room" */ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[ 6]),/* "rsaEncryption" */ +&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ &(nid_objs[377]),/* "rsaSignature" */ &(nid_objs[ 1]),/* "rsadsi" */ &(nid_objs[482]),/* "sOARecord" */ @@ -1821,6 +2210,136 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[105]),/* "serialNumber" */ &(nid_objs[129]),/* "serverAuth" */ &(nid_objs[371]),/* "serviceLocator" */ +&(nid_objs[625]),/* "set-addPolicy" */ +&(nid_objs[515]),/* "set-attr" */ +&(nid_objs[518]),/* "set-brand" */ +&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +&(nid_objs[637]),/* "set-brand-Diners" */ +&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +&(nid_objs[639]),/* "set-brand-JCB" */ +&(nid_objs[641]),/* "set-brand-MasterCard" */ +&(nid_objs[642]),/* "set-brand-Novus" */ +&(nid_objs[640]),/* "set-brand-Visa" */ +&(nid_objs[517]),/* "set-certExt" */ +&(nid_objs[513]),/* "set-ctype" */ +&(nid_objs[514]),/* "set-msgExt" */ +&(nid_objs[516]),/* "set-policy" */ +&(nid_objs[607]),/* "set-policy-root" */ +&(nid_objs[624]),/* "set-rootKeyThumb" */ +&(nid_objs[620]),/* "setAttr-Cert" */ +&(nid_objs[631]),/* "setAttr-GenCryptgrm" */ +&(nid_objs[623]),/* "setAttr-IssCap" */ +&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +&(nid_objs[621]),/* "setAttr-PGWYcap" */ +&(nid_objs[635]),/* "setAttr-SecDevSig" */ +&(nid_objs[632]),/* "setAttr-T2Enc" */ +&(nid_objs[633]),/* "setAttr-T2cleartxt" */ +&(nid_objs[634]),/* "setAttr-TokICCsig" */ +&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +&(nid_objs[626]),/* "setAttr-Token-EMV" */ +&(nid_objs[622]),/* "setAttr-TokenType" */ +&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +&(nid_objs[618]),/* "setCext-TokenType" */ +&(nid_objs[617]),/* "setCext-Track2Data" */ +&(nid_objs[611]),/* "setCext-cCertRequired" */ +&(nid_objs[609]),/* "setCext-certType" */ +&(nid_objs[608]),/* "setCext-hashedRoot" */ +&(nid_objs[610]),/* "setCext-merchData" */ +&(nid_objs[613]),/* "setCext-setExt" */ +&(nid_objs[614]),/* "setCext-setQualf" */ +&(nid_objs[612]),/* "setCext-tunneling" */ +&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +&(nid_objs[570]),/* "setct-AuthReqTBE" */ +&(nid_objs[534]),/* "setct-AuthReqTBS" */ +&(nid_objs[527]),/* "setct-AuthResBaggage" */ +&(nid_objs[571]),/* "setct-AuthResTBE" */ +&(nid_objs[572]),/* "setct-AuthResTBEX" */ +&(nid_objs[535]),/* "setct-AuthResTBS" */ +&(nid_objs[536]),/* "setct-AuthResTBSX" */ +&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +&(nid_objs[542]),/* "setct-AuthRevResData" */ +&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +&(nid_objs[559]),/* "setct-BatchAdminResData" */ +&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +&(nid_objs[580]),/* "setct-CapReqTBE" */ +&(nid_objs[581]),/* "setct-CapReqTBEX" */ +&(nid_objs[544]),/* "setct-CapReqTBS" */ +&(nid_objs[545]),/* "setct-CapReqTBSX" */ +&(nid_objs[546]),/* "setct-CapResData" */ +&(nid_objs[582]),/* "setct-CapResTBE" */ +&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +&(nid_objs[549]),/* "setct-CapRevResData" */ +&(nid_objs[585]),/* "setct-CapRevResTBE" */ +&(nid_objs[538]),/* "setct-CapTokenData" */ +&(nid_objs[530]),/* "setct-CapTokenSeq" */ +&(nid_objs[574]),/* "setct-CapTokenTBE" */ +&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +&(nid_objs[539]),/* "setct-CapTokenTBS" */ +&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +&(nid_objs[563]),/* "setct-CertReqData" */ +&(nid_objs[595]),/* "setct-CertReqTBE" */ +&(nid_objs[596]),/* "setct-CertReqTBEX" */ +&(nid_objs[564]),/* "setct-CertReqTBS" */ +&(nid_objs[565]),/* "setct-CertResData" */ +&(nid_objs[597]),/* "setct-CertResTBE" */ +&(nid_objs[586]),/* "setct-CredReqTBE" */ +&(nid_objs[587]),/* "setct-CredReqTBEX" */ +&(nid_objs[550]),/* "setct-CredReqTBS" */ +&(nid_objs[551]),/* "setct-CredReqTBSX" */ +&(nid_objs[552]),/* "setct-CredResData" */ +&(nid_objs[588]),/* "setct-CredResTBE" */ +&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +&(nid_objs[555]),/* "setct-CredRevResData" */ +&(nid_objs[591]),/* "setct-CredRevResTBE" */ +&(nid_objs[567]),/* "setct-ErrorTBS" */ +&(nid_objs[526]),/* "setct-HODInput" */ +&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +&(nid_objs[522]),/* "setct-OIData" */ +&(nid_objs[519]),/* "setct-PANData" */ +&(nid_objs[521]),/* "setct-PANOnly" */ +&(nid_objs[520]),/* "setct-PANToken" */ +&(nid_objs[556]),/* "setct-PCertReqData" */ +&(nid_objs[557]),/* "setct-PCertResTBS" */ +&(nid_objs[523]),/* "setct-PI" */ +&(nid_objs[532]),/* "setct-PI-TBS" */ +&(nid_objs[524]),/* "setct-PIData" */ +&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +&(nid_objs[531]),/* "setct-PInitResData" */ +&(nid_objs[533]),/* "setct-PResData" */ +&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +&(nid_objs[562]),/* "setct-RegFormResTBS" */ +&(nid_objs[606]),/* "setext-cv" */ +&(nid_objs[601]),/* "setext-genCrypt" */ +&(nid_objs[602]),/* "setext-miAuth" */ +&(nid_objs[604]),/* "setext-pinAny" */ +&(nid_objs[603]),/* "setext-pinSecure" */ +&(nid_objs[605]),/* "setext-track2" */ &(nid_objs[52]),/* "signingTime" */ &(nid_objs[454]),/* "simpleSecurityObject" */ &(nid_objs[496]),/* "singleLevelQuality" */ @@ -1866,6 +2385,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[430]),/* "Hold Instruction Code" */ &(nid_objs[431]),/* "Hold Instruction None" */ &(nid_objs[433]),/* "Hold Instruction Reject" */ +&(nid_objs[634]),/* "ICC or token signature" */ &(nid_objs[294]),/* "IPSec End System" */ &(nid_objs[295]),/* "IPSec Tunnel" */ &(nid_objs[296]),/* "IPSec User" */ @@ -1914,6 +2434,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[188]),/* "S/MIME" */ &(nid_objs[167]),/* "S/MIME Capabilities" */ &(nid_objs[387]),/* "SNMPv2" */ +&(nid_objs[512]),/* "Secure Electronic Transactions" */ &(nid_objs[386]),/* "Security" */ &(nid_objs[394]),/* "Selected Attribute Types" */ &(nid_objs[143]),/* "Strong Extranet ID" */ @@ -1948,6 +2469,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[288]),/* "ac-targeting" */ &(nid_objs[446]),/* "account" */ &(nid_objs[364]),/* "ad dvcs" */ +&(nid_objs[606]),/* "additional verification" */ &(nid_objs[419]),/* "aes-128-cbc" */ &(nid_objs[421]),/* "aes-128-cfb" */ &(nid_objs[418]),/* "aes-128-ecb" */ @@ -1977,10 +2499,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[111]),/* "cast5-ofb" */ &(nid_objs[404]),/* "ccitt" */ &(nid_objs[152]),/* "certBag" */ +&(nid_objs[517]),/* "certificate extensions" */ &(nid_objs[54]),/* "challengePassword" */ &(nid_objs[407]),/* "characteristic-two-field" */ &(nid_objs[395]),/* "clearance" */ +&(nid_objs[633]),/* "cleartext track 2" */ &(nid_objs[13]),/* "commonName" */ +&(nid_objs[513]),/* "content types" */ &(nid_objs[50]),/* "contentType" */ &(nid_objs[53]),/* "countersignature" */ &(nid_objs[14]),/* "countryName" */ @@ -1991,6 +2516,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[434]),/* "data" */ &(nid_objs[390]),/* "dcObject" */ &(nid_objs[31]),/* "des-cbc" */ +&(nid_objs[643]),/* "des-cdmf" */ &(nid_objs[30]),/* "des-cfb" */ &(nid_objs[29]),/* "des-ecb" */ &(nid_objs[32]),/* "des-ede" */ @@ -2027,12 +2553,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[297]),/* "dvcs" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ &(nid_objs[48]),/* "emailAddress" */ +&(nid_objs[632]),/* "encrypted track 2" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ &(nid_objs[462]),/* "favouriteDrink" */ &(nid_objs[453]),/* "friendlyCountry" */ &(nid_objs[490]),/* "friendlyCountryName" */ &(nid_objs[156]),/* "friendlyName" */ +&(nid_objs[631]),/* "generate cryptogram" */ &(nid_objs[509]),/* "generationQualifier" */ +&(nid_objs[601]),/* "generic cryptogram" */ &(nid_objs[99]),/* "givenName" */ &(nid_objs[163]),/* "hmacWithSHA1" */ &(nid_objs[486]),/* "homePostalAddress" */ @@ -2214,6 +2743,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[461]),/* "info" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ +&(nid_objs[623]),/* "issuer capabilities" */ &(nid_objs[492]),/* "janetMailbox" */ &(nid_objs[393]),/* "joint-iso-ccitt" */ &(nid_objs[150]),/* "keyBag" */ @@ -2234,6 +2764,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[ 8]),/* "md5WithRSAEncryption" */ &(nid_objs[95]),/* "mdc2" */ &(nid_objs[96]),/* "mdc2WithRSA" */ +&(nid_objs[602]),/* "merchant initiated auth" */ +&(nid_objs[514]),/* "message extensions" */ &(nid_objs[51]),/* "messageDigest" */ &(nid_objs[506]),/* "mime-mhs-bodies" */ &(nid_objs[505]),/* "mime-mhs-headings" */ @@ -2247,6 +2779,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[475]),/* "otherMailbox" */ &(nid_objs[489]),/* "pagerTelephoneNumber" */ &(nid_objs[374]),/* "path" */ +&(nid_objs[621]),/* "payment gateway capabilities" */ &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ &(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */ &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ @@ -2293,6 +2826,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[413]),/* "prime239v2" */ &(nid_objs[414]),/* "prime239v3" */ &(nid_objs[415]),/* "prime256v1" */ +&(nid_objs[510]),/* "pseudonym" */ &(nid_objs[435]),/* "pss" */ &(nid_objs[286]),/* "qcStatements" */ &(nid_objs[457]),/* "qualityLabelledData" */ @@ -2317,6 +2851,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[463]),/* "roomNumber" */ &(nid_objs[19]),/* "rsa" */ &(nid_objs[ 6]),/* "rsaEncryption" */ +&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ &(nid_objs[377]),/* "rsaSignature" */ &(nid_objs[124]),/* "run length compression" */ &(nid_objs[482]),/* "sOARecord" */ @@ -2327,7 +2862,125 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[159]),/* "sdsiCertificate" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[474]),/* "secretary" */ +&(nid_objs[635]),/* "secure device signature" */ &(nid_objs[105]),/* "serialNumber" */ +&(nid_objs[625]),/* "set-addPolicy" */ +&(nid_objs[515]),/* "set-attr" */ +&(nid_objs[518]),/* "set-brand" */ +&(nid_objs[638]),/* "set-brand-AmericanExpress" */ +&(nid_objs[637]),/* "set-brand-Diners" */ +&(nid_objs[636]),/* "set-brand-IATA-ATA" */ +&(nid_objs[639]),/* "set-brand-JCB" */ +&(nid_objs[641]),/* "set-brand-MasterCard" */ +&(nid_objs[642]),/* "set-brand-Novus" */ +&(nid_objs[640]),/* "set-brand-Visa" */ +&(nid_objs[516]),/* "set-policy" */ +&(nid_objs[607]),/* "set-policy-root" */ +&(nid_objs[624]),/* "set-rootKeyThumb" */ +&(nid_objs[620]),/* "setAttr-Cert" */ +&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ +&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ +&(nid_objs[629]),/* "setAttr-IssCap-T2" */ +&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ +&(nid_objs[626]),/* "setAttr-Token-EMV" */ +&(nid_objs[622]),/* "setAttr-TokenType" */ +&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ +&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ +&(nid_objs[616]),/* "setCext-TokenIdentifier" */ +&(nid_objs[618]),/* "setCext-TokenType" */ +&(nid_objs[617]),/* "setCext-Track2Data" */ +&(nid_objs[611]),/* "setCext-cCertRequired" */ +&(nid_objs[609]),/* "setCext-certType" */ +&(nid_objs[608]),/* "setCext-hashedRoot" */ +&(nid_objs[610]),/* "setCext-merchData" */ +&(nid_objs[613]),/* "setCext-setExt" */ +&(nid_objs[614]),/* "setCext-setQualf" */ +&(nid_objs[612]),/* "setCext-tunneling" */ +&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ +&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ +&(nid_objs[570]),/* "setct-AuthReqTBE" */ +&(nid_objs[534]),/* "setct-AuthReqTBS" */ +&(nid_objs[527]),/* "setct-AuthResBaggage" */ +&(nid_objs[571]),/* "setct-AuthResTBE" */ +&(nid_objs[572]),/* "setct-AuthResTBEX" */ +&(nid_objs[535]),/* "setct-AuthResTBS" */ +&(nid_objs[536]),/* "setct-AuthResTBSX" */ +&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ +&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ +&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ +&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ +&(nid_objs[542]),/* "setct-AuthRevResData" */ +&(nid_objs[578]),/* "setct-AuthRevResTBE" */ +&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ +&(nid_objs[543]),/* "setct-AuthRevResTBS" */ +&(nid_objs[573]),/* "setct-AuthTokenTBE" */ +&(nid_objs[537]),/* "setct-AuthTokenTBS" */ +&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ +&(nid_objs[558]),/* "setct-BatchAdminReqData" */ +&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ +&(nid_objs[559]),/* "setct-BatchAdminResData" */ +&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ +&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ +&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ +&(nid_objs[580]),/* "setct-CapReqTBE" */ +&(nid_objs[581]),/* "setct-CapReqTBEX" */ +&(nid_objs[544]),/* "setct-CapReqTBS" */ +&(nid_objs[545]),/* "setct-CapReqTBSX" */ +&(nid_objs[546]),/* "setct-CapResData" */ +&(nid_objs[582]),/* "setct-CapResTBE" */ +&(nid_objs[583]),/* "setct-CapRevReqTBE" */ +&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ +&(nid_objs[547]),/* "setct-CapRevReqTBS" */ +&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ +&(nid_objs[549]),/* "setct-CapRevResData" */ +&(nid_objs[585]),/* "setct-CapRevResTBE" */ +&(nid_objs[538]),/* "setct-CapTokenData" */ +&(nid_objs[530]),/* "setct-CapTokenSeq" */ +&(nid_objs[574]),/* "setct-CapTokenTBE" */ +&(nid_objs[575]),/* "setct-CapTokenTBEX" */ +&(nid_objs[539]),/* "setct-CapTokenTBS" */ +&(nid_objs[560]),/* "setct-CardCInitResTBS" */ +&(nid_objs[566]),/* "setct-CertInqReqTBS" */ +&(nid_objs[563]),/* "setct-CertReqData" */ +&(nid_objs[595]),/* "setct-CertReqTBE" */ +&(nid_objs[596]),/* "setct-CertReqTBEX" */ +&(nid_objs[564]),/* "setct-CertReqTBS" */ +&(nid_objs[565]),/* "setct-CertResData" */ +&(nid_objs[597]),/* "setct-CertResTBE" */ +&(nid_objs[586]),/* "setct-CredReqTBE" */ +&(nid_objs[587]),/* "setct-CredReqTBEX" */ +&(nid_objs[550]),/* "setct-CredReqTBS" */ +&(nid_objs[551]),/* "setct-CredReqTBSX" */ +&(nid_objs[552]),/* "setct-CredResData" */ +&(nid_objs[588]),/* "setct-CredResTBE" */ +&(nid_objs[589]),/* "setct-CredRevReqTBE" */ +&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ +&(nid_objs[553]),/* "setct-CredRevReqTBS" */ +&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ +&(nid_objs[555]),/* "setct-CredRevResData" */ +&(nid_objs[591]),/* "setct-CredRevResTBE" */ +&(nid_objs[567]),/* "setct-ErrorTBS" */ +&(nid_objs[526]),/* "setct-HODInput" */ +&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ +&(nid_objs[522]),/* "setct-OIData" */ +&(nid_objs[519]),/* "setct-PANData" */ +&(nid_objs[521]),/* "setct-PANOnly" */ +&(nid_objs[520]),/* "setct-PANToken" */ +&(nid_objs[556]),/* "setct-PCertReqData" */ +&(nid_objs[557]),/* "setct-PCertResTBS" */ +&(nid_objs[523]),/* "setct-PI" */ +&(nid_objs[532]),/* "setct-PI-TBS" */ +&(nid_objs[524]),/* "setct-PIData" */ +&(nid_objs[525]),/* "setct-PIDataUnsigned" */ +&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ +&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ +&(nid_objs[531]),/* "setct-PInitResData" */ +&(nid_objs[533]),/* "setct-PResData" */ +&(nid_objs[594]),/* "setct-RegFormReqTBE" */ +&(nid_objs[562]),/* "setct-RegFormResTBS" */ +&(nid_objs[604]),/* "setext-pinAny" */ +&(nid_objs[603]),/* "setext-pinSecure" */ +&(nid_objs[605]),/* "setext-track2" */ &(nid_objs[41]),/* "sha" */ &(nid_objs[64]),/* "sha1" */ &(nid_objs[115]),/* "sha1WithRSA" */ @@ -2369,6 +3022,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ &(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ &(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ +&(nid_objs[512]),/* OBJ_id_set 2 23 42 */ &(nid_objs[435]),/* OBJ_pss 0 9 2342 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ @@ -2389,6 +3043,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ &(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ &(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ +&(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ &(nid_objs[400]),/* OBJ_role 2 5 4 72 */ &(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ &(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ @@ -2408,6 +3063,12 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ +&(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ +&(nid_objs[514]),/* OBJ_set_msgExt 2 23 42 1 */ +&(nid_objs[515]),/* OBJ_set_attr 2 23 42 3 */ +&(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ +&(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ +&(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ &(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ @@ -2420,6 +3081,117 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ +&(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ +&(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ +&(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ +&(nid_objs[522]),/* OBJ_setct_OIData 2 23 42 0 3 */ +&(nid_objs[523]),/* OBJ_setct_PI 2 23 42 0 4 */ +&(nid_objs[524]),/* OBJ_setct_PIData 2 23 42 0 5 */ +&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +&(nid_objs[526]),/* OBJ_setct_HODInput 2 23 42 0 7 */ +&(nid_objs[527]),/* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +&(nid_objs[530]),/* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +&(nid_objs[531]),/* OBJ_setct_PInitResData 2 23 42 0 12 */ +&(nid_objs[532]),/* OBJ_setct_PI_TBS 2 23 42 0 13 */ +&(nid_objs[533]),/* OBJ_setct_PResData 2 23 42 0 14 */ +&(nid_objs[534]),/* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +&(nid_objs[535]),/* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +&(nid_objs[536]),/* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +&(nid_objs[538]),/* OBJ_setct_CapTokenData 2 23 42 0 20 */ +&(nid_objs[539]),/* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +&(nid_objs[542]),/* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +&(nid_objs[544]),/* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +&(nid_objs[545]),/* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +&(nid_objs[546]),/* OBJ_setct_CapResData 2 23 42 0 28 */ +&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +&(nid_objs[549]),/* OBJ_setct_CapRevResData 2 23 42 0 31 */ +&(nid_objs[550]),/* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +&(nid_objs[551]),/* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +&(nid_objs[552]),/* OBJ_setct_CredResData 2 23 42 0 34 */ +&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +&(nid_objs[555]),/* OBJ_setct_CredRevResData 2 23 42 0 37 */ +&(nid_objs[556]),/* OBJ_setct_PCertReqData 2 23 42 0 38 */ +&(nid_objs[557]),/* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +&(nid_objs[559]),/* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +&(nid_objs[562]),/* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +&(nid_objs[563]),/* OBJ_setct_CertReqData 2 23 42 0 45 */ +&(nid_objs[564]),/* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +&(nid_objs[565]),/* OBJ_setct_CertResData 2 23 42 0 47 */ +&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +&(nid_objs[567]),/* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +&(nid_objs[570]),/* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +&(nid_objs[571]),/* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +&(nid_objs[572]),/* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +&(nid_objs[574]),/* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +&(nid_objs[580]),/* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +&(nid_objs[581]),/* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +&(nid_objs[582]),/* OBJ_setct_CapResTBE 2 23 42 0 64 */ +&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +&(nid_objs[585]),/* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +&(nid_objs[586]),/* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +&(nid_objs[587]),/* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +&(nid_objs[588]),/* OBJ_setct_CredResTBE 2 23 42 0 70 */ +&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +&(nid_objs[591]),/* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +&(nid_objs[595]),/* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +&(nid_objs[596]),/* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +&(nid_objs[597]),/* OBJ_setct_CertResTBE 2 23 42 0 79 */ +&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +&(nid_objs[601]),/* OBJ_setext_genCrypt 2 23 42 1 1 */ +&(nid_objs[602]),/* OBJ_setext_miAuth 2 23 42 1 3 */ +&(nid_objs[603]),/* OBJ_setext_pinSecure 2 23 42 1 4 */ +&(nid_objs[604]),/* OBJ_setext_pinAny 2 23 42 1 5 */ +&(nid_objs[605]),/* OBJ_setext_track2 2 23 42 1 7 */ +&(nid_objs[606]),/* OBJ_setext_cv 2 23 42 1 8 */ +&(nid_objs[620]),/* OBJ_setAttr_Cert 2 23 42 3 0 */ +&(nid_objs[621]),/* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +&(nid_objs[622]),/* OBJ_setAttr_TokenType 2 23 42 3 2 */ +&(nid_objs[623]),/* OBJ_setAttr_IssCap 2 23 42 3 3 */ +&(nid_objs[607]),/* OBJ_set_policy_root 2 23 42 5 0 */ +&(nid_objs[608]),/* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +&(nid_objs[609]),/* OBJ_setCext_certType 2 23 42 7 1 */ +&(nid_objs[610]),/* OBJ_setCext_merchData 2 23 42 7 2 */ +&(nid_objs[611]),/* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +&(nid_objs[612]),/* OBJ_setCext_tunneling 2 23 42 7 4 */ +&(nid_objs[613]),/* OBJ_setCext_setExt 2 23 42 7 5 */ +&(nid_objs[614]),/* OBJ_setCext_setQualf 2 23 42 7 6 */ +&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +&(nid_objs[617]),/* OBJ_setCext_Track2Data 2 23 42 7 9 */ +&(nid_objs[618]),/* OBJ_setCext_TokenType 2 23 42 7 10 */ +&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +&(nid_objs[640]),/* OBJ_set_brand_Visa 2 23 42 8 4 */ +&(nid_objs[641]),/* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +&(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ +&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +&(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ &(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ &(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ &(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ @@ -2440,6 +3212,14 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ &(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ &(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ +&(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +&(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ +&(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +&(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ &(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666 2 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ @@ -2448,6 +3228,11 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[505]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ &(nid_objs[506]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ &(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +&(nid_objs[632]),/* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +&(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +&(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ &(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ &(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ &(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ @@ -2490,6 +3275,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ &(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +&(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ &(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ &(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ &(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ @@ -2611,6 +3397,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ &(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h index 6d77fcba3f..899db8325c 100644 --- a/src/lib/libssl/src/crypto/objects/obj_mac.h +++ b/src/lib/libssl/src/crypto/objects/obj_mac.h @@ -1654,6 +1654,10 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + #define SN_role "role" #define LN_role "role" #define NID_role 400 @@ -2305,3 +2309,550 @@ #define NID_documentPublisher 502 #define OBJ_documentPublisher OBJ_pilotAttributeType,56L +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set 2L,23L,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num index 02b39062fe..1486199661 100644 --- a/src/lib/libssl/src/crypto/objects/obj_mac.num +++ b/src/lib/libssl/src/crypto/objects/obj_mac.num @@ -507,3 +507,141 @@ mime_mhs_bodies 506 id_hex_partial_message 507 id_hex_multipart_message 508 generationQualifier 509 +pseudonym 510 +InternationalRA 511 +id_set 512 +set_ctype 513 +set_msgExt 514 +set_attr 515 +set_policy 516 +set_certExt 517 +set_brand 518 +setct_PANData 519 +setct_PANToken 520 +setct_PANOnly 521 +setct_OIData 522 +setct_PI 523 +setct_PIData 524 +setct_PIDataUnsigned 525 +setct_HODInput 526 +setct_AuthResBaggage 527 +setct_AuthRevReqBaggage 528 +setct_AuthRevResBaggage 529 +setct_CapTokenSeq 530 +setct_PInitResData 531 +setct_PI_TBS 532 +setct_PResData 533 +setct_AuthReqTBS 534 +setct_AuthResTBS 535 +setct_AuthResTBSX 536 +setct_AuthTokenTBS 537 +setct_CapTokenData 538 +setct_CapTokenTBS 539 +setct_AcqCardCodeMsg 540 +setct_AuthRevReqTBS 541 +setct_AuthRevResData 542 +setct_AuthRevResTBS 543 +setct_CapReqTBS 544 +setct_CapReqTBSX 545 +setct_CapResData 546 +setct_CapRevReqTBS 547 +setct_CapRevReqTBSX 548 +setct_CapRevResData 549 +setct_CredReqTBS 550 +setct_CredReqTBSX 551 +setct_CredResData 552 +setct_CredRevReqTBS 553 +setct_CredRevReqTBSX 554 +setct_CredRevResData 555 +setct_PCertReqData 556 +setct_PCertResTBS 557 +setct_BatchAdminReqData 558 +setct_BatchAdminResData 559 +setct_CardCInitResTBS 560 +setct_MeAqCInitResTBS 561 +setct_RegFormResTBS 562 +setct_CertReqData 563 +setct_CertReqTBS 564 +setct_CertResData 565 +setct_CertInqReqTBS 566 +setct_ErrorTBS 567 +setct_PIDualSignedTBE 568 +setct_PIUnsignedTBE 569 +setct_AuthReqTBE 570 +setct_AuthResTBE 571 +setct_AuthResTBEX 572 +setct_AuthTokenTBE 573 +setct_CapTokenTBE 574 +setct_CapTokenTBEX 575 +setct_AcqCardCodeMsgTBE 576 +setct_AuthRevReqTBE 577 +setct_AuthRevResTBE 578 +setct_AuthRevResTBEB 579 +setct_CapReqTBE 580 +setct_CapReqTBEX 581 +setct_CapResTBE 582 +setct_CapRevReqTBE 583 +setct_CapRevReqTBEX 584 +setct_CapRevResTBE 585 +setct_CredReqTBE 586 +setct_CredReqTBEX 587 +setct_CredResTBE 588 +setct_CredRevReqTBE 589 +setct_CredRevReqTBEX 590 +setct_CredRevResTBE 591 +setct_BatchAdminReqTBE 592 +setct_BatchAdminResTBE 593 +setct_RegFormReqTBE 594 +setct_CertReqTBE 595 +setct_CertReqTBEX 596 +setct_CertResTBE 597 +setct_CRLNotificationTBS 598 +setct_CRLNotificationResTBS 599 +setct_BCIDistributionTBS 600 +setext_genCrypt 601 +setext_miAuth 602 +setext_pinSecure 603 +setext_pinAny 604 +setext_track2 605 +setext_cv 606 +set_policy_root 607 +setCext_hashedRoot 608 +setCext_certType 609 +setCext_merchData 610 +setCext_cCertRequired 611 +setCext_tunneling 612 +setCext_setExt 613 +setCext_setQualf 614 +setCext_PGWYcapabilities 615 +setCext_TokenIdentifier 616 +setCext_Track2Data 617 +setCext_TokenType 618 +setCext_IssuerCapabilities 619 +setAttr_Cert 620 +setAttr_PGWYcap 621 +setAttr_TokenType 622 +setAttr_IssCap 623 +set_rootKeyThumb 624 +set_addPolicy 625 +setAttr_Token_EMV 626 +setAttr_Token_B0Prime 627 +setAttr_IssCap_CVM 628 +setAttr_IssCap_T2 629 +setAttr_IssCap_Sig 630 +setAttr_GenCryptgrm 631 +setAttr_T2Enc 632 +setAttr_T2cleartxt 633 +setAttr_TokICCsig 634 +setAttr_SecDevSig 635 +set_brand_IATA_ATA 636 +set_brand_Diners 637 +set_brand_AmericanExpress 638 +set_brand_JCB 639 +set_brand_Visa 640 +set_brand_MasterCard 641 +set_brand_Novus 642 +des_cdmf 643 +rsaOAEPEncryptionSET 644 +itu_t 645 +joint_iso_itu_t 646 +international_organizations 647 diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt index 65d0b15629..71a4908485 100644 --- a/src/lib/libssl/src/crypto/objects/objects.txt +++ b/src/lib/libssl/src/crypto/objects/objects.txt @@ -542,6 +542,7 @@ X509 43 : : initials X509 44 : : generationQualifier X509 45 : : x500UniqueIdentifier X509 46 : dnQualifier : dnQualifier +X509 65 : : pseudonym X509 72 : role : role X500 8 : X500algorithms : directory services - algorithms @@ -762,3 +763,150 @@ pilotAttributeType 53 : : personalSignature pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher + +2 23 42 : id-set : Secure Electronic Transactions + +id-set 0 : set-ctype : content types +id-set 1 : set-msgExt : message extensions +id-set 3 : set-attr +id-set 5 : set-policy +id-set 7 : set-certExt : certificate extensions +id-set 8 : set-brand + +set-ctype 0 : setct-PANData +set-ctype 1 : setct-PANToken +set-ctype 2 : setct-PANOnly +set-ctype 3 : setct-OIData +set-ctype 4 : setct-PI +set-ctype 5 : setct-PIData +set-ctype 6 : setct-PIDataUnsigned +set-ctype 7 : setct-HODInput +set-ctype 8 : setct-AuthResBaggage +set-ctype 9 : setct-AuthRevReqBaggage +set-ctype 10 : setct-AuthRevResBaggage +set-ctype 11 : setct-CapTokenSeq +set-ctype 12 : setct-PInitResData +set-ctype 13 : setct-PI-TBS +set-ctype 14 : setct-PResData +set-ctype 16 : setct-AuthReqTBS +set-ctype 17 : setct-AuthResTBS +set-ctype 18 : setct-AuthResTBSX +set-ctype 19 : setct-AuthTokenTBS +set-ctype 20 : setct-CapTokenData +set-ctype 21 : setct-CapTokenTBS +set-ctype 22 : setct-AcqCardCodeMsg +set-ctype 23 : setct-AuthRevReqTBS +set-ctype 24 : setct-AuthRevResData +set-ctype 25 : setct-AuthRevResTBS +set-ctype 26 : setct-CapReqTBS +set-ctype 27 : setct-CapReqTBSX +set-ctype 28 : setct-CapResData +set-ctype 29 : setct-CapRevReqTBS +set-ctype 30 : setct-CapRevReqTBSX +set-ctype 31 : setct-CapRevResData +set-ctype 32 : setct-CredReqTBS +set-ctype 33 : setct-CredReqTBSX +set-ctype 34 : setct-CredResData +set-ctype 35 : setct-CredRevReqTBS +set-ctype 36 : setct-CredRevReqTBSX +set-ctype 37 : setct-CredRevResData +set-ctype 38 : setct-PCertReqData +set-ctype 39 : setct-PCertResTBS +set-ctype 40 : setct-BatchAdminReqData +set-ctype 41 : setct-BatchAdminResData +set-ctype 42 : setct-CardCInitResTBS +set-ctype 43 : setct-MeAqCInitResTBS +set-ctype 44 : setct-RegFormResTBS +set-ctype 45 : setct-CertReqData +set-ctype 46 : setct-CertReqTBS +set-ctype 47 : setct-CertResData +set-ctype 48 : setct-CertInqReqTBS +set-ctype 49 : setct-ErrorTBS +set-ctype 50 : setct-PIDualSignedTBE +set-ctype 51 : setct-PIUnsignedTBE +set-ctype 52 : setct-AuthReqTBE +set-ctype 53 : setct-AuthResTBE +set-ctype 54 : setct-AuthResTBEX +set-ctype 55 : setct-AuthTokenTBE +set-ctype 56 : setct-CapTokenTBE +set-ctype 57 : setct-CapTokenTBEX +set-ctype 58 : setct-AcqCardCodeMsgTBE +set-ctype 59 : setct-AuthRevReqTBE +set-ctype 60 : setct-AuthRevResTBE +set-ctype 61 : setct-AuthRevResTBEB +set-ctype 62 : setct-CapReqTBE +set-ctype 63 : setct-CapReqTBEX +set-ctype 64 : setct-CapResTBE +set-ctype 65 : setct-CapRevReqTBE +set-ctype 66 : setct-CapRevReqTBEX +set-ctype 67 : setct-CapRevResTBE +set-ctype 68 : setct-CredReqTBE +set-ctype 69 : setct-CredReqTBEX +set-ctype 70 : setct-CredResTBE +set-ctype 71 : setct-CredRevReqTBE +set-ctype 72 : setct-CredRevReqTBEX +set-ctype 73 : setct-CredRevResTBE +set-ctype 74 : setct-BatchAdminReqTBE +set-ctype 75 : setct-BatchAdminResTBE +set-ctype 76 : setct-RegFormReqTBE +set-ctype 77 : setct-CertReqTBE +set-ctype 78 : setct-CertReqTBEX +set-ctype 79 : setct-CertResTBE +set-ctype 80 : setct-CRLNotificationTBS +set-ctype 81 : setct-CRLNotificationResTBS +set-ctype 82 : setct-BCIDistributionTBS + +set-msgExt 1 : setext-genCrypt : generic cryptogram +set-msgExt 3 : setext-miAuth : merchant initiated auth +set-msgExt 4 : setext-pinSecure +set-msgExt 5 : setext-pinAny +set-msgExt 7 : setext-track2 +set-msgExt 8 : setext-cv : additional verification + +set-policy 0 : set-policy-root + +set-certExt 0 : setCext-hashedRoot +set-certExt 1 : setCext-certType +set-certExt 2 : setCext-merchData +set-certExt 3 : setCext-cCertRequired +set-certExt 4 : setCext-tunneling +set-certExt 5 : setCext-setExt +set-certExt 6 : setCext-setQualf +set-certExt 7 : setCext-PGWYcapabilities +set-certExt 8 : setCext-TokenIdentifier +set-certExt 9 : setCext-Track2Data +set-certExt 10 : setCext-TokenType +set-certExt 11 : setCext-IssuerCapabilities + +set-attr 0 : setAttr-Cert +set-attr 1 : setAttr-PGWYcap : payment gateway capabilities +set-attr 2 : setAttr-TokenType +set-attr 3 : setAttr-IssCap : issuer capabilities + +setAttr-Cert 0 : set-rootKeyThumb +setAttr-Cert 1 : set-addPolicy + +setAttr-TokenType 1 : setAttr-Token-EMV +setAttr-TokenType 2 : setAttr-Token-B0Prime + +setAttr-IssCap 3 : setAttr-IssCap-CVM +setAttr-IssCap 4 : setAttr-IssCap-T2 +setAttr-IssCap 5 : setAttr-IssCap-Sig + +setAttr-IssCap-CVM 1 : setAttr-GenCryptgrm : generate cryptogram +setAttr-IssCap-T2 1 : setAttr-T2Enc : encrypted track 2 +setAttr-IssCap-T2 2 : setAttr-T2cleartxt : cleartext track 2 + +setAttr-IssCap-Sig 1 : setAttr-TokICCsig : ICC or token signature +setAttr-IssCap-Sig 2 : setAttr-SecDevSig : secure device signature + +set-brand 1 : set-brand-IATA-ATA +set-brand 30 : set-brand-Diners +set-brand 34 : set-brand-AmericanExpress +set-brand 35 : set-brand-JCB +set-brand 4 : set-brand-Visa +set-brand 5 : set-brand-MasterCard +set-brand 6011 : set-brand-Novus + +rsadsi 3 10 : DES-CDMF : des-cdmf +rsadsi 1 1 6 : rsaOAEPEncryptionSET diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index 0d23a02fb2..9689b49c5b 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x00907001L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-beta1 01 Jun 2002" +#define OPENSSL_VERSION_NUMBER 0x00907003L +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-beta3 30 Jul 2002" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/lib/libssl/src/crypto/pem/pem2.h b/src/lib/libssl/src/crypto/pem/pem2.h index 4e484bcd82..f31790d69c 100644 --- a/src/lib/libssl/src/crypto/pem/pem2.h +++ b/src/lib/libssl/src/crypto/pem/pem2.h @@ -61,7 +61,9 @@ extern "C" { #endif +#ifndef HEADER_PEM_H void ERR_load_PEM_strings(void); +#endif #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c index 270892d72b..d96ecf6940 100644 --- a/src/lib/libssl/src/crypto/pem/pem_pkey.c +++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c @@ -85,6 +85,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); + if(!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl index 81c6e64e87..9a3d85b098 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl @@ -87,6 +87,12 @@ $tmp #ifdef OUT #define OK 1 #define ALIGN 4 +#if defined(__CYGWIN__) || defined(__DJGPP__) +#undef SIZE +#undef TYPE +#define SIZE(a,b) +#define TYPE(a,b) +#endif /* __CYGWIN || __DJGPP */ #endif #if defined(BSDI) && !defined(ELF) diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl index b4da364bbf..519d8a5867 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl @@ -209,7 +209,7 @@ sub using486 sub main'file { - push(@out, "segment .text\n"); + push(@out, "segment .text use32\n"); } sub main'function_begin diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h index 1786b6d4f3..dd338f266c 100644 --- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h +++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h @@ -156,8 +156,8 @@ union { #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey #define M_PKCS8_decrypt PKCS8_decrypt -#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) -#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) +#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type #define PKCS12_get_attr(bag, attr_nid) \ diff --git a/src/lib/libssl/src/crypto/pkcs7/verify.c b/src/lib/libssl/src/crypto/pkcs7/verify.c index 5f7afe8933..b40f26032e 100644 --- a/src/lib/libssl/src/crypto/pkcs7/verify.c +++ b/src/lib/libssl/src/crypto/pkcs7/verify.c @@ -179,10 +179,11 @@ char *argv[]; { ASN1_UTCTIME *tm; char *str1,*str2; + int rc; si=sk_PKCS7_SIGNER_INFO_value(sk,i); - i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); - if (i <= 0) + rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); + if (rc <= 0) goto err; printf("signer info\n"); if ((tm=get_signed_time(si)) != NULL) diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h index e17aa7a9f7..66e39991ec 100644 --- a/src/lib/libssl/src/crypto/rand/rand.h +++ b/src/lib/libssl/src/crypto/rand/rand.h @@ -61,6 +61,11 @@ #include #include +#include + +#if defined(OPENSSL_SYS_WINDOWS) +#include +#endif #ifdef __cplusplus extern "C" { diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c index 97ed12cf67..abc3ac27d5 100644 --- a/src/lib/libssl/src/crypto/rand/rand_egd.c +++ b/src/lib/libssl/src/crypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(__DJGPP__) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c index 5a78009e9a..ec09d74603 100644 --- a/src/lib/libssl/src/crypto/rand/rand_unix.c +++ b/src/lib/libssl/src/crypto/rand/rand_unix.c @@ -109,6 +109,8 @@ * */ +#define USE_SOCKETS +#include "e_os.h" #include "cryptlib.h" #include #include "rand_lcl.h" diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h index 030a6c88e5..98b3bd7cc5 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa.h +++ b/src/lib/libssl/src/crypto/rsa/rsa.h @@ -276,6 +276,9 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int RSA_set_ex_data(RSA *r,int idx,void *arg); void *RSA_get_ex_data(const RSA *r, int idx); +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h index de0f452b47..774162fec9 100644 --- a/src/lib/libssl/src/crypto/symhacks.h +++ b/src/lib/libssl/src/crypto/symhacks.h @@ -247,7 +247,7 @@ /* Case insensiteve linking causes problems.... */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) +#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) #undef ERR_load_CRYPTO_strings #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings #undef OCSP_crlID_new diff --git a/src/lib/libssl/src/crypto/ui/ui_openssl.c b/src/lib/libssl/src/crypto/ui/ui_openssl.c index 4e12165410..2c2fbc0443 100644 --- a/src/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/src/lib/libssl/src/crypto/ui/ui_openssl.c @@ -269,7 +269,7 @@ static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this w static long status; static unsigned short channel = 0; #else -#ifndef OPENSSL_SYS_MSDOS +#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) static TTY_STRUCT tty_orig,tty_new; #endif #endif diff --git a/src/lib/libssl/src/crypto/ui/ui_util.c b/src/lib/libssl/src/crypto/ui/ui_util.c index 7c6f7d3a73..f05573df33 100644 --- a/src/lib/libssl/src/crypto/ui/ui_util.c +++ b/src/lib/libssl/src/crypto/ui/ui_util.c @@ -71,12 +71,15 @@ int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) int ok = 0; UI *ui; + if (size < 1) + return -1; + ui = UI_new(); if (ui) { - ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1); + ok = UI_add_input_string(ui,prompt,0,buf,0,size-1); if (ok == 0 && verify) - ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1, + ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1, buf); if (ok == 0) ok=UI_process(ui); diff --git a/src/lib/libssl/src/crypto/x509v3/ext_dat.h b/src/lib/libssl/src/crypto/x509v3/ext_dat.h index 586f116db5..2fb97d8925 100644 --- a/src/lib/libssl/src/crypto/x509v3/ext_dat.h +++ b/src/lib/libssl/src/crypto/x509v3/ext_dat.h @@ -99,8 +99,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, -&v3_crl_hold, -&v3_sinfo +&v3_sinfo, +&v3_crl_hold }; /* Number of standard extensions */ diff --git a/src/lib/libssl/src/crypto/x509v3/v3_info.c b/src/lib/libssl/src/crypto/x509v3/v3_info.c index 7f17f3231d..e1cf01a9b4 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_info.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_info.c @@ -158,6 +158,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho objlen = ptmp - cnf->name; ctmp.name = ptmp + 1; ctmp.value = cnf->value; + GENERAL_NAME_free(acc->location); if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) goto err; if(!(objtmp = OPENSSL_malloc(objlen + 1))) { diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod index 21077614a7..b7e577b24f 100644 --- a/src/lib/libssl/src/doc/apps/ciphers.pod +++ b/src/lib/libssl/src/doc/apps/ciphers.pod @@ -108,10 +108,20 @@ the default cipher list. This is determined at compile time and is normally B. This must be the first cipher string specified. +=item B + +the ciphers included in B, but not enabled by default. Currently +this is B. Note that this rule does not cover B, which is +not included by B (use B if necessary). + =item B all ciphers suites except the B ciphers which must be explicitly enabled. +=item B + +the cipher suites not enabled by B, currently being B. + =item B "high" encryption cipher suites. This currently means those with key lengths larger @@ -339,8 +349,22 @@ Include only 3DES ciphers and then place RSA ciphers last: openssl ciphers -v '3DES:+RSA' +Include all RC4 ciphers but leave out those without authentication: + + openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + +Include all chiphers with RSA authentication but leave out ciphers without +encryption. + + openssl ciphers -v 'RSA:!COMPLEMENTOFALL' + =head1 SEE ALSO L, L, L +=head1 HISTORY + +The B and B selection options were +added in version 0.9.7. + =cut diff --git a/src/lib/libssl/src/doc/apps/crl2pkcs7.pod b/src/lib/libssl/src/doc/apps/crl2pkcs7.pod index da199b044a..3797bc0df4 100644 --- a/src/lib/libssl/src/doc/apps/crl2pkcs7.pod +++ b/src/lib/libssl/src/doc/apps/crl2pkcs7.pod @@ -6,12 +6,13 @@ crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. =head1 SYNOPSIS -B B +B B [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-out filename>] -[B<-print_certs>] +[B<-certfile filename>] +[B<-nocrl>] =head1 DESCRIPTION diff --git a/src/lib/libssl/src/doc/crypto/BN_rand.pod b/src/lib/libssl/src/doc/crypto/BN_rand.pod index ecd410f7f2..9cec238f9e 100644 --- a/src/lib/libssl/src/doc/crypto/BN_rand.pod +++ b/src/lib/libssl/src/doc/crypto/BN_rand.pod @@ -14,7 +14,7 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number int BN_rand_range(BIGNUM *rnd, BIGNUM *range); - int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom); + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); =head1 DESCRIPTION diff --git a/src/lib/libssl/src/doc/crypto/BN_zero.pod b/src/lib/libssl/src/doc/crypto/BN_zero.pod index 3c64a65697..b555ec3988 100644 --- a/src/lib/libssl/src/doc/crypto/BN_zero.pod +++ b/src/lib/libssl/src/doc/crypto/BN_zero.pod @@ -53,4 +53,7 @@ BN_zero(), BN_one() and BN_set_word() are available in all versions of SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in SSLeay 0.8. +BN_value_one() was changed to return a true const BIGNUM * in OpenSSL +0.9.7. + =cut diff --git a/src/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod b/src/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod index 82e2548bcd..fa5eab2650 100644 --- a/src/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod +++ b/src/lib/libssl/src/doc/crypto/DH_get_ex_new_index.pod @@ -26,7 +26,7 @@ as described in L. =head1 SEE ALSO -L, L +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod index b3a61f1c5d..5901c39526 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod @@ -238,14 +238,19 @@ even though they are identical digests. L, L, L, L, L, L, -L, L +L, L =head1 HISTORY EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are available in all versions of SSLeay and OpenSSL. -EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() -were added in OpenSSL 0.9.7. +EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), +EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() +and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. + +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), +EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were +changed to return truely const EVP_MD * in OpenSSL 0.9.7. =cut diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod index 371b6a2287..75cceb1ca2 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod @@ -501,4 +501,9 @@ L =head1 HISTORY +EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(), +EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(), +EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in +OpenSSL 0.9.7. + =cut diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod index 32e9d54809..b203c3a1c5 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod @@ -84,13 +84,13 @@ L, L, L, L, L, L, L, L, L, -L, L +L, L =head1 HISTORY EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are available in all versions of SSLeay and OpenSSL. -EVP_SignInit_ex() was added in OpenSSL 0.9.7 +EVP_SignInit_ex() was added in OpenSSL 0.9.7. =cut diff --git a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod index 80c656fde8..b6afaedee5 100644 --- a/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod +++ b/src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod @@ -74,7 +74,7 @@ L, L, L, L, L, L, L, L, L, -L, L +L, L =head1 HISTORY diff --git a/src/lib/libssl/src/doc/crypto/RSA_check_key.pod b/src/lib/libssl/src/doc/crypto/RSA_check_key.pod index 79fed753ad..3d824a07f5 100644 --- a/src/lib/libssl/src/doc/crypto/RSA_check_key.pod +++ b/src/lib/libssl/src/doc/crypto/RSA_check_key.pod @@ -18,7 +18,9 @@ in fact prime, and that B. It also checks that B, and that B, B and B are set correctly or are B. -The key's public components may not be B. +As such, this function can not be used with any arbitrary RSA key object, +even if it is otherwise fit for regular RSA operation. See B for more +information. =head1 RETURN VALUE @@ -28,12 +30,38 @@ RSA_check_key() returns 1 if B is a valid RSA key, and 0 otherwise. If the key is invalid or an error occurred, the reason code can be obtained using L. +=head1 NOTES + +This function does not work on RSA public keys that have only the modulus +and public exponent elements populated. It performs integrity checks on all +the RSA key material, so the RSA key structure must contain all the private +key data too. + +Unlike most other RSA functions, this function does B work +transparently with any underlying ENGINE implementation because it uses the +key data in the RSA structure directly. An ENGINE implementation can +override the way key data is stored and handled, and can even provide +support for HSM keys - in which case the RSA structure may contain B +key data at all! If the ENGINE in question is only being used for +acceleration or analysis purposes, then in all likelihood the RSA key data +is complete and untouched, but this can't be assumed in the general case. + +=head1 BUGS + +A method of verifying the RSA key using opaque RSA API functions might need +to be considered. Right now RSA_check_key() simply uses the RSA structure +elements directly, bypassing the RSA_METHOD table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a "check_key()" handler to the +RSA_METHOD function table so that alternative implementations can also +provide their own verifiers. + =head1 SEE ALSO L, L =head1 HISTORY -RSA_check() appeared in OpenSSL 0.9.4. +RSA_check_key() appeared in OpenSSL 0.9.4. =cut diff --git a/src/lib/libssl/src/doc/crypto/err.pod b/src/lib/libssl/src/doc/crypto/err.pod index 264e30103d..6f729554d2 100644 --- a/src/lib/libssl/src/doc/crypto/err.pod +++ b/src/lib/libssl/src/doc/crypto/err.pod @@ -172,7 +172,7 @@ ERR_get_string_table(void) respectively. =head1 SEE ALSO L, -L, +L, L, L, L, diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod index 579bf9e8a0..3976baf226 100644 --- a/src/lib/libssl/src/doc/crypto/hmac.pod +++ b/src/lib/libssl/src/doc/crypto/hmac.pod @@ -96,4 +96,7 @@ L, L HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() are available since SSLeay 0.9.0. +HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available +since OpenSSL 0.9.7. + =cut diff --git a/src/lib/libssl/src/doc/crypto/lhash.pod b/src/lib/libssl/src/doc/crypto/lhash.pod index 0bac11421e..dcdbb43a8e 100644 --- a/src/lib/libssl/src/doc/crypto/lhash.pod +++ b/src/lib/libssl/src/doc/crypto/lhash.pod @@ -286,4 +286,9 @@ lh_error() was added in SSLeay 0.9.1b. This manpage is derived from the SSLeay documentation. +In OpenSSL 0.9.7, all lhash functions that were passed function pointers +were changed for better type safety, and the function types LHASH_COMP_FN_TYPE, +LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE +became available. + =cut diff --git a/src/lib/libssl/src/doc/crypto/rsa.pod b/src/lib/libssl/src/doc/crypto/rsa.pod index 09ad30cab1..2b93a12b65 100644 --- a/src/lib/libssl/src/doc/crypto/rsa.pod +++ b/src/lib/libssl/src/doc/crypto/rsa.pod @@ -110,7 +110,7 @@ L, L, L, L, L, -L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod index d59a7db636..c8b99f4eef 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_cache_size.pod @@ -27,7 +27,7 @@ case is the size 0, which is used for unlimited size. When the maximum number of sessions is reached, no more new sessions are added to the cache. New space may be added by calling -L to remove +L to remove expired sessions. If the size of the session cache is reduced and more sessions are already @@ -46,6 +46,6 @@ SSL_CTX_sess_get_cache_size() returns the currently valid size. L, L, L, -L +L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod index 6e0ef00632..7c0b2baf6c 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -79,7 +79,7 @@ L. L, L, L, -L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod index 81286ee650..3a240c4d37 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_cert_store.pod @@ -14,7 +14,7 @@ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate ver =head1 DESCRIPTION SSL_CTX_set_cert_store() sets/replaces the certificate verification storage -of B to/with B. If another X505_STORE object is currently +of B to/with B. If another X509_STORE object is currently set in B, it will be X509_STORE_free()ed. SSL_CTX_get_cert_store() returns a pointer to the current certificate diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_cert_cb.pod index 53e1827713..3465b5c7bb 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_cert_cb.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_cert_cb.pod @@ -15,8 +15,10 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certifica =head1 DESCRIPTION SSL_CTX_set_client_cert_cb() sets the B callback, that is -called when a client certificate is requested by a server. -When B is NULL, not callback function is used. +called when a client certificate is requested by a server and no certificate +was yet set for the SSL object. + +When B is NULL, no callback function is used. SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback function. @@ -25,9 +27,13 @@ client_cert_cb() is the application defined callback. If it wants to set a certificate, a certificate/private key combination must be set using the B and B arguments and "1" must be returned. The certificate will be installed into B, see the NOTES and BUGS sections. -If no certificate should be set, "0" has to be returned and the default -certificate will be sent. A fatal error can be indicated by returning -a negative value, in which case the handshake will be canceled. +If no certificate should be set, "0" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediatly. L +will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of client_cert_cb(). It is the job of the client_cert_cb() to store information +about the state of the last call, if required to continue. =head1 NOTES @@ -35,26 +41,24 @@ During a handshake (or renegotiation) a server may request a certificate from the client. A client certificate must only be sent, when the server did send the request. -When no callback function is set, an OpenSSL client will send the certificate -that was set using the -L family of functions. -The TLS standard requires that only a certificate is sent, if it matches -the list of acceptable CAs sent by the server. This constraint is -violated by the default behavior of the OpenSSL library. Using the -callback function it is possible to implement a proper selection routine -or to allow a user interaction to choose the certificate to be sent. -The callback function can obtain the list of acceptable CAs using the -L function. - -If a callback function is defined, the callback function will be called. +When a certificate was set using the +L family of functions, +it will be sent to the server. The TLS standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. + +If a callback function is defined and no certificate was yet defined for the +SSL object, the callback function will be called. If the callback function returns a certificate, the OpenSSL library will try to load the private key and certificate data into the SSL -object using SSL_use_certificate() and SSL_use_private_key() functions. -Thus it will permanently override the certificate and key previously -installed and will not be reset by calling L. -If the callback returns no certificate, the OpenSSL library will send -the certificate previously installed for the SSL_CTX object or the specific -certificate of the SSL object, if available. +object using the SSL_use_certificate() and SSL_use_private_key() functions. +Thus it will permanently install the certificate and key for this SSL +object. It will not be reset by calling L. +If the callback returns no certificate, the OpenSSL library will not send +a certificate. =head1 BUGS diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index c10055c6e7..f5e2ec3555 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod @@ -35,7 +35,7 @@ operation (|). Options can only be added but can never be reset. SSL_CTX_set_options() and SSL_set_options() affect the (external) protocol behaviour of the SSL library. The (internal) behaviour of the API can be changed by using the similar -L and SSL_set_modes() functions. +L and SSL_set_mode() functions. During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current @@ -100,14 +100,22 @@ doing a re-connect, always takes the first cipher in the cipher list. ... +=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + +Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol +vulnerability affecting CBC ciphers, which cannot be handled by some +broken SSL implementations. This option has no effect for connections +using other ciphers. + =item SSL_OP_ALL All of the above bug workarounds. =back -It is safe and recommended to use B to enable the bug workaround -options. +It is usually safe to use B to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. The following B options are available: @@ -219,4 +227,9 @@ B has been added in OpenSSL 0.9.6 and was automatically enabled with B. As of 0.9.7, it is no longer included in B and must be explicitly set. +B has been added in OpenSSL 0.9.6e. +Versions up to OpenSSL 0.9.6c do not include the countermeasure that +can be disabled with this option (in OpenSSL 0.9.6d, it was always +enabled). + =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_accept.pod b/src/lib/libssl/src/doc/ssl/SSL_accept.pod index ac6caf9baa..a673edba85 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_accept.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_accept.pod @@ -69,6 +69,7 @@ to find out the reason. L, L, L, L, L, L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_connect.pod b/src/lib/libssl/src/doc/ssl/SSL_connect.pod index 766f1876aa..8426310c0d 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_connect.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_connect.pod @@ -66,6 +66,7 @@ to find out the reason. L, L, L, L, L, L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod b/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod new file mode 100644 index 0000000000..243576451b --- /dev/null +++ b/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod @@ -0,0 +1,75 @@ +=pod + +=head1 NAME + +SSL_do_handshake - perform a TLS/SSL handshake + +=head1 SYNOPSIS + + #include + + int SSL_do_handshake(SSL *ssl); + +=head1 DESCRIPTION + +SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +L or +L. + +=head1 NOTES + +The behaviour of SSL_do_handshake() depends on the underlying BIO. + +If the underlying BIO is B, SSL_do_handshake() will only return +once the handshake has been finished or an error occurred, except for SGC +(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1, +but SSL_get_error() will yield B and +SSL_do_handshake() should be called again. + +If the underlying BIO is B, SSL_do_handshake() will also return +when the underlying BIO could not satisfy the needs of SSL_do_handshake() +to continue the handshake. In this case a call to SSL_get_error() with the +return value of SSL_do_handshake() will yield B or +B. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of SSL_do_handshake(). +The action depends on the underlying BIO. When using a non-blocking socket, +nothing is to be done, but select() can be used to check for the required +condition. When using a buffering BIO, like a BIO pair, data must be written +into or retrieved out of the BIO before being able to continue. + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item 1 + +The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been +established. + +=item 0 + +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +return value B to find out the reason. + +=item E0 + +The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call SSL_get_error() with the return value B +to find out the reason. + +=back + +=head1 SEE ALSO + +L, L, +L, L, L, +L + +=cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod index f700bf0ace..fe28dd942a 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod @@ -13,7 +13,7 @@ SSL_get_error - obtain result code for TLS/SSL I/O operation =head1 DESCRIPTION SSL_get_error() returns a result code (suitable for the C "switch" -statement) for a preceding call to SSL_connect(), SSL_accept(), +statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read(), SSL_peek(), or SSL_write() on B. The value returned by that TLS/SSL I/O function must be passed to SSL_get_error() in parameter B. diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod b/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod index 7adf8adfed..d88a057def 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_set_connect_state.pod @@ -49,6 +49,7 @@ information. L, L, L, L, L, L, L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_write.pod b/src/lib/libssl/src/doc/ssl/SSL_write.pod index dfa42e9aee..e013c12d52 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_write.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_write.pod @@ -65,6 +65,9 @@ When an SSL_write() operation has to be repeated because of B or B, it must be repeated with the same arguments. +When calling SSL_write() with num=0 bytes to be sent the behaviour is +undefined. + =head1 RETURN VALUES The following return values can occur: diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod index d0525582b0..1471e0312e 100644 --- a/src/lib/libssl/src/doc/ssl/ssl.pod +++ b/src/lib/libssl/src/doc/ssl/ssl.pod @@ -693,6 +693,7 @@ L, L, L, L, +L, L, L, L, diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h index f216936e18..00edebe6d4 100644 --- a/src/lib/libssl/src/e_os.h +++ b/src/lib/libssl/src/e_os.h @@ -191,6 +191,14 @@ extern "C" { #if (defined(WINDOWS) || defined(MSDOS)) +# ifdef __DJGPP__ +# include +# include +# define _setmode setmode +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# endif /* __DJGPP__ */ + # ifndef S_IFDIR # define S_IFDIR _S_IFDIR # endif @@ -336,7 +344,7 @@ extern "C" { /*************/ #ifdef USE_SOCKETS -# if defined(WINDOWS) || defined(MSDOS) +# if (defined(WINDOWS) || defined(MSDOS)) && !defined(__DJGPP__) /* windows world */ # ifdef OPENSSL_NO_SOCK @@ -423,7 +431,9 @@ extern HINSTANCE _hInstance; # define SSLeay_Write(a,b,c) write((a),(b),(c)) # define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } # define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } +# ifndef INVALID_SOCKET # define INVALID_SOCKET (-1) +# endif /* INVALID_SOCKET */ # endif #endif diff --git a/src/lib/libssl/src/e_os2.h b/src/lib/libssl/src/e_os2.h index 9c4a541728..ff68d5b94a 100644 --- a/src/lib/libssl/src/e_os2.h +++ b/src/lib/libssl/src/e_os2.h @@ -90,17 +90,22 @@ extern "C" { /* For 32 bit environment, there seems to be the CygWin environment and then all the others that try to do the same thing Microsoft does... */ -#if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) +#if defined(OPENSSL_SYSNAME_UWIN) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN32_CYGWIN +# define OPENSSL_SYS_WIN32_UWIN #else -# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN32 -# endif -# if defined(OPENSSL_SYSNAME_WINNT) -# undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINNT +# define OPENSSL_SYS_WIN32_CYGWIN +# else +# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WIN32 +# endif +# if defined(OPENSSL_SYSNAME_WINNT) +# undef OPENSSL_SYS_UNIX +# define OPENSSL_SYS_WINNT +# endif # endif #endif diff --git a/src/lib/libssl/src/install.com b/src/lib/libssl/src/install.com index 86fae7e872..4e4fe80dfe 100644 --- a/src/lib/libssl/src/install.com +++ b/src/lib/libssl/src/install.com @@ -52,7 +52,7 @@ $ IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN - $ IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[VMS] $ -$ SDIRS := CRYPTO,SSL,RSAREF,APPS,VMS!,TEST,TOOLS +$ SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS $ EXHEADER := e_os2.h $ $ COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG diff --git a/src/lib/libssl/src/ms/do_masm.bat b/src/lib/libssl/src/ms/do_masm.bat index 5b64fecdb0..f4c958c561 100644 --- a/src/lib/libssl/src/ms/do_masm.bat +++ b/src/lib/libssl/src/ms/do_masm.bat @@ -3,54 +3,54 @@ echo Generating x86 for MASM assember echo Bignum cd crypto\bn\asm -perl x86.pl win32 > bn-win32.asm +perl x86.pl win32 > bn_win32.asm cd ..\..\.. echo DES cd crypto\des\asm -perl des-586.pl win32 > d-win32.asm +perl des-586.pl win32 > d_win32.asm cd ..\..\.. echo "crypt(3)" cd crypto\des\asm -perl crypt586.pl win32 > y-win32.asm +perl crypt586.pl win32 > y_win32.asm cd ..\..\.. echo Blowfish cd crypto\bf\asm -perl bf-586.pl win32 > b-win32.asm +perl bf-586.pl win32 > b_win32.asm cd ..\..\.. echo CAST5 cd crypto\cast\asm -perl cast-586.pl win32 > c-win32.asm +perl cast-586.pl win32 > c_win32.asm cd ..\..\.. echo RC4 cd crypto\rc4\asm -perl rc4-586.pl win32 > r4-win32.asm +perl rc4-586.pl win32 > r4_win32.asm cd ..\..\.. echo MD5 cd crypto\md5\asm -perl md5-586.pl win32 > m5-win32.asm +perl md5-586.pl win32 > m5_win32.asm cd ..\..\.. echo SHA1 cd crypto\sha\asm -perl sha1-586.pl win32 > s1-win32.asm +perl sha1-586.pl win32 > s1_win32.asm cd ..\..\.. echo RIPEMD160 cd crypto\ripemd\asm -perl rmd-586.pl win32 > rm-win32.asm +perl rmd-586.pl win32 > rm_win32.asm cd ..\..\.. echo RC5\32 cd crypto\rc5\asm -perl rc5-586.pl win32 > r5-win32.asm +perl rc5-586.pl win32 > r5_win32.asm cd ..\..\.. echo on diff --git a/src/lib/libssl/src/ms/do_nasm.bat b/src/lib/libssl/src/ms/do_nasm.bat index 8859c15457..557f8a66d7 100644 --- a/src/lib/libssl/src/ms/do_nasm.bat +++ b/src/lib/libssl/src/ms/do_nasm.bat @@ -4,54 +4,54 @@ echo Generating x86 for NASM assember echo Bignum cd crypto\bn\asm -perl x86.pl win32n > bn-win32.asm +perl x86.pl win32n > bn_win32.asm cd ..\..\.. echo DES cd crypto\des\asm -perl des-586.pl win32n > d-win32.asm +perl des-586.pl win32n > d_win32.asm cd ..\..\.. echo "crypt(3)" cd crypto\des\asm -perl crypt586.pl win32n > y-win32.asm +perl crypt586.pl win32n > y_win32.asm cd ..\..\.. echo Blowfish cd crypto\bf\asm -perl bf-586.pl win32n > b-win32.asm +perl bf-586.pl win32n > b_win32.asm cd ..\..\.. echo CAST5 cd crypto\cast\asm -perl cast-586.pl win32n > c-win32.asm +perl cast-586.pl win32n > c_win32.asm cd ..\..\.. echo RC4 cd crypto\rc4\asm -perl rc4-586.pl win32n > r4-win32.asm +perl rc4-586.pl win32n > r4_win32.asm cd ..\..\.. echo MD5 cd crypto\md5\asm -perl md5-586.pl win32n > m5-win32.asm +perl md5-586.pl win32n > m5_win32.asm cd ..\..\.. echo SHA1 cd crypto\sha\asm -perl sha1-586.pl win32n > s1-win32.asm +perl sha1-586.pl win32n > s1_win32.asm cd ..\..\.. echo RIPEMD160 cd crypto\ripemd\asm -perl rmd-586.pl win32n > rm-win32.asm +perl rmd-586.pl win32n > rm_win32.asm cd ..\..\.. echo RC5\32 cd crypto\rc5\asm -perl rc5-586.pl win32n > r5-win32.asm +perl rc5-586.pl win32n > r5_win32.asm cd ..\..\.. echo on @@ -62,6 +62,7 @@ rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak +perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak perl util\mkdef.pl 16 libeay > ms\libeay16.def perl util\mkdef.pl 32 libeay > ms\libeay32.def diff --git a/src/lib/libssl/src/os2/OS2-EMX.cmd b/src/lib/libssl/src/os2/OS2-EMX.cmd index 8b2a092c68..acab99ac39 100644 --- a/src/lib/libssl/src/os2/OS2-EMX.cmd +++ b/src/lib/libssl/src/os2/OS2-EMX.cmd @@ -5,6 +5,11 @@ perl util\mkfiles.pl > MINFO @rem create make file perl util\mk1mf.pl OS2-EMX > OS2-EMX.mak +perl util\mk1mf.pl dll OS2-EMX > OS2-EMX-DLL.mak + +echo Generating export definition files +perl util\mkdef.pl crypto OS2 > os2\crypto.def +perl util\mkdef.pl ssl OS2 > os2\ssl.def echo Generating x86 for GNU assember diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c index b2be8340fb..019e9aecee 100644 --- a/src/lib/libssl/src/ssl/s23_clnt.c +++ b/src/lib/libssl/src/ssl/s23_clnt.c @@ -57,11 +57,11 @@ */ #include +#include "ssl_locl.h" #include #include #include #include -#include "ssl_locl.h" static SSL_METHOD *ssl23_get_client_method(int ver); static int ssl23_client_hello(SSL *s); diff --git a/src/lib/libssl/src/ssl/s23_pkt.c b/src/lib/libssl/src/ssl/s23_pkt.c index f45e1ce3d8..4ca6a1b258 100644 --- a/src/lib/libssl/src/ssl/s23_pkt.c +++ b/src/lib/libssl/src/ssl/s23_pkt.c @@ -59,9 +59,9 @@ #include #include #define USE_SOCKETS +#include "ssl_locl.h" #include #include -#include "ssl_locl.h" int ssl23_write_bytes(SSL *s) { diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c index 9e89cc7f9a..8743b61cbb 100644 --- a/src/lib/libssl/src/ssl/s23_srvr.c +++ b/src/lib/libssl/src/ssl/s23_srvr.c @@ -110,11 +110,11 @@ */ #include +#include "ssl_locl.h" #include #include #include #include -#include "ssl_locl.h" static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c index 4cb1184161..26efe53856 100644 --- a/src/lib/libssl/src/ssl/s2_clnt.c +++ b/src/lib/libssl/src/ssl/s2_clnt.c @@ -116,6 +116,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl2_get_client_method(int ver); static int get_server_finished(SSL *s); @@ -535,6 +536,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length=s->s2->tmp.conn_id_length; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length); return(1); } @@ -636,6 +638,7 @@ static int client_master_key(SSL *s) /* make key_arg data */ i=EVP_CIPHER_iv_length(c); sess->key_arg_length=i; + die(i <= SSL_MAX_KEY_ARG_LENGTH); if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); /* make a master key */ @@ -643,6 +646,7 @@ static int client_master_key(SSL *s) sess->master_key_length=i; if (i > 0) { + die(i <= sizeof sess->master_key); if (RAND_bytes(sess->master_key,i) <= 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -686,6 +690,7 @@ static int client_master_key(SSL *s) d+=enc; karg=sess->key_arg_length; s2n(karg,p); /* key arg size */ + die(karg <= sizeof sess->key_arg); memcpy(d,sess->key_arg,(unsigned int)karg); d+=karg; @@ -706,6 +711,7 @@ static int client_finished(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_CLIENT_FINISHED; + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); s->state=SSL2_ST_SEND_CLIENT_FINISHED_B; @@ -978,6 +984,8 @@ static int get_server_finished(SSL *s) { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { + die(s->session->session_id_length + <= sizeof s->session->session_id); if (memcmp(buf,s->session->session_id, (unsigned int)s->session->session_id_length) != 0) { diff --git a/src/lib/libssl/src/ssl/s2_lib.c b/src/lib/libssl/src/ssl/s2_lib.c index bce2b4e83f..9bf55268df 100644 --- a/src/lib/libssl/src/ssl/s2_lib.c +++ b/src/lib/libssl/src/ssl/s2_lib.c @@ -63,6 +63,7 @@ #include #include #include +#include "cryptlib.h" static long ssl2_default_timeout(void ); const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT; @@ -77,7 +78,8 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL_WITH_MD5, SSL2_CK_NULL_WITH_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2, - SSL_EXPORT|SSL_EXP40, + SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE, + 0, 0, 0, SSL_ALL_CIPHERS, @@ -197,6 +199,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={ SSL2_TXT_NULL, SSL2_CK_NULL, 0, + SSL_STRONG_NONE, 0, 0, 0, @@ -426,10 +429,14 @@ void ssl2_generate_key_material(SSL *s) #endif EVP_MD_CTX_init(&ctx); km=s->s2->key_material; + die(s->s2->key_material_length <= sizeof s->s2->key_material); for (i=0; is2->key_material_length; i+=MD5_DIGEST_LENGTH) { EVP_DigestInit_ex(&ctx,EVP_md5(), NULL); + die(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); EVP_DigestUpdate(&ctx,&c,1); c++; @@ -465,6 +472,7 @@ void ssl2_write_error(SSL *s) /* state=s->rwstate;*/ error=s->error; s->error=0; + die(error >= 0 && error <= 3); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c index 56da65195e..391287bfcd 100644 --- a/src/lib/libssl/src/ssl/s2_srvr.c +++ b/src/lib/libssl/src/ssl/s2_srvr.c @@ -116,6 +116,7 @@ #include #include #include +#include "cryptlib.h" static SSL_METHOD *ssl2_get_server_method(int ver); static int get_client_master_key(SSL *s); @@ -417,11 +418,18 @@ static int get_client_master_key(SSL *s) n2s(p,i); s->s2->tmp.clear=i; n2s(p,i); s->s2->tmp.enc=i; n2s(p,i); s->session->key_arg_length=i; + if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, + SSL_R_KEY_ARG_TOO_LONG); + return -1; + } s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; } /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; + die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER); keya=s->session->key_arg_length; len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) @@ -504,6 +512,7 @@ static int get_client_master_key(SSL *s) #endif if (is_export) i+=s->s2->tmp.clear; + die(i <= SSL_MAX_MASTER_KEY_LENGTH); s->session->master_key_length=i; memcpy(s->session->master_key,p,(unsigned int)i); return(1); @@ -670,6 +679,7 @@ static int get_client_hello(SSL *s) p+=s->s2->tmp.session_id_length; /* challenge */ + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); return(1); mem_err: @@ -826,6 +836,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ + die(s->s2->conn_id_length <= sizeof s->s2->conn_id); len = 1 + (unsigned long)s->s2->conn_id_length; n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); @@ -853,6 +864,7 @@ static int server_verify(SSL *s) { p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_VERIFY; + die(s->s2->challenge_length <= sizeof s->s2->challenge); memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); /* p+=s->s2->challenge_length; */ @@ -872,6 +884,8 @@ static int server_finish(SSL *s) p=(unsigned char *)s->init_buf->data; *(p++)=SSL2_MT_SERVER_FINISHED; + die(s->session->session_id_length + <= sizeof s->session->session_id); memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); /* p+=s->session->session_id_length; */ diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c index 58a24cd883..8864366f59 100644 --- a/src/lib/libssl/src/ssl/s3_both.c +++ b/src/lib/libssl/src/ssl/s3_both.c @@ -112,12 +112,12 @@ #include #include #include +#include "ssl_locl.h" #include #include #include #include #include -#include "ssl_locl.h" /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ int ssl3_do_write(SSL *s, int type) diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index e5853ede95..2699b5863b 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c @@ -110,13 +110,14 @@ */ #include +#include "ssl_locl.h" +#include "kssl_lcl.h" #include #include #include #include -#include "ssl_locl.h" -#include "kssl_lcl.h" #include +#include "cryptlib.h" static SSL_METHOD *ssl3_get_client_method(int ver); static int ssl3_client_hello(SSL *s); @@ -545,6 +546,7 @@ static int ssl3_client_hello(SSL *s) *(p++)=i; if (i != 0) { + die(i <= sizeof s->session->session_id); memcpy(p,s->session->session_id,i); p+=i; } @@ -626,6 +628,14 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); + if(j > sizeof s->session->session_id) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; + } + if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) { /* SSLref returns 16 :-( */ @@ -1588,6 +1598,7 @@ static int ssl3_send_client_key_exchange(SSL *s) SSL_MAX_MASTER_KEY_LENGTH); EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); outl += padl; + die(outl <= sizeof epms); EVP_CIPHER_CTX_cleanup(&ciph_ctx); /* KerberosWrapper.EncryptedPreMasterSecret */ diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 6dfef5caaf..888a9a2868 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c @@ -110,8 +110,8 @@ */ #include -#include #include "ssl_locl.h" +#include #include static unsigned char ssl3_pad_1[48]={ @@ -378,13 +378,24 @@ int ssl3_setup_key_block(SSL *s) ret = ssl3_generate_key_block(s,p,num); - /* enable vulnerability countermeasure for CBC ciphers with - * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ - s->s3->need_empty_fragments = 1; + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + { + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + s->s3->need_empty_fragments = 1; + + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + #ifndef OPENSSL_NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif + } + } return ret; diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index 686992406c..14b2f13ae2 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c @@ -129,7 +129,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_MD5, SSL3_CK_RSA_NULL_MD5, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -142,7 +142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_RSA_NULL_SHA, SSL3_CK_RSA_NULL_SHA, SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -490,7 +490,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_NULL_SHA, SSL3_CK_FZA_DMS_NULL_SHA, SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, @@ -504,7 +504,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ SSL3_TXT_FZA_DMS_FZA_SHA, SSL3_CK_FZA_DMS_FZA_SHA, SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, + SSL_NOT_EXP|SSL_STRONG_NONE, 0, 0, 0, diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c index 43e8502b66..6ccea9aee5 100644 --- a/src/lib/libssl/src/ssl/s3_pkt.c +++ b/src/lib/libssl/src/ssl/s3_pkt.c @@ -112,9 +112,9 @@ #include #include #define USE_SOCKETS +#include "ssl_locl.h" #include #include -#include "ssl_locl.h" static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment); diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index 99b6a86983..782b57f57a 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c @@ -114,15 +114,16 @@ #include +#include "ssl_locl.h" +#include "kssl_lcl.h" #include #include #include #include #include #include -#include "ssl_locl.h" -#include "kssl_lcl.h" #include +#include "cryptlib.h" static SSL_METHOD *ssl3_get_server_method(int ver); static int ssl3_get_client_hello(SSL *s); @@ -964,6 +965,7 @@ static int ssl3_send_server_hello(SSL *s) s->session->session_id_length=0; sl=s->session->session_id_length; + die(sl <= sizeof s->session->session_id); *(p++)=sl; memcpy(p,s->session->session_id,sl); p+=sl; @@ -1559,8 +1561,8 @@ static int ssl3_get_client_key_exchange(SSL *s) EVP_CIPHER *enc = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH + 1]; - int padl, outl = sizeof(pms); + + EVP_MAX_BLOCK_LENGTH]; + int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; @@ -1583,6 +1585,16 @@ static int ssl3_get_client_key_exchange(SSL *s) enc_pms.data = (char *)p; p+=enc_pms.length; + /* Note that the length is checked again below, + ** after decryption + */ + if(enc.pms_length > sizeof pms) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DATA_LENGTH_TOO_LONG); + goto err; + } + if (n != enc_ticket.length + authenticator.length + enc_pms.length + 6) { diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com index e706ab8e99..1f1921e162 100644 --- a/src/lib/libssl/src/ssl/ssl-lib.com +++ b/src/lib/libssl/src/ssl/ssl-lib.com @@ -314,7 +314,7 @@ $ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine." $! $! Compile The File. $! -$ ON ERROR GOTO SSL_TASK_END +$ ON ERROR THEN GOTO SSL_TASK_END $ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C $! $! Link The Program, Check To See If We Need To Link With RSAREF Or Not. diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 833f761690..d9949e8eb2 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h @@ -253,7 +253,7 @@ extern "C" { #define SSL_TXT_RC4 "RC4" #define SSL_TXT_RC2 "RC2" #define SSL_TXT_IDEA "IDEA" -#define SSL_TXT_AES "AESdraft" /* AES ciphersuites are not yet official (thus excluded from 'ALL') */ +#define SSL_TXT_AES "AES" #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" @@ -266,6 +266,23 @@ extern "C" { #define SSL_TXT_TLSV1 "TLSv1" #define SSL_TXT_ALL "ALL" +/* + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + /* The following cipher list is used by default. * It also is substituted when an application-defined cipher list string * starts with 'DEFAULT'. */ @@ -429,6 +446,7 @@ typedef struct ssl_session_st struct ssl_session_st *prev,*next; } SSL_SESSION; + #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L @@ -439,6 +457,19 @@ typedef struct ssl_session_st #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. Unfortunately some broken SSL/TLS + * implementations cannot handle it at all, which is why we include + * it in SSL_OP_ALL. */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ + +/* SSL_OP_ALL: various bug workarounds that should be rather harmless. + * This used to be 0x000FFFFFL before 0.9.7. */ +#define SSL_OP_ALL 0x00000FFFL + +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to always use the tmp_rsa key when doing RSA operations, @@ -452,8 +483,10 @@ typedef struct ssl_session_st * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L -/* As server, disallow session resumption on renegotiation */ -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L + +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L /* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ @@ -461,11 +494,7 @@ typedef struct ssl_session_st #define SSL_OP_PKCS1_CHECK_2 0x10000000L #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L -#define SSL_OP_ALL 0x000FFFFFL -#define SSL_OP_NO_SSLv2 0x01000000L -#define SSL_OP_NO_SSLv3 0x02000000L -#define SSL_OP_NO_TLSv1 0x04000000L /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ @@ -479,6 +508,7 @@ typedef struct ssl_session_st * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L + /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -1637,6 +1667,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_PURPOSE 278 #define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 1112 #define SSL_R_KRB5 1104 #define SSL_R_KRB5_C_CC_PRINC 1094 #define SSL_R_KRB5_C_GET_CRED 1095 @@ -1716,6 +1747,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_SHORT_READ 219 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c index c5eeeb6bc5..1638c6b525 100644 --- a/src/lib/libssl/src/ssl/ssl_asn1.c +++ b/src/lib/libssl/src/ssl/ssl_asn1.c @@ -58,10 +58,11 @@ #include #include +#include "ssl_locl.h" #include #include #include -#include "ssl_locl.h" +#include "cryptlib.h" typedef struct ssl_session_asn1_st { @@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, os.length=i; ret->session_id_length=os.length; + die(os.length <= sizeof ret->session_id); memcpy(ret->session_id,os.data,os.length); M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c index cdd8dde128..37f58886a6 100644 --- a/src/lib/libssl/src/ssl/ssl_ciph.c +++ b/src/lib/libssl/src/ssl/ssl_ciph.c @@ -100,9 +100,10 @@ typedef struct cipher_order_st } CIPHER_ORDER; static const SSL_CIPHER cipher_aliases[]={ - /* Don't include eNULL unless specifically enabled. - * Similarly, don't include AES in ALL because these ciphers are not yet official. */ - {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + /* Don't include eNULL unless specifically enabled. */ + {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ + {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */ + {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0}, {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, @@ -999,10 +1000,10 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) case SSL_AES: switch(cipher->strength_bits) { - case 128: enc="AESdraft(128)"; break; - case 192: enc="AESdraft(192)"; break; - case 256: enc="AESdraft(256)"; break; - default: enc="AESdraft(?""?""?)"; break; + case 128: enc="AES(128)"; break; + case 192: enc="AES(192)"; break; + case 256: enc="AES(256)"; break; + default: enc="AES(?""?""?)"; break; } break; default: diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c index c32c4ef6e9..0cad32c855 100644 --- a/src/lib/libssl/src/ssl/ssl_err.c +++ b/src/lib/libssl/src/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -275,6 +275,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_INVALID_COMMAND ,"invalid command"}, {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, {SSL_R_INVALID_TRUST ,"invalid trust"}, +{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, {SSL_R_KRB5 ,"krb5"}, {SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, {SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, @@ -354,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_SHORT_READ ,"short read"}, {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, +{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c index df307a80c5..ab172aeaec 100644 --- a/src/lib/libssl/src/ssl/ssl_lib.c +++ b/src/lib/libssl/src/ssl/ssl_lib.c @@ -116,11 +116,11 @@ # include #endif #include +#include "ssl_locl.h" +#include "kssl_lcl.h" #include #include #include -#include "ssl_locl.h" -#include "kssl_lcl.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h index 17e9bef832..fe4ac839cf 100644 --- a/src/lib/libssl/src/ssl/ssl_locl.h +++ b/src/lib/libssl/src/ssl/ssl_locl.h @@ -293,16 +293,17 @@ #define SSL_NOT_EXP 0x00000001L #define SSL_EXPORT 0x00000002L -#define SSL_STRONG_MASK 0x0000007cL -#define SSL_EXP40 0x00000004L +#define SSL_STRONG_MASK 0x000000fcL +#define SSL_STRONG_NONE 0x00000004L +#define SSL_EXP40 0x00000008L #define SSL_MICRO (SSL_EXP40) -#define SSL_EXP56 0x00000008L +#define SSL_EXP56 0x00000010L #define SSL_MINI (SSL_EXP56) -#define SSL_LOW 0x00000010L -#define SSL_MEDIUM 0x00000020L -#define SSL_HIGH 0x00000040L +#define SSL_LOW 0x00000020L +#define SSL_MEDIUM 0x00000040L +#define SSL_HIGH 0x00000080L -/* we have used 0000007f - 25 bits left to go */ +/* we have used 000000ff - 24 bits left to go */ /* * Macros to check the export status and cipher strength for export ciphers. diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c index 1cf8e20934..03828b6632 100644 --- a/src/lib/libssl/src/ssl/ssl_rsa.c +++ b/src/lib/libssl/src/ssl/ssl_rsa.c @@ -57,12 +57,12 @@ */ #include +#include "ssl_locl.h" #include #include #include #include #include -#include "ssl_locl.h" static int ssl_set_cert(CERT *c, X509 *x509); static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 6424f775e2..8bfc382bb6 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c @@ -60,6 +60,7 @@ #include #include #include "ssl_locl.h" +#include "cryptlib.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); @@ -250,6 +251,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length=0; } + die(s->sid_ctx_length <= sizeof ss->sid_ctx); memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; diff --git a/src/lib/libssl/src/ssl/t1_clnt.c b/src/lib/libssl/src/ssl/t1_clnt.c index 9745630a00..9ad518f9f4 100644 --- a/src/lib/libssl/src/ssl/t1_clnt.c +++ b/src/lib/libssl/src/ssl/t1_clnt.c @@ -57,11 +57,11 @@ */ #include +#include "ssl_locl.h" #include #include #include #include -#include "ssl_locl.h" static SSL_METHOD *tls1_get_client_method(int ver); static SSL_METHOD *tls1_get_client_method(int ver) diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index b80525f3ba..5290bf6665 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c @@ -110,10 +110,10 @@ */ #include +#include "ssl_locl.h" #include #include #include -#include "ssl_locl.h" #include static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, @@ -483,14 +483,25 @@ printf("\nkey block\n"); { int z; for (z=0; zs3->need_empty_fragments = 1; -#ifndef NO_RC4 - if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) - s->s3->need_empty_fragments = 0; + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + { + /* enable vulnerability countermeasure for CBC ciphers with + * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) + */ + s->s3->need_empty_fragments = 1; + + if (s->session->cipher != NULL) + { + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL) + s->s3->need_empty_fragments = 0; + +#ifndef OPENSSL_NO_RC4 + if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4) + s->s3->need_empty_fragments = 0; #endif - + } + } + return(1); err: SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); diff --git a/src/lib/libssl/src/ssl/t1_srvr.c b/src/lib/libssl/src/ssl/t1_srvr.c index 996b7ca8e2..6e765e587f 100644 --- a/src/lib/libssl/src/ssl/t1_srvr.c +++ b/src/lib/libssl/src/ssl/t1_srvr.c @@ -57,12 +57,12 @@ */ #include +#include "ssl_locl.h" #include #include #include #include #include -#include "ssl_locl.h" static SSL_METHOD *tls1_get_server_method(int ver); static SSL_METHOD *tls1_get_server_method(int ver) diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h index 88ec5fb527..38838ea9a5 100644 --- a/src/lib/libssl/src/ssl/tls1.h +++ b/src/lib/libssl/src/ssl/tls1.h @@ -96,7 +96,7 @@ extern "C" { #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - /* AES ciphersuites from draft ietf-tls-ciphersuite-03.txt */ +/* AES ciphersuites from RFC3268 */ #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 @@ -126,20 +126,21 @@ extern "C" { #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" - /* AES ciphersuites from draft-ietf-tls-ciphersuite-06.txt */ -#define TLS1_TXT_RSA_WITH_AES_128_SHA "AESdraft128-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AESdraft128-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AESdraft128-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AESdraft128-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AESdraft128-SHA" -#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AESdraft128-SHA" - -#define TLS1_TXT_RSA_WITH_AES_256_SHA "AESdraft256-SHA" -#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AESdraft256-SHA" -#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AESdraft256-SHA" -#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AESdraft256-SHA" -#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AESdraft256-SHA" -#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AESdraft256-SHA" + +/* AES ciphersuites from RFC3268 */ +#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" #define TLS_CT_RSA_SIGN 1 diff --git a/src/lib/libssl/src/test/dummytest.c b/src/lib/libssl/src/test/dummytest.c new file mode 100644 index 0000000000..f98f003ef9 --- /dev/null +++ b/src/lib/libssl/src/test/dummytest.c @@ -0,0 +1,47 @@ +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) + { + char *p, *q, *program; + + p = strrchr(argv[0], '/'); + if (!p) p = strrchr(argv[0], '\\'); +#ifdef OPENSSL_SYS_VMS + if (!p) p = strrchr(argv[0], ']'); + if (p) q = strrchr(p, '>'); + if (q) p = q; + if (!p) p = strrchr(argv[0], ':'); + q = 0; +#endif + if (p) p++; + if (!p) p = argv[0]; + if (p) q = strchr(p, '.'); + if (p && !q) q = p + strlen(p); + + if (!p) + program = BUF_strdup("(unknown)"); + else + { + program = OPENSSL_malloc((q - p) + 1); + strncpy(program, p, q - p); + program[q - p] = '\0'; + } + + for(p = program; *p; p++) + if (islower(*p)) *p = toupper(*p); + + q = strstr(program, "TEST"); + if (q > p && q[-1] == '_') q--; + *q = '\0'; + + printf("No %s support\n", program); + + OPENSSL_free(program); + return(0); + } diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com index f7ff8fe407..b3bf8bb837 100644 --- a/src/lib/libssl/src/test/maketests.com +++ b/src/lib/libssl/src/test/maketests.com @@ -910,7 +910,8 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -959,6 +960,32 @@ $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P4.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P4.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with NONE +$! +$ ENDIF +$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB @@ -974,6 +1001,7 @@ $ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. diff --git a/src/lib/libssl/src/test/tcrl b/src/lib/libssl/src/test/tcrl index acaf8f3c47..f71ef7a863 100644 --- a/src/lib/libssl/src/test/tcrl +++ b/src/lib/libssl/src/test/tcrl @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl crl' diff --git a/src/lib/libssl/src/test/testca b/src/lib/libssl/src/test/testca index 88c186b6ab..8215ebb5d1 100644 --- a/src/lib/libssl/src/test/testca +++ b/src/lib/libssl/src/test/testca @@ -1,7 +1,11 @@ #!/bin/sh SH="/bin/sh" -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=./apps\;../apps\;$PATH +else + PATH=../apps:$PATH +fi export SH PATH SSLEAY_CONFIG="-config CAss.cnf" diff --git a/src/lib/libssl/src/test/testgen b/src/lib/libssl/src/test/testgen index 6a4b6b9221..55c496f4bc 100644 --- a/src/lib/libssl/src/test/testgen +++ b/src/lib/libssl/src/test/testgen @@ -6,7 +6,11 @@ CA=../certs/testca.pem /bin/rm -f $T.1 $T.2 $T.key -PATH=../apps:$PATH; +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH; +else + PATH=../apps:$PATH; +fi export PATH echo "generating certificate request" diff --git a/src/lib/libssl/src/test/tpkcs7 b/src/lib/libssl/src/test/tpkcs7 index 15bbba42c0..cf3bd9fadb 100644 --- a/src/lib/libssl/src/test/tpkcs7 +++ b/src/lib/libssl/src/test/tpkcs7 @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl pkcs7' diff --git a/src/lib/libssl/src/test/tpkcs7d b/src/lib/libssl/src/test/tpkcs7d index 46e5aa2bd6..18f9311b06 100644 --- a/src/lib/libssl/src/test/tpkcs7d +++ b/src/lib/libssl/src/test/tpkcs7d @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl pkcs7' diff --git a/src/lib/libssl/src/test/treq b/src/lib/libssl/src/test/treq index 9f5eb7eea5..47a8273cde 100644 --- a/src/lib/libssl/src/test/treq +++ b/src/lib/libssl/src/test/treq @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl req -config ../apps/openssl.cnf' diff --git a/src/lib/libssl/src/test/trsa b/src/lib/libssl/src/test/trsa index bd6c07650a..413e2ec0a0 100644 --- a/src/lib/libssl/src/test/trsa +++ b/src/lib/libssl/src/test/trsa @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH if ../apps/openssl no-rsa; then diff --git a/src/lib/libssl/src/test/tsid b/src/lib/libssl/src/test/tsid index 9e0854516c..40a1dfa97c 100644 --- a/src/lib/libssl/src/test/tsid +++ b/src/lib/libssl/src/test/tsid @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl sess_id' diff --git a/src/lib/libssl/src/test/tx509 b/src/lib/libssl/src/test/tx509 index 35169f3a43..d380963abc 100644 --- a/src/lib/libssl/src/test/tx509 +++ b/src/lib/libssl/src/test/tx509 @@ -1,6 +1,10 @@ #!/bin/sh -PATH=../apps:$PATH +if test "$OSTYPE" = msdosdjgpp; then + PATH=../apps\;$PATH +else + PATH=../apps:$PATH +fi export PATH cmd='../apps/openssl x509' diff --git a/src/lib/libssl/src/tools/c_rehash b/src/lib/libssl/src/tools/c_rehash index 9fb18674ac..e07dd3fca9 100644 --- a/src/lib/libssl/src/tools/c_rehash +++ b/src/lib/libssl/src/tools/c_rehash @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/local/bin/perl5 # Perl c_rehash script, scan all files in a directory @@ -17,10 +17,10 @@ if(defined $ENV{OPENSSL}) { $ENV{PATH} .= ":$dir/bin"; -if(! -f $openssl) { +if(! -x $openssl) { my $found = 0; foreach (split /:/, $ENV{PATH}) { - if(-f "$_/$openssl") { + if(-x "$_/$openssl") { $found = 1; last; } diff --git a/src/lib/libssl/src/tools/c_rehash.in b/src/lib/libssl/src/tools/c_rehash.in index 69da98ff2c..5b053406c2 100644 --- a/src/lib/libssl/src/tools/c_rehash.in +++ b/src/lib/libssl/src/tools/c_rehash.in @@ -17,10 +17,10 @@ if(defined $ENV{OPENSSL}) { $ENV{PATH} .= ":$dir/bin"; -if(! -f $openssl) { +if(! -x $openssl) { my $found = 0; foreach (split /:/, $ENV{PATH}) { - if(-f "$_/$openssl") { + if(-x "$_/$openssl") { $found = 1; last; } diff --git a/src/lib/libssl/src/util/dirname.pl b/src/lib/libssl/src/util/dirname.pl new file mode 100644 index 0000000000..d7a66d96ac --- /dev/null +++ b/src/lib/libssl/src/util/dirname.pl @@ -0,0 +1,18 @@ +#!/usr/local/bin/perl + +if ($#ARGV < 0) { + die "dirname.pl: too few arguments\n"; +} elsif ($#ARGV > 0) { + die "dirname.pl: too many arguments\n"; +} + +my $d = $ARGV[0]; + +if ($d =~ m|.*/.*|) { + $d =~ s|/[^/]*$||; +} else { + $d = "."; +} + +print $d,"\n"; +exit(0); diff --git a/src/lib/libssl/src/util/domd b/src/lib/libssl/src/util/domd index aa99cb0523..8cbe383c16 100644 --- a/src/lib/libssl/src/util/domd +++ b/src/lib/libssl/src/util/domd @@ -18,11 +18,11 @@ if [ "$MAKEDEPEND" = "gcc" ]; then sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp - perl $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new + ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@ - perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new + ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new fi mv Makefile.new Makefile.ssl # unfake the presence of Kerberos diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num index b74749e5de..512185e257 100644 --- a/src/lib/libssl/src/util/libeay.num +++ b/src/lib/libssl/src/util/libeay.num @@ -701,7 +701,7 @@ bn_mul_words 707 EXIST::FUNCTION: BN_uadd 708 EXIST::FUNCTION: BN_usub 709 EXIST::FUNCTION: bn_sqr_words 710 EXIST::FUNCTION: -_ossl_old_crypt 711 EXIST:!NeXT,!PERL5,!__FreeBSD__:FUNCTION:DES +_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: d2i_ASN1_HEADER 714 EXIST::FUNCTION: @@ -984,8 +984,8 @@ BIO_ghbn_ctrl 1003 EXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: -ERR_load_CRYPTO_strings 1009 EXIST:!VMS,!WIN16:FUNCTION: -ERR_load_CRYPTOlib_strings 1009 EXIST:VMS,WIN16:FUNCTION: +ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION: +ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION: EVP_PKEY_bits 1010 EXIST::FUNCTION: MD5_Transform 1011 EXIST::FUNCTION:MD5 SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1 @@ -1216,7 +1216,7 @@ name_cmp 1239 EXIST::FUNCTION: str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: -BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION: +BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION: BIO_f_reliable 1244 EXIST::FUNCTION:BIO PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: @@ -2732,8 +2732,8 @@ EC_POINT_point2oct 3178 EXIST::FUNCTION:EC KRB5_APREQ_free 3179 EXIST::FUNCTION: ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_crlID_new 3181 EXIST:!VMS,!WIN16:FUNCTION: -OCSP_crlID2_new 3181 EXIST:VMS,WIN16:FUNCTION: +OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: +OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: ENGINE_set_default_string 3184 EXIST::FUNCTION: @@ -2774,3 +2774,21 @@ AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES ENGINE_load_4758cca 3218 EXIST::FUNCTION: _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES +EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES +EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES +EVP_aes_128_cfb 3222 EXIST::FUNCTION:AES +EVP_aes_256_cfb 3223 EXIST::FUNCTION:AES +EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES +EVP_aes_192_cfb 3225 EXIST::FUNCTION:AES +CONF_modules_free 3226 EXIST::FUNCTION: +NCONF_default 3227 EXIST::FUNCTION: +OPENSSL_no_config 3228 EXIST::FUNCTION: +NCONF_WIN32 3229 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION: +EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES +i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION: +ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: +EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl index 8b6b2e668a..c9271bbffe 100644 --- a/src/lib/libssl/src/util/mk1mf.pl +++ b/src/lib/libssl/src/util/mk1mf.pl @@ -100,7 +100,7 @@ $out_def="out"; $inc_def="outinc"; $tmp_def="tmp"; -$mkdir="mkdir"; +$mkdir="-mkdir"; ($ssl,$crypto)=("ssl","crypto"); $ranlib="echo ranlib"; diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl index 071036a6d2..adfd447dd3 100644 --- a/src/lib/libssl/src/util/mkdef.pl +++ b/src/lib/libssl/src/util/mkdef.pl @@ -43,8 +43,8 @@ # EXPORT_VAR_AS_FUNCTION). This script assumes renaming of symbols is found # in the file crypto/symhacks.h. # The semantics for the platforms is that every item is checked against the -# enviroment. For the negative items ("!FOO"), if any of them is false -# (i.e. "FOO" is true) in the enviroment, the corresponding symbol can't be +# environment. For the negative items ("!FOO"), if any of them is false +# (i.e. "FOO" is true) in the environment, the corresponding symbol can't be # used. For the positive itms, if all of them are false in the environment, # the corresponding symbol can't be used. Any combination of positive and # negative items are possible, and of course leave room for some redundancy. @@ -58,6 +58,7 @@ my $debug=0; my $crypto_num= "util/libeay.num"; my $ssl_num= "util/ssleay.num"; +my $libname; my $do_update = 0; my $do_rewrite = 1; @@ -73,12 +74,13 @@ my $VMS=0; my $W32=0; my $W16=0; my $NT=0; +my $OS2=0; # Set this to make typesafe STACK definitions appear in DEF my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", "EXPORT_VAR_AS_FUNCTION" ); -my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT" ); +my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "RIPEMD", @@ -126,11 +128,18 @@ foreach (@ARGV, split(/ /, $options)) $VMSAlpha=1; } $VMS=1 if $_ eq "VMS"; + $OS2=1 if $_ eq "OS2"; $do_ssl=1 if $_ eq "ssleay"; - $do_ssl=1 if $_ eq "ssl"; + if ($_ eq "ssl") { + $do_ssl=1; + $libname=$_ + } $do_crypto=1 if $_ eq "libeay"; - $do_crypto=1 if $_ eq "crypto"; + if ($_ eq "crypto") { + $do_crypto=1; + $libname=$_; + } $do_update=1 if $_ eq "update"; $do_rewrite=1 if $_ eq "rewrite"; $do_ctest=1 if $_ eq "ctest"; @@ -170,8 +179,17 @@ foreach (@ARGV, split(/ /, $options)) } +if (!$libname) { + if ($do_ssl) { + $libname="SSLEAY"; + } + if ($do_crypto) { + $libname="LIBEAY"; + } +} + # If no platform is given, assume WIN32 -if ($W32 + $W16 + $VMS == 0) { +if ($W32 + $W16 + $VMS + $OS2 == 0) { $W32 = 1; } @@ -182,7 +200,7 @@ if ($W16) { if (!$do_ssl && !$do_crypto) { - print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ]\n"; + print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n"; exit(1); } @@ -305,10 +323,10 @@ EOF } else { - &print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_symbols) + &print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols) if $do_ssl == 1; - &print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_symbols) + &print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols) if $do_crypto == 1; } @@ -995,6 +1013,7 @@ sub is_valid if ($keyword eq "WIN32" && $W32) { return 1; } if ($keyword eq "WIN16" && $W16) { return 1; } if ($keyword eq "WINNT" && $NT) { return 1; } + if ($keyword eq "OS2" && $OS2) { return 1; } # Special platforms: # EXPORT_VAR_AS_FUNCTION means that global variables # will be represented as functions. This currently @@ -1092,24 +1111,27 @@ sub print_def_file { (*OUT,my $name,*nums,my @symbols)=@_; my $n = 1; my @e; my @r; my @v; my $prev=""; + my $liboptions=""; if ($W32) { $name.="32"; } - else + elsif ($W16) { $name.="16"; } + elsif ($OS2) + { $liboptions = "INITINSTANCE\nDATA NONSHARED"; } print OUT <<"EOF"; ; ; Definition file for the DLL version of the $name library from OpenSSL ; -LIBRARY $name +LIBRARY $name $liboptions DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' EOF - if (!$W32) { + if ($W16) { print <<"EOF"; CODE PRELOAD MOVEABLE DATA PRELOAD MOVEABLE SINGLE @@ -1148,10 +1170,10 @@ EOF print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n"; } $prev = $s2; # To warn about duplicates... - if($v) { + if($v && !$OS2) { printf OUT " %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n; } else { - printf OUT " %s%-39s @%d\n",($W32)?"":"_",$s2,$n; + printf OUT " %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n; } } } diff --git a/src/lib/libssl/src/util/mklink.pl b/src/lib/libssl/src/util/mklink.pl index 9e9c9a5146..9386da7aa4 100644 --- a/src/lib/libssl/src/util/mklink.pl +++ b/src/lib/libssl/src/util/mklink.pl @@ -18,10 +18,10 @@ my $from = shift; my @files = @ARGV; -my @from_path = split(/\//, $from); +my @from_path = split(/[\\\/]/, $from); my $pwd = `pwd`; chop($pwd); -my @pwd_path = split(/\//, $pwd); +my @pwd_path = split(/[\\\/]/, $pwd); my @to_path = (); @@ -54,7 +54,16 @@ foreach $file (@files) { if ($symlink_exists) { symlink("$to/$file", "$from/$file") or $err = " [$!]"; } else { - system ("cp", "$file", "$from/$file") and $err = " [$!]"; + unlink "$from/$file"; + open (OLD, "<$file") or die "Can't open $file: $!"; + open (NEW, ">$from/$file") or die "Can't open $from/$file: $!"; + binmode(OLD); + binmode(NEW); + while () { + print NEW $_; + } + close (OLD) or die "Can't close $file: $!"; + close (NEW) or die "Can't close $from/$file: $!"; } print $file . " => $from/$file$err\n"; } diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl index 78d60616a6..bd7a9d9301 100644 --- a/src/lib/libssl/src/util/pl/BC-32.pl +++ b/src/lib/libssl/src/util/pl/BC-32.pl @@ -18,7 +18,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; @@ -51,9 +51,9 @@ $lfile=''; $shlib_ex_obj=""; $app_ex_obj="c0x32.obj"; -$asm='n_o_T_a_s_m'; +$asm='nasmw'; $asm.=" /Zi" if $debug; -$afile='/Fo'; +$afile='-f obj -o'; $bn_mulw_obj=''; $bn_mulw_src=''; @@ -64,24 +64,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_mulw_obj='crypto\bn\asm\bn-win32.obj'; - $bn_mulw_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_mulw_obj='crypto\bn\asm\bn_win32.obj'; + $bn_mulw_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } diff --git a/src/lib/libssl/src/util/pl/OS2-EMX.pl b/src/lib/libssl/src/util/pl/OS2-EMX.pl index 57180556ca..d695dda623 100644 --- a/src/lib/libssl/src/util/pl/OS2-EMX.pl +++ b/src/lib/libssl/src/util/pl/OS2-EMX.pl @@ -10,18 +10,20 @@ $rm='rm -f'; # C compiler stuff $cc='gcc'; -$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmt -Wall "; +$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall "; +$cflags.="-Zomf " if $shlib; +$shl_cflag="-Zdll"; if ($debug) { $cflags.="-g "; } -$obj='.o'; +$obj=$shlib ? '.obj' : '.o'; $ofile='-o '; # EXE linking stuff $link='${CC}'; -$lflags='${CFLAGS} -Zbsd-signals'; +$lflags='${CFLAGS} -Zbsd-signals -s'; $efile='-o '; $exep='.exe'; $ex_libs="-lsocket"; @@ -30,12 +32,12 @@ $ex_libs="-lsocket"; $mklib='ar r'; $mlflags=''; $ranlib="ar s"; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; +$plib=''; +$libp=$shlib ? ".lib" : ".a"; +$shlibp=$shlib ? ".dll" : ".a"; $lfile=''; -$asm='as'; +$asm=$shlib ? 'as -Zomf' : 'as'; $afile='-o '; $bn_asm_obj=""; $bn_asm_src=""; @@ -46,24 +48,32 @@ $bf_enc_src=""; if (!$no_asm) { - $bn_asm_obj='crypto\bn\asm\bn-os2.o crypto\bn\asm\co-os2.o'; - $bn_asm_src='crypto\bn\asm\bn-os2.asm crypto\bn\asm\co-os2.asm'; - $des_enc_obj='crypto\des\asm\d-os2.o crypto\des\asm\y-os2.o'; - $des_enc_src='crypto\des\asm\d-os2.asm crypto\des\asm\y-os2.asm'; - $bf_enc_obj='crypto\bf\asm\b-os2.o'; - $bf_enc_src='crypto\bf\asm\b-os2.asm'; - $cast_enc_obj='crypto\cast\asm\c-os2.o'; - $cast_enc_src='crypto\cast\asm\c-os2.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-os2.o'; - $rc4_enc_src='crypto\rc4\asm\r4-os2.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-os2.o'; - $rc5_enc_src='crypto\rc5\asm\r5-os2.asm'; - $md5_asm_obj='crypto\md5\asm\m5-os2.o'; - $md5_asm_src='crypto\md5\asm\m5-os2.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-os2.o'; - $sha1_asm_src='crypto\sha\asm\s1-os2.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-os2.o'; - $rmd160_asm_src='crypto\ripemd\asm\rm-os2.asm'; + $bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj"; + $bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm"; + $des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj"; + $des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm"; + $bf_enc_obj="crypto\\bf\\asm\\b-os2$obj"; + $bf_enc_src="crypto\\bf\\asm\\b-os2.asm"; + $cast_enc_obj="crypto\\cast\\asm\\c-os2$obj"; + $cast_enc_src="crypto\\cast\\asm\\c-os2.asm"; + $rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj"; + $rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm"; + $rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj"; + $rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm"; + $md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj"; + $md5_asm_src="crypto\\md5\\asm\\m5-os2.asm"; + $sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj"; + $sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm"; + $rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj"; + $rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm"; + } + +if ($shlib) + { + $mlflags.=" $lflags -Zdll"; + $lib_cflag=" -D_DLL"; + $out_def="out_dll"; + $tmp_def="tmp_dll"; } sub do_lib_rule @@ -76,9 +86,20 @@ sub do_lib_rule ($Name=$name) =~ tr/a-z/A-Z/; $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; + if (!$shlib) + { + $ret.="\t\$(RM) $target\n"; + $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; + $ret.="\t\$(RANLIB) $target\n\n"; + } + else + { + local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; + $ex.=' -lsocket'; + $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n"; + $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n"; + $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n"; + } } sub do_link_rule @@ -89,7 +110,7 @@ sub do_link_rule $file =~ s/\//$o/g if $o ne '/'; $n=&bname($target); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; + $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n"; return($ret); } diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl index 50bfb34385..d6e3a11530 100644 --- a/src/lib/libssl/src/util/pl/VC-32.pl +++ b/src/lib/libssl/src/util/pl/VC-32.pl @@ -66,24 +66,24 @@ $bf_enc_src=''; if (!$no_asm) { - $bn_asm_obj='crypto\bn\asm\bn-win32.obj'; - $bn_asm_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; + $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; + $bf_enc_obj='crypto\bf\asm\b_win32.obj'; + $bf_enc_src='crypto\bf\asm\b_win32.asm'; + $cast_enc_obj='crypto\cast\asm\c_win32.obj'; + $cast_enc_src='crypto\cast\asm\c_win32.asm'; + $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; + $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; + $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; + $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; + $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; + $md5_asm_src='crypto\md5\asm\m5_win32.asm'; + $sha1_asm_obj='crypto\sha\asm\s1_win32.obj'; + $sha1_asm_src='crypto\sha\asm\s1_win32.asm'; + $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; + $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } diff --git a/src/lib/libssl/src/util/pod2mantest b/src/lib/libssl/src/util/pod2mantest index 79aefafac0..e01c6192a7 100644 --- a/src/lib/libssl/src/util/pod2mantest +++ b/src/lib/libssl/src/util/pod2mantest @@ -11,9 +11,10 @@ IFS=: -try_without_dir=true +if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi +try_without_dir=false # First we try "pod2man", then "$dir/pod2man" for each item in $PATH. -for dir in dummy:$PATH; do +for dir in dummy${IFS}$PATH; do if [ "$try_without_dir" = true ]; then # first iteration pod2man=pod2man @@ -47,7 +48,7 @@ done echo "No working pod2man found. Consider installing a new version." >&2 if [ "$1" = ignore ]; then echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2 - echo "util/pod2man.pl" + echo "../../util/pod2man.pl" exit 0 fi exit 1 diff --git a/src/lib/libssl/src/util/point.sh b/src/lib/libssl/src/util/point.sh index 47543c88e2..ce7dcc56df 100644 --- a/src/lib/libssl/src/util/point.sh +++ b/src/lib/libssl/src/util/point.sh @@ -1,6 +1,10 @@ #!/bin/sh rm -f $2 -ln -s $1 $2 +if test "$OSTYPE" = msdosdjgpp; then + cp $1 $2 +else + ln -s $1 $2 +fi echo "$2 => $1" diff --git a/src/lib/libssl/test/dummytest.c b/src/lib/libssl/test/dummytest.c new file mode 100644 index 0000000000..f98f003ef9 --- /dev/null +++ b/src/lib/libssl/test/dummytest.c @@ -0,0 +1,47 @@ +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) + { + char *p, *q, *program; + + p = strrchr(argv[0], '/'); + if (!p) p = strrchr(argv[0], '\\'); +#ifdef OPENSSL_SYS_VMS + if (!p) p = strrchr(argv[0], ']'); + if (p) q = strrchr(p, '>'); + if (q) p = q; + if (!p) p = strrchr(argv[0], ':'); + q = 0; +#endif + if (p) p++; + if (!p) p = argv[0]; + if (p) q = strchr(p, '.'); + if (p && !q) q = p + strlen(p); + + if (!p) + program = BUF_strdup("(unknown)"); + else + { + program = OPENSSL_malloc((q - p) + 1); + strncpy(program, p, q - p); + program[q - p] = '\0'; + } + + for(p = program; *p; p++) + if (islower(*p)) *p = toupper(*p); + + q = strstr(program, "TEST"); + if (q > p && q[-1] == '_') q--; + *q = '\0'; + + printf("No %s support\n", program); + + OPENSSL_free(program); + return(0); + } diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com index f7ff8fe407..b3bf8bb837 100644 --- a/src/lib/libssl/test/maketests.com +++ b/src/lib/libssl/test/maketests.com @@ -910,7 +910,8 @@ $ ENDIF $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen @@ -959,6 +960,32 @@ $! Done with UCX $! $ ENDIF $! +$! Check to see if TCPIP was chosen +$! +$ IF P4.EQS."TCPIP" +$ THEN +$! +$! Set the library to use TCPIP (post UCX). +$! +$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" +$! +$! Done with TCPIP +$! +$ ENDIF +$! +$! Check to see if NONE was chosen +$! +$ IF P4.EQS."NONE" +$ THEN +$! +$! Do not use a TCPIP library. +$! +$ TCPIP_LIB = "" +$! +$! Done with NONE +$! +$ ENDIF +$! $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB @@ -974,6 +1001,7 @@ $ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." +$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. -- cgit v1.2.3-55-g6feb