From 4b790f68539c49ef91f5e82506c2624900c92106 Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 1 Aug 2001 19:51:17 +0000 Subject: merge openssl 0.9.6b-engine Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries --- src/lib/libcrypto/asn1/t_x509.c | 2 + src/lib/libcrypto/asn1/x_pubkey.c | 2 +- src/lib/libcrypto/bio/b_print.c | 14 +- src/lib/libcrypto/bio/bf_buff.c | 2 +- src/lib/libcrypto/bn/asm/mips3.s | 430 ++++++++++++--------- src/lib/libcrypto/cryptlib.c | 10 +- src/lib/libcrypto/dsa/dsa.h | 1 + src/lib/libcrypto/dsa/dsa_err.c | 1 + src/lib/libcrypto/dsa/dsa_ossl.c | 21 + src/lib/libcrypto/evp/e_bf.c | 2 +- src/lib/libcrypto/evp/evp.h | 6 +- src/lib/libcrypto/evp/evp_key.c | 6 +- src/lib/libcrypto/opensslv.h | 6 +- src/lib/libcrypto/perlasm/x86unix.pl | 2 +- src/lib/libcrypto/rand/md_rand.c | 99 +++-- src/lib/libcrypto/rand/randfile.c | 8 +- src/lib/libcrypto/rsa/rsa_oaep.c | 29 +- src/lib/libcrypto/x509/x509_obj.c | 2 + src/lib/libcrypto/x509/x509_trs.c | 3 +- src/lib/libssl/crypto/shlib_version | 2 +- src/lib/libssl/s3_srvr.c | 26 +- src/lib/libssl/shlib_version | 2 +- src/lib/libssl/src/CHANGES | 114 +++++- src/lib/libssl/src/Configure | 3 + src/lib/libssl/src/FAQ | 66 +++- src/lib/libssl/src/INSTALL | 8 +- src/lib/libssl/src/INSTALL.VMS | 10 + src/lib/libssl/src/Makefile.org | 12 +- src/lib/libssl/src/NEWS | 17 + src/lib/libssl/src/README | 4 +- src/lib/libssl/src/apps/ca.c | 8 + src/lib/libssl/src/apps/dgst.c | 6 +- src/lib/libssl/src/apps/enc.c | 8 + src/lib/libssl/src/apps/smime.c | 1 + src/lib/libssl/src/apps/speed.c | 4 +- src/lib/libssl/src/crypto/asn1/t_x509.c | 2 + src/lib/libssl/src/crypto/asn1/x_pubkey.c | 2 +- src/lib/libssl/src/crypto/bio/b_print.c | 14 +- src/lib/libssl/src/crypto/bio/bf_buff.c | 2 +- src/lib/libssl/src/crypto/bn/asm/mips3.s | 430 ++++++++++++--------- src/lib/libssl/src/crypto/cryptlib.c | 10 +- src/lib/libssl/src/crypto/dsa/dsa.h | 1 + src/lib/libssl/src/crypto/dsa/dsa_err.c | 1 + src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 21 + src/lib/libssl/src/crypto/evp/e_bf.c | 2 +- src/lib/libssl/src/crypto/evp/evp.h | 6 +- src/lib/libssl/src/crypto/evp/evp_key.c | 6 +- src/lib/libssl/src/crypto/opensslv.h | 6 +- src/lib/libssl/src/crypto/perlasm/x86unix.pl | 2 +- src/lib/libssl/src/crypto/rand/md_rand.c | 99 +++-- src/lib/libssl/src/crypto/rand/randfile.c | 8 +- src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 29 +- src/lib/libssl/src/crypto/x509/x509_obj.c | 2 + src/lib/libssl/src/crypto/x509/x509_trs.c | 3 +- src/lib/libssl/src/doc/apps/enc.pod | 10 +- src/lib/libssl/src/doc/apps/rsautl.pod | 4 +- src/lib/libssl/src/doc/apps/s_server.pod | 2 +- src/lib/libssl/src/doc/crypto/bio.pod | 2 +- src/lib/libssl/src/doc/crypto/rand.pod | 13 +- .../src/doc/ssl/SSL_CTX_get_ex_new_index.pod | 2 +- .../src/doc/ssl/SSL_CTX_load_verify_locations.pod | 14 +- .../src/doc/ssl/SSL_CTX_set_client_CA_list.pod | 24 +- .../src/doc/ssl/SSL_CTX_set_session_cache_mode.pod | 2 +- .../src/doc/ssl/SSL_SESSION_get_ex_new_index.pod | 2 +- src/lib/libssl/src/doc/ssl/SSL_get_error.pod | 11 + .../libssl/src/doc/ssl/SSL_get_ex_new_index.pod | 2 +- .../src/doc/ssl/SSL_get_peer_certificate.pod | 9 +- src/lib/libssl/src/doc/ssl/SSL_read.pod | 17 +- src/lib/libssl/src/doc/ssl/SSL_shutdown.pod | 2 +- src/lib/libssl/src/doc/ssl/SSL_write.pod | 11 + src/lib/libssl/src/e_os.h | 1 + src/lib/libssl/src/ssl/s2_srvr.c | 3 +- src/lib/libssl/src/ssl/s3_enc.c | 17 +- src/lib/libssl/src/ssl/s3_srvr.c | 26 +- src/lib/libssl/src/ssl/t1_enc.c | 16 +- src/lib/libssl/src/test/Makefile.ssl | 2 +- src/lib/libssl/src/test/bctest | 111 ++++++ src/lib/libssl/ssl/shlib_version | 2 +- src/lib/libssl/t1_enc.c | 16 +- src/lib/libssl/test/Makefile.ssl | 2 +- src/lib/libssl/test/bctest | 111 ++++++ 81 files changed, 1420 insertions(+), 597 deletions(-) create mode 100644 src/lib/libssl/src/test/bctest create mode 100644 src/lib/libssl/test/bctest diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index 314bdfb1c7..89ae73a6de 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c @@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) ll=80-2-obase; s=X509_NAME_oneline(name,buf,256); + if (!*s) + return 1; s++; /* skip the first slash */ l=ll; diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c index b2e2a51477..4397a404b5 100644 --- a/src/lib/libcrypto/asn1/x_pubkey.c +++ b/src/lib/libcrypto/asn1/x_pubkey.c @@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) a=key->algor; if (ret->type == EVP_PKEY_DSA) { - if (a->parameter->type == V_ASN1_SEQUENCE) + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ret->pkey.dsa->write_params=0; p=a->parameter->value.sequence->data; diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c index b4f7a85f2e..91a049406e 100644 --- a/src/lib/libcrypto/bio/b_print.c +++ b/src/lib/libcrypto/bio/b_print.c @@ -109,7 +109,11 @@ #endif #if HAVE_LONG_LONG -#define LLONG long long +# if defined(WIN32) && !defined(__GNUC__) +# define LLONG _int64 +# else +# define LLONG long long +# endif #else #define LLONG long #endif @@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer, /* some handy macros */ #define char_to_int(p) (p - '0') -#define MAX(p,q) ((p >= q) ? p : q) +#define OSSL_MAX(p,q) ((p >= q) ? p : q) static void _dopr( @@ -503,13 +507,13 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { - zpadlen = MAX(zpadlen, spadlen); + zpadlen = OSSL_MAX(zpadlen, spadlen); spadlen = 0; } if (flags & DP_F_MINUS) @@ -641,7 +645,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); - } while (fracpart && (fplace < 20)); + } while (fplace < max); if (fplace == 20) fplace--; fconvert[fplace] = 0; diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c index f50e8f98a3..c90238bae1 100644 --- a/src/lib/libcrypto/bio/bf_buff.c +++ b/src/lib/libcrypto/bio/bf_buff.c @@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -#define DEFAULT_BUFFER_SIZE 1024 +#define DEFAULT_BUFFER_SIZE 4096 static BIO_METHOD methods_buffer= { diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s index 45786c00a5..dca4105c7d 100644 --- a/src/lib/libcrypto/bn/asm/mips3.s +++ b/src/lib/libcrypto/bn/asm/mips3.s @@ -1,5 +1,5 @@ .rdata -.asciiz "mips3.s, Version 1.0" +.asciiz "mips3.s, Version 1.1" .asciiz "MIPS III/IV ISA artwork by Andy Polyakov " /* @@ -849,6 +849,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -856,7 +857,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -884,6 +886,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -891,7 +894,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -928,6 +932,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -935,7 +940,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -981,6 +987,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -988,7 +995,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) /* r[13]=c2; */ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ @@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8) dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8) dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index 9de60fd528..a7a9262133 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c @@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i) } else #endif - if (--(pointer->references) <= 0) + if (pointer->references <= 0) { sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); } @@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - int i = -type - 1; struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(i); + = CRYPTO_get_dynlock_value(type); - if (pointer) + if (pointer && dynlock_lock_callback) { dynlock_lock_callback(mode, pointer, file, line); } - CRYPTO_destroy_dynlockid(i); + CRYPTO_destroy_dynlockid(type); } else if (locking_callback != NULL) @@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, CRYPTO_get_lock_name(type), file,line); #endif - *pointer=ret; } else { diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 65689a3426..12b60a8faa 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h @@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r); /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_MISSING_PARAMETERS 101 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c index 2b3ab3a9ad..736aeef7c4 100644 --- a/src/lib/libcrypto/dsa/dsa_err.c +++ b/src/lib/libcrypto/dsa/dsa_err.c @@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, {0,NULL} }; diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 5cbbdddfb9..34c6e9a141 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index 72047f64da..53559b0b65 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c @@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, - 0, bf_init_key, NULL, + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 76d417b44a..fd43127092 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, - unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index 09b72bf4bd..e7434ef9b2 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c @@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) #endif } -int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, - unsigned char *data, int datal, int count, unsigned char *key, - unsigned char *iv) +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index dc50f6d7da..4b25018e49 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h @@ -2,7 +2,7 @@ #define HEADER_OPENSSLV_H /* Numeric release version identifier: - * MMNNFFPPS: major minor fix patch status + * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas * 1 to 14, and f for release. The patch level is exactly that. * For example: @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090601fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" +#define OPENSSL_VERSION_NUMBER 0x0090602fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl index 309060ea00..10a7af8bff 100644 --- a/src/lib/libcrypto/perlasm/x86unix.pl +++ b/src/lib/libcrypto/perlasm/x86unix.pl @@ -79,7 +79,7 @@ sub main'DWP local($addr,$reg1,$reg2,$idx)=@_; $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; + $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); $ret.=$addr if ($addr ne "") && ($addr ne 0); diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index ae57570608..04b9d695b0 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -141,10 +141,11 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; -/* This should be set to 1 only when ssleay_rand_add() is called inside - an already locked state, so it doesn't try to lock and thereby cause - a hang. And it should always be reset back to 0 before unlocking. */ -static int add_do_not_lock=0; +static unsigned int crypto_lock_rand = 0; /* may be set only when a thread + * holds CRYPTO_LOCK_RAND + * (to prevent double locking) */ +static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ + #ifdef PREDICT int rand_predictable=0; @@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; + int do_not_lock; /* * (Based on the rand(3) manpage) @@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ - if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); + /* check if we already have the lock */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx=state_index; /* use our own copies of the counters so that even @@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); for (i=0; i 0) @@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { int ret; + unsigned long err; ret = RAND_bytes(buf, num); if (ret == 0) { - long err = ERR_peek_error(); + err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) (void)ERR_get_error(); @@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) static int ssleay_rand_status(void) { int ret; + int do_not_lock; + /* check if we already have the lock + * (could happen if a RAND_poll() implementation calls RAND_status()) */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) + { + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + crypto_lock_rand = 1; + locking_thread = CRYPTO_thread_id(); + } + if (!initialized) + { RAND_poll(); + initialized = 1; + } - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - initialized = 1; ret = entropy >= ENTROPY_NEEDED; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) + { + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + locking_thread = 0; + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + return ret; } diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f4376cf8cc..2ffb84c89e 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size) { if (issetugid() == 0) s=getenv("HOME"); +#ifdef DEFAULT_HOME + if (s == NULL) + { + s = DEFAULT_HOME; + } +#endif if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { strlcpy(buf,s,size); @@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size) strlcat(buf,RFILE,size); ret=buf; } - else + else buf[0] = '\0'; /* no file name */ } diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index fd0b7f361f..1849e55cd5 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c @@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; unsigned char *maskeddb; int lzero; - unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - return (-1); - } + goto decoding_err; + lzero = num - flen; + if (lzero < 0) + goto decoding_err; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + dblen = num - SHA_DIGEST_LENGTH; db = OPENSSL_malloc(dblen); if (db == NULL) @@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, return (-1); } - lzero = num - flen; - maskeddb = from - lzero + SHA_DIGEST_LENGTH; - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); for (i = lzero; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= from[i - lzero]; @@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; if (db[i] != 0x01 || i++ >= dblen) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, - RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { mlen = dblen - i; if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); mlen = -1; } else @@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } OPENSSL_free(db); return (mlen); + +decoding_err: + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; } int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c index 6a3ba8eb15..f0271fdfa1 100644 --- a/src/lib/libcrypto/x509/x509_obj.c +++ b/src/lib/libcrypto/x509/x509_obj.c @@ -214,6 +214,8 @@ int i; } else p=buf; + if (i == 0) + *p = '\0'; return(p); err: X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index a7b1543461..86b3b79dcc 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c @@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if(x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version index 3066b9771e..900b4048a9 100644 --- a/src/lib/libssl/crypto/shlib_version +++ b/src/lib/libssl/crypto/shlib_version @@ -1,2 +1,2 @@ major=5 -minor=0 +minor=1 diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index d04232960e..258af84867 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s) i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + al = -1; + if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - goto f_err; } - if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the @@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s) } } + if (al != -1) + { +#if 0 + goto f_err; +#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding + * (see RFC 2246, section 7.4.7.1). + * But note that due to length and protocol version checking, the + * attack is impractical anyway (see section 5 in D. Bleichenbacher: + * "Chosen Ciphertext Attacks Against Protocols Based on the RSA + * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). + */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +#endif + } + s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index 3066b9771e..900b4048a9 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version @@ -1,2 +1,2 @@ major=5 -minor=0 +minor=1 diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index 08ef8508d8..f88867b065 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES @@ -2,6 +2,118 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] + + *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) + to avoid a SSLeay/OpenSSL PRNG weakness pointed out by + Markku-Juhani O. Saarinen : + PRNG state recovery was possible based on the output of + one PRNG request appropriately sized to gain knowledge on + 'md' followed by enough consecutive 1-byte PRNG requests + to traverse all of 'state'. + + 1. When updating 'md_local' (the current thread's copy of 'md') + during PRNG output generation, hash all of the previous + 'md_local' value, not just the half used for PRNG output. + + 2. Make the number of bytes from 'state' included into the hash + independent from the number of PRNG bytes requested. + + The first measure alone would be sufficient to avoid + Markku-Juhani's attack. (Actually it had never occurred + to me that the half of 'md_local' used for chaining was the + half from which PRNG output bytes were taken -- I had always + assumed that the secret half would be used.) The second + measure makes sure that additional data from 'state' is never + mixed into 'md_local' in small portions; this heuristically + further strengthens the PRNG. + [Bodo Moeller] + + *) Fix crypto/bn/asm/mips3.s. + [Andy Polyakov] + + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + + *) Handle special case when X509_NAME is empty in X509 printing routines. + [Steve Henson] + + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + + *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + used: it isn't thread safe and the add_lock_callback should handle + that itself. + [Paul Rose ] + + *) Verify that incoming data obeys the block size in + ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). + [Bodo Moeller] + + *) Fix OAEP check. + [Ulf Möller, Bodo Möller] + + *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 + RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5 + when fixing the server behaviour for backwards-compatible 'client + hello' messages. (Note that the attack is impractical against + SSL 3.0 and TLS 1.0 anyway because length and version checking + means that the probability of guessing a valid ciphertext is + around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 + paper.) + + Before 0.9.5, the countermeasure (hide the error by generating a + random 'decryption result') did not work properly because + ERR_clear_error() was missing, meaning that SSL_get_error() would + detect the supposedly ignored error. + + Both problems are now fixed. + [Bodo Moeller] + + *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 + (previously it was 1024). + [Bodo Moeller] + + *) Fix for compatibility mode trust settings: ignore trust settings + unless some valid trust or reject settings are present. + [Steve Henson] + + *) Fix for blowfish EVP: its a variable length cipher. + [Steve Henson] + + *) Fix various bugs related to DSA S/MIME verification. Handle missing + parameters in DSA public key structures and return an error in the + DSA routines if parameters are absent. + [Steve Henson] + + *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" + in the current directory if neither $RANDFILE nor $HOME was set. + RAND_file_name() in 0.9.6a returned NULL in this case. This has + caused some confusion to Windows users who haven't defined $HOME. + Thus RAND_file_name() is changed again: e_os.h can define a + DEFAULT_HOME, which will be used if $HOME is not set. + For Windows, we use "C:"; on other platforms, we still require + environment variables. + + *) Move 'if (!initialized) RAND_poll()' into regions protected by + CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids + having multiple threads call RAND_poll() concurrently. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a + combination of a flag and a thread ID variable. + Otherwise while one thread is in ssleay_rand_bytes (which sets the + flag), *other* threads can enter ssleay_add_bytes without obeying + the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock + that they do not hold after the first thread unsets add_do_not_lock). + [Bodo Moeller] + + *) Change bctest again: '-x' expressions are not available in all + versions of 'test'. + [Bodo Moeller] + Changes between 0.9.6 and 0.9.6a [5 Apr 2001] *) Fix a couple of memory leaks in PKCS7_dataDecode() @@ -2363,7 +2475,7 @@ copied!) [Bodo Moeller] - *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode + *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options worked. *) Fix problems with no-hmac etc. diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index 98bc46bf87..ed4178084d 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure @@ -143,6 +143,9 @@ my %table=( # error message. "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +#### Solaris x86 with Sun C setups +"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ index cd759e0202..23e212fb4e 100644 --- a/src/lib/libssl/src/FAQ +++ b/src/lib/libssl/src/FAQ @@ -17,6 +17,7 @@ OpenSSL - Frequently Asked Questions [USER] Questions on using the OpenSSL applications * Why do I get a "PRNG not seeded" error message? +* Why do I get an "unable to write 'random state'" error message? * How do I create certificates or certificate requests? * Why can't I create certificate requests? * Why does fail with a certificate verify error? @@ -47,6 +48,7 @@ OpenSSL - Frequently Asked Questions * Why do I get errors about unknown algorithms? * Why can't the OpenSSH configure script detect OpenSSL? * Can I use OpenSSL's SSL library with non-blocking I/O? +* Why doesn't my server application receive a client certificate? =============================================================================== @@ -55,7 +57,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from . -OpenSSL 0.9.6a was released on April 5th, 2001. +OpenSSL 0.9.6b was released on July 9th, 2001. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which @@ -190,6 +211,18 @@ versions. However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. +* Why do I get an "unable to write 'random state'" error message? + + +Sometimes the openssl command line utility does not abort with +a "PRNG not seeded" error message, but complains that it is +"unable to write 'random state'". This message refers to the +default seeding file (see previous answer). A possible reason +is that no default filename is known because neither RANDFILE +nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the +current directory in this case, but this has changed with 0.9.6a.) + + * How do I create certificates or certificate requests? Check out the CA.pl(1) manual page. This provides a simple wrapper round @@ -543,5 +576,12 @@ requiring a bi-directional message exchange; both SSL_read() and SSL_write() will try to continue any pending handshake. +* Why doesn't my server application receive a client certificate? + +Due to the TLS protocol definition, a client will only send a certificate, +if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the +SSL_CTX_set_verify() function to enable the use of client certificates. + + =============================================================================== diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL index a7854f3d10..5bafcd4b5d 100644 --- a/src/lib/libssl/src/INSTALL +++ b/src/lib/libssl/src/INSTALL @@ -7,8 +7,11 @@ To install OpenSSL, you will need: + * make * Perl 5 * an ANSI C compiler + * a development environment in form of development libraries and C + header files * a supported Unix operating system Quick Start @@ -42,9 +45,6 @@ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, the library files and binaries are also installed there. - rsaref Build with RSADSI's RSAREF toolkit (this assumes that - librsaref.a is in the library search path). - no-threads Don't try to build with support for multi-threaded applications. @@ -127,7 +127,7 @@ directory, and the binary will be in the "apps" directory. If "make" fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like missing + the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be forwarded to a public mailing list). Include the diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS index 1fe78a41bb..b8ea2d0a4d 100644 --- a/src/lib/libssl/src/INSTALL.VMS +++ b/src/lib/libssl/src/INSTALL.VMS @@ -8,6 +8,7 @@ Intro: This file is divided in the following parts: + Requirements - Mandatory reading. Checking the distribution - Mandatory reading. Compilation - Mandatory reading. Logical names - Mandatory reading. @@ -19,6 +20,15 @@ This file is divided in the following parts: TODO - Things that are to come. +Requirements: +============= + +To build and install OpenSSL, you will need: + + * DEC C or some other ANSI C compiler. VAX C is *not* supported. + [Note: OpenSSL has only been tested with DEC C. Compiling with + a different ANSI C compiler may require some work] + Checking the distribution: ========================== diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index d24a0b5010..abd4df61a2 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org @@ -476,20 +476,20 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @echo installing man 1 and man 5 @for i in doc/apps/*.pod; do \ - (cd `dirname $$i`; \ fn=`basename $$i .pod`; \ - sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \ + if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ + echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ + (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i` \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ done - @echo installing man 3 and man 7 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ - (cd `dirname $$i`; \ fn=`basename $$i .pod`; \ - sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \ + if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ + echo "installing man$$sec/`basename $$i .pod`.$$sec"; \ + (cd `dirname $$i`; \ $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ --release=$(VERSION) `basename $$i` \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index b9ea61239f..f45d8e5ced 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS @@ -5,6 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: + + o Security fix: PRNG improvements. + o Security fix: RSA OAEP check. + o Security fix: Reinsert and fix countermeasure to Bleichbacher's + attack. + o MIPS bug fix in BIGNUM. + o Bug fix in "openssl enc". + o Bug fix in X.509 printing routine. + o Bug fix in DSA verification routine and DSA S/MIME verification. + o Bug fix to make PRNG thread-safe. + o Bug fix in RAND_file_name(). + o Bug fix in compatibility mode trust settings. + o Bug fix in blowfish EVP. + o Increase default size for BIO buffering filter. + o Compatibility fixes in some scripts. + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: o Security fix: change behavior of OpenSSL to avoid using diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index c500744c6b..a2ede5f391 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README @@ -1,8 +1,8 @@ - OpenSSL 0.9.6a [engine] 5 Apr 2001 + OpenSSL 0.9.6b [engine] 9 Jul 2001 - Copyright (c) 1998-2000 The OpenSSL Project + Copyright (c) 1998-2001 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c index 2ab0c4db51..f3fb45b7b4 100644 --- a/src/lib/libssl/src/apps/ca.c +++ b/src/lib/libssl/src/apps/ca.c @@ -1247,7 +1247,11 @@ bad: X509_free(revcert); strncpy(buf[0],dbfile,BSIZE-4); +#ifndef VMS strcat(buf[0],".new"); +#else + strcat(buf[0],"-new"); +#endif if (BIO_write_filename(out,buf[0]) <= 0) { perror(dbfile); @@ -1257,7 +1261,11 @@ bad: j=TXT_DB_write(out,db); if (j <= 0) goto err; strncpy(buf[1],dbfile,BSIZE-4); +#ifndef VMS strcat(buf[1],".old"); +#else + strcat(buf[1],"-old"); +#endif if (rename(dbfile,buf[1]) < 0) { BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index ab3e2dbb02..61b2a0dc4b 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c @@ -74,7 +74,7 @@ #undef PROG #define PROG dgst_main -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, +void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen); int MAIN(int, char **); @@ -95,7 +95,7 @@ int MAIN(int argc, char **argv) int debug=0; const char *outfile = NULL, *keyfile = NULL; const char *sigfile = NULL, *randfile = NULL; - char out_bin = -1, want_pub = 0, do_verify = 0; + int out_bin = -1, want_pub = 0, do_verify = 0; EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; @@ -365,7 +365,7 @@ end: EXIT(err); } -void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, +void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen) { int len; diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c index b9190ef53f..fcb2581b66 100644 --- a/src/lib/libssl/src/apps/enc.c +++ b/src/lib/libssl/src/apps/enc.c @@ -542,6 +542,14 @@ bad: BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } + if ((hiv == NULL) && (str == NULL)) + { + /* No IV was explicitly set and no IV was generated + * during EVP_BytesToKey. Hence the IV is undefined, + * making correct decryption impossible. */ + BIO_printf(bio_err, "iv undefined\n"); + goto end; + } if ((hkey != NULL) && !set_hex(hkey,key,24)) { BIO_printf(bio_err,"invalid hex key value\n"); diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c index 16b940084b..7bf71ef868 100644 --- a/src/lib/libssl/src/apps/smime.c +++ b/src/lib/libssl/src/apps/smime.c @@ -299,6 +299,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c index 3562ea277b..9c91f718e0 100644 --- a/src/lib/libssl/src/apps/speed.c +++ b/src/lib/libssl/src/apps/speed.c @@ -83,12 +83,12 @@ #include #include -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) # define USE_TOD #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) # define TIMEB #endif diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c index 314bdfb1c7..89ae73a6de 100644 --- a/src/lib/libssl/src/crypto/asn1/t_x509.c +++ b/src/lib/libssl/src/crypto/asn1/t_x509.c @@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) ll=80-2-obase; s=X509_NAME_oneline(name,buf,256); + if (!*s) + return 1; s++; /* skip the first slash */ l=ll; diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c index b2e2a51477..4397a404b5 100644 --- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c +++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c @@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) a=key->algor; if (ret->type == EVP_PKEY_DSA) { - if (a->parameter->type == V_ASN1_SEQUENCE) + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ret->pkey.dsa->write_params=0; p=a->parameter->value.sequence->data; diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c index b4f7a85f2e..91a049406e 100644 --- a/src/lib/libssl/src/crypto/bio/b_print.c +++ b/src/lib/libssl/src/crypto/bio/b_print.c @@ -109,7 +109,11 @@ #endif #if HAVE_LONG_LONG -#define LLONG long long +# if defined(WIN32) && !defined(__GNUC__) +# define LLONG _int64 +# else +# define LLONG long long +# endif #else #define LLONG long #endif @@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer, /* some handy macros */ #define char_to_int(p) (p - '0') -#define MAX(p,q) ((p >= q) ? p : q) +#define OSSL_MAX(p,q) ((p >= q) ? p : q) static void _dopr( @@ -503,13 +507,13 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { - zpadlen = MAX(zpadlen, spadlen); + zpadlen = OSSL_MAX(zpadlen, spadlen); spadlen = 0; } if (flags & DP_F_MINUS) @@ -641,7 +645,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); - } while (fracpart && (fplace < 20)); + } while (fplace < max); if (fplace == 20) fplace--; fconvert[fplace] = 0; diff --git a/src/lib/libssl/src/crypto/bio/bf_buff.c b/src/lib/libssl/src/crypto/bio/bf_buff.c index f50e8f98a3..c90238bae1 100644 --- a/src/lib/libssl/src/crypto/bio/bf_buff.c +++ b/src/lib/libssl/src/crypto/bio/bf_buff.c @@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -#define DEFAULT_BUFFER_SIZE 1024 +#define DEFAULT_BUFFER_SIZE 4096 static BIO_METHOD methods_buffer= { diff --git a/src/lib/libssl/src/crypto/bn/asm/mips3.s b/src/lib/libssl/src/crypto/bn/asm/mips3.s index 45786c00a5..dca4105c7d 100644 --- a/src/lib/libssl/src/crypto/bn/asm/mips3.s +++ b/src/lib/libssl/src/crypto/bn/asm/mips3.s @@ -1,5 +1,5 @@ .rdata -.asciiz "mips3.s, Version 1.0" +.asciiz "mips3.s, Version 1.1" .asciiz "MIPS III/IV ISA artwork by Andy Polyakov " /* @@ -849,6 +849,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -856,7 +857,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -884,6 +886,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -891,7 +894,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -928,6 +932,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -935,7 +940,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -981,6 +987,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -988,7 +995,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) /* r[13]=c2; */ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ @@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8) dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8) dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c index 9de60fd528..a7a9262133 100644 --- a/src/lib/libssl/src/crypto/cryptlib.c +++ b/src/lib/libssl/src/crypto/cryptlib.c @@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i) } else #endif - if (--(pointer->references) <= 0) + if (pointer->references <= 0) { sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); } @@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - int i = -type - 1; struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(i); + = CRYPTO_get_dynlock_value(type); - if (pointer) + if (pointer && dynlock_lock_callback) { dynlock_lock_callback(mode, pointer, file, line); } - CRYPTO_destroy_dynlockid(i); + CRYPTO_destroy_dynlockid(type); } else if (locking_callback != NULL) @@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, CRYPTO_get_lock_name(type), file,line); #endif - *pointer=ret; } else { diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h index 65689a3426..12b60a8faa 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa.h +++ b/src/lib/libssl/src/crypto/dsa/dsa.h @@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r); /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_MISSING_PARAMETERS 101 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c index 2b3ab3a9ad..736aeef7c4 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c @@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index 5cbbdddfb9..34c6e9a141 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; diff --git a/src/lib/libssl/src/crypto/evp/e_bf.c b/src/lib/libssl/src/crypto/evp/e_bf.c index 72047f64da..53559b0b65 100644 --- a/src/lib/libssl/src/crypto/evp/e_bf.c +++ b/src/lib/libssl/src/crypto/evp/e_bf.c @@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, - 0, bf_init_key, NULL, + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index 76d417b44a..fd43127092 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h @@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, - unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c index 09b72bf4bd..e7434ef9b2 100644 --- a/src/lib/libssl/src/crypto/evp/evp_key.c +++ b/src/lib/libssl/src/crypto/evp/evp_key.c @@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) #endif } -int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, - unsigned char *data, int datal, int count, unsigned char *key, - unsigned char *iv) +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index dc50f6d7da..4b25018e49 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h @@ -2,7 +2,7 @@ #define HEADER_OPENSSLV_H /* Numeric release version identifier: - * MMNNFFPPS: major minor fix patch status + * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas * 1 to 14, and f for release. The patch level is exactly that. * For example: @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090601fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" +#define OPENSSL_VERSION_NUMBER 0x0090602fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/src/lib/libssl/src/crypto/perlasm/x86unix.pl b/src/lib/libssl/src/crypto/perlasm/x86unix.pl index 309060ea00..10a7af8bff 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86unix.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86unix.pl @@ -79,7 +79,7 @@ sub main'DWP local($addr,$reg1,$reg2,$idx)=@_; $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; + $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); $ret.=$addr if ($addr ne "") && ($addr ne 0); diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c index ae57570608..04b9d695b0 100644 --- a/src/lib/libssl/src/crypto/rand/md_rand.c +++ b/src/lib/libssl/src/crypto/rand/md_rand.c @@ -141,10 +141,11 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; -/* This should be set to 1 only when ssleay_rand_add() is called inside - an already locked state, so it doesn't try to lock and thereby cause - a hang. And it should always be reset back to 0 before unlocking. */ -static int add_do_not_lock=0; +static unsigned int crypto_lock_rand = 0; /* may be set only when a thread + * holds CRYPTO_LOCK_RAND + * (to prevent double locking) */ +static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ + #ifdef PREDICT int rand_predictable=0; @@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; + int do_not_lock; /* * (Based on the rand(3) manpage) @@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ - if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); + /* check if we already have the lock */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx=state_index; /* use our own copies of the counters so that even @@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); for (i=0; i 0) @@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { int ret; + unsigned long err; ret = RAND_bytes(buf, num); if (ret == 0) { - long err = ERR_peek_error(); + err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) (void)ERR_get_error(); @@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) static int ssleay_rand_status(void) { int ret; + int do_not_lock; + /* check if we already have the lock + * (could happen if a RAND_poll() implementation calls RAND_status()) */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) + { + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + crypto_lock_rand = 1; + locking_thread = CRYPTO_thread_id(); + } + if (!initialized) + { RAND_poll(); + initialized = 1; + } - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - initialized = 1; ret = entropy >= ENTROPY_NEEDED; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) + { + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + locking_thread = 0; + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + return ret; } diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index f4376cf8cc..2ffb84c89e 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c @@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size) { if (issetugid() == 0) s=getenv("HOME"); +#ifdef DEFAULT_HOME + if (s == NULL) + { + s = DEFAULT_HOME; + } +#endif if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { strlcpy(buf,s,size); @@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size) strlcat(buf,RFILE,size); ret=buf; } - else + else buf[0] = '\0'; /* no file name */ } diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c index fd0b7f361f..1849e55cd5 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c @@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; unsigned char *maskeddb; int lzero; - unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - return (-1); - } + goto decoding_err; + lzero = num - flen; + if (lzero < 0) + goto decoding_err; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + dblen = num - SHA_DIGEST_LENGTH; db = OPENSSL_malloc(dblen); if (db == NULL) @@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, return (-1); } - lzero = num - flen; - maskeddb = from - lzero + SHA_DIGEST_LENGTH; - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); for (i = lzero; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= from[i - lzero]; @@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; if (db[i] != 0x01 || i++ >= dblen) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, - RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { mlen = dblen - i; if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); mlen = -1; } else @@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } OPENSSL_free(db); return (mlen); + +decoding_err: + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; } int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c index 6a3ba8eb15..f0271fdfa1 100644 --- a/src/lib/libssl/src/crypto/x509/x509_obj.c +++ b/src/lib/libssl/src/crypto/x509/x509_obj.c @@ -214,6 +214,8 @@ int i; } else p=buf; + if (i == 0) + *p = '\0'; return(p); err: X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c index a7b1543461..86b3b79dcc 100644 --- a/src/lib/libssl/src/crypto/x509/x509_trs.c +++ b/src/lib/libssl/src/crypto/x509/x509_trs.c @@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if(x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod index e436ccc37e..a68ddca139 100644 --- a/src/lib/libssl/src/doc/apps/enc.pod +++ b/src/lib/libssl/src/doc/apps/enc.pod @@ -96,12 +96,18 @@ of hex digits. =item B<-K key> the actual key to use: this must be represented as a string comprised only -of hex digits. +of hex digits. If only the key is specified, the IV must additionally specified +using the B<-iv> option. When both a key and a password are specified, the +key given with the B<-K> option will be used and the IV generated from the +password will be taken. It probably does not make much sense to specify +both key and password. =item B<-iv IV> the actual IV to use: this must be represented as a string comprised only -of hex digits. +of hex digits. When only the key is specified using the B<-K> option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. =item B<-p> diff --git a/src/lib/libssl/src/doc/apps/rsautl.pod b/src/lib/libssl/src/doc/apps/rsautl.pod index 7a334bc8d6..a7c1681d98 100644 --- a/src/lib/libssl/src/doc/apps/rsautl.pod +++ b/src/lib/libssl/src/doc/apps/rsautl.pod @@ -101,11 +101,11 @@ Sign some data using a private key: Recover the signed data - openssl rsautl -sign -in sig -inkey key.pem + openssl rsautl -verify -in sig -inkey key.pem Examine the raw signed data: - openssl rsautl -sign -in file -inkey key.pem -raw -hexdump + openssl rsautl -verify -in file -inkey key.pem -raw -hexdump 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod index 419383b55d..313116ab66 100644 --- a/src/lib/libssl/src/doc/apps/s_server.pod +++ b/src/lib/libssl/src/doc/apps/s_server.pod @@ -7,7 +7,7 @@ s_server - SSL/TLS server program =head1 SYNOPSIS -B B +B B [B<-accept port>] [B<-context id>] [B<-verify depth>] diff --git a/src/lib/libssl/src/doc/crypto/bio.pod b/src/lib/libssl/src/doc/crypto/bio.pod index 24f61dfb56..f9239226ff 100644 --- a/src/lib/libssl/src/doc/crypto/bio.pod +++ b/src/lib/libssl/src/doc/crypto/bio.pod @@ -40,7 +40,7 @@ BIO). =head1 SEE ALSO L, -L, +L, L, L, L, L, L, L, L, diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod index 9545f0e109..96901f109e 100644 --- a/src/lib/libssl/src/doc/crypto/rand.pod +++ b/src/lib/libssl/src/doc/crypto/rand.pod @@ -127,13 +127,12 @@ function and xor). When bytes are extracted from the RNG, the following process is used. For each group of 10 bytes (or less), we do the following: -Input into the hash function the top 10 bytes from the local 'md' -(which is initialized from the global 'md' before any bytes are -generated), the bytes that are to be overwritten by the random bytes, -and bytes from the 'state' (incrementing looping index). From this -digest output (which is kept in 'md'), the top (up to) 10 bytes are -returned to the caller and the bottom (up to) 10 bytes are xored into -the 'state'. +Input into the hash function the local 'md' (which is initialized from +the global 'md' before any bytes are generated), the bytes that are to +be overwritten by the random bytes, and bytes from the 'state' +(incrementing looping index). From this digest output (which is kept +in 'md'), the top (up to) 10 bytes are returned to the caller and the +bottom 10 bytes are xored into the 'state'. Finally, after we have finished 'num' random bytes for the caller, 'count' (which is incremented) and the local and global 'md' are fed diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod index 15067438c8..5686faf299 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod @@ -40,7 +40,7 @@ SSL_CTX_get_ex_data() is used to retrieve the information for B from B. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. +can be found in L. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in L. diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod index 88f18bd5ff..0f63537e78 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -33,10 +33,6 @@ which can be used e.g. for descriptions of the certificates. The B is processed on execution of the SSL_CTX_load_verify_locations() function. -If on an TLS/SSL server no special setting is performed using *client_CA_list() -functions, the certificates contained in B are listed to the client -as available CAs during the TLS/SSL handshake. - If B is not NULL, it points to a directory containing CA certificates in PEM format. The files each contain one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. @@ -50,9 +46,6 @@ The certificates in B are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate. -On a server, the certificates in B are not listed as available -CA certificates to a client during a TLS/SSL handshake. - When looking up CA certificates, the OpenSSL library will first search the certificates in B, then those in B. Certificate matching is done based on the subject name, the key identifier (if present), and the @@ -62,6 +55,13 @@ matching the parameters is found, the verification process will be performed; no other certificates for the same parameters will be searched in case of failure. +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of B or B and must +explicitely be set using the +L +family of functions. + When building its own certificate chain, an OpenSSL client/server will try to fill in missing certificates from B/B, if the certificate chain was not explicitly specified (see diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod index 81e312761e..632b556d12 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod @@ -36,25 +36,23 @@ the chosen B, overriding the setting valid for B's SSL_CTX object. When a TLS/SSL server requests a client certificate (see B), it sends a list of CAs, for which -it will accept certificates, to the client. If no special list is provided, -the CAs available using the B option in -L -are sent. +it will accept certificates, to the client. -This list can be explicitly set using the SSL_CTX_set_client_CA_list() for +This list must explicitly be set using SSL_CTX_set_client_CA_list() for B and SSL_set_client_CA_list() for the specific B. The list specified overrides the previous setting. The CAs listed do not become trusted (B only contains the names, not the complete certificates); use L to additionally load them for verification. +If the list of acceptable CAs is compiled in a file, the +L +function can be used to help importing the necessary data. + SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional items the list of client CAs. If no list was specified before using SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client -CA list for B or B (as appropriate) is opened. The CAs implicitly -specified using -L -are no longer used automatically. +CA list for B or B (as appropriate) is opened. These functions are only useful for TLS/SSL servers. @@ -80,11 +78,17 @@ to find out the reason. =back +=head1 EXAMPLES + +Scan all certificates in B and list them as acceptable CAs: + + SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); + =head1 SEE ALSO L, L, -L +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod index 083766f8d0..8bbfc78720 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -101,7 +101,7 @@ L, L, L, L, -L, +L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod index dd5cb4f04b..da0bcf1590 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod @@ -40,7 +40,7 @@ SSL_SESSION_get_ex_data() is used to retrieve the information for B from B. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. +can be found in L. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in L. diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod index fefaf61936..d95eec78aa 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod @@ -69,6 +69,17 @@ to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. +=item SSL_ERROR_WANT_CONNECT + +The operation did not complete; the same TLS/SSL I/O function should be +called again later. The underlying BIO was not connected yet to the peer +and the call would block in connect(). The SSL function should be +called again when the connection is established. This messages can only +appear with a BIO_s_connect() BIO. +In order to find out, when the connection has been successfully established, +on many platforms select() or poll() for writing on the socket file descriptor +can be used. + =item SSL_ERROR_WANT_X509_LOOKUP The operation did not complete because an application callback set by diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod index 2b69bb1050..6644ef8fbc 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod @@ -40,7 +40,7 @@ SSL_get_ex_data() is used to retrieve the information for B from B. A detailed description for the B<*_get_ex_new_index()> functionality -can be found in L. +can be found in L. The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in L. diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod index 1102c7fba9..18d1db5183 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod @@ -17,6 +17,12 @@ peer presented. If the peer did not present a certificate, NULL is returned. =head1 NOTES +Due to the protocol definition, a TLS/SSL server will always send a +certificate, if present. A client will only send a certificate when +explicitely requested to do so by the server (see +L). If an anonymous cipher +is used, no certificates are sent. + That a certificate is returned does not indicate information about the verification state, use L to check the verification state. @@ -43,6 +49,7 @@ The return value points to the certificate presented by the peer. =head1 SEE ALSO -L, L +L, L, +L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_read.pod b/src/lib/libssl/src/doc/ssl/SSL_read.pod index 7db5ee0a22..cc7aa1a547 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_read.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_read.pod @@ -29,7 +29,22 @@ initialized to client or server mode. This is not the case if a generic method is being used (see L, so that L or SSL_set_accept_state() must be used before the first call to an SSL_read() or -L function. +L function). + +SSL_read() works based on the SSL/TLS records. The data are received in +records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a +record has been completely received, it can be processed (decryption and +check of integrity). Therefore data that was not retrieved at the last +call of SSL_read() can still be buffered inside the SSL layer and will be +retrieved on the next call to SSL_read(). If B is higher than the +number of bytes buffered, SSL_read() will return with the bytes buffered. +If no more bytes are in the buffer, SSL_read() will trigger the processing +of the next record. Only when the record has been received and processed +completely, SSL_read() will return reporting success. At most the contents +of the record will be returned. As the size of an SSL/TLS record may exceed +the maximum packet size of the underlying transport (e.g. TCP), it may +be necessary to read several packets from the transport layer before the +record is complete and SSL_read() can succeed. If the underlying BIO is B, SSL_read() will only return, once the read operation has been finished or an error occurred, except when a diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod index 7988dd3c90..c4ae6704e7 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod @@ -66,7 +66,7 @@ Call SSL_get_error() with the return value B to find out the reason. L, L, L, L, -L, +L, L, L, L =cut diff --git a/src/lib/libssl/src/doc/ssl/SSL_write.pod b/src/lib/libssl/src/doc/ssl/SSL_write.pod index be1ad76d3b..b0dfefae20 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_write.pod +++ b/src/lib/libssl/src/doc/ssl/SSL_write.pod @@ -50,6 +50,17 @@ non-blocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +SSL_write() will only return with success, when the complete contents +of B of length B has been written. This default behaviour +can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of +L. When this flag is set, +SSL_write() will also return with success, when a partial write has been +successfully completed. In this case the SSL_write() operation is considered +completed. The bytes are sent and a new SSL_write() operation with a new +buffer (with the already sent bytes removed) must be started. +A partial write is performed with the size of a message block, which is +16kB for SSLv3/TLSv1. + =head1 WARNING When an SSL_write() operation has to be repeated because of diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h index fc61e0e00b..44aec41406 100644 --- a/src/lib/libssl/src/e_os.h +++ b/src/lib/libssl/src/e_os.h @@ -223,6 +223,7 @@ extern "C" { # define SSLEAY_CONF OPENSSL_CONF # define NUL_DEV "nul" # define RFILE ".rnd" +# define DEFAULT_HOME "C:" #else /* The non-microsoft world world */ diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c index 1ed02540ae..2fa2f310a8 100644 --- a/src/lib/libssl/src/ssl/s2_srvr.c +++ b/src/lib/libssl/src/ssl/s2_srvr.c @@ -405,12 +405,13 @@ static int get_client_master_key(SSL *s) /* bad decrypt */ #if 1 /* If a bad decrypt, continue with protocol but with a - * dud master secret */ + * random master secret (Bleichenbacher attack) */ if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c))) || (is_export && ((i != ek) || (s->s2->tmp.clear+i != EVP_CIPHER_key_length(c)))))) { + ERR_clear_error(); if (is_export) i=ek; else diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c index 9f52c39ca9..8709da9175 100644 --- a/src/lib/libssl/src/ssl/s3_enc.c +++ b/src/lib/libssl/src/ssl/s3_enc.c @@ -356,7 +356,7 @@ int ssl3_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -366,7 +366,6 @@ int ssl3_enc(SSL *s, int send) /* COMPRESS */ - /* This should be using (bs-1) and bs instead of 7 and 8 */ if ((bs != 1) && send) { i=bs-((int)l%bs); @@ -376,12 +375,24 @@ int ssl3_enc(SSL *s, int send) rec->length+=i; rec->input[l-1]=(i-1); } - + + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { i=rec->data[l-1]+1; + /* SSL 3.0 bounds the number of padding bytes by the block size; + * padding bytes (except that last) are arbitrary */ if (i > bs) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index d04232960e..258af84867 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c @@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s) i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + al = -1; + if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - goto f_err; } - if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the @@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s) } } + if (al != -1) + { +#if 0 + goto f_err; +#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding + * (see RFC 2246, section 7.4.7.1). + * But note that due to length and protocol version checking, the + * attack is impractical anyway (see section 5 in D. Bleichenbacher: + * "Chosen Ciphertext Attacks Against Protocols Based on the RSA + * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). + */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +#endif + } + s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index d10a23af8e..a0758e9261 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c @@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { - ii=i=rec->data[l-1]; + ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { @@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl index 9c7b7dd158..7384243cbd 100644 --- a/src/lib/libssl/src/test/Makefile.ssl +++ b/src/lib/libssl/src/test/Makefile.ssl @@ -192,7 +192,7 @@ test_bn: @./$(BNTEST) >tmp.bntest @echo quit >>tmp.bntest @echo "running bc" - @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' + @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' @echo 'test a^b%c implementations' ./$(EXPTEST) diff --git a/src/lib/libssl/src/test/bctest b/src/lib/libssl/src/test/bctest new file mode 100644 index 0000000000..bdb3218f7a --- /dev/null +++ b/src/lib/libssl/src/test/bctest @@ -0,0 +1,111 @@ +#!/bin/sh + +# This script is used by test/Makefile.ssl to check whether a sane 'bc' +# is installed. +# ('make test_bn' should not try to run 'bc' if it does not exist or if +# it is a broken 'bc' version that is known to cause trouble.) +# +# If 'bc' works, we also test if it knows the 'print' command. +# +# In any case, output an appropriate command line for running (or not +# running) bc. + + +IFS=: +try_without_dir=true +# First we try "bc", then "$dir/bc" for each item in $PATH. +for dir in dummy:$PATH; do + if [ "$try_without_dir" = true ]; then + # first iteration + bc=bc + try_without_dir=false + else + # second and later iterations + bc="$dir/bc" + if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix + bc='' + fi + fi + + if [ ! "$bc" = '' ]; then + failure=none + + + # Test for SunOS 5.[78] bc bug + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +EOF + if [ 0 != "`cat tmp.bctest`" ]; then + failure=SunOStest + fi + + + if [ "$failure" = none ]; then + # Test for SCO bc bug. + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +EOF + if [ "0 +0" != "`cat tmp.bctest`" ]; then + failure=SCOtest + fi + fi + + + if [ "$failure" = none ]; then + # bc works; now check if it knows the 'print' command. + if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] + then + echo "$bc" + else + echo "sed 's/print.*//' | $bc" + fi + exit 0 + fi + + echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 + fi +done + +echo "No working bc found. Consider installing GNU bc." >&2 +if [ "$1" = ignore ]; then + echo "cat >/dev/null" + exit 0 +fi +exit 1 diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version index 3066b9771e..900b4048a9 100644 --- a/src/lib/libssl/ssl/shlib_version +++ b/src/lib/libssl/ssl/shlib_version @@ -1,2 +1,2 @@ major=5 -minor=0 +minor=1 diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index d10a23af8e..a0758e9261 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c @@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { - ii=i=rec->data[l-1]; + ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { @@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl index 9c7b7dd158..7384243cbd 100644 --- a/src/lib/libssl/test/Makefile.ssl +++ b/src/lib/libssl/test/Makefile.ssl @@ -192,7 +192,7 @@ test_bn: @./$(BNTEST) >tmp.bntest @echo quit >>tmp.bntest @echo "running bc" - @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' + @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' @echo 'test a^b%c implementations' ./$(EXPTEST) diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest new file mode 100644 index 0000000000..bdb3218f7a --- /dev/null +++ b/src/lib/libssl/test/bctest @@ -0,0 +1,111 @@ +#!/bin/sh + +# This script is used by test/Makefile.ssl to check whether a sane 'bc' +# is installed. +# ('make test_bn' should not try to run 'bc' if it does not exist or if +# it is a broken 'bc' version that is known to cause trouble.) +# +# If 'bc' works, we also test if it knows the 'print' command. +# +# In any case, output an appropriate command line for running (or not +# running) bc. + + +IFS=: +try_without_dir=true +# First we try "bc", then "$dir/bc" for each item in $PATH. +for dir in dummy:$PATH; do + if [ "$try_without_dir" = true ]; then + # first iteration + bc=bc + try_without_dir=false + else + # second and later iterations + bc="$dir/bc" + if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix + bc='' + fi + fi + + if [ ! "$bc" = '' ]; then + failure=none + + + # Test for SunOS 5.[78] bc bug + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\ +CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\ +10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\ +C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\ +3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\ +4FC3CADF855448B24A9D7640BCF473E +b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\ +9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\ +8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\ +3ED0E2017D60A68775B75481449 +(a/b)*b + (a%b) - a +EOF + if [ 0 != "`cat tmp.bctest`" ]; then + failure=SunOStest + fi + + + if [ "$failure" = none ]; then + # Test for SCO bc bug. + "$bc" >tmp.bctest <<\EOF +obase=16 +ibase=16 +-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\ +9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\ +11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\ +1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\ +AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\ +F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\ +B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\ +02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\ +85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\ +A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\ +E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\ +8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\ +04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\ +89C8D71 +AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\ +928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\ +8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\ +37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\ +E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\ +F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\ +9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\ +D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\ +5296964 +EOF + if [ "0 +0" != "`cat tmp.bctest`" ]; then + failure=SCOtest + fi + fi + + + if [ "$failure" = none ]; then + # bc works; now check if it knows the 'print' command. + if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ] + then + echo "$bc" + else + echo "sed 's/print.*//' | $bc" + fi + exit 0 + fi + + echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2 + fi +done + +echo "No working bc found. Consider installing GNU bc." >&2 +if [ "$1" = ignore ]; then + echo "cat >/dev/null" + exit 0 +fi +exit 1 -- cgit v1.2.3-55-g6feb