From 9cea7b85baecb1a02a3ea617de73d9693a9792eb Mon Sep 17 00:00:00 2001 From: markus <> Date: Sun, 11 May 2003 21:36:59 +0000 Subject: import 0.9.7b (without idea and rc5) --- src/lib/libcrypto/bf/bftest.c | 10 +- src/lib/libcrypto/bn/asm/vms.mar | 254 ++--- src/lib/libcrypto/bn/bntest.c | 23 +- src/lib/libcrypto/bn/divtest.c | 6 +- src/lib/libcrypto/bn/exptest.c | 22 +- src/lib/libcrypto/cast/casttest.c | 4 +- src/lib/libcrypto/crypto-lib.com | 344 ++----- src/lib/libcrypto/des/FILES0 | 96 ++ src/lib/libcrypto/des/des.c | 32 +- src/lib/libcrypto/des/des_old.h | 10 +- src/lib/libcrypto/des/destest.c | 6 +- src/lib/libcrypto/des/read2pwd.c | 8 +- src/lib/libcrypto/des/read_pwd.c | 44 +- src/lib/libcrypto/dh/dhtest.c | 14 +- src/lib/libcrypto/dsa/dsagen.c | 2 +- src/lib/libcrypto/dsa/dsatest.c | 17 +- src/lib/libcrypto/dso/dso_dl.c | 2 +- src/lib/libcrypto/dso/dso_win32.c | 2 +- src/lib/libcrypto/ec/ectest.c | 11 +- src/lib/libcrypto/engine/enginetest.c | 11 +- src/lib/libcrypto/engine/hw_4758_cca.c | 6 +- src/lib/libcrypto/engine/hw_atalla.c | 2 + src/lib/libcrypto/engine/hw_cryptodev.c | 540 ++++++---- src/lib/libcrypto/engine/hw_cswift.c | 73 ++ src/lib/libcrypto/engine/hw_ncipher.c | 68 +- src/lib/libcrypto/engine/hw_ncipher_err.c | 3 +- src/lib/libcrypto/engine/hw_ncipher_err.h | 1 + src/lib/libcrypto/engine/hw_nuron.c | 2 + src/lib/libcrypto/engine/hw_sureware.c | 1039 ++++++++++++++++++++ src/lib/libcrypto/engine/hw_ubsec.c | 2 + src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h | 100 ++ .../libcrypto/engine/vendor_defns/hwcryptohook.h | 486 +++++++++ src/lib/libcrypto/engine/vendor_defns/sureware.h | 239 +++++ src/lib/libcrypto/evp/bio_ok.c | 2 +- src/lib/libcrypto/evp/evp_acnf.c | 1 - src/lib/libcrypto/evp/evp_test.c | 58 +- src/lib/libcrypto/hmac/hmactest.c | 21 +- src/lib/libcrypto/idea/version | 12 + src/lib/libcrypto/md2/md2_dgst.c | 9 +- src/lib/libcrypto/md2/md2_one.c | 2 +- src/lib/libcrypto/md2/md2test.c | 5 +- src/lib/libcrypto/md4/md4.c | 4 +- src/lib/libcrypto/md4/md4test.c | 4 +- src/lib/libcrypto/md5/md5.c | 2 +- src/lib/libcrypto/md5/md5test.c | 4 +- src/lib/libcrypto/mdc2/mdc2test.c | 146 +++ src/lib/libcrypto/mem.c | 47 +- src/lib/libcrypto/objects/obj_dat.h | 29 +- src/lib/libcrypto/objects/obj_mac.h | 12 +- src/lib/libcrypto/opensslconf.h | 2 +- src/lib/libcrypto/opensslconf.h.in | 2 +- src/lib/libcrypto/perlasm/x86ms.pl | 15 +- src/lib/libcrypto/perlasm/x86nasm.pl | 15 +- src/lib/libcrypto/perlasm/x86unix.pl | 53 +- src/lib/libcrypto/pkcs7/bio_ber.c | 2 +- src/lib/libcrypto/rand/md_rand.c | 4 +- src/lib/libcrypto/rand/rand_egd.c | 6 +- src/lib/libcrypto/rand/rand_unix.c | 11 +- src/lib/libcrypto/rand/rand_win.c | 84 +- src/lib/libcrypto/rand/randtest.c | 4 +- src/lib/libcrypto/rc2/rc2test.c | 4 +- src/lib/libcrypto/rc4/rc4.c | 4 +- src/lib/libcrypto/rc4/rc4test.c | 4 +- src/lib/libcrypto/rc5/rc5s.cpp | 70 ++ src/lib/libcrypto/ripemd/rmd160.c | 2 +- src/lib/libcrypto/ripemd/rmdtest.c | 4 +- src/lib/libcrypto/rsa/rsa_test.c | 1 - src/lib/libcrypto/sha/sha1test.c | 4 +- src/lib/libcrypto/sha/sha_one.c | 3 +- src/lib/libcrypto/sha/shatest.c | 4 +- src/lib/libcrypto/threads/mttest.c | 5 - src/lib/libcrypto/tmdiff.c | 32 +- src/lib/libcrypto/uid.c | 2 +- src/lib/libcrypto/util/bat.sh | 2 + src/lib/libcrypto/util/cygwin.sh | 2 + src/lib/libcrypto/util/domd | 7 +- src/lib/libcrypto/util/extract-names.pl | 22 + src/lib/libcrypto/util/libeay.num | 226 +++-- src/lib/libcrypto/util/mk1mf.pl | 33 +- src/lib/libcrypto/util/mkcerts.sh | 6 +- src/lib/libcrypto/util/mkdef.pl | 25 +- src/lib/libcrypto/util/pl/BC-32.pl | 4 +- src/lib/libcrypto/util/pl/Mingw32.pl | 34 +- src/lib/libcrypto/util/pl/VC-32.pl | 2 +- src/lib/libcrypto/util/pl/VC-CE.pl | 111 +++ src/lib/libcrypto/util/ssleay.num | 2 +- src/lib/libcrypto/x509v3/v3conf.c | 2 +- 87 files changed, 3706 insertions(+), 946 deletions(-) create mode 100644 src/lib/libcrypto/des/FILES0 create mode 100644 src/lib/libcrypto/engine/hw_sureware.c create mode 100644 src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h create mode 100644 src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h create mode 100644 src/lib/libcrypto/engine/vendor_defns/sureware.h create mode 100644 src/lib/libcrypto/idea/version create mode 100644 src/lib/libcrypto/mdc2/mdc2test.c create mode 100644 src/lib/libcrypto/rc5/rc5s.cpp create mode 100644 src/lib/libcrypto/util/extract-names.pl create mode 100644 src/lib/libcrypto/util/pl/VC-CE.pl (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/bf/bftest.c b/src/lib/libcrypto/bf/bftest.c index 09895f2542..24d526b14b 100644 --- a/src/lib/libcrypto/bf/bftest.c +++ b/src/lib/libcrypto/bf/bftest.c @@ -63,6 +63,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_BF int main(int argc, char *argv[]) { @@ -275,7 +277,7 @@ int main(int argc, char *argv[]) else ret=test(); - exit(ret); + EXIT(ret); return(0); } @@ -454,9 +456,9 @@ static int test(void) len=strlen(cbc_data)+1; BF_set_key(&key,16,cbc_key); - memset(cbc_in,0,40); - memset(cbc_out,0,40); - memcpy(iv,cbc_iv,8); + memset(cbc_in,0,sizeof cbc_in); + memset(cbc_out,0,sizeof cbc_out); + memcpy(iv,cbc_iv,sizeof iv); BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len, &key,iv,BF_ENCRYPT); if (memcmp(cbc_out,cbc_ok,32) != 0) diff --git a/src/lib/libcrypto/bn/asm/vms.mar b/src/lib/libcrypto/bn/asm/vms.mar index 465f2774b6..aefab15cdb 100644 --- a/src/lib/libcrypto/bn/asm/vms.mar +++ b/src/lib/libcrypto/bn/asm/vms.mar @@ -1,4 +1,4 @@ - .title vax_bn_mul_add_word unsigned multiply & add, 32*32+32+32=>64 + .title vax_bn_mul_add_words unsigned multiply & add, 32*32+32+32=>64 ; ; w.j.m. 15-jan-1999 ; @@ -59,7 +59,7 @@ w=16 ;(AP) w by value (input) movl r6,r0 ; return c ret - .title vax_bn_mul_word unsigned multiply & add, 32*32+32=>64 + .title vax_bn_mul_words unsigned multiply & add, 32*32+32=>64 ; ; w.j.m. 15-jan-1999 ; @@ -172,147 +172,175 @@ n=12 ;(AP) n by value (input) ; } ; ; Using EDIV would be very easy, if it didn't do signed calculations. -; Therefore, som extra things have to happen around it. The way to -; handle that is to shift all operands right one step (basically dividing -; them by 2) and handle the different cases depending on what the lowest -; bit of each operand was. +; Any time any of the input numbers are signed, there are problems, +; usually with integer overflow, at which point it returns useless +; data (the quotient gets the value of l, and the remainder becomes 0). ; -; To start with, let's define the following: +; If it was just for the dividend, it would be very easy, just divide +; it by 2 (unsigned), do the division, multiply the resulting quotient +; and remainder by 2, add the bit that was dropped when dividing by 2 +; to the remainder, and do some adjustment so the remainder doesn't +; end up larger than the divisor. For some cases when the divisor is +; negative (from EDIV's point of view, i.e. when the highest bit is set), +; dividing the dividend by 2 isn't enough, and since some operations +; might generate integer overflows even when the dividend is divided by +; 4 (when the high part of the shifted down dividend ends up being exactly +; half of the divisor, the result is the quotient 0x80000000, which is +; negative...) it needs to be divided by 8. Furthermore, the divisor needs +; to be divided by 2 (unsigned) as well, to avoid more problems with the sign. +; In this case, a little extra fiddling with the remainder is required. ; -; a' = l & 1 -; a2 = >> 1 # UNSIGNED shift! -; b' = d & 1 -; b2 = d >> 1 # UNSIGNED shift! +; So, the simplest way to handle this is always to divide the dividend +; by 8, and to divide the divisor by 2 if it's highest bit is set. +; After EDIV has been used, the quotient gets multiplied by 8 if the +; original divisor was positive, otherwise 4. The remainder, oddly +; enough, is *always* multiplied by 8. +; NOTE: in the case mentioned above, where the high part of the shifted +; down dividend ends up being exactly half the shifted down divisor, we +; end up with a 33 bit quotient. That's no problem however, it usually +; means we have ended up with a too large remainder as well, and the +; problem is fixed by the last part of the algorithm (next paragraph). ; -; Now, use EDIV to calculate a quotient and a remainder: +; The routine ends with comparing the resulting remainder with the +; original divisor and if the remainder is larger, subtract the +; original divisor from it, and increase the quotient by 1. This is +; done until the remainder is smaller than the divisor. ; -; q'' = a2/b2 -; r'' = a2 - q''*b2 +; The complete algorithm looks like this: ; -; If b' is 0, the quotient is already correct, we just need to adjust the -; remainder: +; d' = d +; l' = l & 7 +; [h,l] = [h,l] >> 3 +; [q,r] = floor([h,l] / d) # This is the EDIV operation +; if (q < 0) q = -q # I doubt this is necessary any more ; -; if (b' == 0) -; { -; r = 2*r'' + a' -; q = q'' -; } -; -; If b' is 1, we need to do other adjustements. The first thought is the -; following (note that r' will not always have the right value, but an -; adjustement follows further down): -; -; if (b' == 1) -; { -; q' = q'' -; r' = a - q'*b -; -; However, one can note the folowing relationship: -; -; r'' = a2 - q''*b2 -; => 2*r'' = 2*a2 - 2*q''*b2 -; = { a = 2*a2 + a', b = 2*b2 + b' = 2*b2 + 1, -; q' = q'' } -; = a - a' - q'*(b - 1) -; = a - q'*b - a' + q' -; = r' - a' + q' -; => r' = 2*r'' - q' + a' +; r' = r >> 29 +; if (d' >= 0) +; q' = q >> 29 +; q = q << 3 +; else +; q' = q >> 30 +; q = q << 2 +; r = (r << 3) + l' ; -; This enables us to use r'' instead of discarding and calculating another -; modulo: -; -; if (b' == 1) +; if (d' < 0) ; { -; q' = q'' -; r' = (r'' << 1) - q' + a' -; -; Now, all we have to do is adjust r', because it might be < 0: -; -; while (r' < 0) +; [r',r] = [r',r] - q +; while ([r',r] < 0) ; { -; r' = r' + b -; q' = q' - 1 +; [r',r] = [r',r] + d +; [q',q] = [q',q] - 1 ; } ; } ; -; return q' +; while ([r',r] >= d') +; { +; [r',r] = [r',r] - d' +; [q',q] = [q',q] + 1 +; } +; +; return q h=4 ;(AP) h by value (input) l=8 ;(AP) l by value (input) d=12 ;(AP) d by value (input) -;aprim=r5 -;a2=r6 -;a20=r6 -;a21=r7 -;bprim=r8 -;b2=r9 -;qprim=r10 ; initially used as q'' -;rprim=r11 ; initially used as r'' - +;r2 = l, q +;r3 = h, r +;r4 = d +;r5 = l' +;r6 = r' +;r7 = d' +;r8 = q' .psect code,nowrt -.entry bn_div_words,^m +.entry bn_div_words,^m movl l(ap),r2 movl h(ap),r3 movl d(ap),r4 - movl #0,r5 - movl #0,r8 - movl #0,r0 -; movl #0,r1 + bicl3 #^XFFFFFFF8,r2,r5 ; l' = l & 7 + bicl3 #^X00000007,r2,r2 - rotl #-1,r2,r6 ; a20 = l >> 1 (almost) - rotl #-1,r3,r7 ; a21 = h >> 1 (almost) - rotl #-1,r4,r9 ; b2 = d >> 1 (almost) + bicl3 #^XFFFFFFF8,r3,r6 + bicl3 #^X00000007,r3,r3 + + addl r6,r2 - tstl r6 - bgeq 1$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 0 - incl r5 ; a' = 1 -1$: - tstl r7 - bgeq 2$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 1, - ; since that's what was lowest in a21 - xorl2 #^X80000000,r7 ; fixup a21 so highest bit is 1 -2$: - tstl r9 + rotl #-3,r2,r2 ; l = l >> 3 + rotl #-3,r3,r3 ; h = h >> 3 + + movl r4,r7 ; d' = d + + movl #0,r6 ; r' = 0 + movl #0,r8 ; q' = 0 + + tstl r4 beql 666$ ; Uh-oh, the divisor is 0... - bgtr 3$ - xorl2 #^X80000000,r9 ; fixup b2 so highest bit is 0 - incl r8 ; b' = 1 -3$: - tstl r9 - bneq 4$ ; if b2 is 0, we know that b' is 1 - tstl r3 - bneq 666$ ; if higher half isn't 0, we overflow - movl r2,r10 ; otherwise, we have our result - brb 42$ ; This is a success, really. -4$: - ediv r9,r6,r10,r11 - - tstl r8 - bneq 5$ ; If b' != 0, go to the other part -; addl3 r11,r11,r1 -; addl2 r5,r1 - brb 42$ -5$: - ashl #1,r11,r11 - subl2 r10,r11 - addl2 r5,r11 - bgeq 7$ -6$: - decl r10 - addl2 r4,r11 - blss 6$ -7$: -; movl r11,r1 + bgtr 1$ + rotl #-1,r4,r4 ; If d is negative, shift it right. + bicl2 #^X80000000,r4 ; Since d is then a large number, the + ; lowest bit is insignificant + ; (contradict that, and I'll fix the problem!) +1$: + ediv r4,r2,r2,r3 ; Do the actual division + + tstl r2 + bgeq 3$ + mnegl r2,r2 ; if q < 0, negate it +3$: + tstl r7 + blss 4$ + rotl #3,r2,r2 ; q = q << 3 + bicl3 #^XFFFFFFF8,r2,r8 ; q' gets the high bits from q + bicl3 #^X00000007,r2,r2 + bsb 41$ +4$: ; else + rotl #2,r2,r2 ; q = q << 2 + bicl3 #^XFFFFFFFC,r2,r8 ; q' gets the high bits from q + bicl3 #^X00000003,r2,r2 +41$: + rotl #3,r3,r3 ; r = r << 3 + bicl3 #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r + bicl3 #^X00000007,r3,r3 + addl r5,r3 ; r = r + l' + + tstl r7 + bgeq 5$ + bitl #1,r7 + beql 5$ ; if d' < 0 && d' & 1 + subl r2,r3 ; [r',r] = [r',r] - [q',q] + sbwc r8,r6 +45$: + bgeq 5$ ; while r < 0 + decl r2 ; [q',q] = [q',q] - 1 + sbwc #0,r8 + addl r7,r3 ; [r',r] = [r',r] + d' + adwc #0,r6 + brb 45$ + +; The return points are placed in the middle to keep a short distance from +; all the branch points 42$: - movl r10,r0 +; movl r3,r1 + movl r2,r0 + ret 666$: + movl #^XFFFFFFFF,r0 ret + +5$: + tstl r6 + bneq 6$ + cmpl r3,r7 + blssu 42$ ; while [r',r] >= d' +6$: + subl r7,r3 ; [r',r] = [r',r] - d' + sbwc #0,r6 + incl r2 ; [q',q] = [q',q] + 1 + adwc #0,r8 + brb 5$ .title vax_bn_add_words unsigned add of two arrays ; diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c index 8158a67374..3c8c540387 100644 --- a/src/lib/libcrypto/bn/bntest.c +++ b/src/lib/libcrypto/bn/bntest.c @@ -68,10 +68,6 @@ #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - const int num0 = 100; /* number of tests */ const int num1 = 50; /* additional tests for some functions */ const int num2 = 5; /* number of tests for slow functions */ @@ -96,11 +92,6 @@ int test_sqrt(BIO *bp,BN_CTX *ctx); int rand_neg(void); static int results=0; -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; @@ -141,10 +132,10 @@ int main(int argc, char *argv[]) ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); @@ -154,7 +145,7 @@ int main(int argc, char *argv[]) if (!BIO_write_filename(out,outfile)) { perror(outfile); - exit(1); + EXIT(1); } } @@ -238,14 +229,14 @@ int main(int argc, char *argv[]) BIO_free(out); /**/ - exit(0); + EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); - exit(1); + EXIT(1); return(1); } @@ -488,7 +479,7 @@ int test_mul(BIO *bp) BN_CTX *ctx; ctx = BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); BN_init(&a); BN_init(&b); @@ -726,7 +717,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s\n", ERR_error_string(l,NULL)); - exit(1); + EXIT(1); } if (bp != NULL) { diff --git a/src/lib/libcrypto/bn/divtest.c b/src/lib/libcrypto/bn/divtest.c index 13ba86e3c4..d3fc688f33 100644 --- a/src/lib/libcrypto/bn/divtest.c +++ b/src/lib/libcrypto/bn/divtest.c @@ -1,7 +1,7 @@ #include #include -static int rand(n) +static int Rand(n) { unsigned char x[2]; RAND_pseudo_bytes(x,2); @@ -26,8 +26,8 @@ main() BN_CTX *ctx=BN_CTX_new(); for(;;) { - BN_pseudo_rand(a,rand(),0,0); - BN_pseudo_rand(b,rand(),0,0); + BN_pseudo_rand(a,Rand(),0,0); + BN_pseudo_rand(b,Rand(),0,0); if (BN_is_zero(b)) continue; BN_RECP_CTX_set(recp,b,ctx); diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c index 5ca570d1a8..b09cf88705 100644 --- a/src/lib/libcrypto/bn/exptest.c +++ b/src/lib/libcrypto/bn/exptest.c @@ -59,13 +59,13 @@ #include #include #include + +#include "../e_os.h" + #include #include #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #define NUM_BITS (BN_BITS*2) @@ -86,7 +86,7 @@ int main(int argc, char *argv[]) ERR_load_BN_strings(); ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); r_mont=BN_new(); r_recp=BN_new(); r_simple=BN_new(); @@ -99,7 +99,7 @@ int main(int argc, char *argv[]) out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) @@ -124,7 +124,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); @@ -132,7 +132,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); @@ -140,7 +140,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } if (BN_cmp(r_simple, r_mont) == 0 @@ -163,7 +163,7 @@ int main(int argc, char *argv[]) printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\n"); - exit(1); + EXIT(1); } } BN_free(r_mont); @@ -177,11 +177,11 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); - exit(0); + EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); - exit(1); + EXIT(1); return(1); } diff --git a/src/lib/libcrypto/cast/casttest.c b/src/lib/libcrypto/cast/casttest.c index 099e790886..83e5a16c73 100644 --- a/src/lib/libcrypto/cast/casttest.c +++ b/src/lib/libcrypto/cast/casttest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_CAST int main(int argc, char *argv[]) { @@ -224,7 +226,7 @@ int main(int argc, char *argv[]) } #endif - exit(err); + EXIT(err); return(err); } #endif diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index dfcff11860..39e78c69e5 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com @@ -21,22 +21,10 @@ $! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. $! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE $! ALL To do both LIBRARY and APPS $! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger +$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! -$! Specify which compiler at P4 to try to compile under. +$! Specify which compiler at P3 to try to compile under. $! $! VAXC For VAX C. $! DECC For DEC C. @@ -45,16 +33,16 @@ $! $! If you don't speficy a compiler, it will try to determine which $! "C" compiler to use. $! -$! P5, if defined, sets a TCP/IP library to use, through one of the following +$! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! $! UCX for UCX $! TCPIP for TCPIP (post UCX) $! SOCKETSHR for SOCKETSHR+NETLIB $! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) +$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! -$! P7, if defined, sets a choice of crypto methods to compile. +$! P6, if defined, sets a choice of crypto methods to compile. $! WARNING: this should only be done to recompile some part of an already $! fully compiled library. $! @@ -93,7 +81,6 @@ $ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" -$ ENCRYPT_PROGRAMS = "DES,PKCS7" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -149,10 +136,6 @@ $! Define The CRYPTO-LIB We Are To Use. $! $ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB $! -$! Define The RSAREF-LIB We Are To Use. -$! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB -$! $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... $! $ IF (F$SEARCH(LIB_NAME).EQS."") @@ -175,7 +158,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" @@ -216,7 +199,7 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,"+ - "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - - "hw_openbsd_dev_crypto,hw_aep,hw_sureware,hw_4758_cca" + "hw_cryptodev,hw_aep,hw_sureware,hw_4758_cca" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" $ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - @@ -287,86 +270,6 @@ $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," $! -$! Check To See If We Are Going To Use RSAREF. -$! -$ IF (RSAREF.EQS."TRUE" .AND. ENCRYPT_TYPES - "RSA".NES.ENCRYPT_TYPES - - .AND. (BUILDALL .EQS. "TRUE" .OR. BUILDALL .EQS. "LIBRARY")) -$ THEN -$! -$! Check To See If The File [-.RSAREF]RSAREF.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAREF.C Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAREF File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAREF File." -$! -$! Compile [-.RSAREF]RSAREF.C -$! -$ CC/OBJECT='OBJ_DIR'RSAREF.OBJ SYS$DISK:[-.RSAREF]RSAREF.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAREF.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAREF.OBJ;* -$! -$! Check To See If The File [-.RSAREF]RSAR_ERR.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAR_ERR.C File Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAR_ERR File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAR_ERR File." -$! -$! Compile [-.RSAREF]RSAR_ERR.C -$! -$ CC/OBJECT='OBJ_DIR'RSAR_ERR.OBJ SYS$DISK:[-.RSAREF]RSAR_ERR.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAR_ERR.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAR_ERR.OBJ;* -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Figure Out What Other Modules We Are To Build. $! $ BUILD_SET: @@ -639,74 +542,34 @@ $! Tell the user what happens $! $ WRITE SYS$OUTPUT " ",APPLICATION,".exe" $! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. +$! Link The Program. $! $ ON ERROR THEN GOTO NEXT_APPLICATION -$ IF (RSAREF.EQS."TRUE") -$ THEN $! -$! Check To See If We Are To Link With A Specific TCP/IP Library. +$! Check To See If We Are To Link With A Specific TCP/IP Library. $! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. +$ IF (TCPIP_LIB.NES."") +$ THEN $! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION +$! Link With A TCP/IP Library. $! -$! End The TCP/IP Library Check. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS', - + 'CRYPTO_LIB'/LIBRARY, - + 'TCPIP_LIB','OPT_FILE'/OPTION $! -$ ENDIF -$! -$! Else... +$! Else... $! $ ELSE $! -$! Don't Link With The RSAREF Routines. -$! -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION +$! Don't Link With A TCP/IP Library. $! -$! End The TCP/IP Library Check. +$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - + 'OBJ_DIR''APPLICATION_OBJECTS',- + 'CRYPTO_LIB'/LIBRARY, - + 'OPT_FILE'/OPTION $! -$ ENDIF -$! -$! End The RSAREF Link Check. +$! End The TCP/IP Library Check. $! $ ENDIF $ GOTO NEXT_APPLICATION @@ -912,75 +775,10 @@ $ ENDIF $! $! Check To See If P2 Is Blank. $! -$ P2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") +$ IF (P2.EQS."NODEBUG") $ THEN $! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") -$ THEN -$! -$! P3 Is NODEBUG, So Compile Without The Debugger Information. +$! P2 Is NODEBUG, So Compile Without The Debugger Information. $! $ DEBUGGER = "NODEBUG" $ TRACEBACK = "NOTRACEBACK" @@ -993,7 +791,7 @@ $ ELSE $! $! Check To See If We Are To Compile With Debugger Information. $! -$ IF (P3.EQS."DEBUG") +$ IF (P2.EQS."DEBUG") $ THEN $! $! Compile With Debugger Information. @@ -1010,7 +808,7 @@ $! $! They Entered An Invalid Option.. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." $ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." @@ -1024,7 +822,7 @@ $! End The Valid Arguement Check. $! $ ENDIF $! -$! End The P3 Check. +$! End The P2 Check. $! $ ENDIF $! @@ -1034,9 +832,9 @@ $! Written By: Richard Levitte $! richard@levitte.org $! $! -$! Check To See If We Have A Option For P6. +$! Check To See If We Have A Option For P5. $! -$ IF (P6.EQS."") +$ IF (P5.EQS."") $ THEN $! $! Get The Version Of VMS We Are Using. @@ -1058,13 +856,13 @@ $! End The VMS Version Check. $! $ ENDIF $! -$! End The P6 Check. +$! End The P5 Check. $! $ ENDIF $! -$! Check To See If P4 Is Blank. +$! Check To See If P3 Is Blank. $! -$ IF (P4.EQS."") +$ IF (P3.EQS."") $ THEN $! $! O.K., The User Didn't Specify A Compiler, Let's Try To @@ -1077,7 +875,7 @@ $ THEN $! $! Looks Like GNUC, Set To Use GNUC. $! -$ P4 = "GNUC" +$ P3 = "GNUC" $! $! Else... $! @@ -1090,7 +888,7 @@ $ THEN $! $! Looks Like DECC, Set To Use DECC. $! -$ P4 = "DECC" +$ P3 = "DECC" $! $! Else... $! @@ -1098,7 +896,7 @@ $ ELSE $! $! Looks Like VAXC, Set To Use VAXC. $! -$ P4 = "VAXC" +$ P3 = "VAXC" $! $! End The VAXC Compiler Check. $! @@ -1112,9 +910,9 @@ $! End The Compiler Check. $! $ ENDIF $! -$! Check To See If We Have A Option For P5. +$! Check To See If We Have A Option For P4. $! -$ IF (P5.EQS."") +$ IF (P4.EQS."") $ THEN $! $! Find out what socket library we have available @@ -1124,7 +922,7 @@ $ THEN $! $! We have SOCKETSHR, and it is my opinion that it's the best to use. $! -$ P5 = "SOCKETSHR" +$ P4 = "SOCKETSHR" $! $! Tell the user $! @@ -1144,7 +942,7 @@ $ THEN $! $! Last resort: a UCX or UCX-compatible library $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Tell the user $! @@ -1158,7 +956,7 @@ $ ENDIF $! $! Set Up Initial CC Definitions, Possibly With User Ones $! -$ CCDEFS = "TCPIP_TYPE_''P5',DSO_VMS" +$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS" $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS $ CCEXTRAFLAGS = "" $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS @@ -1168,12 +966,12 @@ $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - $! $! Check To See If The User Entered A Valid Paramter. $! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") +$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") $ THEN $! $! Check To See If The User Wanted DECC. $! -$ IF (P4.EQS."DECC") +$ IF (P3.EQS."DECC") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1204,7 +1002,7 @@ $ ENDIF $! $! Check To See If We Are To Use VAXC. $! -$ IF (P4.EQS."VAXC") +$ IF (P3.EQS."VAXC") $ THEN $! $! Looks Like VAXC, Set To Use VAXC. @@ -1243,7 +1041,7 @@ $ ENDIF $! $! Check To See If We Are To Use GNU C. $! -$ IF (P4.EQS."GNUC") +$ IF (P3.EQS."GNUC") $ THEN $! $! Looks Like GNUC, Set To Use GNUC. @@ -1272,31 +1070,6 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! $! Finish up the definition of CC. $! $ IF COMPILER .EQS. "DECC" @@ -1315,7 +1088,7 @@ $ CC4DISABLEWARNINGS = "" $ ENDIF $ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS $ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P3 .NES. "DEBUG" +$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG" $ THEN $ CC5 = CC + "/OPTIMIZE=NODISJOINT" $ ELSE @@ -1334,7 +1107,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." $ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." @@ -1360,13 +1133,13 @@ $ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO $! $! Time to check the contents, and to make sure we get the correct library. $! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" +$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" - + .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE" $ THEN $! $! Check to see if SOCKETSHR was chosen $! -$ IF P5.EQS."SOCKETSHR" +$ IF P4.EQS."SOCKETSHR" $ THEN $! $! Set the library to use SOCKETSHR @@ -1379,12 +1152,12 @@ $ ENDIF $! $! Check to see if MULTINET was chosen $! -$ IF P5.EQS."MULTINET" +$ IF P4.EQS."MULTINET" $ THEN $! $! Set the library to use UCX emulation. $! -$ P5 = "UCX" +$ P4 = "UCX" $! $! Done with MULTINET $! @@ -1392,7 +1165,7 @@ $ ENDIF $! $! Check to see if UCX was chosen $! -$ IF P5.EQS."UCX" +$ IF P4.EQS."UCX" $ THEN $! $! Set the library to use UCX. @@ -1412,7 +1185,7 @@ $ ENDIF $! $! Check to see if TCPIP was chosen $! -$ IF P5.EQS."TCPIP" +$ IF P4.EQS."TCPIP" $ THEN $! $! Set the library to use TCPIP (post UCX). @@ -1425,7 +1198,7 @@ $ ENDIF $! $! Check to see if NONE was chosen $! -$ IF P5.EQS."NONE" +$ IF P4.EQS."NONE" $ THEN $! $! Do not use a TCPIP library. @@ -1447,7 +1220,7 @@ $! $! Tell The User We Don't Know What They Want. $! $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" +$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." $ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." @@ -1465,10 +1238,9 @@ $! $! Check if the user wanted to compile just a subset of all the encryption $! methods. $! -$ IF P7 .NES. "" +$ IF P6 .NES. "" $ THEN -$ ENCRYPT_TYPES = P7 -$! NYI: ENCRYPT_PROGRAMS = P7 +$ ENCRYPT_TYPES = P6 $ ENDIF $! $! Time To RETURN... diff --git a/src/lib/libcrypto/des/FILES0 b/src/lib/libcrypto/des/FILES0 new file mode 100644 index 0000000000..4c7ea2de7a --- /dev/null +++ b/src/lib/libcrypto/des/FILES0 @@ -0,0 +1,96 @@ +/* General stuff */ +COPYRIGHT - Copyright info. +MODES.DES - A description of the features of the different modes of DES. +FILES - This file. +INSTALL - How to make things compile. +Imakefile - For use with kerberos. +README - What this package is. +VERSION - Which version this is and what was changed. +KERBEROS - Kerberos version 4 notes. +Makefile.PL - An old makefile to build with perl5, not current. +Makefile.ssl - The SSLeay makefile +Makefile.uni - The normal unix makefile. +GNUmakefile - The makefile for use with glibc. +makefile.bc - A Borland C makefile +times - Some outputs from 'speed' on some machines. +vms.com - For use when compiling under VMS + +/* My SunOS des(1) replacement */ +des.c - des(1) source code. +des.man - des(1) manual. + +/* Testing and timing programs. */ +destest.c - Source for libdes.a test program. +speed.c - Source for libdes.a timing program. +rpw.c - Source for libdes.a testing password reading routines. + +/* libdes.a source code */ +des_crypt.man - libdes.a manual page. +des.h - Public libdes.a header file. +ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code. +ecb3_enc.c - des_ecb3_encrypt() source. +cbc_ckm.c - des_cbc_cksum() source. +cbc_enc.c - des_cbc_encrypt() source. +ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies + the new iv values back in the passed iv vector. +ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES. +cbc3_enc.c - des_3cbc_encrypt() source, don't use this function. +cfb_enc.c - des_cfb_encrypt() source. +cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be + used as a stream cipher. +cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be + used as a stream cipher and using triple DES. +ofb_enc.c - des_cfb_encrypt() source. +ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be + used as a stream cipher. +ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be + used as a stream cipher and using triple DES. +enc_read.c - des_enc_read() source. +enc_writ.c - des_enc_write() source. +pcbc_enc.c - des_pcbc_encrypt() source. +qud_cksm.c - quad_cksum() source. +rand_key.c - des_random_key() source. +read_pwd.c - Source for des_read_password() plus related functions. +set_key.c - Source for des_set_key(). +str2key.c - Covert a string of any length into a key. +fcrypt.c - A small, fast version of crypt(3). +des_locl.h - Internal libdes.a header file. +podd.h - Odd parity tables - used in des_set_key(). +sk.h - Lookup tables used in des_set_key(). +spr.h - What is left of the S tables - used in ecb_encrypt(). +des_ver.h - header file for the external definition of the + version string. +des.doc - SSLeay documentation for the library. + +/* The perl scripts - you can ignore these files they are only + * included for the curious */ +des.pl - des in perl anyone? des_set_key and des_ecb_encrypt + both done in a perl library. +testdes.pl - Testing program for des.pl +doIP - Perl script used to develop IP xor/shift code. +doPC1 - Perl script used to develop PC1 xor/shift code. +doPC2 - Generates sk.h. +PC1 - Output of doPC1 should be the same as output from PC1. +PC2 - used in development of doPC2. +shifts.pl - Perl library used by my perl scripts. + +/* I started making a perl5 dynamic library for libdes + * but did not fully finish, these files are part of that effort. */ +DES.pm +DES.pod +DES.xs +t +typemap + +/* The following are for use with sun RPC implementaions. */ +rpc_des.h +rpc_enc.c + +/* The following are contibuted by Mark Murray . They + * are not normally built into libdes due to machine specific routines + * contained in them. They are for use in the most recent incarnation of + * export kerberos v 4 (eBones). */ +supp.c +new_rkey.c + + diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c index d8c846b23d..343135ff9e 100644 --- a/src/lib/libcrypto/des/des.c +++ b/src/lib/libcrypto/des/des.c @@ -427,7 +427,7 @@ void doencryption(void) k2[i-8]=k; } DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else if (longk || flag3) { @@ -435,7 +435,7 @@ void doencryption(void) { DES_string_to_2keys(key,&kk,&k2); DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); + OPENSSL_cleanse(k2,sizeof(k2)); } else DES_string_to_key(key,&kk); @@ -457,8 +457,8 @@ void doencryption(void) } DES_set_key_unchecked(&kk,&ks); - memset(key,0,sizeof(key)); - memset(kk,0,sizeof(kk)); + OPENSSL_cleanse(key,sizeof(key)); + OPENSSL_cleanse(kk,sizeof(kk)); /* woops - A bug that does not showup under unix :-( */ memset(iv,0,sizeof(iv)); memset(iv2,0,sizeof(iv2)); @@ -666,18 +666,18 @@ void doencryption(void) if (l) fclose(CKSUM_OUT); } problems: - memset(buf,0,sizeof(buf)); - memset(obuf,0,sizeof(obuf)); - memset(&ks,0,sizeof(ks)); - memset(&ks2,0,sizeof(ks2)); - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - memset(kk,0,sizeof(kk)); - memset(k2,0,sizeof(k2)); - memset(uubuf,0,sizeof(uubuf)); - memset(b,0,sizeof(b)); - memset(bb,0,sizeof(bb)); - memset(cksum,0,sizeof(cksum)); + OPENSSL_cleanse(buf,sizeof(buf)); + OPENSSL_cleanse(obuf,sizeof(obuf)); + OPENSSL_cleanse(&ks,sizeof(ks)); + OPENSSL_cleanse(&ks2,sizeof(ks2)); + OPENSSL_cleanse(iv,sizeof(iv)); + OPENSSL_cleanse(iv2,sizeof(iv2)); + OPENSSL_cleanse(kk,sizeof(kk)); + OPENSSL_cleanse(k2,sizeof(k2)); + OPENSSL_cleanse(uubuf,sizeof(uubuf)); + OPENSSL_cleanse(b,sizeof(b)); + OPENSSL_cleanse(bb,sizeof(bb)); + OPENSSL_cleanse(cksum,sizeof(cksum)); if (Exit) EXIT(Exit); } diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h index 51b987422a..1d840b474a 100644 --- a/src/lib/libcrypto/des/des_old.h +++ b/src/lib/libcrypto/des/des_old.h @@ -88,14 +88,14 @@ * */ -#ifndef HEADER_DES_OLD_H -#define HEADER_DES_OLD_H +#ifndef HEADER_DES_H +#define HEADER_DES_H #ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#ifndef HEADER_DES_H +#ifndef HEADER_NEW_DES_H #error You must include des.h, not des_old.h directly. #endif @@ -173,10 +173,12 @@ typedef struct _ossl_old_des_ks_struct DES_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ DES_crypt((b),(s)) +#if 0 #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) #define crypt(b,s)\ DES_crypt((b),(s)) #endif +#endif #define des_ofb_encrypt(i,o,n,l,k,iv)\ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) #define des_pcbc_encrypt(i,o,l,k,iv,e)\ @@ -274,8 +276,10 @@ typedef struct _ossl_old_des_ks_struct _ossl_old_des_fcrypt((b),(s),(r)) #define des_crypt(b,s)\ _ossl_old_des_crypt((b),(s)) +#if 0 #define crypt(b,s)\ _ossl_old_crypt((b),(s)) +#endif #define des_ofb_encrypt(i,o,n,l,k,iv)\ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) #define des_pcbc_encrypt(i,o,l,k,iv,e)\ diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c index 58e8c35dcb..687c00c792 100644 --- a/src/lib/libcrypto/des/destest.c +++ b/src/lib/libcrypto/des/destest.c @@ -84,9 +84,7 @@ int main(int argc, char *argv[]) #else #include -#if defined(PERL5) || defined(__FreeBSD__) || defined(NeXT) #define crypt(c,s) (des_crypt((c),(s))) -#endif /* tisk tisk - the test keys don't all have odd parity :-( */ /* test data */ @@ -322,7 +320,11 @@ static unsigned char ofb_cipher[24]= 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; +#if 0 static DES_LONG cbc_cksum_ret=0xB462FEF7L; +#else +static DES_LONG cbc_cksum_ret=0xF7FE62B4L; +#endif static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static char *pt(unsigned char *p); diff --git a/src/lib/libcrypto/des/read2pwd.c b/src/lib/libcrypto/des/read2pwd.c index b4720c3a98..3a63c4016c 100644 --- a/src/lib/libcrypto/des/read2pwd.c +++ b/src/lib/libcrypto/des/read2pwd.c @@ -120,8 +120,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify) if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_key(buf,key); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } @@ -133,7 +133,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) DES_string_to_2keys(buf,key1,key2); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ok); } diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c index 9061935f21..ce5fa00a37 100644 --- a/src/lib/libcrypto/des/read_pwd.c +++ b/src/lib/libcrypto/des/read_pwd.c @@ -101,8 +101,10 @@ #ifdef WIN_CONSOLE_BUG #include +#ifndef OPENSSL_SYS_WINCE #include #endif +#endif /* There are 5 types of terminal interface supported, @@ -133,7 +135,7 @@ #define SGTTY #endif -#if defined(OPENSSL_SYS_VSWORKS) +#if defined(OPENSSL_SYS_VXWORKS) #undef TERMIOS #undef TERMIO #undef SGTTY @@ -167,7 +169,7 @@ #include #endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) +#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE) #include #define fgets(a,b,c) noecho_fgets(a,b,c) #endif @@ -218,11 +220,29 @@ int des_read_pw_string(char *buf, int length, const char *prompt, int ret; ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); + OPENSSL_cleanse(buff,BUFSIZ); return(ret); } -#ifndef OPENSSL_SYS_WIN16 +#ifdef OPENSSL_SYS_WINCE + +int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) + { + memset(buf,0,size); + memset(buff,0,size); + return(0); + } + +#elif defined(OPENSSL_SYS_WIN16) + +int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) + { + memset(buf,0,size); + memset(buff,0,size); + return(0); + } + +#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */ static void read_till_nl(FILE *in) { @@ -274,7 +294,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, #ifdef OPENSSL_SYS_MSDOS if ((tty=fopen("con","r")) == NULL) tty=stdin; -#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VSWORKS) +#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS) tty=stdin; #else #ifndef OPENSSL_SYS_MPE @@ -393,17 +413,6 @@ error: return(!ok); } -#else /* OPENSSL_SYS_WIN16 */ - -int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) - { - memset(buf,0,size); - memset(buff,0,size); - return(0); - } - -#endif - static void pushsig(void) { int i; @@ -466,7 +475,7 @@ static void recsig(int i) #endif } -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) +#ifdef OPENSSL_SYS_MSDOS static int noecho_fgets(char *buf, int size, FILE *tty) { int i; @@ -509,3 +518,4 @@ static int noecho_fgets(char *buf, int size, FILE *tty) return(strlen(buf)); } #endif +#endif /* !OPENSSL_SYS_WINCE && !WIN16 */ diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c index 34894ced73..d75077f9fa 100644 --- a/src/lib/libcrypto/dh/dhtest.c +++ b/src/lib/libcrypto/dh/dhtest.c @@ -59,9 +59,9 @@ #include #include #include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif + +#include "../e_os.h" + #include #include #include @@ -84,10 +84,6 @@ int main(int argc, char *argv[]) #endif static void MS_CALLBACK cb(int p, int n, void *arg); -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -111,7 +107,7 @@ int main(int argc, char *argv[]) RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); @@ -195,7 +191,7 @@ err: CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); - exit(ret); + EXIT(ret); return(ret); } diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c index a0b0976640..1b6a1cca0f 100644 --- a/src/lib/libcrypto/dsa/dsagen.c +++ b/src/lib/libcrypto/dsa/dsagen.c @@ -103,7 +103,7 @@ main() bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); memcpy(seed_buf,seed,20); - dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb); + dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err); if (dsa == NULL) DSA_print(bio_err,dsa,0); diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c index 12da64f9f4..4734ce4af8 100644 --- a/src/lib/libcrypto/dsa/dsatest.c +++ b/src/lib/libcrypto/dsa/dsatest.c @@ -61,14 +61,13 @@ #include #include #include + +#include "../e_os.h" + #include #include #include #include -#include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif #ifdef OPENSSL_NO_DSA int main(int argc, char *argv[]) @@ -212,10 +211,16 @@ end: BIO_free(bio_err); bio_err = NULL; } - exit(!ret); + EXIT(!ret); return(0); } +static int cb_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; @@ -231,7 +236,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - exit(1); + cb_exit(1); } } #endif diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c index 195717e993..79d2cb4d8c 100644 --- a/src/lib/libcrypto/dso/dso_dl.c +++ b/src/lib/libcrypto/dso/dso_dl.c @@ -126,7 +126,7 @@ static int dl_load(DSO *dso) DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL); + ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c index af8586d754..6c30deb250 100644 --- a/src/lib/libcrypto/dso/dso_win32.c +++ b/src/lib/libcrypto/dso/dso_win32.c @@ -61,7 +61,7 @@ #include "cryptlib.h" #include -#ifndef OPENSSL_SYS_WIN32 +#if !defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) DSO_METHOD *DSO_METHOD_win32(void) { return NULL; diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c index eab46cc080..345d3e4289 100644 --- a/src/lib/libcrypto/ec/ectest.c +++ b/src/lib/libcrypto/ec/ectest.c @@ -55,6 +55,11 @@ #include #include +#ifdef FLAT_INC +#include "e_os.h" +#else +#include "../e_os.h" +#endif #include #include @@ -65,14 +70,16 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include +#ifndef OPENSSL_NO_ENGINE #include +#endif #include #define ABORT do { \ fflush(stdout); \ fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ ERR_print_errors_fp(stderr); \ - exit(1); \ + EXIT(1); \ } while (0) #if 0 @@ -623,7 +630,9 @@ int main(int argc, char *argv[]) if (P_384) EC_GROUP_free(P_384); if (P_521) EC_GROUP_free(P_521); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c index 87fa8c57b7..c2d0297392 100644 --- a/src/lib/libcrypto/engine/enginetest.c +++ b/src/lib/libcrypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include #include #include + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include #include #include #include @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c index bfb80968e2..4f5ae8a46d 100644 --- a/src/lib/libcrypto/engine/hw_4758_cca.c +++ b/src/lib/libcrypto/engine/hw_4758_cca.c @@ -223,6 +223,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_4758_cca(void) { ENGINE *ret = ENGINE_new(); @@ -244,6 +245,7 @@ void ENGINE_load_4758cca(void) ENGINE_free(e_4758); ERR_clear_error(); } +#endif static int ibm_4758_cca_destroy(ENGINE *e) { @@ -715,7 +717,7 @@ static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, keyLength+1, 0); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } @@ -838,7 +840,7 @@ static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, if (type == NID_sha1 || type == NID_md5) { - memset(hashBuffer, keyLength+1, 0); + OPENSSL_cleanse(hashBuffer, keyLength+1); OPENSSL_free(hashBuffer); } diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c index 6151c46902..e9eff9fad1 100644 --- a/src/lib/libcrypto/engine/hw_atalla.c +++ b/src/lib/libcrypto/engine/hw_atalla.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_atalla(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_atalla(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the Atalla library. NB: This is only set (or unset) during an diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index 7c3728f395..40af97ac24 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c @@ -1,6 +1,7 @@ /* * Copyright (c) 2002 Bob Beck * Copyright (c) 2002 Theo de Raadt + * Copyright (c) 2002 Markus Friedl * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -28,33 +29,85 @@ * */ -#include +#include +#include +#include + +#if (defined(__unix__) || defined(unix)) && !defined(USG) #include +# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +# define HAVE_CRYPTODEV +# endif +# if (OpenBSD >= 200110) +# define HAVE_SYSLOG_R +# endif +#endif + +#ifndef HAVE_CRYPTODEV + +void +ENGINE_load_cryptodev(void) +{ + /* This is a NOP on platforms without /dev/crypto */ + return; +} + +#else + +#include #include #include #include #include #include #include -#include #include -#include -#include -#include +#include +#include +#include -static int cryptodev_fd = -1; -static int cryptodev_sessions = 0; -static u_int32_t cryptodev_symfeat = 0; +struct dev_crypto_state { + struct session_op d_sess; + int d_fd; +}; +static u_int32_t cryptodev_asymfeat = 0; + +static int get_asym_dev_crypto(void); +static int open_dev_crypto(void); +static int get_dev_crypto(void); +static int cryptodev_max_iv(int cipher); +static int cryptodev_key_length_valid(int cipher, int len); +static int cipher_nid_to_cryptodev(int nid); +static int get_cryptodev_ciphers(const int **cnids); +static int get_cryptodev_digests(const int **cnids); +static int cryptodev_usable_ciphers(const int **nids); +static int cryptodev_usable_digests(const int **nids); +static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl); +static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); +static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); +static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid); static int bn2crparam(const BIGNUM *a, struct crparam *crp); static int crparam2bn(struct crparam *crp, BIGNUM *a); static void zapparams(struct crypt_kop *kop); +static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, + int slen, BIGNUM *s); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, + RSA *rsa); +static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, + BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, + BN_CTX *ctx, BN_MONT_CTX *mont); static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, @@ -64,6 +117,9 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *m_ctx); static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, + void (*f)()); +void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { { 0, NULL, NULL, 0 } @@ -77,11 +133,10 @@ static struct { } ciphers[] = { { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_undef, 8, 24, }, + { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 8, }, + { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { CRYPTO_ARC4, NID_rc4, 8, 16, }, { 0, NID_undef, 0, 0, }, }; @@ -99,33 +154,53 @@ static struct { }; /* - * Return 1 if /dev/crypto seems usable, 0 otherwise , also - * does most of the work of initting the device, if not already - * done.. This should leave is with global fd initialized with CRIOGET. + * Return a fd if /dev/crypto seems usable, 0 otherwise. */ static int -check_dev_crypto() +open_dev_crypto(void) { - int fd; + static int fd = -1; - if (cryptodev_fd == -1) { + if (fd == -1) { if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (0); - if (ioctl(fd, CRIOGET, &cryptodev_fd) == -1) { - close(fd); - return (0); - } - close(fd); + return (-1); /* close on exec */ - if (fcntl(cryptodev_fd, F_SETFD, 1) == -1) { - close(cryptodev_fd); - cryptodev_fd = -1; - return (0); + if (fcntl(fd, F_SETFD, 1) == -1) { + close(fd); + fd = -1; + return (-1); } } - ioctl(cryptodev_fd, CIOCSYMFEAT, &cryptodev_symfeat); + return (fd); +} - return (1); +static int +get_dev_crypto(void) +{ + int fd, retfd; + + if ((fd = open_dev_crypto()) == -1) + return (-1); + if (ioctl(fd, CRIOGET, &retfd) == -1) + return (-1); + + /* close on exec */ + if (fcntl(retfd, F_SETFD, 1) == -1) { + close(retfd); + return (-1); + } + return (retfd); +} + +/* Caching version for asym operations */ +static int +get_asym_dev_crypto(void) +{ + static int fd = -1; + + if (fd == -1) + fd = get_dev_crypto(); + return fd; } /* @@ -183,8 +258,12 @@ get_cryptodev_ciphers(const int **cnids) { static int nids[CRYPTO_ALGORITHM_MAX]; struct session_op sess; - int i, count = 0; + int fd, i, count = 0; + if ((fd = get_dev_crypto()) < 0) { + *nids = NULL; + return (0); + } memset(&sess, 0, sizeof(sess)); sess.key = (caddr_t)"123456781234567812345678"; @@ -194,10 +273,12 @@ get_cryptodev_ciphers(const int **cnids) sess.cipher = ciphers[i].id; sess.keylen = ciphers[i].keylen; sess.mac = 0; - if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && - ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) nids[count++] = ciphers[i].nid; } + close(fd); + if (count > 0) *cnids = nids; else @@ -216,18 +297,24 @@ get_cryptodev_digests(const int **cnids) { static int nids[CRYPTO_ALGORITHM_MAX]; struct session_op sess; - int i, count = 0; + int fd, i, count = 0; + if ((fd = get_dev_crypto()) < 0) { + *nids = NULL; + return (0); + } memset(&sess, 0, sizeof(sess)); for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (digests[i].nid == NID_undef) continue; sess.mac = digests[i].id; sess.cipher = 0; - if (ioctl(cryptodev_fd, CIOCGSESSION, &sess) != -1 && - ioctl(cryptodev_fd, CIOCFSESSION, &sess.ses) != -1) + if (ioctl(fd, CIOCGSESSION, &sess) != -1 && + ioctl(fd, CIOCFSESSION, &sess.ses) != -1) nids[count++] = digests[i].nid; } + close(fd); + if (count > 0) *cnids = nids; else @@ -256,25 +343,15 @@ get_cryptodev_digests(const int **cnids) * want most of the decisions made about what we actually want * to use from /dev/crypto. */ -int +static int cryptodev_usable_ciphers(const int **nids) { - if (!check_dev_crypto()) { - *nids = NULL; - return (0); - } - - /* find what the device can do. Unfortunately, we don't - * necessarily want all of these yet, because we aren't - * yet set up to do them - */ return (get_cryptodev_ciphers(nids)); } -int +static int cryptodev_usable_digests(const int **nids) { -#if 1 /* * XXXX just disable all digests for now, because it sucks. * we need a better way to decide this - i.e. I may not @@ -289,29 +366,19 @@ cryptodev_usable_digests(const int **nids) */ *nids = NULL; return (0); -#endif - - if (!check_dev_crypto()) { - *nids = NULL; - return (0); - } - return (get_cryptodev_digests(nids)); } - -int +static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) { struct crypt_op cryp; - struct session_op *sess = ctx->cipher_data; + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; void *iiv; unsigned char save_iv[EVP_MAX_IV_LENGTH]; - struct syslog_data sd = SYSLOG_DATA_INIT; - if (cryptodev_fd == -1) - return (0); - if (sess == NULL) + if (state->d_fd < 0) return (0); if (!inl) return (1); @@ -338,11 +405,10 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } else cryp.iv = NULL; - if (ioctl(cryptodev_fd, CIOCCRYPT, &cryp) == -1) { + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { /* XXX need better errror handling * this can fail for a number of different reasons. */ - syslog_r(LOG_ERR, &sd, "CIOCCRYPT failed (%m)"); return (0); } @@ -356,20 +422,17 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return (1); } -int +static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - struct session_op *sess = ctx->cipher_data; - struct syslog_data sd = SYSLOG_DATA_INIT; + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; int cipher; if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) return (0); - if (!check_dev_crypto()) - return (0); - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) return (0); @@ -378,15 +441,18 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, memset(sess, 0, sizeof(struct session_op)); + if ((state->d_fd = get_dev_crypto()) < 0) + return (0); + sess->key = (unsigned char *)key; sess->keylen = ctx->key_len; sess->cipher = cipher; - if (ioctl(cryptodev_fd, CIOCGSESSION, sess) == -1) { - syslog_r(LOG_ERR, &sd, "CIOCGSESSION failed (%m)"); + if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { + close(state->d_fd); + state->d_fd = -1; return (0); } - cryptodev_sessions++; return (1); } @@ -394,14 +460,14 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * free anything we allocated earlier when initting a * session, and close the session. */ -int +static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) { int ret = 0; - struct session_op *sess = ctx->cipher_data; - struct syslog_data sd = SYSLOG_DATA_INIT; + struct dev_crypto_state *state = ctx->cipher_data; + struct session_op *sess = &state->d_sess; - if (sess == NULL) + if (state->d_fd < 0) return (0); /* XXX if this ioctl fails, someting's wrong. the invoker @@ -415,17 +481,14 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) * print messages to users of the library. hmm.. */ - if (ioctl(cryptodev_fd, CIOCFSESSION, &sess->ses) == -1) { - syslog_r(LOG_ERR, &sd, "CIOCFSESSION failed (%m)"); + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { ret = 0; } else { - cryptodev_sessions--; ret = 1; } - if (cryptodev_sessions == 0 && cryptodev_fd != -1 ) { - close(cryptodev_fd); /* XXX should this be closed? */ - cryptodev_fd = -1; - } + close(state->d_fd); + state->d_fd = -1; + return (ret); } @@ -434,20 +497,6 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) * gets called when libcrypto requests a cipher NID. */ -/* ARC4 (16 byte key) */ -const EVP_CIPHER cryptodev_arc4_cipher = { - NID_rc4, - 1, 16, 0, - EVP_CIPH_VARIABLE_LENGTH, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct session_op), - NULL, - NULL, - NULL -}; - /* DES CBC EVP */ const EVP_CIPHER cryptodev_des_cbc = { NID_des_cbc, @@ -456,7 +505,7 @@ const EVP_CIPHER cryptodev_des_cbc = { cryptodev_init_key, cryptodev_cipher, cryptodev_cleanup, - sizeof(struct session_op), + sizeof(struct dev_crypto_state), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL @@ -470,19 +519,57 @@ const EVP_CIPHER cryptodev_3des_cbc = { cryptodev_init_key, cryptodev_cipher, cryptodev_cleanup, - sizeof(struct session_op), + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_bf_cbc = { + NID_bf_cbc, + 8, 16, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_cast_cbc = { + NID_cast5_cbc, + 8, 16, 8, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL }; +const EVP_CIPHER cryptodev_aes_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the * top level - note, that list is restricted by what we answer with */ -int +static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) { @@ -490,15 +577,21 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (cryptodev_usable_ciphers(nids)); switch (nid) { - case NID_rc4: - *cipher = &cryptodev_arc4_cipher; - break; case NID_des_ede3_cbc: *cipher = &cryptodev_3des_cbc; break; case NID_des_cbc: *cipher = &cryptodev_des_cbc; break; + case NID_bf_cbc: + *cipher = &cryptodev_bf_cbc; + break; + case NID_cast5_cbc: + *cipher = &cryptodev_cast_cbc; + break; + case NID_aes_128_cbc: + *cipher = &cryptodev_aes_cbc; + break; default: *cipher = NULL; break; @@ -506,7 +599,7 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (*cipher != NULL); } -int +static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { @@ -524,7 +617,6 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, return (*digest != NULL); } - /* * Convert a BIGNUM to the representation that /dev/crypto needs. * Upon completion of use, the caller is responsible for freeing @@ -533,7 +625,7 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, static int bn2crparam(const BIGNUM *a, struct crparam *crp) { - int i, j, n; + int i, j, k; ssize_t words, bytes, bits; u_char *b; @@ -550,17 +642,13 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) crp->crp_p = b; crp->crp_nbits = bits; - words = (bits + BN_BITS2 - 1) / BN_BITS2; - - n = 0; - for (i = 0; i < words && n < bytes; i++) { - BN_ULONG word; - - word = a->d[i]; - for (j = 0 ; j < BN_BYTES && n < bytes; j++, n++) { - *b++ = (word & 0xff); - word >>= 8; + for (i = 0, j = 0; i < a->top; i++) { + for (k = 0; k < BN_BITS2 / 8; k++) { + if ((j + k) >= bytes) + return (0); + b[j + k] = a->d[i] >> (k * 8); } + j += BN_BITS2 / 8; } return (0); } @@ -569,15 +657,22 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) static int crparam2bn(struct crparam *crp, BIGNUM *a) { + u_int8_t *pd; int i, bytes; - bytes = (crp->crp_nbits + 7)/8; + bytes = (crp->crp_nbits + 7) / 8; - BN_zero(a); - for (i = bytes - 1; i >= 0; i--) { - BN_lshift(a, a, 8); - BN_add_word(a, (u_char)crp->crp_p[i]); - } + if (bytes == 0) + return (-1); + + if ((pd = (u_int8_t *) malloc(bytes)) == NULL) + return (-1); + + for (i = 0; i < bytes; i++) + pd[i] = crp->crp_p[bytes - i - 1]; + + BN_bin2bn(pd, bytes, a); + free(pd); return (0); } @@ -596,25 +691,32 @@ zapparams(struct crypt_kop *kop) } static int -cryptodev_sym(struct crypt_kop *kop, BIGNUM *r, BIGNUM *s) +cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) { - int ret = -1; + int fd, ret = -1; + + if ((fd = get_asym_dev_crypto()) < 0) + return (ret); if (r) { - kop->crk_param[kop->crk_iparams].crp_p = malloc(256); - kop->crk_param[kop->crk_iparams].crp_nbits = 256 * 8; + kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); + kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; kop->crk_oparams++; } if (s) { - kop->crk_param[kop->crk_iparams+1].crp_p = malloc(256); - kop->crk_param[kop->crk_iparams+1].crp_nbits = 256 * 8; + kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); + kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; kop->crk_oparams++; } - if (ioctl(cryptodev_fd, CIOCKEY, &kop) == 0) { - crparam2bn(&kop->crk_param[3], r); + if (ioctl(fd, CIOCKEY, kop) == 0) { + if (r) + crparam2bn(&kop->crk_param[kop->crk_iparams], r); + if (s) + crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); ret = 0; } + return (ret); } @@ -623,38 +725,58 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { struct crypt_kop kop; - int ret = 0; + int ret = 1; + + /* Currently, we know we can do mod exp iff we can do any + * asymmetric operations at all. + */ + if (cryptodev_asymfeat == 0) { + ret = BN_mod_exp(r, a, p, m, ctx); + return (ret); + } memset(&kop, 0, sizeof kop); kop.crk_op = CRK_MOD_EXP; - /* inputs: a m p */ + /* inputs: a^p % m */ if (bn2crparam(a, &kop.crk_param[0])) goto err; - if (bn2crparam(m, &kop.crk_param[1])) + if (bn2crparam(p, &kop.crk_param[1])) goto err; - if (bn2crparam(p, &kop.crk_param[2])) + if (bn2crparam(m, &kop.crk_param[2])) goto err; kop.crk_iparams = 3; - if (cryptodev_sym(&kop, r, NULL) == -1) { - ret = BN_mod_exp(r, a, p, m, ctx); + if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); } err: zapparams(&kop); return (ret); } +static int +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +{ + int r; + BN_CTX *ctx; + + ctx = BN_CTX_new(); + r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); + BN_CTX_free(ctx); + return (r); +} static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { struct crypt_kop kop; - int ret = 0; + int ret = 1; if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { /* XXX 0 means failure?? */ - goto err; + return (0); } memset(&kop, 0, sizeof kop); @@ -674,9 +796,8 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) goto err; kop.crk_iparams = 6; - if (cryptodev_sym(&kop, r0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = (*meth->rsa_mod_exp)(r0, I, rsa); } err: @@ -690,8 +811,8 @@ static RSA_METHOD cryptodev_rsa = { NULL, /* rsa_pub_dec */ NULL, /* rsa_priv_enc */ NULL, /* rsa_priv_dec */ - cryptodev_rsa_mod_exp, /* rsa_mod_exp */ - cryptodev_bn_mod_exp, /* bn_mod_exp */ + NULL, + NULL, NULL, /* init */ NULL, /* finish */ 0, /* flags */ @@ -707,6 +828,38 @@ cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); } +static int +cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, + BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, + BN_CTX *ctx, BN_MONT_CTX *mont) +{ + BIGNUM t2; + int ret = 0; + + BN_init(&t2); + + /* v = ( g^u1 * y^u2 mod p ) mod q */ + /* let t1 = g ^ u1 mod p */ + ret = 0; + + if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) + goto err; + + /* let t2 = y ^ u2 mod p */ + if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) + goto err; + /* let u1 = t1 * t2 mod p */ + if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) + goto err; + + BN_copy(t1,u1); + + ret = 1; +err: + BN_free(&t2); + return(ret); +} + static DSA_SIG * cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { @@ -721,6 +874,7 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; } + printf("bar\n"); memset(&kop, 0, sizeof kop); kop.crk_op = CRK_DSA_SIGN; @@ -737,13 +891,13 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) goto err; kop.crk_iparams = 5; - if (cryptodev_sym(&kop, r, s) == 0) { + if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, + BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); dsaret->r = r; dsaret->s = s; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); BN_free(s); dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); @@ -759,7 +913,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa) { struct crypt_kop kop; - int dsaret = 0; + int dsaret = 1; memset(&kop, 0, sizeof kop); kop.crk_op = CRK_DSA_VERIFY; @@ -781,7 +935,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, goto err; kop.crk_iparams = 7; - if (cryptodev_sym(&kop, NULL, NULL) == 0) { + if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { dsaret = kop.crk_status; } else { const DSA_METHOD *meth = DSA_OpenSSL(); @@ -796,11 +950,11 @@ err: static DSA_METHOD cryptodev_dsa = { "cryptodev DSA method", - cryptodev_dsa_do_sign, + NULL, NULL, /* dsa_sign_setup */ - cryptodev_dsa_verify, + NULL, NULL, /* dsa_mod_exp */ - cryptodev_dsa_bn_mod_exp, /* bn_mod_exp */ + NULL, NULL, /* init */ NULL, /* finish */ 0, /* flags */ @@ -819,8 +973,14 @@ static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { struct crypt_kop kop; - int dhret = 0; - int keylen; + int dhret = 1; + int fd, keylen; + + if ((fd = get_asym_dev_crypto()) < 0) { + const DH_METHOD *meth = DH_OpenSSL(); + + return ((meth->compute_key)(key, pub_key, dh)); + } keylen = BN_num_bits(dh->p); @@ -840,7 +1000,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; - if (ioctl(cryptodev_fd, CIOCKEY, &kop) == -1) { + if (ioctl(fd, CIOCKEY, &kop) == -1) { const DH_METHOD *meth = DH_OpenSSL(); dhret = (meth->compute_key)(key, pub_key, dh); @@ -854,8 +1014,8 @@ err: static DH_METHOD cryptodev_dh = { "cryptodev DH method", NULL, /* cryptodev_dh_generate_key */ - cryptodev_dh_compute_key, - cryptodev_mod_exp_dh, + NULL, + NULL, NULL, NULL, 0, /* flags */ @@ -869,12 +1029,18 @@ static DH_METHOD cryptodev_dh = { static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) { +#ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; +#endif switch (cmd) { default: +#ifdef HAVE_SYSLOG_R syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); +#else + syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +#endif break; } return (1); @@ -884,14 +1050,24 @@ void ENGINE_load_cryptodev(void) { ENGINE *engine = ENGINE_new(); - const RSA_METHOD *rsa_meth; - const DH_METHOD *dh_meth; + int fd; if (engine == NULL) return; + if ((fd = get_dev_crypto()) < 0) + return; + + /* + * find out what asymmetric crypto algorithms we support + */ + if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { + close(fd); + return; + } + close(fd); if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || + !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || @@ -900,27 +1076,57 @@ ENGINE_load_cryptodev(void) return; } - if ((cryptodev_symfeat & CRSFEAT_RSA) && - ENGINE_set_RSA(engine, &cryptodev_rsa)) { - rsa_meth = RSA_PKCS1_SSLeay(); + if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { + const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); + + cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; + cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; - cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_dec; + cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; + if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_mod_exp; + else + cryptodev_rsa.rsa_mod_exp = + cryptodev_rsa_nocrt_mod_exp; + } } - if ((cryptodev_symfeat & CRSFEAT_DSA) && - ENGINE_set_DSA(engine, &cryptodev_dsa)) { + if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { + const DSA_METHOD *meth = DSA_OpenSSL(); + + memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); + if (cryptodev_asymfeat & CRF_DSA_SIGN) + cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; + cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; + } + if (cryptodev_asymfeat & CRF_DSA_VERIFY) + cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; } - if ((cryptodev_symfeat & CRSFEAT_DH) && - ENGINE_set_DH(engine, &cryptodev_dh)) { - dh_meth = DH_OpenSSL(); + if (ENGINE_set_DH(engine, &cryptodev_dh)){ + const DH_METHOD *dh_meth = DH_OpenSSL(); + cryptodev_dh.generate_key = dh_meth->generate_key; cryptodev_dh.compute_key = dh_meth->compute_key; + cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; + if (cryptodev_asymfeat & CRF_MOD_EXP) { + cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; + if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) + cryptodev_dh.compute_key = + cryptodev_dh_compute_key; + } } ENGINE_add(engine); ENGINE_free(engine); ERR_clear_error(); } + +#endif /* HAVE_CRYPTODEV */ diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c index f5c897bdbb..f128ee5a68 100644 --- a/src/lib/libcrypto/engine/hw_cswift.c +++ b/src/lib/libcrypto/engine/hw_cswift.c @@ -121,6 +121,10 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); #endif +/* RAND stuff */ +static int cswift_rand_bytes(unsigned char *buf, int num); +static int cswift_rand_status(void); + /* The definitions for control commands specific to this engine */ #define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { @@ -183,6 +187,18 @@ static DH_METHOD cswift_dh = }; #endif +static RAND_METHOD cswift_random = + { + /* "CryptoSwift RAND method", */ + NULL, + cswift_rand_bytes, + NULL, + NULL, + cswift_rand_bytes, + cswift_rand_status, + }; + + /* Constants used when creating the ENGINE */ static const char *engine_cswift_id = "cswift"; static const char *engine_cswift_name = "CryptoSwift hardware engine support"; @@ -208,6 +224,7 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &cswift_dh) || #endif + !ENGINE_set_RAND(e, &cswift_random) || !ENGINE_set_destroy_function(e, cswift_destroy) || !ENGINE_set_init_function(e, cswift_init) || !ENGINE_set_finish_function(e, cswift_finish) || @@ -242,6 +259,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_cswift(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +282,7 @@ void ENGINE_load_cswift(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the CryptoSwift library. NB: This is only set (or unset) during an @@ -905,6 +924,60 @@ static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, } #endif +/* Random bytes are good */ +static int cswift_rand_bytes(unsigned char *buf, int num) +{ + SW_CONTEXT_HANDLE hac; + SW_STATUS swrc; + SW_LARGENUMBER largenum; + size_t nbytes = 0; + int acquired = 0; + int to_return = 0; /* assume failure */ + + if (!get_context(&hac)) + { + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE); + goto err; + } + acquired = 1; + + while (nbytes < (size_t)num) + { + /* tell CryptoSwift how many bytes we want and where we want it. + * Note: - CryptoSwift cannot do more than 4096 bytes at a time. + * - CryptoSwift can only do multiple of 32-bits. */ + largenum.value = (SW_BYTE *) buf + nbytes; + if (4096 > num - nbytes) + largenum.nbytes = num - nbytes; + else + largenum.nbytes = 4096; + + swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1); + if (swrc != SW_OK) + { + char tmpbuf[20]; + CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED); + sprintf(tmpbuf, "%ld", swrc); + ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf); + goto err; + } + + nbytes += largenum.nbytes; + } + to_return = 1; /* success */ + +err: + if (acquired) + release_context(hac); + return to_return; +} + +static int cswift_rand_status(void) +{ + return 1; +} + + /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORT diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c index a43d4360f2..0d1c6b8df0 100644 --- a/src/lib/libcrypto/engine/hw_ncipher.c +++ b/src/lib/libcrypto/engine/hw_ncipher.c @@ -91,11 +91,19 @@ static int hwcrhk_init(ENGINE *e); static int hwcrhk_finish(ENGINE *e); static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -/* Functions to handle mutexes */ +/* Functions to handle mutexes if have dynamic locks */ static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ +/* Functions to handle mutexes if only have static locks */ +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c); +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m); +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m); +#endif /* BIGNUM stuff */ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -373,6 +381,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ncipher(void) { ENGINE *ret = ENGINE_new(); @@ -395,6 +404,7 @@ void ENGINE_load_chil(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the HWCryptoHook library. NB: This is only set (or unset) during an @@ -558,15 +568,31 @@ static int hwcrhk_init(ENGINE *e) /* Check if the application decided to support dynamic locks, and if it does, use them. */ - if (disable_mutex_callbacks == 0 && - CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) + if (disable_mutex_callbacks == 0) { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + if (CRYPTO_get_dynlock_create_callback() != NULL && + CRYPTO_get_dynlock_lock_callback() != NULL && + CRYPTO_get_dynlock_destroy_callback() != NULL) + { + hwcrhk_globals.mutex_init = hwcrhk_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; + } + else if (CRYPTO_get_locking_callback() != NULL) + { + HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING); + ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()"); +#if 1 /* This is a HACK which will disappear in 0.9.8 */ + hwcrhk_globals.maxmutexes = 1; /* Only have one lock */ + hwcrhk_globals.mutex_init = hwcrhk_static_mutex_init; + hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock; + hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock; + hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy; +#else + goto err; +#endif + } } /* Try and get a context - if not, we may have a DSO but no @@ -1020,7 +1046,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) /* Perform the operation */ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, NULL); + m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); @@ -1171,6 +1197,26 @@ static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) CRYPTO_destroy_dynlockid(mt->lockid); } +/* Mutex upcalls to use if the application does not support dynamic locks */ + +static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m, + HWCryptoHook_CallerContext *c) + { + return 0; + } +static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK); + return 0; + } +static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m) + { + CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK); + } +static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m) + { + } + static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, @@ -1318,7 +1364,7 @@ static void hwcrhk_log_message(void *logstr, const char *message) lstream=*(BIO **)logstr; if (lstream) { - BIO_write(lstream, message, strlen(message)); + BIO_printf(lstream, "%s\n", message); } CRYPTO_w_unlock(CRYPTO_LOCK_BIO); } diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c index 24024cfc6f..5bc94581b7 100644 --- a/src/lib/libcrypto/engine/hw_ncipher_err.c +++ b/src/lib/libcrypto/engine/hw_ncipher_err.c @@ -1,6 +1,6 @@ /* hw_ncipher_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA HWCRHK_str_reasons[]= {HWCRHK_R_CHIL_ERROR ,"chil error"}, {HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, {HWCRHK_R_DSO_FAILURE ,"dso failure"}, +{HWCRHK_R_DYNAMIC_LOCKING_MISSING ,"dynamic locking missing"}, {HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, {HWCRHK_R_NOT_INITIALISED ,"not initialised"}, {HWCRHK_R_NOT_LOADED ,"not loaded"}, diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h index 4d65b1d470..d232d02319 100644 --- a/src/lib/libcrypto/engine/hw_ncipher_err.h +++ b/src/lib/libcrypto/engine/hw_ncipher_err.h @@ -84,6 +84,7 @@ static void ERR_HWCRHK_error(int function, int reason, char *file, int line); #define HWCRHK_R_CHIL_ERROR 102 #define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 #define HWCRHK_R_DSO_FAILURE 104 +#define HWCRHK_R_DYNAMIC_LOCKING_MISSING 114 #define HWCRHK_R_MISSING_KEY_COMPONENTS 105 #define HWCRHK_R_NOT_INITIALISED 106 #define HWCRHK_R_NOT_LOADED 107 diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c index 130b6d8b40..fb9188bfe5 100644 --- a/src/lib/libcrypto/engine/hw_nuron.c +++ b/src/lib/libcrypto/engine/hw_nuron.c @@ -374,6 +374,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_nuron(void) { ENGINE *ret = ENGINE_new(); @@ -396,6 +397,7 @@ void ENGINE_load_nuron(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c new file mode 100644 index 0000000000..fca467e690 --- /dev/null +++ b/src/lib/libcrypto/engine/hw_sureware.c @@ -0,0 +1,1039 @@ +/* Written by Corinne Dive-Reclus(cdive@baltimore.com) +* +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions +* are met: +* +* 1. Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* +* 2. Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in +* the documentation and/or other materials provided with the +* distribution. +* +* 3. All advertising materials mentioning features or use of this +* software must display the following acknowledgment: +* "This product includes software developed by the OpenSSL Project +* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +* +* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +* endorse or promote products derived from this software without +* prior written permission. For written permission, please contact +* licensing@OpenSSL.org. +* +* 5. Products derived from this software may not be called "OpenSSL" +* nor may "OpenSSL" appear in their names without prior written +* permission of the OpenSSL Project. +* +* 6. Redistributions of any form whatsoever must retain the following +* acknowledgment: +* "This product includes software developed by the OpenSSL Project +* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +* +* Written by Corinne Dive-Reclus(cdive@baltimore.com) +* +* Copyright@2001 Baltimore Technologies Ltd. +* All right Reserved. +* * +* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +====================================================================*/ + +#include +#include "cryptlib.h" +#include +#include +#include +#include "eng_int.h" +#include "engine.h" +#include + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_SUREWARE + +#ifdef FLAT_INC +#include "sureware.h" +#else +#include "vendor_defns/sureware.h" +#endif + +#define SUREWARE_LIB_NAME "sureware engine" +#include "hw_sureware_err.c" + +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int surewarehk_destroy(ENGINE *e); +static int surewarehk_init(ENGINE *e); +static int surewarehk_finish(ENGINE *e); +static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + +/* RSA stuff */ +static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, + RSA *rsa,int padding); +static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + +/* RAND stuff */ +static int surewarehk_rand_bytes(unsigned char *buf, int num); +static void surewarehk_rand_seed(const void *buf, int num); +static void surewarehk_rand_add(const void *buf, int num, double entropy); + +/* KM stuff */ +static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, + int idx,long argl, void *argp); +#if 0 +static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, + int idx,long argl, void *argp); +#endif + +#ifndef OPENSSL_NO_RSA +/* This function is aliased to mod_exp (with the mont stuff dropped). */ +static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return surewarehk_modexp(r, a, p, m, ctx); +} + +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD surewarehk_rsa = + { + "SureWare RSA method", + NULL, /* pub_enc*/ + NULL, /* pub_dec*/ + surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/ + surewarehk_rsa_priv_dec, /* priv_dec*/ + NULL, /*mod_exp*/ + surewarehk_mod_exp_mont, /*mod_exp_mongomery*/ + NULL, /* init*/ + NULL, /* finish*/ + 0, /* RSA flag*/ + NULL, + NULL, /* OpenSSL sign*/ + NULL /* OpenSSL verify*/ + }; +#endif + +#ifndef OPENSSL_NO_DH +/* Our internal DH_METHOD that we provide pointers to */ +/* This function is aliased to mod_exp (with the dh and mont dropped). */ +static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return surewarehk_modexp(r, a, p, m, ctx); +} + +static DH_METHOD surewarehk_dh = + { + "SureWare DH method", + NULL,/*gen_key*/ + NULL,/*agree,*/ + surewarehk_modexp_dh, /*dh mod exp*/ + NULL, /* init*/ + NULL, /* finish*/ + 0, /* flags*/ + NULL + }; +#endif + +static RAND_METHOD surewarehk_rand = + { + /* "SureWare RAND method", */ + surewarehk_rand_seed, + surewarehk_rand_bytes, + NULL,/*cleanup*/ + surewarehk_rand_add, + surewarehk_rand_bytes, + NULL,/*rand_status*/ + }; + +#ifndef OPENSSL_NO_DSA +/* DSA stuff */ +static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, + BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont) +{ + BIGNUM t; + int to_return = 0; + BN_init(&t); + /* let rr = a1 ^ p1 mod m */ + if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end; + /* let t = a2 ^ p2 mod m */ + if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end; + /* let rr = rr * t mod m */ + if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; + to_return = 1; +end: + BN_free(&t); + return to_return; +} + +static DSA_METHOD surewarehk_dsa = + { + "SureWare DSA method", + surewarehk_dsa_do_sign, + NULL,/*sign setup*/ + NULL,/*verify,*/ + surewarehk_dsa_mod_exp,/*mod exp*/ + NULL,/*bn mod exp*/ + NULL, /*init*/ + NULL,/*finish*/ + 0, + NULL, + }; +#endif + +static const char *engine_sureware_id = "sureware"; +static const char *engine_sureware_name = "SureWare hardware engine support"; + +/* Now, to our own code */ + +/* As this is only ever called once, there's no need for locking + * (indeed - the lock will already be held by our caller!!!) */ +static int bind_sureware(ENGINE *e) +{ +#ifndef OPENSSL_NO_RSA + const RSA_METHOD *meth1; +#endif +#ifndef OPENSSL_NO_DSA + const DSA_METHOD *meth2; +#endif +#ifndef OPENSSL_NO_DH + const DH_METHOD *meth3; +#endif + + if(!ENGINE_set_id(e, engine_sureware_id) || + !ENGINE_set_name(e, engine_sureware_name) || +#ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(e, &surewarehk_rsa) || +#endif +#ifndef OPENSSL_NO_DSA + !ENGINE_set_DSA(e, &surewarehk_dsa) || +#endif +#ifndef OPENSSL_NO_DH + !ENGINE_set_DH(e, &surewarehk_dh) || +#endif + !ENGINE_set_RAND(e, &surewarehk_rand) || + !ENGINE_set_destroy_function(e, surewarehk_destroy) || + !ENGINE_set_init_function(e, surewarehk_init) || + !ENGINE_set_finish_function(e, surewarehk_finish) || + !ENGINE_set_ctrl_function(e, surewarehk_ctrl) || + !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || + !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) + return 0; + +#ifndef OPENSSL_NO_RSA + /* We know that the "PKCS1_SSLeay()" functions hook properly + * to the cswift-specific mod_exp and mod_exp_crt so we use + * those functions. NB: We don't use ENGINE_openssl() or + * anything "more generic" because something like the RSAref + * code may not hook properly, and if you own one of these + * cards then you have the right to do RSA operations on it + * anyway! */ + meth1 = RSA_PKCS1_SSLeay(); + if (meth1) + { + surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; + surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; + } +#endif + +#ifndef OPENSSL_NO_DSA + /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish + * bits. */ + meth2 = DSA_OpenSSL(); + if (meth2) + { + surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; + } +#endif + +#ifndef OPENSSL_NO_DH + /* Much the same for Diffie-Hellman */ + meth3 = DH_OpenSSL(); + if (meth3) + { + surewarehk_dh.generate_key = meth3->generate_key; + surewarehk_dh.compute_key = meth3->compute_key; + } +#endif + + /* Ensure the sureware error handling is set up */ + ERR_load_SUREWARE_strings(); + return 1; +} + +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_helper(ENGINE *e, const char *id) + { + if(id && (strcmp(id, engine_sureware_id) != 0)) + return 0; + if(!bind_sureware(e)) + return 0; + return 1; + } +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +#else +static ENGINE *engine_sureware(void) + { + ENGINE *ret = ENGINE_new(); + if(!ret) + return NULL; + if(!bind_sureware(ret)) + { + ENGINE_free(ret); + return NULL; + } + return ret; + } + +void ENGINE_load_sureware(void) + { + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_sureware(); + if(!toadd) return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); + } +#endif + +/* This is a process-global DSO handle used for loading and unloading + * the SureWareHook library. NB: This is only set (or unset) during an + * init() or finish() call (reference counts permitting) and they're + * operating with global locks, so this should be thread-safe + * implicitly. */ +static DSO *surewarehk_dso = NULL; +#ifndef OPENSSL_NO_RSA +static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +#endif +#ifndef OPENSSL_NO_DSA +static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */ +#endif + +/* These are the function pointers that are (un)set when the library has + * successfully (un)loaded. */ +static SureWareHook_Init_t *p_surewarehk_Init = NULL; +static SureWareHook_Finish_t *p_surewarehk_Finish = NULL; +static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL; +static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL; +static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL; +static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL; +static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL; +static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL; +static SureWareHook_Free_t *p_surewarehk_Free=NULL; +static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL; +static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL; +static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL; +static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL; + +/* Used in the DSO operations. */ +static const char *surewarehk_LIBNAME = "SureWareHook"; +static const char *n_surewarehk_Init = "SureWareHook_Init"; +static const char *n_surewarehk_Finish = "SureWareHook_Finish"; +static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes"; +static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed"; +static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey"; +static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey"; +static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey"; +static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey"; +static const char *n_surewarehk_Free="SureWareHook_Free"; +static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec"; +static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign"; +static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign"; +static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp"; +static BIO *logstream = NULL; + +/* SureWareHook library functions and mechanics - these are used by the + * higher-level functions further down. NB: As and where there's no + * error checking, take a look lower down where these functions are + * called, the checking and error handling is probably down there. +*/ +static int threadsafe=1; +static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +{ + int to_return = 1; + + switch(cmd) + { + case ENGINE_CTRL_SET_LOGSTREAM: + { + BIO *bio = (BIO *)p; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if (logstream) + { + BIO_free(logstream); + logstream = NULL; + } + if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) + logstream = bio; + else + SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED); + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + break; + /* This will prevent the initialisation function from "installing" + * the mutex-handling callbacks, even if they are available from + * within the library (or were provided to the library from the + * calling application). This is to remove any baggage for + * applications not using multithreading. */ + case ENGINE_CTRL_CHIL_NO_LOCKING: + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + threadsafe = 0; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + break; + + /* The command isn't understood by this engine */ + default: + SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL, + ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); + to_return = 0; + break; + } + + return to_return; +} + +/* Destructor (complements the "ENGINE_surewarehk()" constructor) */ +static int surewarehk_destroy(ENGINE *e) +{ + ERR_unload_SUREWARE_strings(); + return 1; +} + +/* (de)initialisation functions. */ +static int surewarehk_init(ENGINE *e) +{ + char msg[64]="ENGINE_init"; + SureWareHook_Init_t *p1=NULL; + SureWareHook_Finish_t *p2=NULL; + SureWareHook_Rand_Bytes_t *p3=NULL; + SureWareHook_Rand_Seed_t *p4=NULL; + SureWareHook_Load_Privkey_t *p5=NULL; + SureWareHook_Load_Rsa_Pubkey_t *p6=NULL; + SureWareHook_Free_t *p7=NULL; + SureWareHook_Rsa_Priv_Dec_t *p8=NULL; + SureWareHook_Rsa_Sign_t *p9=NULL; + SureWareHook_Dsa_Sign_t *p12=NULL; + SureWareHook_Info_Pubkey_t *p13=NULL; + SureWareHook_Load_Dsa_Pubkey_t *p14=NULL; + SureWareHook_Mod_Exp_t *p15=NULL; + + if(surewarehk_dso != NULL) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED); + goto err; + } + /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */ + surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0); + if(surewarehk_dso == NULL) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE); + goto err; + } + if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) || + !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) || + !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) || + !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) || + !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) || + !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) || + !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) || + !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) || + !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) || + !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) || + !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) || + !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) || + !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp))) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE); + goto err; + } + /* Copy the pointers */ + p_surewarehk_Init = p1; + p_surewarehk_Finish = p2; + p_surewarehk_Rand_Bytes = p3; + p_surewarehk_Rand_Seed = p4; + p_surewarehk_Load_Privkey = p5; + p_surewarehk_Load_Rsa_Pubkey = p6; + p_surewarehk_Free = p7; + p_surewarehk_Rsa_Priv_Dec = p8; + p_surewarehk_Rsa_Sign = p9; + p_surewarehk_Dsa_Sign = p12; + p_surewarehk_Info_Pubkey = p13; + p_surewarehk_Load_Dsa_Pubkey = p14; + p_surewarehk_Mod_Exp = p15; + /* Contact the hardware and initialises it. */ + if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE); + goto err; + } + if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE); + goto err; + } + /* try to load the default private key, if failed does not return a failure but + wait for an explicit ENGINE_load_privakey */ + surewarehk_load_privkey(e,NULL,NULL,NULL); + + /* Everything's fine. */ +#ifndef OPENSSL_NO_RSA + if (rsaHndidx == -1) + rsaHndidx = RSA_get_ex_new_index(0, + "SureWareHook RSA key handle", + NULL, NULL, surewarehk_ex_free); +#endif +#ifndef OPENSSL_NO_DSA + if (dsaHndidx == -1) + dsaHndidx = DSA_get_ex_new_index(0, + "SureWareHook DSA key handle", + NULL, NULL, surewarehk_ex_free); +#endif + + return 1; +err: + if(surewarehk_dso) + DSO_free(surewarehk_dso); + surewarehk_dso = NULL; + p_surewarehk_Init = NULL; + p_surewarehk_Finish = NULL; + p_surewarehk_Rand_Bytes = NULL; + p_surewarehk_Rand_Seed = NULL; + p_surewarehk_Load_Privkey = NULL; + p_surewarehk_Load_Rsa_Pubkey = NULL; + p_surewarehk_Free = NULL; + p_surewarehk_Rsa_Priv_Dec = NULL; + p_surewarehk_Rsa_Sign = NULL; + p_surewarehk_Dsa_Sign = NULL; + p_surewarehk_Info_Pubkey = NULL; + p_surewarehk_Load_Dsa_Pubkey = NULL; + p_surewarehk_Mod_Exp = NULL; + return 0; +} + +static int surewarehk_finish(ENGINE *e) +{ + int to_return = 1; + if(surewarehk_dso == NULL) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED); + to_return = 0; + goto err; + } + p_surewarehk_Finish(); + if(!DSO_free(surewarehk_dso)) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE); + to_return = 0; + goto err; + } + err: + if (logstream) + BIO_free(logstream); + surewarehk_dso = NULL; + p_surewarehk_Init = NULL; + p_surewarehk_Finish = NULL; + p_surewarehk_Rand_Bytes = NULL; + p_surewarehk_Rand_Seed = NULL; + p_surewarehk_Load_Privkey = NULL; + p_surewarehk_Load_Rsa_Pubkey = NULL; + p_surewarehk_Free = NULL; + p_surewarehk_Rsa_Priv_Dec = NULL; + p_surewarehk_Rsa_Sign = NULL; + p_surewarehk_Dsa_Sign = NULL; + p_surewarehk_Info_Pubkey = NULL; + p_surewarehk_Load_Dsa_Pubkey = NULL; + p_surewarehk_Mod_Exp = NULL; + return to_return; +} + +static void surewarehk_error_handling(char *const msg,int func,int ret) +{ + switch (ret) + { + case SUREWAREHOOK_ERROR_UNIT_FAILURE: + ENGINEerr(func,SUREWARE_R_UNIT_FAILURE); + break; + case SUREWAREHOOK_ERROR_FALLBACK: + ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK); + break; + case SUREWAREHOOK_ERROR_DATA_SIZE: + ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL); + break; + case SUREWAREHOOK_ERROR_INVALID_PAD: + ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED); + break; + default: + ENGINEerr(func,SUREWARE_R_REQUEST_FAILED); + break; + case 1:/*nothing*/ + msg[0]='\0'; + } + if (*msg) + { + ERR_add_error_data(1,msg); + if (logstream) + { + CRYPTO_w_lock(CRYPTO_LOCK_BIO); + BIO_write(logstream, msg, strlen(msg)); + CRYPTO_w_unlock(CRYPTO_LOCK_BIO); + } + } +} + +static int surewarehk_rand_bytes(unsigned char *buf, int num) +{ + int ret=0; + char msg[64]="ENGINE_rand_bytes"; + if(!p_surewarehk_Rand_Bytes) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED); + } + else + { + ret = p_surewarehk_Rand_Bytes(msg,buf, num); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret); + } + return ret==1 ? 1 : 0; +} + +static void surewarehk_rand_seed(const void *buf, int num) +{ + int ret=0; + char msg[64]="ENGINE_rand_seed"; + if(!p_surewarehk_Rand_Seed) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED); + } + else + { + ret = p_surewarehk_Rand_Seed(msg,buf, num); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret); + } +} + +static void surewarehk_rand_add(const void *buf, int num, double entropy) +{ + surewarehk_rand_seed(buf,num); +} + +static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype) +{ + EVP_PKEY *res = NULL; +#ifndef OPENSSL_NO_RSA + RSA *rsatmp = NULL; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsatmp=NULL; +#endif + char msg[64]="sureware_load_public"; + int ret=0; + if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED); + goto err; + } + switch (keytype) + { +#ifndef OPENSSL_NO_RSA + case 1: /*RSA*/ + /* set private external reference */ + rsatmp = RSA_new_method(e); + RSA_set_ex_data(rsatmp,rsaHndidx,hptr); + rsatmp->flags |= RSA_FLAG_EXT_PKEY; + + /* set public big nums*/ + rsatmp->e = BN_new(); + rsatmp->n = BN_new(); + bn_expand2(rsatmp->e, el/sizeof(BN_ULONG)); + bn_expand2(rsatmp->n, el/sizeof(BN_ULONG)); + if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| + !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG))) + goto err; + ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el, + (unsigned long *)rsatmp->n->d, + (unsigned long *)rsatmp->e->d); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret); + if (ret!=1) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + goto err; + } + /* normalise pub e and pub n */ + rsatmp->e->top=el/sizeof(BN_ULONG); + bn_fix_top(rsatmp->e); + rsatmp->n->top=el/sizeof(BN_ULONG); + bn_fix_top(rsatmp->n); + /* create an EVP object: engine + rsa key */ + res = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(res, rsatmp); + break; +#endif + +#ifndef OPENSSL_NO_DSA + case 2:/*DSA*/ + /* set private/public external reference */ + dsatmp = DSA_new_method(e); + DSA_set_ex_data(dsatmp,dsaHndidx,hptr); + /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/ + + /* set public key*/ + dsatmp->pub_key = BN_new(); + dsatmp->p = BN_new(); + dsatmp->q = BN_new(); + dsatmp->g = BN_new(); + bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG)); + bn_expand2(dsatmp->p, el/sizeof(BN_ULONG)); + bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG)); + bn_expand2(dsatmp->g, el/sizeof(BN_ULONG)); + if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| + !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) || + !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) || + !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG))) + goto err; + + ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el, + (unsigned long *)dsatmp->pub_key->d, + (unsigned long *)dsatmp->p->d, + (unsigned long *)dsatmp->q->d, + (unsigned long *)dsatmp->g->d); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret); + if (ret!=1) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + goto err; + } + /* set parameters */ + /* normalise pubkey and parameters in case of */ + dsatmp->pub_key->top=el/sizeof(BN_ULONG); + bn_fix_top(dsatmp->pub_key); + dsatmp->p->top=el/sizeof(BN_ULONG); + bn_fix_top(dsatmp->p); + dsatmp->q->top=20/sizeof(BN_ULONG); + bn_fix_top(dsatmp->q); + dsatmp->g->top=el/sizeof(BN_ULONG); + bn_fix_top(dsatmp->g); + + /* create an EVP object: engine + rsa key */ + res = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(res, dsatmp); + break; +#endif + + default: + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY); + goto err; + } + return res; + err: + if (res) + EVP_PKEY_free(res); +#ifndef OPENSSL_NO_RSA + if (rsatmp) + RSA_free(rsatmp); +#endif +#ifndef OPENSSL_NO_DSA + if (dsatmp) + DSA_free(dsatmp); +#endif + return NULL; +} + +static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + EVP_PKEY *res = NULL; + int ret=0; + unsigned long el=0; + char *hptr=NULL; + char keytype=0; + char msg[64]="ENGINE_load_privkey"; + + if(!p_surewarehk_Load_Privkey) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED); + } + else + { + ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype); + if (ret!=1) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY); + ERR_add_error_data(1,msg); + } + else + res=sureware_load_public(e,key_id,hptr,el,keytype); + } + return res; +} + +static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, + UI_METHOD *ui_method, void *callback_data) +{ + EVP_PKEY *res = NULL; + int ret=0; + unsigned long el=0; + char *hptr=NULL; + char keytype=0; + char msg[64]="ENGINE_load_pubkey"; + + if(!p_surewarehk_Info_Pubkey) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED); + } + else + { + /* call once to identify if DSA or RSA */ + ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype); + if (ret!=1) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + ERR_add_error_data(1,msg); + } + else + res=sureware_load_public(e,key_id,hptr,el,keytype); + } + return res; +} + +/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware) +, called when ex_data is freed */ +static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, + int idx,long argl, void *argp) +{ + if(!p_surewarehk_Free) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED); + } + else + p_surewarehk_Free((char *)item,0); +} + +#if 0 +/* This cleans up an DH KM key (destroys the key into hardware), +called when ex_data is freed */ +static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, + int idx,long argl, void *argp) +{ + if(!p_surewarehk_Free) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED); + } + else + p_surewarehk_Free((char *)item,1); +} +#endif + +/* +* return number of decrypted bytes +*/ +#ifndef OPENSSL_NO_RSA +static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, + RSA *rsa,int padding) +{ + int ret=0,tlen; + char *buf=NULL,*hptr=NULL; + char msg[64]="ENGINE_rsa_priv_dec"; + if (!p_surewarehk_Rsa_Priv_Dec) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED); + } + /* extract ref to private key */ + else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx))) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS); + goto err; + } + /* analyse what padding we can do into the hardware */ + if (padding==RSA_PKCS1_PADDING) + { + /* do it one shot */ + ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret); + if (ret!=1) + goto err; + ret=tlen; + } + else /* do with no padding into hardware */ + { + ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret); + if (ret!=1) + goto err; + /* intermediate buffer for padding */ + if ((buf=OPENSSL_malloc(tlen)) == NULL) + { + RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(buf,to,tlen);/* transfert to into buf */ + switch (padding) /* check padding in software */ + { +#ifndef OPENSSL_NO_SHA + case RSA_PKCS1_OAEP_PADDING: + ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0); + break; +#endif + case RSA_SSLV23_PADDING: + ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen); + break; + case RSA_NO_PADDING: + ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen); + break; + default: + RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (ret < 0) + RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED); + } +err: + if (buf) + { + OPENSSL_cleanse(buf,tlen); + OPENSSL_free(buf); + } + return ret; +} + +/* +* Does what OpenSSL rsa_priv_enc does. +*/ +static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to, + RSA *rsa,int padding) +{ + int ret=0,tlen; + char *hptr=NULL; + char msg[64]="ENGINE_rsa_sign"; + if (!p_surewarehk_Rsa_Sign) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED); + } + /* extract ref to private key */ + else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx))) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS); + } + else + { + switch (padding) + { + case RSA_PKCS1_PADDING: /* do it in one shot */ + ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret); + break; + case RSA_NO_PADDING: + default: + RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE); + } + } + return ret==1 ? tlen : ret; +} + +#endif + +#ifndef OPENSSL_NO_DSA +/* DSA sign and verify */ +static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa) +{ + int ret=0; + char *hptr=NULL; + DSA_SIG *psign=NULL; + char msg[64]="ENGINE_dsa_do_sign"; + if (!p_surewarehk_Dsa_Sign) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED); + } + /* extract ref to private key */ + else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx))) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS); + } + else + { + if((psign = DSA_SIG_new()) == NULL) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE); + goto err; + } + psign->r=BN_new(); + psign->s=BN_new(); + bn_expand2(psign->r, 20/sizeof(BN_ULONG)); + bn_expand2(psign->s, 20/sizeof(BN_ULONG)); + if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) || + !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG)) + goto err; + ret=p_surewarehk_Dsa_Sign(msg,flen,from, + (unsigned long *)psign->r->d, + (unsigned long *)psign->s->d, + hptr); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret); + } + psign->r->top=20/sizeof(BN_ULONG); + bn_fix_top(psign->r); + psign->s->top=20/sizeof(BN_ULONG); + bn_fix_top(psign->s); + +err: + if (psign) + { + DSA_SIG_free(psign); + psign=NULL; + } + return psign; +} +#endif + +static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) +{ + int ret=0; + char msg[64]="ENGINE_modexp"; + if (!p_surewarehk_Mod_Exp) + { + SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED); + } + else + { + bn_expand2(r,m->top); + if (r && r->dmax==m->top) + { + /* do it*/ + ret=p_surewarehk_Mod_Exp(msg, + m->top*sizeof(BN_ULONG), + (unsigned long *)m->d, + p->top*sizeof(BN_ULONG), + (unsigned long *)p->d, + a->top*sizeof(BN_ULONG), + (unsigned long *)a->d, + (unsigned long *)r->d); + surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret); + if (ret==1) + { + /* normalise result */ + r->top=m->top; + bn_fix_top(r); + } + } + } + return ret; +} +#endif /* !OPENSSL_NO_HW_SureWare */ +#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c index ed8401ec16..6286dd851c 100644 --- a/src/lib/libcrypto/engine/hw_ubsec.c +++ b/src/lib/libcrypto/engine/hw_ubsec.c @@ -242,6 +242,7 @@ static int bind_helper(ENGINE *e) return 1; } +#ifndef ENGINE_DYNAMIC_SUPPORT static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); @@ -264,6 +265,7 @@ void ENGINE_load_ubsec(void) ENGINE_free(toadd); ERR_clear_error(); } +#endif /* This is a process-global DSO handle used for loading and unloading * the UBSEC library. NB: This is only set (or unset) during an diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h new file mode 100644 index 0000000000..b6619d40f2 --- /dev/null +++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h @@ -0,0 +1,100 @@ +/****************************************************************************** + * + * Copyright 2000 + * Broadcom Corporation + * 16215 Alton Parkway + * PO Box 57013 + * Irvine CA 92619-7013 + * + *****************************************************************************/ +/* + * Broadcom Corporation uBSec SDK + */ +/* + * Character device header file. + */ +/* + * Revision History: + * + * October 2000 JTT Created. + */ + +#define MAX_PUBLIC_KEY_BITS (1024) +#define MAX_PUBLIC_KEY_BYTES (1024/8) +#define SHA_BIT_SIZE (160) +#define MAX_CRYPTO_KEY_LENGTH 24 +#define MAX_MAC_KEY_LENGTH 64 +#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt") +#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey") + +/* Math command types. */ +#define UBSEC_MATH_MODADD 0x0001 +#define UBSEC_MATH_MODSUB 0x0002 +#define UBSEC_MATH_MODMUL 0x0004 +#define UBSEC_MATH_MODEXP 0x0008 +#define UBSEC_MATH_MODREM 0x0010 +#define UBSEC_MATH_MODINV 0x0020 + +typedef long ubsec_MathCommand_t; +typedef long ubsec_RNGCommand_t; + +typedef struct ubsec_crypto_context_s { + unsigned int flags; + unsigned char crypto[MAX_CRYPTO_KEY_LENGTH]; + unsigned char auth[MAX_MAC_KEY_LENGTH]; +} ubsec_crypto_context_t, *ubsec_crypto_context_p; + +/* + * Predeclare the function pointer types that we dynamically load from the DSO. + */ + +typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes); + +typedef int t_UBSEC_ubsec_bits_to_bytes(int bits); + +typedef int t_UBSEC_ubsec_open(unsigned char *device); + +typedef int t_UBSEC_ubsec_close(int fd); + +typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd, + unsigned char *x, int *x_len, unsigned char *y, int *y_len, + unsigned char *g, int g_len, unsigned char *m, int m_len, + unsigned char *userX, int userX_len, int random_bits); + +typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd, + unsigned char *x, int x_len, unsigned char *y, int y_len, + unsigned char *m, int m_len, unsigned char *k, int *k_len); + +typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd, + unsigned char *x, int x_len, unsigned char *m, int m_len, + unsigned char *e, int e_len, unsigned char *y, int *y_len); + +typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd, + unsigned char *x, int x_len, unsigned char *qinv, int qinv_len, + unsigned char *edq, int edq_len, unsigned char *q, int q_len, + unsigned char *edp, int edp_len, unsigned char *p, int p_len, + unsigned char *y, int *y_len); + +typedef int t_UBSEC_dsa_sign_ioctl (int fd, + int hash, unsigned char *data, int data_len, + unsigned char *rndom, int random_len, + unsigned char *p, int p_len, unsigned char *q, int q_len, + unsigned char *g, int g_len, unsigned char *key, int key_len, + unsigned char *r, int *r_len, unsigned char *s, int *s_len); + +typedef int t_UBSEC_dsa_verify_ioctl (int fd, + int hash, unsigned char *data, int data_len, + unsigned char *p, int p_len, unsigned char *q, int q_len, + unsigned char *g, int g_len, unsigned char *key, int key_len, + unsigned char *r, int r_len, unsigned char *s, int s_len, + unsigned char *v, int *v_len); + +typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command, + unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len, + unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len, + unsigned char *Result, int *Result_len); + +typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command, + unsigned char *Result, int *Result_len); + +typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len); diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h new file mode 100644 index 0000000000..aaa4d4575e --- /dev/null +++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h @@ -0,0 +1,486 @@ +/* + * ModExp / RSA (with/without KM) plugin API + * + * The application will load a dynamic library which + * exports entrypoint(s) defined in this file. + * + * This set of entrypoints provides only a multithreaded, + * synchronous-within-each-thread, facility. + * + * + * This file is Copyright 1998-2000 nCipher Corporation Limited. + * + * Redistribution and use in source and binary forms, with opr without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the copyright notice, + * this list of conditions, and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions, and the following + * disclaimer, in the documentation and/or other materials provided + * with the distribution + * + * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR + * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any + * damages arising directly or indirectly from this file, its use or + * this licence. Without prejudice to the generality of the + * foregoing: all liability shall be excluded for direct, indirect, + * special, incidental, consequential or other damages or any loss of + * profits, business, revenue goodwill or anticipated savings; + * liability shall be excluded even if nCipher or anyone else has been + * advised of the possibility of damage. In any event, if the + * exclusion of liability is not effective, the liability of nCipher + * or any author or distributor shall be limited to the lesser of the + * price paid and 1,000 pounds sterling. This licence only fails to + * exclude or limit liability for death or personal injury arising out + * of negligence, and only to the extent that such an exclusion or + * limitation is not effective. + * + * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL + * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not + * limited to, any implied warranties of merchantability, fitness for + * a particular purpose, satisfactory quality, and/or non-infringement + * of any third party rights. + * + * US Government use: This software and documentation is Commercial + * Computer Software and Computer Software Documentation, as defined in + * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in + * Noncommercial Computer Software and Noncommercial Computer Software + * Documentation." Use, duplication or disclosure by the Government is + * subject to the terms and conditions specified here. + * + * By using or distributing this file you will be accepting these + * terms and conditions, including the limitation of liability and + * lack of warranty. If you do not wish to accept these terms and + * conditions, DO NOT USE THE FILE. + * + * + * The actual dynamically loadable plugin, and the library files for + * static linking, which are also provided in some distributions, are + * not covered by the licence described above. You should have + * received a separate licence with terms and conditions for these + * library files; if you received the library files without a licence, + * please contact nCipher. + * + * + * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $ + */ + +#ifndef HWCRYPTOHOOK_H +#define HWCRYPTOHOOK_H + +#include +#include + +#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES +#define HWCRYPTOHOOK_DECLARE_APPTYPES 1 +#endif + +#define HWCRYPTOHOOK_ERROR_FAILED -1 +#define HWCRYPTOHOOK_ERROR_FALLBACK -2 +#define HWCRYPTOHOOK_ERROR_MPISIZE -3 + +#if HWCRYPTOHOOK_DECLARE_APPTYPES + +/* These structs are defined by the application and opaque to the + * crypto plugin. The application may define these as it sees fit. + * Default declarations are provided here, but the application may + * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0 + * to prevent these declarations, and instead provide its own + * declarations of these types. (Pointers to them must still be + * ordinary pointers to structs or unions, or the resulting combined + * program will have a type inconsistency.) + */ +typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex; +typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar; +typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext; +typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext; + +#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */ + +/* These next two structs are opaque to the application. The crypto + * plugin will return pointers to them; the caller simply manipulates + * the pointers. + */ +typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle; +typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle; + +typedef struct { + char *buf; + size_t size; +} HWCryptoHook_ErrMsgBuf; +/* Used for error reporting. When a HWCryptoHook function fails it + * will return a sentinel value (0 for pointer-valued functions, or a + * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for + * integer-valued ones). It will, if an ErrMsgBuf is passed, also put + * an error message there. + * + * size is the size of the buffer, and will not be modified. If you + * pass 0 for size you must pass 0 for buf, and nothing will be + * recorded (just as if you passed 0 for the struct pointer). + * Messages written to the buffer will always be null-terminated, even + * when truncated to fit within size bytes. + * + * The contents of the buffer are not defined if there is no error. + */ + +typedef struct HWCryptoHook_MPIStruct { + unsigned char *buf; + size_t size; +} HWCryptoHook_MPI; +/* When one of these is returned, a pointer is passed to the function. + * At call, size is the space available. Afterwards it is updated to + * be set to the actual length (which may be more than the space available, + * if there was not enough room and the result was truncated). + * buf (the pointer) is not updated. + * + * size is in bytes and may be zero at call or return, but must be a + * multiple of the limb size. Zero limbs at the MS end are not + * permitted. + */ + +#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL +#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL +/* Enable requesting fallback to software in case of problems with the + * hardware support. This indicates to the crypto provider that the + * application is prepared to fall back to software operation if the + * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK. + * Without this flag those calls will never return + * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto + * provider to avoid repeatedly attempting to contact dead hardware + * within a short interval, if appropriate. + */ + +#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL +/* Without _SimpleForkCheck the library is allowed to assume that the + * application will not fork and call the library in the child(ren). + * + * When it is specified, this is allowed. However, after a fork + * neither parent nor child may unload any loaded keys or call + * _Finish. Instead, they should call exit (or die with a signal) + * without calling _Finish. After all the children have died the + * parent may unload keys or call _Finish. + * + * This flag only has any effect on UN*X platforms. + */ + +typedef struct { + unsigned long flags; + void *logstream; /* usually a FILE*. See below. */ + + size_t limbsize; /* bignum format - size of radix type, must be power of 2 */ + int mslimbfirst; /* 0 or 1 */ + int msbytefirst; /* 0 or 1; -1 = native */ + + /* All the callback functions should return 0 on success, or a + * nonzero integer (whose value will be visible in the error message + * put in the buffer passed to the call). + * + * If a callback is not available pass a null function pointer. + * + * The callbacks may not call down again into the crypto plugin. + */ + + /* For thread-safety. Set everything to 0 if you promise only to be + * singlethreaded. maxsimultaneous is the number of calls to + * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to + * put there then say 0 and the hook library will use a default. + * + * maxmutexes is a small limit on the number of simultaneous mutexes + * which will be requested by the library. If there is no small + * limit, set it to 0. If the crypto plugin cannot create the + * advertised number of mutexes the calls to its functions may fail. + * If a low number of mutexes is advertised the plugin will try to + * do the best it can. Making larger numbers of mutexes available + * may improve performance and parallelism by reducing contention + * over critical sections. Unavailability of any mutexes, implying + * single-threaded operation, should be indicated by the setting + * mutex_init et al to 0. + */ + int maxmutexes; + int maxsimultaneous; + size_t mutexsize; + int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx); + int (*mutex_acquire)(HWCryptoHook_Mutex*); + void (*mutex_release)(HWCryptoHook_Mutex*); + void (*mutex_destroy)(HWCryptoHook_Mutex*); + + /* For greater efficiency, can use condition vars internally for + * synchronisation. In this case maxsimultaneous is ignored, but + * the other mutex stuff must be available. In singlethreaded + * programs, set everything to 0. + */ + size_t condvarsize; + int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx); + int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*); + void (*condvar_signal)(HWCryptoHook_CondVar*); + void (*condvar_broadcast)(HWCryptoHook_CondVar*); + void (*condvar_destroy)(HWCryptoHook_CondVar*); + + /* The semantics of acquiring and releasing mutexes and broadcasting + * and waiting on condition variables are expected to be those from + * POSIX threads (pthreads). The mutexes may be (in pthread-speak) + * fast mutexes, recursive mutexes, or nonrecursive ones. + * + * The _release/_signal/_broadcast and _destroy functions must + * always succeed when given a valid argument; if they are given an + * invalid argument then the program (crypto plugin + application) + * has an internal error, and they should abort the program. + */ + + int (*getpassphrase)(const char *prompt_info, + int *len_io, char *buf, + HWCryptoHook_PassphraseContext *ppctx, + HWCryptoHook_CallerContext *cactx); + /* Passphrases and the prompt_info, if they contain high-bit-set + * characters, are UTF-8. The prompt_info may be a null pointer if + * no prompt information is available (it should not be an empty + * string). It will not contain text like `enter passphrase'; + * instead it might say something like `Operator Card for John + * Smith' or `SmartCard in nFast Module #1, Slot #1'. + * + * buf points to a buffer in which to return the passphrase; on + * entry *len_io is the length of the buffer. It should be updated + * by the callback. The returned passphrase should not be + * null-terminated by the callback. + */ + + int (*getphystoken)(const char *prompt_info, + const char *wrong_info, + HWCryptoHook_PassphraseContext *ppctx, + HWCryptoHook_CallerContext *cactx); + /* Requests that the human user physically insert a different + * smartcard, DataKey, etc. The plugin should check whether the + * currently inserted token(s) are appropriate, and if they are it + * should not make this call. + * + * prompt_info is as before. wrong_info is a description of the + * currently inserted token(s) so that the user is told what + * something is. wrong_info, like prompt_info, may be null, but + * should not be an empty string. Its contents should be + * syntactically similar to that of prompt_info. + */ + + /* Note that a single LoadKey operation might cause several calls to + * getpassphrase and/or requestphystoken. If requestphystoken is + * not provided (ie, a null pointer is passed) then the plugin may + * not support loading keys for which authorisation by several cards + * is required. If getpassphrase is not provided then cards with + * passphrases may not be supported. + * + * getpassphrase and getphystoken do not need to check that the + * passphrase has been entered correctly or the correct token + * inserted; the crypto plugin will do that. If this is not the + * case then the crypto plugin is responsible for calling these + * routines again as appropriate until the correct token(s) and + * passphrase(s) are supplied as required, or until any retry limits + * implemented by the crypto plugin are reached. + * + * In either case, the application must allow the user to say `no' + * or `cancel' to indicate that they do not know the passphrase or + * have the appropriate token; this should cause the callback to + * return nonzero indicating error. + */ + + void (*logmessage)(void *logstream, const char *message); + /* A log message will be generated at least every time something goes + * wrong and an ErrMsgBuf is filled in (or would be if one was + * provided). Other diagnostic information may be written there too, + * including more detailed reasons for errors which are reported in an + * ErrMsgBuf. + * + * When a log message is generated, this callback is called. It + * should write a message to the relevant logging arrangements. + * + * The message string passed will be null-terminated and may be of arbitrary + * length. It will not be prefixed by the time and date, nor by the + * name of the library that is generating it - if this is required, + * the logmessage callback must do it. The message will not have a + * trailing newline (though it may contain internal newlines). + * + * If a null pointer is passed for logmessage a default function is + * used. The default function treats logstream as a FILE* which has + * been converted to a void*. If logstream is 0 it does nothing. + * Otherwise it prepends the date and time and library name and + * writes the message to logstream. Each line will be prefixed by a + * descriptive string containing the date, time and identity of the + * crypto plugin. Errors on the logstream are not reported + * anywhere, and the default function doesn't flush the stream, so + * the application must set the buffering how it wants it. + * + * The crypto plugin may also provide a facility to have copies of + * log messages sent elsewhere, and or for adjusting the verbosity + * of the log messages; any such facilities will be configured by + * external means. + */ + +} HWCryptoHook_InitInfo; + +typedef +HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo, + size_t initinfosize, + const HWCryptoHook_ErrMsgBuf *errors, + HWCryptoHook_CallerContext *cactx); +extern HWCryptoHook_Init_t HWCryptoHook_Init; + +/* Caller should set initinfosize to the size of the HWCryptoHook struct, + * so it can be extended later. + * + * On success, a message for display or logging by the server, + * including the name and version number of the plugin, will be filled + * in into *errors; on failure *errors is used for error handling, as + * usual. + */ + +/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED + * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of + * the output MPI buffer(s) was too small; the sizes of all have been + * set to the desired size (and for those where the buffer was large + * enough, the value may have been copied in), and no error message + * has been recorded. + * + * You may pass 0 for the errors struct. In any case, unless you set + * _NoStderr at init time then messages may be reported to stderr. + */ + +/* The RSAImmed* functions (and key managed RSA) only work with + * modules which have an RSA patent licence - currently that means KM + * units; the ModExp* ones work with all modules, so you need a patent + * licence in the software in the US. They are otherwise identical. + */ + +typedef +void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx); +extern HWCryptoHook_Finish_t HWCryptoHook_Finish; +/* You must not have any calls going or keys loaded when you call this. */ + +typedef +int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx, + unsigned char *buf, size_t len, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes; + +typedef +int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx, + HWCryptoHook_MPI a, + HWCryptoHook_MPI p, + HWCryptoHook_MPI n, + HWCryptoHook_MPI *r, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp; + +typedef +int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx, + HWCryptoHook_MPI m, + HWCryptoHook_MPI e, + HWCryptoHook_MPI n, + HWCryptoHook_MPI *r, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub; + +typedef +int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx, + HWCryptoHook_MPI a, + HWCryptoHook_MPI p, + HWCryptoHook_MPI q, + HWCryptoHook_MPI dmp1, + HWCryptoHook_MPI dmq1, + HWCryptoHook_MPI iqmp, + HWCryptoHook_MPI *r, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT; + +typedef +int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx, + HWCryptoHook_MPI m, + HWCryptoHook_MPI p, + HWCryptoHook_MPI q, + HWCryptoHook_MPI dmp1, + HWCryptoHook_MPI dmq1, + HWCryptoHook_MPI iqmp, + HWCryptoHook_MPI *r, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv; + +/* The RSAImmed* and ModExp* functions may return E_FAILED or + * E_FALLBACK for failure. + * + * E_FAILED means the failure is permanent and definite and there + * should be no attempt to fall back to software. (Eg, for some + * applications, which support only the acceleration-only + * functions, the `key material' may actually be an encoded key + * identifier, and doing the operation in software would give wrong + * answers.) + * + * E_FALLBACK means that doing the computation in software would seem + * reasonable. If an application pays attention to this and is + * able to fall back, it should also set the Fallback init flags. + */ + +typedef +int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx, + const char *key_ident, + HWCryptoHook_RSAKeyHandle *keyhandle_r, + const HWCryptoHook_ErrMsgBuf *errors, + HWCryptoHook_PassphraseContext *ppctx); +extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey; +/* The key_ident is a null-terminated string configured by the + * user via the application's usual configuration mechanisms. + * It is provided to the user by the crypto provider's key management + * system. The user must be able to enter at least any string of between + * 1 and 1023 characters inclusive, consisting of printable 7-bit + * ASCII characters. The provider should avoid using + * any characters except alphanumerics and the punctuation + * characters _ - + . / @ ~ (the user is expected to be able + * to enter these without quoting). The string may be case-sensitive. + * The application may allow the user to enter other NULL-terminated strings, + * and the provider must cope (returning an error if the string is not + * valid). + * + * If the key does not exist, no error is recorded and 0 is returned; + * keyhandle_r will be set to 0 instead of to a key handle. + */ + +typedef +int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k, + HWCryptoHook_MPI *n, + HWCryptoHook_MPI *e, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey; +/* The crypto plugin will not store certificates. + * + * Although this function for acquiring the public key value is + * provided, it is not the purpose of this API to deal fully with the + * handling of the public key. + * + * It is expected that the crypto supplier's key generation program + * will provide general facilities for producing X.509 + * self-certificates and certificate requests in PEM format. These + * will be given to the user so that they can configure them in the + * application, send them to CAs, or whatever. + * + * In case this kind of certificate handling is not appropriate, the + * crypto supplier's key generation program should be able to be + * configured not to generate such a self-certificate or certificate + * request. Then the application will need to do all of this, and + * will need to store and handle the public key and certificates + * itself. + */ + +typedef +int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey; +/* Might fail due to locking problems, or other serious internal problems. */ + +typedef +int HWCryptoHook_RSA_t(HWCryptoHook_MPI m, + HWCryptoHook_RSAKeyHandle k, + HWCryptoHook_MPI *r, + const HWCryptoHook_ErrMsgBuf *errors); +extern HWCryptoHook_RSA_t HWCryptoHook_RSA; +/* RSA private key operation (sign or decrypt) - raw, unpadded. */ + +#endif /*HWCRYPTOHOOK_H*/ diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h new file mode 100644 index 0000000000..1d3789219d --- /dev/null +++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h @@ -0,0 +1,239 @@ +/* +* Written by Corinne Dive-Reclus(cdive@baltimore.com) +* +* Copyright@2001 Baltimore Technologies Ltd. +* * +* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND * +* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * +* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE * +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * +* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * +* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * +* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * +* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * +* SUCH DAMAGE. * +* +* +*/ +#ifdef WIN32 +#define SW_EXPORT __declspec ( dllexport ) +#else +#define SW_EXPORT +#endif + +/* +* List of exposed SureWare errors +*/ +#define SUREWAREHOOK_ERROR_FAILED -1 +#define SUREWAREHOOK_ERROR_FALLBACK -2 +#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3 +#define SUREWAREHOOK_ERROR_DATA_SIZE -4 +#define SUREWAREHOOK_ERROR_INVALID_PAD -5 +/* +* -----------------WARNING----------------------------------- +* In all the following functions: +* msg is a string with at least 24 bytes free. +* A 24 bytes string will be concatenated to the existing content of msg. +*/ +/* +* SureWare Initialisation function +* in param threadsafe, if !=0, thread safe enabled +* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success +*/ +typedef int SureWareHook_Init_t(char*const msg,int threadsafe); +extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init; +/* +* SureWare Finish function +*/ +typedef void SureWareHook_Finish_t(); +extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish; +/* +* PRE_CONDITION: +* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE +*/ +/* +* SureWare RAND Bytes function +* In case of failure, the content of buf is unpredictable. +* return 1 if success +* SureWareHOOK_ERROR_FALLBACK if function not available in hardware +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* in/out param buf : a num bytes long buffer where random bytes will be put +* in param num : the number of bytes into buf +*/ +typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num); +extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes; + +/* +* SureWare RAND Seed function +* Adds some seed to the Hardware Random Number Generator +* return 1 if success +* SureWareHOOK_ERROR_FALLBACK if function not available in hardware +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* in param buf : the seed to add into the HRNG +* in param num : the number of bytes into buf +*/ +typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num); +extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed; + +/* +* SureWare Load Private Key function +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* No hardware is contact for this function. +* +* in param key_id :the name of the private protected key file without the extension + ".sws" +* out param hptr : a pointer to a buffer allocated by SureWare_Hook +* out param num: the effective key length in bytes +* out param keytype: 1 if RSA 2 if DSA +*/ +typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype); +extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey; + +/* +* SureWare Info Public Key function +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* No hardware is contact for this function. +* +* in param key_id :the name of the private protected key file without the extension + ".swp" +* out param hptr : a pointer to a buffer allocated by SureWare_Hook +* out param num: the effective key length in bytes +* out param keytype: 1 if RSA 2 if DSA +*/ +typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num, + char *keytype); +extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey; + +/* +* SureWare Load Public Key function +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* No hardware is contact for this function. +* +* in param key_id :the name of the public protected key file without the extension + ".swp" +* in param num : the bytes size of n and e +* out param n: where to write modulus in bn format +* out param e: where to write exponent in bn format +*/ +typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num, + unsigned long *n, unsigned long *e); +extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey; + +/* +* SureWare Load DSA Public Key function +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* No hardware is contact for this function. +* +* in param key_id :the name of the public protected key file without the extension + ".swp" +* in param num : the bytes size of n and e +* out param pub: where to write pub key in bn format +* out param p: where to write prime in bn format +* out param q: where to write sunprime (length 20 bytes) in bn format +* out param g: where to write base in bn format +*/ +typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num, + unsigned long *pub, unsigned long *p,unsigned long*q, + unsigned long *g); +extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey; + +/* +* SureWare Free function +* Destroy the key into the hardware if destroy==1 +*/ +typedef void SureWareHook_Free_t(char *p,int destroy); +extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free; + +#define SUREWARE_PKCS1_PAD 1 +#define SUREWARE_ISO9796_PAD 2 +#define SUREWARE_NO_PAD 0 +/* +* SureWare RSA Private Decryption +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* in param flen : byte size of from and to +* in param from : encrypted data buffer, should be a not-null valid pointer +* out param tlen: byte size of decrypted data, if error, unexpected value +* out param to : decrypted data buffer, should be a not-null valid pointer +* in param prsa: a protected key pointer, should be a not-null valid pointer +* int padding: padding id as follow +* SUREWARE_PKCS1_PAD +* SUREWARE_NO_PAD +* +*/ +typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from, + int *tlen,unsigned char *to, + char *prsa,int padding); +extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec; +/* +* SureWare RSA Signature +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* in param flen : byte size of from and to +* in param from : encrypted data buffer, should be a not-null valid pointer +* out param tlen: byte size of decrypted data, if error, unexpected value +* out param to : decrypted data buffer, should be a not-null valid pointer +* in param prsa: a protected key pointer, should be a not-null valid pointer +* int padding: padding id as follow +* SUREWARE_PKCS1_PAD +* SUREWARE_ISO9796_PAD +* +*/ +typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from, + int *tlen,unsigned char *to, + char *prsa,int padding); +extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign; +/* +* SureWare DSA Signature +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* in param flen : byte size of from and to +* in param from : encrypted data buffer, should be a not-null valid pointer +* out param to : decrypted data buffer, should be a 40bytes valid pointer +* in param pdsa: a protected key pointer, should be a not-null valid pointer +* +*/ +typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from, + unsigned long *r,unsigned long *s,char *pdsa); +extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign; + + +/* +* SureWare Mod Exp +* return 1 if success +* SureWareHOOK_ERROR_FAILED if error while processing +* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure +* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf +* +* mod and res are mlen bytes long. +* exp is elen bytes long +* data is dlen bytes long +* mlen,elen and dlen are all multiple of sizeof(unsigned long) +*/ +typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod, + int elen,const unsigned long *exp, + int dlen,unsigned long *data, + unsigned long *res); +extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp; + diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c index 3cbc6e7848..530ab937ce 100644 --- a/src/lib/libcrypto/evp/bio_ok.c +++ b/src/lib/libcrypto/evp/bio_ok.c @@ -211,7 +211,7 @@ static int ok_free(BIO *a) { if (a == NULL) return(0); EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); - memset(a->ptr,0,sizeof(BIO_OK_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c index a68b979bdb..ff3e311cc5 100644 --- a/src/lib/libcrypto/evp/evp_acnf.c +++ b/src/lib/libcrypto/evp/evp_acnf.c @@ -59,7 +59,6 @@ #include "cryptlib.h" #include #include -#include /* Load all algorithms and configure OpenSSL. diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index 90294ef686..28460173f7 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -49,8 +49,14 @@ #include #include + +#include "../e_os.h" + #include +#ifndef OPENSSL_NO_ENGINE #include +#endif +#include #include static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -78,7 +84,7 @@ static int convert(unsigned char *s) if(!s[1]) { fprintf(stderr,"Odd number of hex digits!"); - exit(4); + EXIT(4); } sscanf((char *)s,"%2x",&n); *d=(unsigned char)n; @@ -120,6 +126,12 @@ static char *sstrsep(char **string, const char *delim) static unsigned char *ustrsep(char **p,const char *sep) { return (unsigned char *)sstrsep(p,sep); } +static int test1_exit(int ec) + { + EXIT(ec); + return(0); /* To keep some compilers quiet */ + } + static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, const unsigned char *iv,int in, const unsigned char *plaintext,int pn, @@ -142,7 +154,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, { fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn, c->key_len); - exit(5); + test1_exit(5); } EVP_CIPHER_CTX_init(&ctx); if (encdec != 0) @@ -150,26 +162,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"EncryptInit failed\n"); - exit(10); + test1_exit(10); } EVP_CIPHER_CTX_set_padding(&ctx,0); if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) { fprintf(stderr,"Encrypt failed\n"); - exit(6); + test1_exit(6); } if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"EncryptFinal failed\n"); - exit(7); + test1_exit(7); } if(outl+outl2 != cn) { fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", outl+outl2,cn); - exit(8); + test1_exit(8); } if(memcmp(out,ciphertext,cn)) @@ -177,7 +189,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Ciphertext mismatch\n"); hexdump(stderr,"Got",out,cn); hexdump(stderr,"Expected",ciphertext,cn); - exit(9); + test1_exit(9); } } @@ -186,26 +198,26 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) { fprintf(stderr,"DecryptInit failed\n"); - exit(11); + test1_exit(11); } EVP_CIPHER_CTX_set_padding(&ctx,0); if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) { fprintf(stderr,"Decrypt failed\n"); - exit(6); + test1_exit(6); } if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) { fprintf(stderr,"DecryptFinal failed\n"); - exit(7); + test1_exit(7); } if(outl+outl2 != cn) { fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", outl+outl2,cn); - exit(8); + test1_exit(8); } if(memcmp(out,plaintext,cn)) @@ -213,7 +225,7 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, fprintf(stderr,"Plaintext mismatch\n"); hexdump(stderr,"Got",out,cn); hexdump(stderr,"Expected",plaintext,cn); - exit(9); + test1_exit(9); } } @@ -260,24 +272,24 @@ static int test_digest(const char *digest, if(!EVP_DigestInit_ex(&ctx,d, NULL)) { fprintf(stderr,"DigestInit failed\n"); - exit(100); + EXIT(100); } if(!EVP_DigestUpdate(&ctx,plaintext,pn)) { fprintf(stderr,"DigestUpdate failed\n"); - exit(101); + EXIT(101); } if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) { fprintf(stderr,"DigestFinal failed\n"); - exit(101); + EXIT(101); } EVP_MD_CTX_cleanup(&ctx); if(mdn != cn) { fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn); - exit(102); + EXIT(102); } if(memcmp(md,ciphertext,cn)) @@ -285,7 +297,7 @@ static int test_digest(const char *digest, fprintf(stderr,"Digest mismatch\n"); hexdump(stderr,"Got",md,cn); hexdump(stderr,"Expected",ciphertext,cn); - exit(103); + EXIT(103); } printf("\n"); @@ -303,7 +315,7 @@ int main(int argc,char **argv) if(argc != 2) { fprintf(stderr,"%s \n",argv[0]); - exit(1); + EXIT(1); } CRYPTO_malloc_debug_init(); CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); @@ -315,17 +327,20 @@ int main(int argc,char **argv) if(!f) { perror(szTestFile); - exit(2); + EXIT(2); } /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -334,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -371,11 +387,13 @@ int main(int argc,char **argv) && !test_digest(cipher,plaintext,pn,ciphertext,cn)) { fprintf(stderr,"Can't find %s\n",cipher); - exit(3); + EXIT(3); } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/src/lib/libcrypto/hmac/hmactest.c b/src/lib/libcrypto/hmac/hmactest.c index 96d3beb8e6..1b906b81af 100644 --- a/src/lib/libcrypto/hmac/hmactest.c +++ b/src/lib/libcrypto/hmac/hmactest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_HMAC int main(int argc, char *argv[]) { @@ -68,12 +70,15 @@ int main(int argc, char *argv[]) } #else #include +#ifndef OPENSSL_NO_MD5 #include +#endif #ifdef CHARSET_EBCDIC #include #endif +#ifndef OPENSSL_NO_MD5 static struct test_st { unsigned char key[16]; @@ -113,13 +118,20 @@ static struct test_st (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", }, }; - +#endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) { - int i,err=0; +#ifndef OPENSSL_NO_MD5 + int i; char *p; +#endif + int err=0; + +#ifdef OPENSSL_NO_MD5 + printf("test skipped: MD5 disabled\n"); +#else #ifdef CHARSET_EBCDIC ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); @@ -144,10 +156,12 @@ int main(int argc, char *argv[]) else printf("test %d ok\n",i); } - exit(err); +#endif /* OPENSSL_NO_MD5 */ + EXIT(err); return(0); } +#ifndef OPENSSL_NO_MD5 static char *pt(unsigned char *md) { int i; @@ -158,3 +172,4 @@ static char *pt(unsigned char *md) return(buf); } #endif +#endif diff --git a/src/lib/libcrypto/idea/version b/src/lib/libcrypto/idea/version new file mode 100644 index 0000000000..3f22293795 --- /dev/null +++ b/src/lib/libcrypto/idea/version @@ -0,0 +1,12 @@ +1.1 07/12/95 - eay + Many thanks to Rhys Weatherley + for pointing out that I was assuming little endian byte + order for all quantities what idea actually used + bigendian. No where in the spec does it mention + this, it is all in terms of 16 bit numbers and even the example + does not use byte streams for the input example :-(. + If you byte swap each pair of input, keys and iv, the functions + would produce the output as the old version :-(. + +1.0 ??/??/95 - eay + First version. diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c index e25dd00e02..ecb64f0ec4 100644 --- a/src/lib/libcrypto/md2/md2_dgst.c +++ b/src/lib/libcrypto/md2/md2_dgst.c @@ -61,6 +61,7 @@ #include #include #include +#include const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; @@ -118,9 +119,9 @@ const char *MD2_options(void) int MD2_Init(MD2_CTX *c) { c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); + memset(c->state,0,sizeof c->state); + memset(c->cksm,0,sizeof c->cksm); + memset(c->data,0,sizeof c->data); return 1; } @@ -196,7 +197,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d) t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } int MD2_Final(unsigned char *md, MD2_CTX *c) diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c index b12c37ce4d..835160ef56 100644 --- a/src/lib/libcrypto/md2/md2_one.c +++ b/src/lib/libcrypto/md2/md2_one.c @@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c index 7d3664faf5..901d0a7d8e 100644 --- a/src/lib/libcrypto/md2/md2test.c +++ b/src/lib/libcrypto/md2/md2test.c @@ -61,6 +61,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_MD2 int main(int argc, char *argv[]) { @@ -122,8 +124,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); - return(0); + EXIT(err); } static char *pt(unsigned char *md) diff --git a/src/lib/libcrypto/md4/md4.c b/src/lib/libcrypto/md4/md4.c index e4b0aac011..141415ad4d 100644 --- a/src/lib/libcrypto/md4/md4.c +++ b/src/lib/libcrypto/md4/md4.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif @@ -108,7 +108,7 @@ void do_fp(FILE *f) MD4_Init(&c); for (;;) { - i=read(fd,buf,BUFSIZE); + i=read(fd,buf,sizeof buf); if (i <= 0) break; MD4_Update(&c,buf,(unsigned long)i); } diff --git a/src/lib/libcrypto/md4/md4test.c b/src/lib/libcrypto/md4/md4test.c index e0fdc42282..21a77d96f7 100644 --- a/src/lib/libcrypto/md4/md4test.c +++ b/src/lib/libcrypto/md4/md4test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_MD4 int main(int argc, char *argv[]) { @@ -118,7 +120,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c index 7ed0024ae1..563733abc5 100644 --- a/src/lib/libcrypto/md5/md5.c +++ b/src/lib/libcrypto/md5/md5.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/src/lib/libcrypto/md5/md5test.c b/src/lib/libcrypto/md5/md5test.c index 862b89658a..bfd62629ed 100644 --- a/src/lib/libcrypto/md5/md5test.c +++ b/src/lib/libcrypto/md5/md5test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_MD5 int main(int argc, char *argv[]) { @@ -118,7 +120,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/src/lib/libcrypto/mdc2/mdc2test.c b/src/lib/libcrypto/mdc2/mdc2test.c new file mode 100644 index 0000000000..c9abe99d92 --- /dev/null +++ b/src/lib/libcrypto/mdc2/mdc2test.c @@ -0,0 +1,146 @@ +/* crypto/mdc2/mdc2test.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include "../e_os.h" + +#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2) +#define OPENSSL_NO_MDC2 +#endif + +#ifdef OPENSSL_NO_MDC2 +int main(int argc, char *argv[]) +{ + printf("No MDC2 support\n"); + return(0); +} +#else +#include +#include + +#ifdef CHARSET_EBCDIC +#include +#endif + +static unsigned char pad1[16]={ + 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA, + 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A + }; + +static unsigned char pad2[16]={ + 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75, + 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2 + }; + +int main(int argc, char *argv[]) + { + int ret=0; + unsigned char md[MDC2_DIGEST_LENGTH]; + int i; + EVP_MD_CTX c; + static char *text="Now is the time for all "; + +#ifdef CHARSET_EBCDIC + ebcdic2ascii(text,text,strlen(text)); +#endif + + EVP_MD_CTX_init(&c); + EVP_DigestInit_ex(&c,EVP_mdc2(), NULL); + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal_ex(&c,&(md[0]),NULL); + + if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0) + { + for (i=0; ipad_type=2; + EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text)); + EVP_DigestFinal_ex(&c,&(md[0]),NULL); + + if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0) + { + for (i=0; i2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } @@ -282,6 +291,9 @@ void CRYPTO_free_locked(void *str) void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; + extern unsigned char cleanse_ctr; + + if (num < 0) return NULL; allow_customize = 0; if (malloc_debug_func != NULL) @@ -296,6 +308,12 @@ void *CRYPTO_malloc(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); + /* Create a dependency on the value of 'cleanse_ctr' so our memory + * sanitisation function can't be optimised out. NB: We only do + * this for >2Kb so the overhead doesn't bother us. */ + if(ret && (num > 2048)) + ((unsigned char *)ret)[0] = cleanse_ctr; + return ret; } @@ -306,6 +324,8 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -318,6 +338,32 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) return ret; } +void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, + int line) + { + void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + + if (realloc_debug_func != NULL) + realloc_debug_func(str, NULL, num, file, line, 0); + ret=malloc_ex_func(num,file,line); + if(ret) + memcpy(ret,str,old_len); + OPENSSL_cleanse(str,old_len); + free_func(str); +#ifdef LEVITTE_DEBUG_MEM + fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); +#endif + if (realloc_debug_func != NULL) + realloc_debug_func(str, ret, num, file, line, 1); + + return ret; + } + void CRYPTO_free(void *str) { if (free_debug_func != NULL) @@ -337,7 +383,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line) return(a); } - void CRYPTO_set_mem_debug_options(long bits) { if (set_debug_options_func != NULL) diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h index 30812c8aa6..969b18a341 100644 --- a/src/lib/libcrypto/objects/obj_dat.h +++ b/src/lib/libcrypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 645 -#define NUM_SN 641 -#define NUM_LN 641 -#define NUM_OBJ 615 +#define NUM_NID 650 +#define NUM_SN 643 +#define NUM_LN 643 +#define NUM_OBJ 617 -static unsigned char lvalues[4435]={ +static unsigned char lvalues[4455]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -683,6 +683,8 @@ static unsigned char lvalues[4435]={ 0x67,0x2A,0x08,0xAE,0x7B, /* [4412] OBJ_set_brand_Novus */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4417] OBJ_des_cdmf */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4425] OBJ_rsaOAEPEncryptionSET */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4434] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4444] OBJ_ms_upn */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -824,7 +826,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0}, {"RC4-40","rc4-40",NID_rc4_40,0,NULL}, {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, -{"gn","givenName",NID_givenName,3,&(lvalues[535]),0}, +{"GN","givenName",NID_givenName,3,&(lvalues[535]),0}, {"SN","surname",NID_surname,3,&(lvalues[538]),0}, {"initials","initials",NID_initials,3,&(lvalues[541]),0}, {NULL,NULL,NID_undef,0,NULL}, @@ -1719,6 +1721,13 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4417]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET,9,&(lvalues[4425]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL}, +{NULL,NULL,NID_undef,0,NULL}, +{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, + 10,&(lvalues[4434]),0}, +{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, + &(lvalues[4444]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1771,6 +1780,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[70]),/* "DSA-SHA1-old" */ &(nid_objs[67]),/* "DSA-old" */ &(nid_objs[297]),/* "DVCS" */ +&(nid_objs[99]),/* "GN" */ &(nid_objs[381]),/* "IANA" */ &(nid_objs[34]),/* "IDEA-CBC" */ &(nid_objs[35]),/* "IDEA-CFB" */ @@ -1917,7 +1927,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[490]),/* "friendlyCountryName" */ &(nid_objs[156]),/* "friendlyName" */ &(nid_objs[509]),/* "generationQualifier" */ -&(nid_objs[99]),/* "gn" */ &(nid_objs[163]),/* "hmacWithSHA1" */ &(nid_objs[432]),/* "holdInstructionCallIssuer" */ &(nid_objs[430]),/* "holdInstructionCode" */ @@ -2127,6 +2136,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[138]),/* "msEFS" */ &(nid_objs[171]),/* "msExtReq" */ &(nid_objs[137]),/* "msSGC" */ +&(nid_objs[648]),/* "msSmartcardLogin" */ +&(nid_objs[649]),/* "msUPN" */ &(nid_objs[481]),/* "nSRecord" */ &(nid_objs[173]),/* "name" */ &(nid_objs[369]),/* "noCheck" */ @@ -2401,7 +2412,9 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[171]),/* "Microsoft Extension Request" */ &(nid_objs[134]),/* "Microsoft Individual Code Signing" */ &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ +&(nid_objs[648]),/* "Microsoft Smartcardlogin" */ &(nid_objs[136]),/* "Microsoft Trust List Signing" */ +&(nid_objs[649]),/* "Microsoft Universal Principal Name" */ &(nid_objs[72]),/* "Netscape Base Url" */ &(nid_objs[76]),/* "Netscape CA Policy Url" */ &(nid_objs[74]),/* "Netscape CA Revocation Url" */ @@ -3557,6 +3570,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ &(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ &(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +&(nid_objs[648]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +&(nid_objs[649]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ &(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ &(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ &(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h index 899db8325c..7645012298 100644 --- a/src/lib/libcrypto/objects/obj_mac.h +++ b/src/lib/libcrypto/objects/obj_mac.h @@ -850,6 +850,16 @@ #define NID_ms_efs 138 #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + #define SN_idea_cbc "IDEA-CBC" #define LN_idea_cbc "idea-cbc" #define NID_idea_cbc 34 @@ -1632,7 +1642,7 @@ #define NID_name 173 #define OBJ_name OBJ_X509,41L -#define SN_givenName "gn" +#define SN_givenName "GN" #define LN_givenName "givenName" #define NID_givenName 99 #define OBJ_givenName OBJ_X509,42L diff --git a/src/lib/libcrypto/opensslconf.h b/src/lib/libcrypto/opensslconf.h index c9756e47a3..492041bc7c 100644 --- a/src/lib/libcrypto/opensslconf.h +++ b/src/lib/libcrypto/opensslconf.h @@ -69,7 +69,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in index 9082a16c46..685e83b7a3 100644 --- a/src/lib/libcrypto/opensslconf.h.in +++ b/src/lib/libcrypto/opensslconf.h.in @@ -47,7 +47,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libcrypto/perlasm/x86ms.pl b/src/lib/libcrypto/perlasm/x86ms.pl index 206452341d..35f1a4ddb9 100644 --- a/src/lib/libcrypto/perlasm/x86ms.pl +++ b/src/lib/libcrypto/perlasm/x86ms.pl @@ -92,6 +92,8 @@ sub get_mem $addr="_$addr"; } + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); if (($addr ne "") && ($addr ne 0)) @@ -111,6 +113,7 @@ sub get_mem { $ret.="[$reg1$post]" } + $ret =~ s/\[\]//; # in case $addr was the only argument return($ret); } @@ -151,7 +154,7 @@ sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -338,7 +341,7 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}="${label}${_[0]}"; + $label{$_[0]}="\$${label}${_[0]}"; $label++; } if((defined $_[2]) && ($_[2] == 1)) @@ -363,3 +366,11 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl index 519d8a5867..f30b7466d4 100644 --- a/src/lib/libcrypto/perlasm/x86nasm.pl +++ b/src/lib/libcrypto/perlasm/x86nasm.pl @@ -98,6 +98,8 @@ sub get_mem $addr="_$addr"; } + if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } + $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); if (($addr ne "") && ($addr ne 0)) @@ -117,6 +119,7 @@ sub get_mem { $ret.="$reg1$post]" } + $ret =~ s/\+\]/]/; # in case $addr was the only argument return($ret); } @@ -160,7 +163,7 @@ sub main'push { &out1("push",@_); $stack+=4; } sub main'pop { &out1("pop",@_); $stack-=4; } sub main'bswap { &out1("bswap",@_); &using486(); } sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -322,7 +325,7 @@ sub main'set_label { if (!defined($label{$_[0]})) { - $label{$_[0]}="${label}${_[0]}"; + $label{$_[0]}="\$${label}${_[0]}"; $label++; } push(@out,"$label{$_[0]}:\n"); @@ -340,3 +343,11 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } + +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + +sub main'blindpop { &out1("pop",@_); } diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl index 9ceabf0705..72bde061c5 100644 --- a/src/lib/libcrypto/perlasm/x86unix.pl +++ b/src/lib/libcrypto/perlasm/x86unix.pl @@ -87,12 +87,12 @@ sub main'DWP $ret.=$addr if ($addr ne "") && ($addr ne 0); if ($reg2 ne "") { - if($idx ne "") + if($idx ne "" && $idx != 0) { $ret.="($reg1,$reg2,$idx)"; } else { $ret.="($reg1,$reg2)"; } } - else + elsif ($reg1 ne "") { $ret.="($reg1)" } return($ret); } @@ -167,7 +167,7 @@ sub main'pop { &out1("popl",@_); $stack-=4; } sub main'pushf { &out0("pushf"); $stack+=4; } sub main'popf { &out0("popf"); $stack-=4; } sub main'not { &out1("notl",@_); } -sub main'call { &out1("call",$under.$_[0]); } +sub main'call { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); } sub main'ret { &out0("ret"); } sub main'nop { &out0("nop"); } @@ -345,15 +345,15 @@ sub main'function_end popl %ebx popl %ebp ret -.${func}_end: +.L_${func}_end: EOF push(@out,$tmp); if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } + { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } elsif ($main'gaswin) { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } + else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } push(@out,".ident \"$func\"\n"); $stack=0; %label=(); @@ -426,6 +426,11 @@ sub main'swtmp sub main'comment { + if ($main'elf) # GNU and SVR4 as'es use different comment delimiters, + { # so we just skip comments... + push(@out,"\n"); + return; + } foreach (@_) { if (/^\s*$/) @@ -542,3 +547,39 @@ sub popvars &main'pop("edx"); &main'popf(); } + +sub main'picmeup + { + local($dst,$sym)=@_; + if ($main'cpp) + { + local($tmp)=<<___; +#if (defined(ELF) || defined(SOL)) && defined(PIC) + .align 8 + call 1f +1: popl $regs{$dst} + addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} + movl $sym\@GOT($regs{$dst}),$regs{$dst} +#else + leal $sym,$regs{$dst} +#endif +___ + push(@out,$tmp); + } + elsif ($main'pic && ($main'elf || $main'aout)) + { + push(@out,"\t.align\t8\n"); + &main'call(&main'label("PIC_me_up")); + &main'set_label("PIC_me_up"); + &main'blindpop($dst); + &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-". + &main'label("PIC_me_up") . "]"); + &main'mov($dst,&main'DWP($sym."\@GOT",$dst)); + } + else + { + &main'lea($dst,&main'DWP($sym)); + } + } + +sub main'blindpop { &out1("popl",@_); } diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c index 42331f7ab0..895a91177b 100644 --- a/src/lib/libcrypto/pkcs7/bio_ber.c +++ b/src/lib/libcrypto/pkcs7/bio_ber.c @@ -145,7 +145,7 @@ static int ber_free(BIO *a) if (a == NULL) return(0); b=(BIO_BER_CTX *)a->ptr; - memset(a->ptr,0,sizeof(BIO_BER_CTX)); + OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index a00ed70718..eeffc0df4c 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -177,10 +177,10 @@ RAND_METHOD *RAND_SSLeay(void) static void ssleay_rand_cleanup(void) { - memset(state,0,sizeof(state)); + OPENSSL_cleanse(state,sizeof(state)); state_num=0; state_index=0; - memset(md,0,MD_DIGEST_LENGTH); + OPENSSL_cleanse(md,MD_DIGEST_LENGTH); md_count[0]=0; md_count[1]=0; entropy=0; diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index abc3ac27d5..1f168221e3 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c @@ -94,7 +94,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(__DJGPP__) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); @@ -114,7 +114,7 @@ int RAND_egd_bytes(const char *path,int bytes) #include #include #ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS # include # else # include @@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) memset(&addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - if (strlen(path) > sizeof(addr.sun_path)) + if (strlen(path) >= sizeof(addr.sun_path)) return (-1); strcpy(addr.sun_path,path); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index ec09d74603..a776e52243 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c @@ -115,7 +115,7 @@ #include #include "rand_lcl.h" -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)) +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS)) #include #include @@ -215,7 +215,7 @@ int RAND_poll(void) if (n > 0) { RAND_add(tmpbuf,sizeof tmpbuf,n); - memset(tmpbuf,0,n); + OPENSSL_cleanse(tmpbuf,n); } #endif @@ -236,3 +236,10 @@ int RAND_poll(void) } #endif + +#if defined(OPENSSL_SYS_VXWORKS) +int RAND_poll(void) +{ + return 0; +} +#endif diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c index c1b955b06f..113b58678f 100644 --- a/src/lib/libcrypto/rand/rand_win.c +++ b/src/lib/libcrypto/rand/rand_win.c @@ -125,7 +125,7 @@ * http://developer.intel.com/design/security/rng/redist_license.htm */ #define PROV_INTEL_SEC 22 -#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider" +#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider") static void readtimer(void); static void readscreen(void); @@ -170,7 +170,9 @@ typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); #include +#ifndef OPENSSL_SYS_WINCE #include +#endif #if 1 /* The NET API is Unicode only. It requires the use of the UNICODE * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was * was added to the Platform SDK to allow the NET API to be used in @@ -209,20 +211,32 @@ int RAND_poll(void) osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; GetVersionEx( &osverinfo ) ; +#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO + /* poll the CryptoAPI PRNG */ + /* The CryptoAPI returns sizeof(buf) bytes of randomness */ + if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) + { + if (CryptGenRandom(hProvider, sizeof(buf), buf)) + RAND_add(buf, sizeof(buf), sizeof(buf)); + CryptReleaseContext(hProvider, 0); + } +#endif + /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary("ADVAPI32.DLL"); - kernel = LoadLibrary("KERNEL32.DLL"); - user = LoadLibrary("USER32.DLL"); - netapi = LoadLibrary("NETAPI32.DLL"); + advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); + kernel = LoadLibrary(TEXT("KERNEL32.DLL")); + user = LoadLibrary(TEXT("USER32.DLL")); + netapi = LoadLibrary(TEXT("NETAPI32.DLL")); +#ifndef OPENSSL_SYS_WINCE #if 1 /* There was previously a problem with NETSTATGET. Currently, this * section is still experimental, but if all goes well, this conditional * will be removed */ if (netapi) { - netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); - netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); + netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet")); + netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree")); } if (netstatget && netfree) @@ -249,7 +263,9 @@ int RAND_poll(void) if (netapi) FreeLibrary(netapi); #endif /* 1 */ +#endif /* !OPENSSL_SYS_WINCE */ +#ifndef OPENSSL_SYS_WINCE /* It appears like this can cause an exception deep within ADVAPI32.DLL * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. @@ -280,30 +296,40 @@ int RAND_poll(void) bufsz += 8192; length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", + rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), NULL, NULL, buf, &length); } if (rc == ERROR_SUCCESS) { /* For entropy count assume only least significant * byte of each DWORD is random. - */ + */ RAND_add(&length, sizeof(length), 0); RAND_add(buf, length, length / 4.0); + + /* Close the Registry Key to allow Windows to cleanup/close + * the open handle + * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened + * when the RegQueryValueEx above is done. However, if + * it is not explicitly closed, it can cause disk + * partition manipulation problems. + */ + RegCloseKey(HKEY_PERFORMANCE_DATA); } if (buf) free(buf); } #endif +#endif /* !OPENSSL_SYS_WINCE */ if (advapi) { acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi, - "CryptAcquireContextA"); + TEXT("CryptAcquireContextA")); gen = (CRYPTGENRANDOM) GetProcAddress(advapi, - "CryptGenRandom"); + TEXT("CryptGenRandom")); release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, - "CryptReleaseContext"); + TEXT("CryptReleaseContext")); } if (acquire && gen && release) @@ -357,9 +383,9 @@ int RAND_poll(void) GETFOREGROUNDWINDOW win; GETQUEUESTATUS queue; - win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); - cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); - queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); + win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow")); + cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo")); + queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus")); if (win) { @@ -430,17 +456,17 @@ int RAND_poll(void) MODULEENTRY32 m; snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); - process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); - process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); - thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); - thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); - module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); - module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); + GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot")); + heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First")); + heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next")); + heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst")); + heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext")); + process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First")); + process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next")); + thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First")); + thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next")); + module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First")); + module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next")); if (snap && heap_first && heap_next && heaplist_first && heaplist_next && process_first && process_next && @@ -575,7 +601,7 @@ static void readtimer(void) DWORD w; LARGE_INTEGER l; static int have_perfc = 1; -#ifdef _MSC_VER +#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE) static int have_tsc = 1; DWORD cyclecount; @@ -628,6 +654,7 @@ static void readtimer(void) static void readscreen(void) { +#ifndef OPENSSL_SYS_WINCE HDC hScrDC; /* screen DC */ HDC hMemDC; /* memory DC */ HBITMAP hBitmap; /* handle for our bitmap */ @@ -641,7 +668,7 @@ static void readscreen(void) int n = 16; /* number of screen lines to grab at a time */ /* Create a screen DC and a memory DC compatible to screen DC */ - hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); + hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); hMemDC = CreateCompatibleDC(hScrDC); /* Get screen resolution */ @@ -688,6 +715,7 @@ static void readscreen(void) DeleteObject(hBitmap); DeleteDC(hMemDC); DeleteDC(hScrDC); +#endif /* !OPENSSL_SYS_WINCE */ } #endif diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c index b64de616db..701932e6ee 100644 --- a/src/lib/libcrypto/rand/randtest.c +++ b/src/lib/libcrypto/rand/randtest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + /* some FIPS 140-1 random number test */ /* some simple tests */ @@ -209,6 +211,6 @@ int main() printf("test 4 done\n"); err: err=((err)?1:0); - exit(err); + EXIT(err); return(err); } diff --git a/src/lib/libcrypto/rc2/rc2test.c b/src/lib/libcrypto/rc2/rc2test.c index d9a2a0a1cb..b67bafb49f 100644 --- a/src/lib/libcrypto/rc2/rc2test.c +++ b/src/lib/libcrypto/rc2/rc2test.c @@ -63,6 +63,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_RC2 int main(int argc, char *argv[]) { @@ -203,7 +205,7 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif - exit(err); + EXIT(err); return(err); } diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c index c2165b0b75..b39c070292 100644 --- a/src/lib/libcrypto/rc4/rc4.c +++ b/src/lib/libcrypto/rc4/rc4.c @@ -155,7 +155,7 @@ bad: i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); if (i != 0) { - memset(buf,0,BUFSIZ); + OPENSSL_cleanse(buf,BUFSIZ); fprintf(stderr,"bad password read\n"); exit(1); } @@ -163,7 +163,7 @@ bad: } EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); - memset(keystr,0,strlen(keystr)); + OPENSSL_cleanse(keystr,strlen(keystr)); RC4_set_key(&key,MD5_DIGEST_LENGTH,md); for(;;) diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c index a28d457c8d..b9d8f20975 100644 --- a/src/lib/libcrypto/rc4/rc4test.c +++ b/src/lib/libcrypto/rc4/rc4test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_RC4 int main(int argc, char *argv[]) { @@ -195,7 +197,7 @@ int main(int argc, char *argv[]) } } printf("done\n"); - exit(err); + EXIT(err); return(0); } #endif diff --git a/src/lib/libcrypto/rc5/rc5s.cpp b/src/lib/libcrypto/rc5/rc5s.cpp new file mode 100644 index 0000000000..1c5518bc80 --- /dev/null +++ b/src/lib/libcrypto/rc5/rc5s.cpp @@ -0,0 +1,70 @@ +// +// gettsc.inl +// +// gives access to the Pentium's (secret) cycle counter +// +// This software was written by Leonard Janke (janke@unixg.ubc.ca) +// in 1996-7 and is entered, by him, into the public domain. + +#if defined(__WATCOMC__) +void GetTSC(unsigned long&); +#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; +#elif defined(__GNUC__) +inline +void GetTSC(unsigned long& tsc) +{ + asm volatile(".byte 15, 49\n\t" + : "=eax" (tsc) + : + : "%edx", "%eax"); +} +#elif defined(_MSC_VER) +inline +void GetTSC(unsigned long& tsc) +{ + unsigned long a; + __asm _emit 0fh + __asm _emit 31h + __asm mov a, eax; + tsc=a; +} +#endif + +#include +#include +#include + +void main(int argc,char *argv[]) + { + RC5_32_KEY key; + unsigned long s1,s2,e1,e2; + unsigned long data[2]; + int i,j; + static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}; + + RC5_32_set_key(&key, 16,d,12); + + for (j=0; j<6; j++) + { + for (i=0; i<1000; i++) /**/ + { + RC5_32_encrypt(&data[0],&key); + GetTSC(s1); + RC5_32_encrypt(&data[0],&key); + RC5_32_encrypt(&data[0],&key); + RC5_32_encrypt(&data[0],&key); + GetTSC(e1); + GetTSC(s2); + RC5_32_encrypt(&data[0],&key); + RC5_32_encrypt(&data[0],&key); + RC5_32_encrypt(&data[0],&key); + RC5_32_encrypt(&data[0],&key); + GetTSC(e2); + RC5_32_encrypt(&data[0],&key); + } + + printf("cast %d %d (%d)\n", + e1-s1,e2-s2,((e2-s2)-(e1-s1))); + } + } + diff --git a/src/lib/libcrypto/ripemd/rmd160.c b/src/lib/libcrypto/ripemd/rmd160.c index 4f8b88a18a..b0ec574498 100644 --- a/src/lib/libcrypto/ripemd/rmd160.c +++ b/src/lib/libcrypto/ripemd/rmd160.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c index be1fb8b1f6..d4c709e646 100644 --- a/src/lib/libcrypto/ripemd/rmdtest.c +++ b/src/lib/libcrypto/ripemd/rmdtest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_RIPEMD int main(int argc, char *argv[]) { @@ -127,7 +129,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c index b8b462d33b..924e9ad1f6 100644 --- a/src/lib/libcrypto/rsa/rsa_test.c +++ b/src/lib/libcrypto/rsa/rsa_test.c @@ -16,7 +16,6 @@ int main(int argc, char *argv[]) } #else #include -#include #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c index 499a1cf5af..4f2e4ada2d 100644 --- a/src/lib/libcrypto/sha/sha1test.c +++ b/src/lib/libcrypto/sha/sha1test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_SHA int main(int argc, char *argv[]) { @@ -155,7 +157,7 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - exit(err); + EXIT(err); EVP_MD_CTX_cleanup(&c); return(0); } diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c index 5426faae4a..e61c63f3e9 100644 --- a/src/lib/libcrypto/sha/sha_one.c +++ b/src/lib/libcrypto/sha/sha_one.c @@ -59,6 +59,7 @@ #include #include #include +#include #ifndef OPENSSL_NO_SHA0 unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) @@ -70,7 +71,7 @@ unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) SHA_Init(&c); SHA_Update(&c,d,n); SHA_Final(md,&c); - memset(&c,0,sizeof(c)); + OPENSSL_cleanse(&c,sizeof(c)); return(md); } #endif diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c index 331294a74f..5d2b1d3b1a 100644 --- a/src/lib/libcrypto/sha/shatest.c +++ b/src/lib/libcrypto/sha/shatest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef OPENSSL_NO_SHA int main(int argc, char *argv[]) { @@ -156,7 +158,7 @@ int main(int argc, char *argv[]) else printf("test 3 ok\n"); EVP_MD_CTX_cleanup(&c); - exit(err); + EXIT(err); return(0); } diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c index 7142e4edc7..54d598565d 100644 --- a/src/lib/libcrypto/threads/mttest.c +++ b/src/lib/libcrypto/threads/mttest.c @@ -86,11 +86,6 @@ #include #include -#ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 -#include "../buffer/bss_file.c" -#endif - #define TEST_SERVER_CERT "../../apps/server.pem" #define TEST_CLIENT_CERT "../../apps/client.pem" diff --git a/src/lib/libcrypto/tmdiff.c b/src/lib/libcrypto/tmdiff.c index 7ebf2b202a..307523ebba 100644 --- a/src/lib/libcrypto/tmdiff.c +++ b/src/lib/libcrypto/tmdiff.c @@ -59,13 +59,16 @@ #include #include "cryptlib.h" #include +#if !defined(OPENSSL_SYS_MSDOS) +#include OPENSSL_UNISTD +#endif #ifdef TIMEB #undef OPENSSL_SYS_WIN32 #undef TIMES #endif -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) || defined(__DECC) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_VXWORKS) +#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS) # define TIMES #endif @@ -101,14 +104,19 @@ /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) +# if defined(_SC_CLK_TCK) \ + && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) +# define HZ ((double)sysconf(_SC_CLK_TCK)) +# else +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) # endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) # endif #endif @@ -121,7 +129,7 @@ typedef struct ms_tm HANDLE thread_id; FILETIME ms_win32; # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS unsigned long ticks; # else struct timeb ms_timeb; @@ -163,7 +171,7 @@ void ms_time_get(char *a) # ifdef OPENSSL_SYS_WIN32 GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS tm->ticks = tickGet(); # else ftime(&tm->ms_timeb); @@ -197,7 +205,7 @@ double ms_time_diff(char *ap, char *bp) ret=((double)(lb-la))/1e7; } # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); # else ret= (double)(b->ms_timeb.time-a->ms_timeb.time)+ @@ -222,7 +230,7 @@ int ms_time_cmp(char *ap, char *bp) d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; # else -# ifdef OPENSSL_SYS_VSWORKS +# ifdef OPENSSL_SYS_VXWORKS d = (b->ticks - a->ticks); # else d= (double)(b->ms_timeb.time-a->ms_timeb.time)+ diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c index d3d249c36f..73205a4baa 100644 --- a/src/lib/libcrypto/uid.c +++ b/src/lib/libcrypto/uid.c @@ -65,7 +65,7 @@ int OPENSSL_issetugid(void) return issetugid(); } -#elif defined(OPENSSL_SYS_WIN32) +#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) int OPENSSL_issetugid(void) { diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh index c6f48e8a7b..4d9a8287d0 100644 --- a/src/lib/libcrypto/util/bat.sh +++ b/src/lib/libcrypto/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh index b607399b02..930f766b4f 100644 --- a/src/lib/libcrypto/util/cygwin.sh +++ b/src/lib/libcrypto/util/cygwin.sh @@ -96,6 +96,8 @@ fi get_openssl_version +make depend || exit 1 + make || exit 1 base_install diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd index 8cbe383c16..49310bbdd1 100644 --- a/src/lib/libcrypto/util/domd +++ b/src/lib/libcrypto/util/domd @@ -15,9 +15,14 @@ cp Makefile.ssl Makefile.save # fake the presence of Kerberos touch $TOP/krb5.h if [ "$MAKEDEPEND" = "gcc" ]; then + args="" + while [ $# -gt 0 ]; do + if [ "$1" != "--" ]; then args="$args $1"; fi + shift + done sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp + gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new rm -f Makefile.tmp else diff --git a/src/lib/libcrypto/util/extract-names.pl b/src/lib/libcrypto/util/extract-names.pl new file mode 100644 index 0000000000..d413a045cc --- /dev/null +++ b/src/lib/libcrypto/util/extract-names.pl @@ -0,0 +1,22 @@ +#!/usr/bin/perl + +$/ = ""; # Eat a paragraph at once. +while() { + chop; + s/\n/ /gm; + if (/^=head1 /) { + $name = 0; + } elsif ($name) { + if (/ - /) { + s/ - .*//; + s/[ \t,]+/ /g; + push @words, split ' '; + } + } + if (/^=head1 *NAME *$/) { + $name = 1; + } +} + +print join("\n", @words),"\n"; + diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 7e5728495f..f5c8c0be8a 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -980,7 +980,7 @@ BN_mul_word 999 EXIST::FUNCTION: BN_sub_word 1000 EXIST::FUNCTION: BN_dec2bn 1001 EXIST::FUNCTION: BN_bn2dec 1002 EXIST::FUNCTION: -BIO_ghbn_ctrl 1003 EXIST::FUNCTION: +BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: @@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION:ENGINE DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_finish 2478 EXIST::FUNCTION:ENGINE +ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE +ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE +ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE +ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION:ENGINE +ENGINE_free 2502 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE +ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE +ENGINE_new 2515 EXIST::FUNCTION:ENGINE +ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: +ENGINE_add 2518 EXIST::FUNCTION:ENGINE DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: +ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION: PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: +ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: X509_print_ex 2544 EXIST::FUNCTION:BIO OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: +ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE +ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: @@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: OCSP_response_status 2561 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: +ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: _ossl_old_des_random_key 2566 EXIST::FUNCTION:DES @@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA _shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES asn1_do_adb 2582 EXIST::FUNCTION: ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: +ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: @@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION: BN_nnmod 2606 EXIST::FUNCTION: X509_CRL_sort 2607 EXIST::FUNCTION: X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: +ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC @@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_dup_input_boolean 2614 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_openbsd_dev_crypto 2617 EXIST::FUNCTION: +ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE DSO_convert_filename 2618 EXIST::FUNCTION: POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: +ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: @@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: KRB5_APREQBODY_new 2626 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: +ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: EVP_MD_CTX_init 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: @@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION: -ENGINE_register_all_digests 2637 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE +ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: @@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: _ossl_old_des_crypt 2654 EXIST::FUNCTION:DES ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: +ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: +ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: +ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION: _ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: +ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION: _ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES X509_signature_print 2706 EXIST::FUNCTION:EVP OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: @@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: _ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: +RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: +ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: +ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE i2d_OCSP_CRLID 2757 EXIST::FUNCTION: OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: +ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE RSA_up_ref 2760 EXIST::FUNCTION:RSA ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: +ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: +ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION:BIO KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: +ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: UI_get_method 2795 EXIST::FUNCTION: @@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: +ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: +ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: +ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: @@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: +ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: +ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: @@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: +ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: EC_GROUP_free 2877 EXIST::FUNCTION:EC ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: +ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: @@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: +ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: @@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION: OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: +ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: +ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_process 2913 EXIST::FUNCTION: @@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CipherInit_ex 2915 EXIST::FUNCTION: UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: +ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: bn_dup_expand 2920 EXIST::FUNCTION: OCSP_cert_id_new 2921 EXIST::FUNCTION: @@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: +ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: OBJ_NAME_do_all 2939 EXIST::FUNCTION: EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: +ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION: UI_method_get_writer 2946 EXIST::FUNCTION: UI_OpenSSL 2947 EXIST::FUNCTION: PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: +ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION: OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: +ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE OCSP_check_validity 2971 EXIST::FUNCTION: PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_supported_extension 2977 EXIST::FUNCTION: i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: +ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: +ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE asn1_enc_free 2993 EXIST::FUNCTION: OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: +ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: _ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES @@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION: +ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: +ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: @@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 EXIST::FUNCTION: UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: +ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION: +ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: +ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION: +ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: +ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION: +ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION: ASN1_item_ex_free 3141 EXIST::FUNCTION: ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: +ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE UI_create_method 3144 EXIST::FUNCTION: OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: _shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES @@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: +ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE _ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: @@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: +ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE OCSP_RESPONSE_free 3173 EXIST::FUNCTION: UI_method_set_reader 3174 EXIST::FUNCTION: i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: @@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: +ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE CONF_module_get_usr_data 3185 EXIST::FUNCTION: ASN1_add_oid_module 3186 EXIST::FUNCTION: CONF_modules_finish 3187 EXIST::FUNCTION: @@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION: ERR_peek_top_error 3199 NOEXIST::FUNCTION: CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: +ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 3203 EXIST::FUNCTION: ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: ERR_peek_last_error 3205 EXIST::FUNCTION: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION: -ENGINE_load_sureware 3211 EXIST::FUNCTION: +ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION: +ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2793,3 +2793,11 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO +ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE +BUF_MEM_grow_clean 3239 EXIST::FUNCTION: +CRYPTO_realloc_clean 3240 EXIST::FUNCTION: +BUF_strlcat 3241 EXIST::FUNCTION: +BIO_indent 3242 EXIST::FUNCTION: +BUF_strlcpy 3243 EXIST::FUNCTION: +OpenSSLDie 3244 EXIST::FUNCTION: +OPENSSL_cleanse 3245 EXIST::FUNCTION: diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index c9271bbffe..c538f9dffb 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl @@ -24,6 +24,7 @@ $infile="MINFO"; %ops=( "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", + "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY", "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", "VC-WIN16", "Alias for VC-W31-32", @@ -63,6 +64,8 @@ and [options] can be one of no-asm - No x86 asm no-krb5 - No KRB5 no-ec - No EC + no-engine - No engine + no-hw - No hw nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -137,6 +140,10 @@ elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) $NT = 1 if $platform eq "VC-NT"; require 'VC-32.pl'; } +elsif ($platform eq "VC-CE") + { + require 'VC-CE.pl'; + } elsif ($platform eq "Mingw32") { require 'Mingw32.pl'; @@ -213,7 +220,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; +$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -227,6 +234,8 @@ $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; +$cflags.=" -DOPENSSL_NO_HW" if $no_hw; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -266,6 +275,17 @@ $defs= <<"EOF"; # The one monster makefile better suits building in non-unix # environments. +EOF + +if ($platform eq "VC-CE") + { + $defs.= <<"EOF"; +!INCLUDE <\$(WCECOMPAT)/wcedefs.mak> + +EOF + } + +$defs.= <<"EOF"; INSTALLTOP=$INSTALLTOP # Set your compiler options @@ -632,6 +652,8 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; + return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -641,6 +663,7 @@ sub var_add return("") if $no_rsa && $dir =~ /^rsaref/; return("") if $no_dsa && $dir =~ /\/dsa/; return("") if $no_dh && $dir =~ /\/dh/; + return("") if $no_ec && $dir =~ /\/ec/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -675,7 +698,7 @@ sub var_add @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; + @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; @@ -692,6 +715,8 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; + @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -885,10 +910,12 @@ sub read_options elsif (/^no-sock$/) { $no_sock=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } + elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; + $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; $no_aes=1; } elsif (/^rsaref$/) { } diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh index 5f8a1dae73..0184fcb70e 100644 --- a/src/lib/libcrypto/util/mkcerts.sh +++ b/src/lib/libcrypto/util/mkcerts.sh @@ -1,4 +1,4 @@ -#!bin/sh +#!/bin/sh # This script will re-make all the required certs. # cd apps @@ -12,8 +12,8 @@ # CAbits=1024 -SSLEAY="../apps/ssleay" -CONF="-config ../apps/ssleay.cnf" +SSLEAY="../apps/openssl" +CONF="-config ../apps/openssl.cnf" # create pca request. echo creating $CAbits bit PCA cert request diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index adfd447dd3..cdd2164c4e 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl @@ -91,7 +91,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); + "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" ); my $options=""; open(IN,"object))); if(ext->critical) printf(",critical:\n"); else printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0); + X509V3_EXT_print_fp(stdout, ext, 0, 0); printf("\n"); } -- cgit v1.2.3-55-g6feb