From 242690ab2a8e991b85b4735c4e0bac0ec7bd3481 Mon Sep 17 00:00:00 2001 From: djm <> Date: Fri, 1 Oct 2010 22:54:19 +0000 Subject: import OpenSSL-1.0.0a --- src/lib/libcrypto/Attic/Makefile | 73 +- src/lib/libcrypto/aes/Makefile | 47 +- src/lib/libcrypto/asn1/Makefile | 580 +-- src/lib/libcrypto/asn1/a_gentm.c | 23 +- src/lib/libcrypto/asn1/a_utctm.c | 21 +- src/lib/libcrypto/bf/Makefile | 23 +- src/lib/libcrypto/bio/Makefile | 13 +- src/lib/libcrypto/bn/Makefile | 79 +- src/lib/libcrypto/bn/bntest.c | 38 +- src/lib/libcrypto/bn/exptest.c | 4 +- src/lib/libcrypto/buffer/Makefile | 13 +- src/lib/libcrypto/cast/Makefile | 20 +- src/lib/libcrypto/comp/Makefile | 2 +- src/lib/libcrypto/conf/Makefile | 17 +- src/lib/libcrypto/crypto-lib.com | 183 +- src/lib/libcrypto/des/Makefile | 55 +- src/lib/libcrypto/des/des-lib.com | 66 +- src/lib/libcrypto/des/rpc_des.h | 4 +- src/lib/libcrypto/dh/Makefile | 63 +- src/lib/libcrypto/dsa/Makefile | 133 +- src/lib/libcrypto/dsa/dsatest.c | 3 +- src/lib/libcrypto/dso/Makefile | 14 +- src/lib/libcrypto/dso/dso_dl.c | 42 +- src/lib/libcrypto/dso/dso_vms.c | 12 +- src/lib/libcrypto/dso/dso_win32.c | 228 +- src/lib/libcrypto/ec/Makefile | 48 +- src/lib/libcrypto/ec/ectest.c | 14 +- src/lib/libcrypto/engine/Makefile | 280 +- src/lib/libcrypto/engine/eng_cryptodev.c | 452 +- src/lib/libcrypto/engine/enginetest.c | 2 +- src/lib/libcrypto/err/Makefile | 46 +- src/lib/libcrypto/evp/Makefile | 782 +-- src/lib/libcrypto/evp/c_allc.c | 5 +- src/lib/libcrypto/evp/c_alld.c | 8 +- src/lib/libcrypto/evp/evp_test.c | 6 +- src/lib/libcrypto/evp/m_md2.c | 1 - src/lib/libcrypto/evp/m_mdc2.c | 3 +- src/lib/libcrypto/evp/m_sha.c | 1 - src/lib/libcrypto/hmac/Makefile | 44 +- src/lib/libcrypto/idea/Makefile | 8 +- src/lib/libcrypto/install.com | 70 +- src/lib/libcrypto/krb5/Makefile | 2 +- src/lib/libcrypto/lhash/Makefile | 2 +- src/lib/libcrypto/md2/Makefile | 6 +- src/lib/libcrypto/md2/md2.h | 3 - src/lib/libcrypto/md2/md2_dgst.c | 9 +- src/lib/libcrypto/md4/Makefile | 13 +- src/lib/libcrypto/md5/Makefile | 30 +- src/lib/libcrypto/mdc2/Makefile | 2 +- src/lib/libcrypto/mdc2/mdc2.h | 4 +- src/lib/libcrypto/mem.c | 64 +- src/lib/libcrypto/objects/Makefile | 21 +- src/lib/libcrypto/objects/obj_dat.h | 5255 ++++++++++---------- src/lib/libcrypto/objects/obj_mac.h | 141 +- src/lib/libcrypto/ocsp/Makefile | 91 +- src/lib/libcrypto/opensslconf.h | 54 +- src/lib/libcrypto/opensslconf.h.in | 20 - src/lib/libcrypto/pem/Makefile | 139 +- src/lib/libcrypto/perlasm/x86nasm.pl | 559 +-- src/lib/libcrypto/pkcs12/Makefile | 177 +- src/lib/libcrypto/pkcs7/Makefile | 60 +- src/lib/libcrypto/rand/Makefile | 71 +- src/lib/libcrypto/rand/md_rand.c | 46 +- src/lib/libcrypto/rand/rand_egd.c | 2 +- src/lib/libcrypto/rand/rand_lcl.h | 11 - src/lib/libcrypto/rand/rand_os2.c | 6 + src/lib/libcrypto/rand/rand_unix.c | 71 +- src/lib/libcrypto/rand/rand_win.c | 71 +- src/lib/libcrypto/rc2/Makefile | 8 +- src/lib/libcrypto/rc4/Makefile | 44 +- src/lib/libcrypto/rc4/rc4test.c | 16 +- src/lib/libcrypto/rc5/Makefile | 15 +- src/lib/libcrypto/rc5/rc5.h | 5 +- src/lib/libcrypto/ripemd/Makefile | 22 +- src/lib/libcrypto/rsa/Makefile | 123 +- src/lib/libcrypto/rsa/rsa_test.c | 2 +- src/lib/libcrypto/sha/Makefile | 75 +- src/lib/libcrypto/sha/sha_dgst.c | 6 - src/lib/libcrypto/sha/shatest.c | 4 +- src/lib/libcrypto/stack/Makefile | 2 +- src/lib/libcrypto/symhacks.h | 106 +- src/lib/libcrypto/threads/mttest.c | 99 + src/lib/libcrypto/threads/pthreads-vms.com | 9 +- src/lib/libcrypto/txt_db/Makefile | 2 +- src/lib/libcrypto/ui/Makefile | 2 +- src/lib/libcrypto/util/ck_errf.pl | 22 +- src/lib/libcrypto/util/clean-depend.pl | 1 + src/lib/libcrypto/util/cygwin.sh | 4 +- src/lib/libcrypto/util/deltree.com | 34 + src/lib/libcrypto/util/domd | 10 +- src/lib/libcrypto/util/libeay.num | 985 +++- src/lib/libcrypto/util/mk1mf.pl | 561 +-- src/lib/libcrypto/util/mkdef.pl | 76 +- src/lib/libcrypto/util/mkfiles.pl | 32 +- src/lib/libcrypto/util/mklink.pl | 13 +- src/lib/libcrypto/util/pl/BC-32.pl | 2 +- src/lib/libcrypto/util/pl/Mingw32.pl | 6 +- src/lib/libcrypto/util/pl/VC-32.pl | 340 +- src/lib/libcrypto/util/pod2man.pl | 2 +- src/lib/libcrypto/util/point.sh | 2 +- src/lib/libcrypto/util/selftest.pl | 4 +- src/lib/libcrypto/util/shlib_wrap.sh | 6 +- src/lib/libcrypto/util/ssleay.num | 27 +- src/lib/libcrypto/x509/Makefile | 208 +- src/lib/libcrypto/x509v3/Makefile | 457 +- src/lib/libssl/src/CHANGES | 1060 +++- src/lib/libssl/src/CHANGES.SSLeay | 2 +- src/lib/libssl/src/Configure | 618 +-- src/lib/libssl/src/FAQ | 29 +- src/lib/libssl/src/INSTALL | 12 +- src/lib/libssl/src/INSTALL.W32 | 160 +- src/lib/libssl/src/INSTALL.WCE | 79 +- src/lib/libssl/src/Makefile | 368 +- src/lib/libssl/src/Makefile.org | 352 +- src/lib/libssl/src/NEWS | 62 + src/lib/libssl/src/Netware/build.bat | 7 + src/lib/libssl/src/README | 27 +- src/lib/libssl/src/VMS/install.com | 25 +- src/lib/libssl/src/VMS/mkshared.com | 63 +- src/lib/libssl/src/VMS/openssl_utils.com | 62 +- src/lib/libssl/src/apps/CA.com | 4 +- src/lib/libssl/src/apps/CA.sh | 121 +- src/lib/libssl/src/apps/Makefile | 1013 ++-- src/lib/libssl/src/apps/apps.c | 876 +++- src/lib/libssl/src/apps/apps.h | 91 +- src/lib/libssl/src/apps/asn1pars.c | 16 +- src/lib/libssl/src/apps/ca.c | 199 +- src/lib/libssl/src/apps/ciphers.c | 37 +- src/lib/libssl/src/apps/crl2p7.c | 20 +- src/lib/libssl/src/apps/dgst.c | 346 +- src/lib/libssl/src/apps/dh.c | 6 + src/lib/libssl/src/apps/dhparam.c | 6 + src/lib/libssl/src/apps/dsa.c | 57 +- src/lib/libssl/src/apps/dsaparam.c | 6 + src/lib/libssl/src/apps/enc.c | 56 +- src/lib/libssl/src/apps/engine.c | 57 +- src/lib/libssl/src/apps/errstr.c | 10 +- src/lib/libssl/src/apps/gendh.c | 6 + src/lib/libssl/src/apps/gendsa.c | 6 + src/lib/libssl/src/apps/genrsa.c | 26 +- src/lib/libssl/src/apps/install.com | 44 +- src/lib/libssl/src/apps/makeapps.com | 248 +- src/lib/libssl/src/apps/ocsp.c | 149 +- src/lib/libssl/src/apps/openssl-vms.cnf | 57 +- src/lib/libssl/src/apps/openssl.c | 214 +- src/lib/libssl/src/apps/openssl.cnf | 57 +- src/lib/libssl/src/apps/pkcs12.c | 96 +- src/lib/libssl/src/apps/pkcs7.c | 7 +- src/lib/libssl/src/apps/pkcs8.c | 79 +- src/lib/libssl/src/apps/prime.c | 46 +- src/lib/libssl/src/apps/progs.h | 19 + src/lib/libssl/src/apps/progs.pl | 9 +- src/lib/libssl/src/apps/req.c | 503 +- src/lib/libssl/src/apps/rsa.c | 63 +- src/lib/libssl/src/apps/rsautl.c | 6 + src/lib/libssl/src/apps/s_apps.h | 7 +- src/lib/libssl/src/apps/s_cb.c | 258 +- src/lib/libssl/src/apps/s_client.c | 348 +- src/lib/libssl/src/apps/s_server.c | 375 +- src/lib/libssl/src/apps/s_socket.c | 14 +- src/lib/libssl/src/apps/s_time.c | 109 +- src/lib/libssl/src/apps/smime.c | 412 +- src/lib/libssl/src/apps/speed.c | 347 +- src/lib/libssl/src/apps/verify.c | 165 +- src/lib/libssl/src/apps/x509.c | 93 +- src/lib/libssl/src/config | 65 +- src/lib/libssl/src/crypto/Makefile | 73 +- src/lib/libssl/src/crypto/aes/Makefile | 47 +- src/lib/libssl/src/crypto/aes/aes.h | 28 +- src/lib/libssl/src/crypto/aes/aes_cbc.c | 82 +- src/lib/libssl/src/crypto/aes/aes_cfb.c | 160 +- src/lib/libssl/src/crypto/aes/aes_core.c | 209 +- src/lib/libssl/src/crypto/aes/aes_ctr.c | 90 +- src/lib/libssl/src/crypto/aes/aes_ofb.c | 94 +- src/lib/libssl/src/crypto/asn1/Makefile | 580 +-- src/lib/libssl/src/crypto/asn1/a_bitstr.c | 23 + src/lib/libssl/src/crypto/asn1/a_dup.c | 2 +- src/lib/libssl/src/crypto/asn1/a_gentm.c | 23 +- src/lib/libssl/src/crypto/asn1/a_int.c | 10 +- src/lib/libssl/src/crypto/asn1/a_mbstr.c | 2 +- src/lib/libssl/src/crypto/asn1/a_object.c | 35 +- src/lib/libssl/src/crypto/asn1/a_octet.c | 4 +- src/lib/libssl/src/crypto/asn1/a_set.c | 45 +- src/lib/libssl/src/crypto/asn1/a_sign.c | 78 +- src/lib/libssl/src/crypto/asn1/a_strnid.c | 18 +- src/lib/libssl/src/crypto/asn1/a_time.c | 40 +- src/lib/libssl/src/crypto/asn1/a_type.c | 53 +- src/lib/libssl/src/crypto/asn1/a_utctm.c | 21 +- src/lib/libssl/src/crypto/asn1/a_verify.c | 31 +- src/lib/libssl/src/crypto/asn1/asn1.h | 247 +- src/lib/libssl/src/crypto/asn1/asn1_err.c | 22 +- src/lib/libssl/src/crypto/asn1/asn1_lib.c | 36 +- src/lib/libssl/src/crypto/asn1/asn1_mac.h | 7 + src/lib/libssl/src/crypto/asn1/asn1_par.c | 17 +- src/lib/libssl/src/crypto/asn1/asn1t.h | 71 +- src/lib/libssl/src/crypto/asn1/asn_pack.c | 8 +- src/lib/libssl/src/crypto/asn1/charmap.h | 2 +- src/lib/libssl/src/crypto/asn1/d2i_pr.c | 97 +- src/lib/libssl/src/crypto/asn1/d2i_pu.c | 10 +- src/lib/libssl/src/crypto/asn1/i2d_pr.c | 39 +- src/lib/libssl/src/crypto/asn1/nsseq.c | 5 +- src/lib/libssl/src/crypto/asn1/p5_pbe.c | 105 +- src/lib/libssl/src/crypto/asn1/p5_pbev2.c | 54 +- src/lib/libssl/src/crypto/asn1/p8_pkey.c | 75 +- src/lib/libssl/src/crypto/asn1/t_pkey.c | 729 +-- src/lib/libssl/src/crypto/asn1/t_req.c | 28 +- src/lib/libssl/src/crypto/asn1/t_spki.c | 31 +- src/lib/libssl/src/crypto/asn1/t_x509.c | 64 +- src/lib/libssl/src/crypto/asn1/tasn_dec.c | 24 +- src/lib/libssl/src/crypto/asn1/tasn_enc.c | 11 +- src/lib/libssl/src/crypto/asn1/tasn_fre.c | 8 +- src/lib/libssl/src/crypto/asn1/tasn_new.c | 23 +- src/lib/libssl/src/crypto/asn1/tasn_prn.c | 625 ++- src/lib/libssl/src/crypto/asn1/tasn_typ.c | 11 + src/lib/libssl/src/crypto/asn1/x_crl.c | 391 +- src/lib/libssl/src/crypto/asn1/x_long.c | 10 +- src/lib/libssl/src/crypto/asn1/x_name.c | 298 +- src/lib/libssl/src/crypto/asn1/x_pubkey.c | 304 +- src/lib/libssl/src/crypto/asn1/x_req.c | 3 +- src/lib/libssl/src/crypto/asn1/x_x509.c | 20 +- src/lib/libssl/src/crypto/bf/Makefile | 23 +- src/lib/libssl/src/crypto/bf/asm/bf-586.pl | 3 +- src/lib/libssl/src/crypto/bf/bf_skey.c | 7 +- src/lib/libssl/src/crypto/bf/blowfish.h | 6 +- src/lib/libssl/src/crypto/bio/Makefile | 13 +- src/lib/libssl/src/crypto/bio/b_print.c | 4 +- src/lib/libssl/src/crypto/bio/b_sock.c | 242 +- src/lib/libssl/src/crypto/bio/bio.h | 64 +- src/lib/libssl/src/crypto/bio/bio_cb.c | 24 +- src/lib/libssl/src/crypto/bio/bio_err.c | 2 +- src/lib/libssl/src/crypto/bio/bio_lib.c | 4 +- src/lib/libssl/src/crypto/bio/bss_acpt.c | 8 +- src/lib/libssl/src/crypto/bio/bss_fd.c | 27 +- src/lib/libssl/src/crypto/bio/bss_file.c | 65 +- src/lib/libssl/src/crypto/bio/bss_log.c | 55 +- src/lib/libssl/src/crypto/bio/bss_mem.c | 18 +- src/lib/libssl/src/crypto/bio/bss_sock.c | 13 - src/lib/libssl/src/crypto/bn/Makefile | 79 +- src/lib/libssl/src/crypto/bn/asm/bn-586.pl | 203 +- src/lib/libssl/src/crypto/bn/asm/co-586.pl | 3 +- src/lib/libssl/src/crypto/bn/asm/ppc.pl | 233 +- src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S | 15 +- src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c | 29 +- src/lib/libssl/src/crypto/bn/bn.h | 181 +- src/lib/libssl/src/crypto/bn/bn_asm.c | 322 +- src/lib/libssl/src/crypto/bn/bn_blind.c | 17 +- src/lib/libssl/src/crypto/bn/bn_ctx.c | 6 +- src/lib/libssl/src/crypto/bn/bn_div.c | 15 +- src/lib/libssl/src/crypto/bn/bn_exp.c | 3 +- src/lib/libssl/src/crypto/bn/bn_lcl.h | 3 +- src/lib/libssl/src/crypto/bn/bn_lib.c | 29 +- src/lib/libssl/src/crypto/bn/bn_mont.c | 269 +- src/lib/libssl/src/crypto/bn/bn_mul.c | 10 +- src/lib/libssl/src/crypto/bn/bn_print.c | 21 + src/lib/libssl/src/crypto/bn/bntest.c | 38 +- src/lib/libssl/src/crypto/bn/exptest.c | 4 +- src/lib/libssl/src/crypto/buffer/Makefile | 13 +- src/lib/libssl/src/crypto/buffer/buf_err.c | 2 +- src/lib/libssl/src/crypto/buffer/buffer.c | 89 +- src/lib/libssl/src/crypto/buffer/buffer.h | 9 +- src/lib/libssl/src/crypto/cast/Makefile | 20 +- src/lib/libssl/src/crypto/cast/asm/cast-586.pl | 3 +- src/lib/libssl/src/crypto/cast/c_cfb64.c | 3 +- src/lib/libssl/src/crypto/cast/c_ecb.c | 3 +- src/lib/libssl/src/crypto/cast/c_enc.c | 13 +- src/lib/libssl/src/crypto/cast/c_ofb64.c | 3 +- src/lib/libssl/src/crypto/cast/c_skey.c | 7 +- src/lib/libssl/src/crypto/cast/cast.h | 18 +- src/lib/libssl/src/crypto/comp/Makefile | 2 +- src/lib/libssl/src/crypto/comp/c_zlib.c | 18 +- src/lib/libssl/src/crypto/comp/comp_err.c | 2 +- src/lib/libssl/src/crypto/conf/Makefile | 17 +- src/lib/libssl/src/crypto/conf/README | 47 +- src/lib/libssl/src/crypto/conf/conf.h | 35 +- src/lib/libssl/src/crypto/conf/conf_api.c | 134 +- src/lib/libssl/src/crypto/conf/conf_def.c | 11 +- src/lib/libssl/src/crypto/conf/conf_err.c | 4 +- src/lib/libssl/src/crypto/conf/conf_lib.c | 30 +- src/lib/libssl/src/crypto/conf/conf_mall.c | 2 - src/lib/libssl/src/crypto/conf/conf_mod.c | 8 +- src/lib/libssl/src/crypto/cpt_err.c | 2 +- src/lib/libssl/src/crypto/cryptlib.c | 508 +- src/lib/libssl/src/crypto/crypto-lib.com | 183 +- src/lib/libssl/src/crypto/crypto.h | 104 +- src/lib/libssl/src/crypto/des/Makefile | 55 +- src/lib/libssl/src/crypto/des/asm/crypt586.pl | 5 +- src/lib/libssl/src/crypto/des/asm/des-586.pl | 274 +- src/lib/libssl/src/crypto/des/des-lib.com | 66 +- src/lib/libssl/src/crypto/des/des_enc.c | 21 +- src/lib/libssl/src/crypto/des/des_locl.h | 6 +- src/lib/libssl/src/crypto/des/ecb_enc.c | 48 +- src/lib/libssl/src/crypto/des/enc_read.c | 12 +- src/lib/libssl/src/crypto/des/enc_writ.c | 4 + src/lib/libssl/src/crypto/des/fcrypt_b.c | 4 +- src/lib/libssl/src/crypto/des/rpc_des.h | 4 +- src/lib/libssl/src/crypto/des/set_key.c | 13 +- src/lib/libssl/src/crypto/des/xcbc_enc.c | 2 +- src/lib/libssl/src/crypto/dh/Makefile | 63 +- src/lib/libssl/src/crypto/dh/dh.h | 41 +- src/lib/libssl/src/crypto/dh/dh_asn1.c | 10 +- src/lib/libssl/src/crypto/dh/dh_check.c | 8 +- src/lib/libssl/src/crypto/dh/dh_err.c | 21 +- src/lib/libssl/src/crypto/dh/dh_gen.c | 4 - src/lib/libssl/src/crypto/dh/dh_key.c | 4 - src/lib/libssl/src/crypto/dsa/Makefile | 133 +- src/lib/libssl/src/crypto/dsa/dsa.h | 69 +- src/lib/libssl/src/crypto/dsa/dsa_asn1.c | 96 +- src/lib/libssl/src/crypto/dsa/dsa_err.c | 26 +- src/lib/libssl/src/crypto/dsa/dsa_gen.c | 124 +- src/lib/libssl/src/crypto/dsa/dsa_key.c | 4 - src/lib/libssl/src/crypto/dsa/dsa_lib.c | 49 +- src/lib/libssl/src/crypto/dsa/dsa_ossl.c | 48 +- src/lib/libssl/src/crypto/dsa/dsa_sign.c | 35 +- src/lib/libssl/src/crypto/dsa/dsa_vrf.c | 37 +- src/lib/libssl/src/crypto/dsa/dsatest.c | 3 +- src/lib/libssl/src/crypto/dso/Makefile | 14 +- src/lib/libssl/src/crypto/dso/dso.h | 43 +- src/lib/libssl/src/crypto/dso/dso_dl.c | 42 +- src/lib/libssl/src/crypto/dso/dso_dlfcn.c | 157 +- src/lib/libssl/src/crypto/dso/dso_err.c | 14 +- src/lib/libssl/src/crypto/dso/dso_lib.c | 35 +- src/lib/libssl/src/crypto/dso/dso_null.c | 4 +- src/lib/libssl/src/crypto/dso/dso_openssl.c | 2 + src/lib/libssl/src/crypto/dso/dso_vms.c | 12 +- src/lib/libssl/src/crypto/dso/dso_win32.c | 228 +- src/lib/libssl/src/crypto/ec/Makefile | 48 +- src/lib/libssl/src/crypto/ec/ec.h | 814 ++- src/lib/libssl/src/crypto/ec/ec_err.c | 21 +- src/lib/libssl/src/crypto/ec/ec_lcl.h | 13 +- src/lib/libssl/src/crypto/ec/ec_lib.c | 4 +- src/lib/libssl/src/crypto/ec/ec_mult.c | 22 +- src/lib/libssl/src/crypto/ec/ecp_nist.c | 26 - src/lib/libssl/src/crypto/ec/ectest.c | 14 +- src/lib/libssl/src/crypto/engine/Makefile | 280 +- src/lib/libssl/src/crypto/engine/eng_all.c | 19 +- src/lib/libssl/src/crypto/engine/eng_cnf.c | 17 +- src/lib/libssl/src/crypto/engine/eng_cryptodev.c | 452 +- src/lib/libssl/src/crypto/engine/eng_ctrl.c | 8 +- src/lib/libssl/src/crypto/engine/eng_dyn.c | 14 +- src/lib/libssl/src/crypto/engine/eng_err.c | 6 +- src/lib/libssl/src/crypto/engine/eng_fat.c | 14 + src/lib/libssl/src/crypto/engine/eng_int.h | 12 +- src/lib/libssl/src/crypto/engine/eng_lib.c | 3 + src/lib/libssl/src/crypto/engine/eng_list.c | 2 + src/lib/libssl/src/crypto/engine/eng_openssl.c | 2 +- src/lib/libssl/src/crypto/engine/eng_table.c | 72 +- src/lib/libssl/src/crypto/engine/engine.h | 55 +- src/lib/libssl/src/crypto/engine/enginetest.c | 2 +- src/lib/libssl/src/crypto/err/Makefile | 46 +- src/lib/libssl/src/crypto/err/err.c | 789 ++- src/lib/libssl/src/crypto/err/err.h | 77 +- src/lib/libssl/src/crypto/err/err_all.c | 13 +- src/lib/libssl/src/crypto/err/err_prn.c | 77 +- src/lib/libssl/src/crypto/err/openssl.ec | 9 +- src/lib/libssl/src/crypto/evp/Makefile | 782 +-- src/lib/libssl/src/crypto/evp/bio_b64.c | 77 +- src/lib/libssl/src/crypto/evp/bio_enc.c | 6 +- src/lib/libssl/src/crypto/evp/bio_md.c | 16 +- src/lib/libssl/src/crypto/evp/c_all.c | 2 +- src/lib/libssl/src/crypto/evp/c_allc.c | 5 +- src/lib/libssl/src/crypto/evp/c_alld.c | 8 +- src/lib/libssl/src/crypto/evp/digest.c | 211 +- src/lib/libssl/src/crypto/evp/e_aes.c | 35 +- src/lib/libssl/src/crypto/evp/e_des.c | 91 +- src/lib/libssl/src/crypto/evp/e_des3.c | 95 +- src/lib/libssl/src/crypto/evp/e_idea.c | 2 +- src/lib/libssl/src/crypto/evp/e_null.c | 8 +- src/lib/libssl/src/crypto/evp/e_rc2.c | 5 + src/lib/libssl/src/crypto/evp/e_rc4.c | 5 +- src/lib/libssl/src/crypto/evp/e_xcbc_d.c | 19 +- src/lib/libssl/src/crypto/evp/encode.c | 4 +- src/lib/libssl/src/crypto/evp/evp.h | 535 +- src/lib/libssl/src/crypto/evp/evp_enc.c | 267 +- src/lib/libssl/src/crypto/evp/evp_err.c | 60 +- src/lib/libssl/src/crypto/evp/evp_key.c | 9 +- src/lib/libssl/src/crypto/evp/evp_lib.c | 44 +- src/lib/libssl/src/crypto/evp/evp_locl.h | 155 +- src/lib/libssl/src/crypto/evp/evp_pbe.c | 266 +- src/lib/libssl/src/crypto/evp/evp_pkey.c | 646 +-- src/lib/libssl/src/crypto/evp/evp_test.c | 6 +- src/lib/libssl/src/crypto/evp/m_dss.c | 2 +- src/lib/libssl/src/crypto/evp/m_dss1.c | 5 +- src/lib/libssl/src/crypto/evp/m_md2.c | 1 - src/lib/libssl/src/crypto/evp/m_md4.c | 1 - src/lib/libssl/src/crypto/evp/m_md5.c | 1 - src/lib/libssl/src/crypto/evp/m_mdc2.c | 3 +- src/lib/libssl/src/crypto/evp/m_sha.c | 1 - src/lib/libssl/src/crypto/evp/m_sha1.c | 17 +- src/lib/libssl/src/crypto/evp/names.c | 87 +- src/lib/libssl/src/crypto/evp/p5_crpt.c | 39 +- src/lib/libssl/src/crypto/evp/p5_crpt2.c | 86 +- src/lib/libssl/src/crypto/evp/p_dec.c | 4 +- src/lib/libssl/src/crypto/evp/p_enc.c | 4 +- src/lib/libssl/src/crypto/evp/p_lib.c | 394 +- src/lib/libssl/src/crypto/evp/p_open.c | 2 +- src/lib/libssl/src/crypto/evp/p_seal.c | 2 +- src/lib/libssl/src/crypto/evp/p_sign.c | 47 +- src/lib/libssl/src/crypto/evp/p_verify.c | 44 +- src/lib/libssl/src/crypto/ex_data.c | 42 +- src/lib/libssl/src/crypto/hmac/Makefile | 44 +- src/lib/libssl/src/crypto/hmac/hmac.c | 90 +- src/lib/libssl/src/crypto/hmac/hmac.h | 9 +- src/lib/libssl/src/crypto/idea/Makefile | 8 +- src/lib/libssl/src/crypto/idea/idea.h | 5 +- src/lib/libssl/src/crypto/install.com | 70 +- src/lib/libssl/src/crypto/krb5/Makefile | 2 +- src/lib/libssl/src/crypto/lhash/Makefile | 2 +- src/lib/libssl/src/crypto/lhash/lh_stats.c | 12 +- src/lib/libssl/src/crypto/lhash/lhash.c | 41 +- src/lib/libssl/src/crypto/lhash/lhash.h | 131 +- src/lib/libssl/src/crypto/md2/Makefile | 6 +- src/lib/libssl/src/crypto/md2/md2.h | 3 - src/lib/libssl/src/crypto/md2/md2_dgst.c | 9 +- src/lib/libssl/src/crypto/md32_common.h | 12 +- src/lib/libssl/src/crypto/md4/Makefile | 13 +- src/lib/libssl/src/crypto/md4/md4.h | 5 +- src/lib/libssl/src/crypto/md4/md4_dgst.c | 11 +- src/lib/libssl/src/crypto/md5/Makefile | 30 +- src/lib/libssl/src/crypto/md5/asm/md5-586.pl | 3 +- src/lib/libssl/src/crypto/md5/md5.h | 5 +- src/lib/libssl/src/crypto/md5/md5_dgst.c | 11 +- src/lib/libssl/src/crypto/md5/md5_locl.h | 2 + src/lib/libssl/src/crypto/mdc2/Makefile | 2 +- src/lib/libssl/src/crypto/mdc2/mdc2.h | 4 +- src/lib/libssl/src/crypto/mem.c | 64 +- src/lib/libssl/src/crypto/mem_dbg.c | 257 +- src/lib/libssl/src/crypto/o_str.c | 4 +- src/lib/libssl/src/crypto/o_time.c | 153 +- src/lib/libssl/src/crypto/o_time.h | 1 + src/lib/libssl/src/crypto/objects/Makefile | 21 +- src/lib/libssl/src/crypto/objects/o_names.c | 47 +- src/lib/libssl/src/crypto/objects/obj_dat.c | 180 +- src/lib/libssl/src/crypto/objects/obj_dat.h | 5255 ++++++++++---------- src/lib/libssl/src/crypto/objects/obj_dat.pl | 20 +- src/lib/libssl/src/crypto/objects/obj_err.c | 2 +- src/lib/libssl/src/crypto/objects/obj_lib.c | 35 +- src/lib/libssl/src/crypto/objects/obj_mac.h | 141 +- src/lib/libssl/src/crypto/objects/obj_mac.num | 34 + src/lib/libssl/src/crypto/objects/objects.h | 97 +- src/lib/libssl/src/crypto/objects/objects.pl | 3 + src/lib/libssl/src/crypto/objects/objects.txt | 44 +- src/lib/libssl/src/crypto/ocsp/Makefile | 91 +- src/lib/libssl/src/crypto/ocsp/ocsp.h | 22 +- src/lib/libssl/src/crypto/ocsp/ocsp_cl.c | 1 - src/lib/libssl/src/crypto/ocsp/ocsp_err.c | 3 +- src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | 47 +- src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | 56 +- src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | 3 + src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | 23 +- src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | 4 +- src/lib/libssl/src/crypto/opensslconf.h | 54 +- src/lib/libssl/src/crypto/opensslconf.h.in | 20 - src/lib/libssl/src/crypto/opensslv.h | 10 +- src/lib/libssl/src/crypto/ossl_typ.h | 21 +- src/lib/libssl/src/crypto/pem/Makefile | 139 +- src/lib/libssl/src/crypto/pem/pem.h | 255 +- src/lib/libssl/src/crypto/pem/pem_all.c | 194 +- src/lib/libssl/src/crypto/pem/pem_err.c | 28 +- src/lib/libssl/src/crypto/pem/pem_info.c | 40 +- src/lib/libssl/src/crypto/pem/pem_lib.c | 100 +- src/lib/libssl/src/crypto/pem/pem_pkey.c | 109 +- src/lib/libssl/src/crypto/pem/pem_seal.c | 2 +- src/lib/libssl/src/crypto/pem/pem_x509.c | 1 - src/lib/libssl/src/crypto/pem/pem_xaux.c | 1 - src/lib/libssl/src/crypto/perlasm/x86asm.pl | 317 +- src/lib/libssl/src/crypto/perlasm/x86nasm.pl | 559 +-- src/lib/libssl/src/crypto/pkcs12/Makefile | 177 +- src/lib/libssl/src/crypto/pkcs12/p12_add.c | 20 +- src/lib/libssl/src/crypto/pkcs12/p12_attr.c | 2 +- src/lib/libssl/src/crypto/pkcs12/p12_crpt.c | 20 +- src/lib/libssl/src/crypto/pkcs12/p12_crt.c | 11 - src/lib/libssl/src/crypto/pkcs12/p12_key.c | 7 +- src/lib/libssl/src/crypto/pkcs12/p12_kiss.c | 163 +- src/lib/libssl/src/crypto/pkcs12/p12_mutl.c | 8 +- src/lib/libssl/src/crypto/pkcs12/p12_npas.c | 17 +- src/lib/libssl/src/crypto/pkcs12/p12_utl.c | 4 +- src/lib/libssl/src/crypto/pkcs12/pk12err.c | 2 +- src/lib/libssl/src/crypto/pkcs12/pkcs12.h | 6 +- src/lib/libssl/src/crypto/pkcs7/Makefile | 60 +- src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c | 43 +- src/lib/libssl/src/crypto/pkcs7/pk7_attr.c | 66 +- src/lib/libssl/src/crypto/pkcs7/pk7_doit.c | 486 +- src/lib/libssl/src/crypto/pkcs7/pk7_lib.c | 192 +- src/lib/libssl/src/crypto/pkcs7/pk7_mime.c | 669 +-- src/lib/libssl/src/crypto/pkcs7/pk7_smime.c | 263 +- src/lib/libssl/src/crypto/pkcs7/pkcs7.h | 59 +- src/lib/libssl/src/crypto/pkcs7/pkcs7err.c | 22 +- src/lib/libssl/src/crypto/rand/Makefile | 71 +- src/lib/libssl/src/crypto/rand/md_rand.c | 46 +- src/lib/libssl/src/crypto/rand/rand.h | 29 +- src/lib/libssl/src/crypto/rand/rand_egd.c | 2 +- src/lib/libssl/src/crypto/rand/rand_err.c | 20 +- src/lib/libssl/src/crypto/rand/rand_lcl.h | 11 - src/lib/libssl/src/crypto/rand/rand_lib.c | 71 +- src/lib/libssl/src/crypto/rand/rand_os2.c | 6 + src/lib/libssl/src/crypto/rand/rand_unix.c | 71 +- src/lib/libssl/src/crypto/rand/rand_win.c | 71 +- src/lib/libssl/src/crypto/rand/randfile.c | 33 +- src/lib/libssl/src/crypto/rc2/Makefile | 8 +- src/lib/libssl/src/crypto/rc2/rc2.h | 4 +- src/lib/libssl/src/crypto/rc2/rc2_skey.c | 19 +- src/lib/libssl/src/crypto/rc4/Makefile | 44 +- src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl | 448 +- src/lib/libssl/src/crypto/rc4/rc4.h | 7 +- src/lib/libssl/src/crypto/rc4/rc4_enc.c | 16 +- src/lib/libssl/src/crypto/rc4/rc4_skey.c | 21 +- src/lib/libssl/src/crypto/rc4/rc4test.c | 16 +- src/lib/libssl/src/crypto/rc5/Makefile | 15 +- src/lib/libssl/src/crypto/rc5/rc5.h | 5 +- src/lib/libssl/src/crypto/ripemd/Makefile | 22 +- src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl | 3 +- src/lib/libssl/src/crypto/ripemd/ripemd.h | 6 +- src/lib/libssl/src/crypto/ripemd/rmd_dgst.c | 11 +- src/lib/libssl/src/crypto/ripemd/rmd_locl.h | 2 +- src/lib/libssl/src/crypto/rsa/Makefile | 123 +- src/lib/libssl/src/crypto/rsa/rsa.h | 89 +- src/lib/libssl/src/crypto/rsa/rsa_asn1.c | 16 +- src/lib/libssl/src/crypto/rsa/rsa_eay.c | 6 +- src/lib/libssl/src/crypto/rsa/rsa_err.c | 29 +- src/lib/libssl/src/crypto/rsa/rsa_gen.c | 3 - src/lib/libssl/src/crypto/rsa/rsa_lib.c | 283 +- src/lib/libssl/src/crypto/rsa/rsa_oaep.c | 35 +- src/lib/libssl/src/crypto/rsa/rsa_sign.c | 88 +- src/lib/libssl/src/crypto/rsa/rsa_test.c | 2 +- src/lib/libssl/src/crypto/sha/Makefile | 75 +- src/lib/libssl/src/crypto/sha/asm/sha1-586.pl | 1 + src/lib/libssl/src/crypto/sha/sha.h | 5 +- src/lib/libssl/src/crypto/sha/sha1_one.c | 2 +- src/lib/libssl/src/crypto/sha/sha1dgst.c | 4 - src/lib/libssl/src/crypto/sha/sha_dgst.c | 6 - src/lib/libssl/src/crypto/sha/sha_locl.h | 11 +- src/lib/libssl/src/crypto/sha/shatest.c | 4 +- src/lib/libssl/src/crypto/stack/Makefile | 2 +- src/lib/libssl/src/crypto/stack/safestack.h | 1008 +++- src/lib/libssl/src/crypto/stack/stack.c | 85 +- src/lib/libssl/src/crypto/stack/stack.h | 49 +- src/lib/libssl/src/crypto/symhacks.h | 106 +- src/lib/libssl/src/crypto/threads/mttest.c | 99 + src/lib/libssl/src/crypto/threads/pthreads-vms.com | 9 +- src/lib/libssl/src/crypto/txt_db/Makefile | 2 +- src/lib/libssl/src/crypto/txt_db/txt_db.c | 76 +- src/lib/libssl/src/crypto/txt_db/txt_db.h | 19 +- src/lib/libssl/src/crypto/ui/Makefile | 2 +- src/lib/libssl/src/crypto/ui/ui.h | 4 +- src/lib/libssl/src/crypto/ui/ui_err.c | 2 +- src/lib/libssl/src/crypto/ui/ui_lib.c | 19 + src/lib/libssl/src/crypto/ui/ui_openssl.c | 17 +- src/lib/libssl/src/crypto/x509/Makefile | 208 +- src/lib/libssl/src/crypto/x509/by_dir.c | 226 +- src/lib/libssl/src/crypto/x509/by_file.c | 2 +- src/lib/libssl/src/crypto/x509/x509.h | 258 +- src/lib/libssl/src/crypto/x509/x509_cmp.c | 237 +- src/lib/libssl/src/crypto/x509/x509_err.c | 5 +- src/lib/libssl/src/crypto/x509/x509_lu.c | 215 +- src/lib/libssl/src/crypto/x509/x509_obj.c | 2 +- src/lib/libssl/src/crypto/x509/x509_req.c | 24 +- src/lib/libssl/src/crypto/x509/x509_set.c | 4 +- src/lib/libssl/src/crypto/x509/x509_trs.c | 3 +- src/lib/libssl/src/crypto/x509/x509_txt.c | 24 +- src/lib/libssl/src/crypto/x509/x509_vfy.c | 951 +++- src/lib/libssl/src/crypto/x509/x509_vfy.h | 38 +- src/lib/libssl/src/crypto/x509/x509cset.c | 4 +- src/lib/libssl/src/crypto/x509/x509name.c | 2 +- src/lib/libssl/src/crypto/x509/x509type.c | 4 + src/lib/libssl/src/crypto/x509/x_all.c | 7 - src/lib/libssl/src/crypto/x509v3/Makefile | 457 +- src/lib/libssl/src/crypto/x509v3/ext_dat.h | 13 +- src/lib/libssl/src/crypto/x509v3/v3_alt.c | 136 +- src/lib/libssl/src/crypto/x509v3/v3_conf.c | 51 +- src/lib/libssl/src/crypto/x509v3/v3_cpols.c | 5 +- src/lib/libssl/src/crypto/x509v3/v3_crld.c | 552 +- src/lib/libssl/src/crypto/x509v3/v3_enum.c | 19 +- src/lib/libssl/src/crypto/x509v3/v3_extku.c | 16 +- src/lib/libssl/src/crypto/x509v3/v3_genn.c | 153 +- src/lib/libssl/src/crypto/x509v3/v3_lib.c | 24 +- src/lib/libssl/src/crypto/x509v3/v3_ocsp.c | 62 +- src/lib/libssl/src/crypto/x509v3/v3_pci.c | 32 +- src/lib/libssl/src/crypto/x509v3/v3_prn.c | 2 +- src/lib/libssl/src/crypto/x509v3/v3_purp.c | 194 +- src/lib/libssl/src/crypto/x509v3/v3_utl.c | 45 +- src/lib/libssl/src/crypto/x509v3/v3err.c | 13 +- src/lib/libssl/src/crypto/x509v3/x509v3.h | 173 +- src/lib/libssl/src/demos/engines/rsaref/build.com | 34 +- src/lib/libssl/src/demos/pkcs12/pkread.c | 4 +- src/lib/libssl/src/demos/tunala/autoungunk.sh | 3 +- src/lib/libssl/src/demos/tunala/cb.c | 23 +- src/lib/libssl/src/demos/tunala/tunala.c | 8 +- src/lib/libssl/src/demos/x509/mkcert.c | 2 +- src/lib/libssl/src/demos/x509/mkreq.c | 2 +- src/lib/libssl/src/doc/apps/asn1parse.pod | 14 +- src/lib/libssl/src/doc/apps/ca.pod | 12 +- src/lib/libssl/src/doc/apps/ciphers.pod | 58 +- src/lib/libssl/src/doc/apps/dgst.pod | 47 + src/lib/libssl/src/doc/apps/dhparam.pod | 2 +- src/lib/libssl/src/doc/apps/dsa.pod | 2 +- src/lib/libssl/src/doc/apps/dsaparam.pod | 2 +- src/lib/libssl/src/doc/apps/enc.pod | 70 +- src/lib/libssl/src/doc/apps/gendsa.pod | 2 +- src/lib/libssl/src/doc/apps/genrsa.pod | 2 +- src/lib/libssl/src/doc/apps/ocsp.pod | 6 + src/lib/libssl/src/doc/apps/openssl.pod | 93 +- src/lib/libssl/src/doc/apps/pkcs12.pod | 85 +- src/lib/libssl/src/doc/apps/pkcs7.pod | 2 +- src/lib/libssl/src/doc/apps/pkcs8.pod | 2 +- src/lib/libssl/src/doc/apps/req.pod | 91 +- src/lib/libssl/src/doc/apps/rsa.pod | 2 +- src/lib/libssl/src/doc/apps/s_client.pod | 27 +- src/lib/libssl/src/doc/apps/s_server.pod | 15 +- src/lib/libssl/src/doc/apps/smime.pod | 118 +- src/lib/libssl/src/doc/apps/speed.pod | 2 +- src/lib/libssl/src/doc/apps/spkac.pod | 2 +- src/lib/libssl/src/doc/apps/verify.pod | 100 +- src/lib/libssl/src/doc/apps/x509.pod | 30 +- src/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod | 2 + .../libssl/src/doc/crypto/ASN1_STRING_length.pod | 2 + src/lib/libssl/src/doc/crypto/ASN1_STRING_new.pod | 2 + src/lib/libssl/src/doc/crypto/BIO_f_buffer.pod | 9 +- src/lib/libssl/src/doc/crypto/BIO_f_md.pod | 6 + src/lib/libssl/src/doc/crypto/BIO_f_ssl.pod | 9 + src/lib/libssl/src/doc/crypto/BIO_s_file.pod | 4 + src/lib/libssl/src/doc/crypto/BIO_s_mem.pod | 2 +- src/lib/libssl/src/doc/crypto/BIO_should_retry.pod | 2 +- .../libssl/src/doc/crypto/CRYPTO_set_ex_data.pod | 2 + .../libssl/src/doc/crypto/DSA_get_ex_new_index.pod | 2 +- src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod | 23 +- .../src/doc/crypto/EVP_PKEY_verifyrecover.pod | 103 + src/lib/libssl/src/doc/crypto/EVP_SignInit.pod | 9 + src/lib/libssl/src/doc/crypto/EVP_VerifyInit.pod | 9 + src/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod | 2 + src/lib/libssl/src/doc/crypto/PKCS12_parse.pod | 31 +- src/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod | 4 +- src/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod | 61 +- src/lib/libssl/src/doc/crypto/PKCS7_sign.pod | 115 +- src/lib/libssl/src/doc/crypto/PKCS7_verify.pod | 6 +- src/lib/libssl/src/doc/crypto/SMIME_read_PKCS7.pod | 4 +- .../libssl/src/doc/crypto/SMIME_write_PKCS7.pod | 24 +- .../src/doc/crypto/X509_NAME_ENTRY_get_object.pod | 16 +- .../src/doc/crypto/X509_NAME_add_entry_by_txt.pod | 12 +- .../src/doc/crypto/X509_NAME_get_index_by_NID.pod | 14 +- src/lib/libssl/src/doc/crypto/X509_new.pod | 2 + src/lib/libssl/src/doc/crypto/bn_internal.pod | 30 +- src/lib/libssl/src/doc/crypto/d2i_RSAPublicKey.pod | 8 +- src/lib/libssl/src/doc/crypto/d2i_X509.pod | 12 +- src/lib/libssl/src/doc/crypto/d2i_X509_CRL.pod | 4 +- src/lib/libssl/src/doc/crypto/d2i_X509_REQ.pod | 4 +- src/lib/libssl/src/doc/crypto/evp.pod | 22 +- src/lib/libssl/src/doc/crypto/hmac.pod | 22 +- src/lib/libssl/src/doc/crypto/lhash.pod | 244 +- src/lib/libssl/src/doc/crypto/pem.pod | 2 +- src/lib/libssl/src/doc/crypto/threads.pod | 91 +- src/lib/libssl/src/doc/crypto/ui_compat.pod | 2 + src/lib/libssl/src/doc/ssl/SSL_CIPHER_get_name.pod | 2 +- src/lib/libssl/src/doc/ssl/SSL_CTX_new.pod | 2 +- src/lib/libssl/src/doc/ssl/SSL_CTX_set_mode.pod | 10 + src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod | 123 +- .../libssl/src/doc/ssl/SSL_CTX_set_ssl_version.pod | 6 +- src/lib/libssl/src/doc/ssl/SSL_library_init.pod | 17 +- src/lib/libssl/src/doc/ssl/ssl.pod | 50 +- src/lib/libssl/src/doc/ssleay.txt | 26 +- src/lib/libssl/src/doc/standards.txt | 4 + src/lib/libssl/src/e_os.h | 105 +- src/lib/libssl/src/e_os2.h | 24 +- src/lib/libssl/src/engines/makeengines.com | 154 +- src/lib/libssl/src/install.com | 62 +- src/lib/libssl/src/makevms.com | 501 +- src/lib/libssl/src/ms/README | 2 +- src/lib/libssl/src/ms/bcb4.bat | 12 +- src/lib/libssl/src/ms/do_ms.bat | 20 +- src/lib/libssl/src/ms/do_nasm.bat | 72 - src/lib/libssl/src/ms/do_nt.bat | 14 +- src/lib/libssl/src/ms/do_win64a.bat | 18 +- src/lib/libssl/src/ms/do_win64i.bat | 18 +- src/lib/libssl/src/ms/mingw32.bat | 6 +- src/lib/libssl/src/ms/mw.bat | 52 +- src/lib/libssl/src/ms/tenc.bat | 28 +- src/lib/libssl/src/ms/tencce.bat | 38 +- src/lib/libssl/src/ms/test.bat | 5 - src/lib/libssl/src/ms/testenc.bat | 188 +- src/lib/libssl/src/ms/testencce.bat | 194 +- src/lib/libssl/src/ms/testpem.bat | 64 +- src/lib/libssl/src/ms/testpemce.bat | 84 +- src/lib/libssl/src/ms/testss.bat | 196 +- src/lib/libssl/src/ms/testssce.bat | 208 +- src/lib/libssl/src/ms/tpem.bat | 12 +- src/lib/libssl/src/ms/tpemce.bat | 16 +- src/lib/libssl/src/ms/uplink-common.pl | 22 + src/lib/libssl/src/ms/uplink-ia64.pl | 50 + src/lib/libssl/src/ms/uplink-x86.pl | 33 + src/lib/libssl/src/ms/uplink-x86_64.pl | 64 + src/lib/libssl/src/ms/x86asm.bat | 30 +- src/lib/libssl/src/openssl.spec | 16 +- src/lib/libssl/src/shlib/win32.bat | 2 +- src/lib/libssl/src/shlib/win32dll.bat | 4 +- src/lib/libssl/src/ssl/Makefile | 1168 +++-- src/lib/libssl/src/ssl/bio_ssl.c | 21 +- src/lib/libssl/src/ssl/install.com | 69 +- src/lib/libssl/src/ssl/kssl.c | 28 +- src/lib/libssl/src/ssl/kssl_lcl.h | 2 +- src/lib/libssl/src/ssl/s23_clnt.c | 221 +- src/lib/libssl/src/ssl/s23_lib.c | 12 +- src/lib/libssl/src/ssl/s23_meth.c | 4 +- src/lib/libssl/src/ssl/s23_srvr.c | 41 +- src/lib/libssl/src/ssl/s2_clnt.c | 12 +- src/lib/libssl/src/ssl/s2_enc.c | 9 +- src/lib/libssl/src/ssl/s2_lib.c | 178 +- src/lib/libssl/src/ssl/s2_meth.c | 10 +- src/lib/libssl/src/ssl/s2_pkt.c | 23 +- src/lib/libssl/src/ssl/s2_srvr.c | 10 +- src/lib/libssl/src/ssl/s3_both.c | 315 +- src/lib/libssl/src/ssl/s3_clnt.c | 624 ++- src/lib/libssl/src/ssl/s3_enc.c | 193 +- src/lib/libssl/src/ssl/s3_lib.c | 2244 ++++++--- src/lib/libssl/src/ssl/s3_meth.c | 10 +- src/lib/libssl/src/ssl/s3_pkt.c | 282 +- src/lib/libssl/src/ssl/s3_srvr.c | 855 +++- src/lib/libssl/src/ssl/ssl-lib.com | 76 +- src/lib/libssl/src/ssl/ssl.h | 539 +- src/lib/libssl/src/ssl/ssl3.h | 124 +- src/lib/libssl/src/ssl/ssl_algs.c | 18 +- src/lib/libssl/src/ssl/ssl_asn1.c | 167 +- src/lib/libssl/src/ssl/ssl_cert.c | 17 +- src/lib/libssl/src/ssl/ssl_ciph.c | 1019 ++-- src/lib/libssl/src/ssl/ssl_err.c | 57 +- src/lib/libssl/src/ssl/ssl_lib.c | 614 ++- src/lib/libssl/src/ssl/ssl_locl.h | 300 +- src/lib/libssl/src/ssl/ssl_rsa.c | 2 +- src/lib/libssl/src/ssl/ssl_sess.c | 253 +- src/lib/libssl/src/ssl/ssl_stat.c | 61 + src/lib/libssl/src/ssl/ssl_txt.c | 43 +- src/lib/libssl/src/ssl/ssltest.c | 224 +- src/lib/libssl/src/ssl/t1_clnt.c | 4 +- src/lib/libssl/src/ssl/t1_enc.c | 509 +- src/lib/libssl/src/ssl/t1_lib.c | 917 +++- src/lib/libssl/src/ssl/t1_meth.c | 4 +- src/lib/libssl/src/ssl/t1_srvr.c | 4 +- src/lib/libssl/src/ssl/tls1.h | 147 +- src/lib/libssl/src/test/CAss.cnf | 2 +- src/lib/libssl/src/test/Makefile | 537 +- src/lib/libssl/src/test/Uss.cnf | 2 +- src/lib/libssl/src/test/maketests.com | 205 +- src/lib/libssl/src/test/tcrl.com | 4 +- src/lib/libssl/src/test/testca.com | 38 +- src/lib/libssl/src/test/testenc.com | 5 +- src/lib/libssl/src/test/testgen.com | 4 +- src/lib/libssl/src/test/tests.com | 46 +- src/lib/libssl/src/test/testss.com | 4 +- src/lib/libssl/src/test/testssl | 6 + src/lib/libssl/src/test/testssl.com | 4 +- src/lib/libssl/src/test/testtsa.com | 248 + src/lib/libssl/src/test/times | 16 +- src/lib/libssl/src/test/tpkcs7.com | 4 +- src/lib/libssl/src/test/tpkcs7d.com | 4 +- src/lib/libssl/src/test/treq.com | 4 +- src/lib/libssl/src/test/trsa.com | 4 +- src/lib/libssl/src/test/tsid.com | 4 +- src/lib/libssl/src/test/tverify.com | 78 +- src/lib/libssl/src/test/tx509.com | 4 +- src/lib/libssl/src/times/x86/des3s.cpp | 2 +- src/lib/libssl/src/tools/Makefile | 1 + src/lib/libssl/src/tools/c_rehash | 30 +- src/lib/libssl/src/tools/c_rehash.in | 30 +- src/lib/libssl/src/util/ck_errf.pl | 22 +- src/lib/libssl/src/util/clean-depend.pl | 1 + src/lib/libssl/src/util/cygwin.sh | 4 +- src/lib/libssl/src/util/deltree.com | 34 + src/lib/libssl/src/util/domd | 10 +- src/lib/libssl/src/util/libeay.num | 985 +++- src/lib/libssl/src/util/mk1mf.pl | 561 +-- src/lib/libssl/src/util/mkdef.pl | 76 +- src/lib/libssl/src/util/mkerr.pl | 113 +- src/lib/libssl/src/util/mkfiles.pl | 32 +- src/lib/libssl/src/util/mklink.pl | 13 +- src/lib/libssl/src/util/mkstack.pl | 74 +- src/lib/libssl/src/util/pl/BC-32.pl | 2 +- src/lib/libssl/src/util/pl/Mingw32.pl | 6 +- src/lib/libssl/src/util/pl/VC-32.pl | 340 +- src/lib/libssl/src/util/pod2man.pl | 2 +- src/lib/libssl/src/util/point.sh | 2 +- src/lib/libssl/src/util/selftest.pl | 4 +- src/lib/libssl/src/util/shlib_wrap.sh | 6 +- src/lib/libssl/src/util/ssleay.num | 27 +- src/lib/libssl/test/Makefile | 537 +- src/lib/libssl/test/maketests.com | 205 +- src/lib/libssl/test/tcrl.com | 4 +- src/lib/libssl/test/testca.com | 38 +- src/lib/libssl/test/testenc.com | 5 +- src/lib/libssl/test/testgen.com | 4 +- src/lib/libssl/test/tests.com | 46 +- src/lib/libssl/test/testss.com | 4 +- src/lib/libssl/test/testssl.com | 4 +- src/lib/libssl/test/testtsa.com | 248 + src/lib/libssl/test/tpkcs7.com | 4 +- src/lib/libssl/test/tpkcs7d.com | 4 +- src/lib/libssl/test/treq.com | 4 +- src/lib/libssl/test/trsa.com | 4 +- src/lib/libssl/test/tsid.com | 4 +- src/lib/libssl/test/tverify.com | 78 +- src/lib/libssl/test/tx509.com | 4 +- 798 files changed, 48478 insertions(+), 31734 deletions(-) create mode 100644 src/lib/libcrypto/util/deltree.com create mode 100644 src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod create mode 100755 src/lib/libssl/src/ms/uplink-common.pl create mode 100755 src/lib/libssl/src/ms/uplink-ia64.pl create mode 100755 src/lib/libssl/src/ms/uplink-x86.pl create mode 100755 src/lib/libssl/src/ms/uplink-x86_64.pl create mode 100644 src/lib/libssl/src/test/testtsa.com create mode 100644 src/lib/libssl/src/util/deltree.com create mode 100644 src/lib/libssl/test/testtsa.com (limited to 'src/lib') diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile index 6557f2b4e1..c1033f6d77 100644 --- a/src/lib/libcrypto/Attic/Makefile +++ b/src/lib/libcrypto/Attic/Makefile @@ -5,9 +5,9 @@ DIR= crypto TOP= .. CC= cc -INCLUDE= -I. -I$(TOP) -I../include +INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE) # INCLUDES targets sudbirs! -INCLUDES= -I.. -I../.. -I../../include +INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE) CFLAG= -g MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) @@ -17,7 +17,7 @@ AR= ar r RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \ (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ - $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \ + $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \ done; PEX_LIBS= @@ -26,6 +26,7 @@ EX_LIBS= CFLAGS= $(INCLUDE) $(CFLAG) ASFLAGS= $(INCLUDE) $(ASFLAG) AFLAGS=$(ASFLAGS) +CPUID_OBJ=mem_clr.o LIBS= @@ -33,12 +34,12 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c -LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ) +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ) SRC= $(LIBSRC) -EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ +EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) @@ -47,7 +48,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: @(cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib +all: shared buildinf.h: ../Makefile ( echo "#ifndef MK1MF_BUILD"; \ @@ -57,26 +58,26 @@ buildinf.h: ../Makefile echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ echo '#endif' ) >buildinf.h -x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@ -x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@ -x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@ +x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -uplink.o: ../ms/uplink.c - $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c +applink.o: $(TOP)/ms/applink.c + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c -uplink-cof.s: ../ms/uplink.pl - $(PERL) ../ms/uplink.pl coff > $@ +uplink.o: $(TOP)/ms/uplink.c applink.o + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c + +uplink-cof.s: $(TOP)/ms/uplink.pl + $(PERL) $(TOP)/ms/uplink.pl coff > $@ x86_64cpuid.s: x86_64cpuid.pl - $(PERL) x86_64cpuid.pl $@ + $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ ia64cpuid.s: ia64cpuid.S $(CC) $(CFLAGS) -E ia64cpuid.S > $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ testapps: - [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \ + [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ then cd des && $(MAKE) -e des; fi ) [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps ); @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @@ -94,11 +95,11 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) @target=links; $(RECURSIVE_MAKE) -# lib: and $(LIB): are splitted to avoid end-less loop -lib: buildinf.h $(LIB) subdirs +# lib: $(LIB): are splitted to avoid end-less loop +lib: $(LIB) @touch lib $(LIB): $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. shared: buildinf.h lib subdirs @@ -135,6 +136,7 @@ clean: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f opensslconf.h @target=dclean; $(RECURSIVE_MAKE) # DO NOT DELETE THIS LINE -- make depend depends on it. @@ -159,13 +161,6 @@ cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h cversion.o: cryptlib.h cversion.c -dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h -dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -dyn_lck.o: dyn_lck.c ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -174,13 +169,6 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c -fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h -fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h -fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h -fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c -fips_err.o: fips_err.h mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -201,23 +189,10 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h mem_dbg.o: mem_dbg.c o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_dir.o: LPdir_unix.c o_dir.c o_dir.h -o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h -o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h -o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h -o_init.o: ../include/openssl/symhacks.h o_init.c o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.o: o_str.c o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h -tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h -tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile index 9d174f4c3e..c501a43a8f 100644 --- a/src/lib/libcrypto/aes/Makefile +++ b/src/lib/libcrypto/aes/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -AES_ASM_OBJ=aes_core.o aes_cbc.o +AES_ENC=aes_core.o aes_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \ aes_ctr.c aes_ige.c aes_wrap.c LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \ - $(AES_ASM_OBJ) + $(AES_ENC) SRC= $(LIBSRC) @@ -41,24 +41,27 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - aes-ia64.s: asm/aes-ia64.S $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@ -ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl + $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ aes-x86_64.s: asm/aes-x86_64.pl - $(PERL) asm/aes-x86_64.pl $@ + $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ + +aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ + +aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +aes-%.s: asm/aes-%.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -97,16 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h -aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -aes_cfb.o: aes_cfb.c aes_locl.h +aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c +aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -aes_core.o: aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h +aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h @@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c -aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c +aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile index 94a6885804..160544eede 100644 --- a/src/lib/libcrypto/asn1/Makefile +++ b/src/lib/libcrypto/asn1/Makefile @@ -22,30 +22,32 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ + tasn_prn.c ameth_lib.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \ - asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ + f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \ + asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ + tasn_prn.o ameth_lib.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \ - asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ + f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \ + asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) EXHEADER= asn1.h asn1_mac.h asn1t.h -HEADER= $(EXHEADER) +HEADER= $(EXHEADER) asn1_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -63,7 +65,7 @@ pk: pk.c all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c -a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h -a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_mbstr.o: ../cryptlib.h a_mbstr.c -a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c +a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h +a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c +a_verify.o: asn1_locl.h +ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ameth_lib.o: ../../include/openssl/opensslconf.h +ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c +ameth_lib.o: asn1_locl.h asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn1_gen.o: ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn_mime.o: ../../include/openssl/opensslconf.h +asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../cryptlib.h asn_mime.c +asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn_moid.o: ../../include/openssl/opensslconf.h asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c +bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_asn1.o: ../../include/openssl/opensslconf.h +bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c +bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c +d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c +d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pu.o: ../cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c +i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c +i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pu.o: ../cryptlib.h i2d_pu.c n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c +n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c +nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c +p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbe.o: ../cryptlib.h p5_pbe.c p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbev2.o: ../../include/openssl/opensslconf.h +p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c +p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_bitst.o: ../cryptlib.h t_bitst.c t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c +t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_crl.o: ../cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h -t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_pkey.o: ../cryptlib.h t_pkey.c t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c +t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_req.o: ../cryptlib.h t_req.c t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c +t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_spki.o: ../cryptlib.h t_spki.c t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c +t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_x509.o: ../cryptlib.h t_x509.c t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h +tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tasn_prn.o: ../../include/openssl/opensslconf.h +tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h @@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c +x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_attrib.o: ../../include/openssl/opensslconf.h +x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../cryptlib.h x_crl.c +x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c +x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_name.o: ../cryptlib.h x_name.c +x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c +x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pkey.o: ../cryptlib.h x_pkey.c +x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_pubkey.o: ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h x_pubkey.c +x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_req.o: ../cryptlib.h x_req.c +x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_sig.o: ../cryptlib.h x_sig.c +x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_spki.o: ../cryptlib.h x_spki.c +x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_val.o: ../cryptlib.h x_val.c +x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_x509.o: ../cryptlib.h x_x509.c +x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c index def79062a5..c79c6f538c 100644 --- a/src/lib/libcrypto/asn1/a_gentm.c +++ b/src/lib/libcrypto/asn1/a_gentm.c @@ -117,8 +117,8 @@ err: int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) { - static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[9]={99, 99,12,31,23,59,59,12,59}; + static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; + static const int max[9]={99, 99,12,31,23,59,59,12,59}; char *a; int n,i,l,o; @@ -176,6 +176,11 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) o++; } } + else + { + /* Missing time zone information. */ + goto err; + } return(o == l); err: return(0); @@ -205,6 +210,12 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t) + { + return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); + } + +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec) { char *p; struct tm *ts; @@ -220,13 +231,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, if (ts == NULL) return(NULL); + if (offset_day || offset_sec) + { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } + p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); if (p == NULL) { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); return(NULL); } diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c index d31c028193..072e236592 100644 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ b/src/lib/libcrypto/asn1/a_utctm.c @@ -114,8 +114,8 @@ err: int ASN1_UTCTIME_check(ASN1_UTCTIME *d) { - static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[8]={99,12,31,23,59,59,12,59}; + static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; + static const int max[8]={99,12,31,23,59,59,12,59}; char *a; int n,i,l,o; @@ -186,6 +186,12 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) { + return ASN1_UTCTIME_adj(s, t, 0, 0); + } + +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec) + { char *p; struct tm *ts; struct tm data; @@ -200,13 +206,22 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) if (ts == NULL) return(NULL); + if (offset_day || offset_sec) + { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } + + if((ts->tm_year < 50) || (ts->tm_year >= 150)) + return NULL; + p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); if (p == NULL) { - ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE); return(NULL); } if (s->data != NULL) diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile index 7f4f03eb82..dd2c2c708e 100644 --- a/src/lib/libcrypto/bf/Makefile +++ b/src/lib/libcrypto/bf/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +bf-586.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h -bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_skey.o: bf_locl.h bf_pi.h bf_skey.c +bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h +bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile index 1cd76ce7a2..c395d80496 100644 --- a/src/lib/libcrypto/bio/Makefile +++ b/src/lib/libcrypto/bio/Makefile @@ -45,7 +45,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c +b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +b_sock.o: ../cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile index f5e8f65a46..aabc4f56b8 100644 --- a/src/lib/libcrypto/bn/Makefile +++ b/src/lib/libcrypto/bn/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BN_ASM= bn_asm.o -# or use -#BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -28,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c bn_x931p.c bn_const.c bn_opt.c + bn_depr.c bn_const.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o bn_x931p.o bn_const.o bn_opt.o + bn_depr.o bn_const.o SRC= $(LIBSRC) @@ -58,36 +56,25 @@ bnbug: bnbug.c ../../libcrypto.a top cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@) -co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@) -mo86-elf.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@) -# COFF -bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@) -co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@) -mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@) -# a.out -bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@) -co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@) -mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@) +bn-586.s: asm/bn-586.pl ../perlasm/x86asm.pl + $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +co-586.s: asm/co-586.pl ../perlasm/x86asm.pl + $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +x86-mont.s: asm/x86-mont.pl ../perlasm/x86asm.pl + $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sparcv8.o: asm/sparcv8.S $(CC) $(CFLAGS) -c asm/sparcv8.S -sparcv8plus.o: asm/sparcv8plus.S - $(CC) $(CFLAGS) -c asm/sparcv8plus.S +bn-sparcv9.o: asm/sparcv8plus.S + $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S +sparcv9a-mont.s: asm/sparcv9a-mont.pl + $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@ +sparcv9-mont.s: asm/sparcv9-mont.pl + $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@ bn-mips3.o: asm/mips3.s @if [ "$(CC)" = "gcc" ]; then \ @@ -95,10 +82,13 @@ bn-mips3.o: asm/mips3.s as -$$ABI -O -o $@ asm/mips3.s; \ else $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi +bn-s390x.o: asm/s390x.S + $(CC) $(CFLAGS) -c -o $@ asm/s390x.S + x86_64-gcc.o: asm/x86_64-gcc.c $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c x86_64-mont.s: asm/x86_64-mont.pl - $(PERL) asm/x86_64-mont.pl $@ + $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@ bn-ia64.s: asm/ia64.S $(CC) $(CFLAGS) -E asm/ia64.S > $@ @@ -111,12 +101,14 @@ pa-risc2.o: asm/pa-risc2.s /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s # ppc - AIX, Linux, MacOS X... -linux_ppc32.s: asm/ppc.pl; $(PERL) $< $@ -linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@ -aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ -aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ -osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ -osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@ +bn-ppc.s: asm/ppc.pl; $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@ +ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@ + +alpha-mont.s: asm/alpha-mont.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null + +# GNU make "catch all" +%-mont.s: asm/%-mont.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -184,8 +176,11 @@ bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h -bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c +bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bn_const.o: ../../include/openssl/opensslconf.h +bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -292,13 +287,6 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c -bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -357,6 +345,3 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c -bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -bn_x931p.o: ../../include/openssl/opensslconf.h -bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c index cf190380f5..0cd99c5b4b 100644 --- a/src/lib/libcrypto/bn/bntest.c +++ b/src/lib/libcrypto/bn/bntest.c @@ -486,7 +486,7 @@ static void print_word(BIO *bp,BN_ULONG w) return; } #endif - BIO_printf(bp,"%lX",w); + BIO_printf(bp,BN_HEX_FMT1,w); } int test_div_word(BIO *bp) @@ -732,6 +732,8 @@ int test_mont(BIO *bp, BN_CTX *ctx) BN_init(&n); mont=BN_MONT_CTX_new(); + if (mont == NULL) + return 0; BN_bntest_rand(&a,100,0,0); /**/ BN_bntest_rand(&b,100,0,0); /**/ @@ -1027,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx) BN_bntest_rand(a,20+i*5,0,0); /**/ BN_bntest_rand(b,2+i,0,0); /**/ - if (!BN_exp(d,a,b,ctx)) + if (BN_exp(d,a,b,ctx) <= 0) return(0); if (bp != NULL) @@ -1116,8 +1118,8 @@ int test_gf2m_mod(BIO *bp) { BIGNUM *a,*b[2],*c,*d,*e; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1174,8 +1176,8 @@ int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1245,8 +1247,8 @@ int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1304,8 +1306,8 @@ int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1359,8 +1361,8 @@ int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1422,8 +1424,8 @@ int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1493,8 +1495,8 @@ int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1552,8 +1554,8 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e; int i, j, s = 0, t, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c index f598a07cf5..074a8e882a 100644 --- a/src/lib/libcrypto/bn/exptest.c +++ b/src/lib/libcrypto/bn/exptest.c @@ -163,7 +163,7 @@ int main(int argc, char *argv[]) { if (BN_cmp(r_simple,r_mont) != 0) printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple,r_mont) != 0) + if (BN_cmp(r_simple,r_mont_const) != 0) printf("\nsimple and mont const time results differ\n"); if (BN_cmp(r_simple,r_recp) != 0) printf("\nsimple and recp results differ\n"); @@ -187,7 +187,7 @@ int main(int argc, char *argv[]) BN_free(b); BN_free(m); BN_CTX_free(ctx); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile index 9e0f46e19a..9f3a88d2d6 100644 --- a/src/lib/libcrypto/buffer/Makefile +++ b/src/lib/libcrypto/buffer/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= buffer.c buf_str.c buf_err.c -LIBOBJ= buffer.o buf_str.o buf_err.o +LIBSRC= buffer.c buf_err.c +LIBOBJ= buffer.o buf_err.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h buf_err.o: buf_err.c -buf_str.o: ../../e_os.h ../../include/openssl/bio.h -buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile index 2e026dbe0d..0acc38f28d 100644 --- a/src/lib/libcrypto/cast/Makefile +++ b/src/lib/libcrypto/cast/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@) -# COFF -cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@) -# a.out -cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@) +cast-586.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h c_ofb64.o: c_ofb64.c cast_lcl.h c_skey.o: ../../e_os.h ../../include/openssl/cast.h -c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h +c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +c_skey.o: c_skey.c cast_lcl.h cast_s.h diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile index 5d364b8513..efda832dce 100644 --- a/src/lib/libcrypto/comp/Makefile +++ b/src/lib/libcrypto/comp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile index ccd0721332..78bb324106 100644 --- a/src/lib/libcrypto/conf/Makefile +++ b/src/lib/libcrypto/conf/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_mall.o: ../../include/openssl/objects.h conf_mall.o: ../../include/openssl/opensslconf.h conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mod.o: ../../include/openssl/opensslconf.h conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -conf_sap.o: ../../include/openssl/opensslconf.h +conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com index e72af90822..a4b6635091 100644 --- a/src/lib/libcrypto/crypto-lib.com +++ b/src/lib/libcrypto/crypto-lib.com @@ -6,10 +6,11 @@ $! A-Com Computing, Inc. $! byer@mail.all-net.net $! $! Changes by Richard Levitte +$! Zoltan Arpadffy $! $! This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" -$! library for OpenSSL. The "xxx" denotes the machine architecture of AXP -$! or VAX. +$! library for OpenSSL. The "xxx" denotes the machine architecture, ALPHA, +$! IA64 or VAX. $! $! It was re-written so it would try to determine what "C" compiler to use $! or you can specify which "C" compiler to use. @@ -17,28 +18,28 @@ $! $! Specify the following as P1 to build just that part or ALL to just $! build everything. $! -$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. -$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE -$! ALL To do both LIBRARY and APPS +$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. +$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE +$! ALL To do both LIBRARY and APPS $! $! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! $! Specify which compiler at P3 to try to compile under. $! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. +$! VAXC For VAX C. +$! DECC For DEC C. +$! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! -$! UCX for UCX -$! TCPIP for TCPIP (post UCX) -$! SOCKETSHR for SOCKETSHR+NETLIB +$! UCX For UCX +$! TCPIP For TCPIP (post UCX) +$! SOCKETSHR For SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! @@ -54,36 +55,49 @@ $ TCPIP_LIB = "" $! $! Check Which Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP +$! The Architecture Is VAX $! -$ ARCH := AXP +$ ARCH = "VAX" $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! $ ENDIF $! $! Define The Different Encryption Types. +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the SDIRS variable in [-]Makefile.org as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. $! +$ ET_WHIRLPOOL = "WHRLPOOL" +$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" $ ENCRYPT_TYPES = "Basic,"+ - "OBJECTS,"+ - - "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - - "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ - - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - + "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - + "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - + "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "STORE,CMS,PQUEUE,JPAKE" + "STORE,CMS,PQUEUE,TS,JPAKE" +$! Define The OBJ Directory. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] +$! +$! Define The EXE Directory. +$! +$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -97,9 +111,6 @@ $! Tell The User What Kind of Machine We Run On. $! $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! -$! Define The OBJ Directory. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] $! $! Check To See If The Architecture Specific OBJ Directory Exists. $! @@ -114,10 +125,6 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! -$! Define The EXE Directory. -$! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] -$! $! Check To See If The Architecture Specific Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -161,15 +168,16 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,ebcdic,uid,o_time,o_str,o_dir" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" $ LIB_MDC2 = "mdc2dgst,mdc2_one" -$ LIB_HMAC = "hmac" +$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth" $ LIB_RIPEMD = "rmd_dgst,rmd_one" -$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ - +$ LIB_WHRLPOOL = "wp_dgst,wp_block" +$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - "enc_read,enc_writ,ofb64enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - @@ -184,35 +192,39 @@ $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" -$ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb" +$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" +$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" -$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" +$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - + LIB_BN_ASM = "bn_asm" $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - - "bn_depr,bn_x931p,bn_const,bn_opt" + "bn_depr,bn_const" $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - - "ec2_smpl,ec2_mult" + "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn" $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng" + "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ - + "rsa_pmeth" $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - - "dsa_err,dsa_ossl,dsa_depr,dsa_utl" + "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn" $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" -$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr" +$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ - + "dh_ameth,dh_pmeth,dh_prn" $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - - "dso_openssl,dso_win32,dso_vms" + "dso_openssl,dso_win32,dso_vms,dso_beos" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - - "tb_cipher,tb_digest,"+ - - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ctr,aes_ige,aes_wrap" -$ LIB_BUFFER = "buffer,buf_str,buf_err" + "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ - + "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" +$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ - + "aes_ige,aes_wrap" +$ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - @@ -224,33 +236,34 @@ $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - "rand_vms" -$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio" -$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" -$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - +$ LIB_ERR = "err,err_all,err_prn" +$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" +$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - "e_rc4,e_aes,names,e_seed,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min" -$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - + "e_xcbc_d,e_rc2,e_cast,e_rc5" +$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" -$ LIB_EVP_3 = "e_old" +$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver" $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "d2i_pu,d2i_pr,i2d_pu,i2d_pr" + "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr" $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - + "tasn_prn,ameth_lib,"+ - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - + "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ - + "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - - "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey" + "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt" $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - "x509_obj,x509_req,x509spki,x509_vfy,"+ - "x509_set,x509cset,x509rset,x509_err,"+ - @@ -266,7 +279,7 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" $ LIB_TXT_DB = "txt_db" $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - - "pk7_mime" + "pk7_mime,bio_pk7" $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - "p12_init,p12_key,p12_kiss,p12_mutl,"+ - "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" @@ -281,6 +294,9 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess" $ LIB_PQUEUE = "pqueue" +$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ - + "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ - + "ts_asn1" $ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations @@ -291,7 +307,7 @@ $ ! Disable the DOLLARID warning $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" $ ! Disable disjoint optimization $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," + "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," $ ! Disable the MIXLINKAGE warning $ COMPILEWITH_CC6 = ",enc_read,set_key," $! @@ -334,11 +350,11 @@ $! Create The Library and Apps Module Names. $! $ LIB_MODULE = "LIB_" + MODULE_NAME $ APPS_MODULE = "APPS_" + MODULE_NAME -$ IF (MODULE_NAME.EQS."ASN1_2") +$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_") $ THEN $ MODULE_NAME = "ASN1" $ ENDIF -$ IF (MODULE_NAME.EQS."EVP_2") +$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_") $ THEN $ MODULE_NAME = "EVP" $ ENDIF @@ -353,7 +369,7 @@ $! $ IF F$TYPE('LIB_MODULE') .EQS. "" $ THEN $ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..." +$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." $ WRITE SYS$ERROR "" $ GOTO MODULE_NEXT $ ENDIF @@ -694,7 +710,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. $! $ IF ARCH .EQS. "VAX" $ THEN @@ -714,19 +730,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -763,12 +779,12 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -787,15 +803,16 @@ $ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.E $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." +$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -848,7 +865,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -913,7 +930,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1019,12 +1036,12 @@ $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -1046,14 +1063,14 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1063,7 +1080,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -1085,12 +1102,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -1135,7 +1152,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -1153,14 +1170,14 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! $! Build a MACRO command for the architecture at hand $! $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" +$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" $! $! Show user the result $! @@ -1248,7 +1265,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile index 786e68802e..ae982265fd 100644 --- a/src/lib/libcrypto/des/Makefile +++ b/src/lib/libcrypto/des/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RANLIB= ranlib DES_ENC= des_enc.o fcrypt_b.o -# or use -#DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -24,7 +22,7 @@ TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ +LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ @@ -33,7 +31,7 @@ LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ read2pwd.c -LIBOBJ= des_lib.o set_key.o ecb_enc.o cbc_enc.o \ +LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ @@ -54,7 +52,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib des_enc-sparc.S: asm/des_enc.m4 m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -# ELF -dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@) -yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@) -# COFF -dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@) -yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@) -# a.out -dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@) -yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@) +des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ +crypt586.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_enc.o: des_enc.c des_locl.h ncbc_enc.c -des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h +des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c +ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb_enc.o: des_locl.h ecb_enc.c spr.h +ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ede_cbcm_enc.o: ../../include/openssl/e_os2.h ede_cbcm_enc.o: ../../include/openssl/opensslconf.h @@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c +set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com index fc2c35a1ce..348f1c0470 100644 --- a/src/lib/libcrypto/des/des-lib.com +++ b/src/lib/libcrypto/des/des-lib.com @@ -9,7 +9,7 @@ $! Changes by Richard Levitte $! $! This command files compiles and creates the $! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine -$! architecture of AXP or VAX. +$! architecture of ALPHA, IA64 or VAX. $! $! It was re-written to try to determine which "C" compiler to try to use $! or the user can specify a compiler in P3. @@ -45,25 +45,34 @@ $! $! $! Check Which Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP. +$! The Architecture Is VAX $! -$ ARCH := AXP +$ ARCH := VAX $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! $ ENDIF $! +$! Define The OBJ Directory Name. +$! +$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] +$! +$! Define The EXE Directory Name. +$! +$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] +$! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS @@ -72,10 +81,6 @@ $! Tell The User What Kind of Machine We Run On. $! $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! -$! Define The OBJ Directory Name. -$! -$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] -$! $! Check To See If The Architecture Specific OBJ Directory Exists. $! $ IF (F$PARSE(OBJ_DIR).EQS."") @@ -89,10 +94,6 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! -$! Define The EXE Directory Name. -$! -$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] -$! $! Check To See If The Architecture Specific Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -564,7 +565,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need An non-VAX Or A VAX Linker Option File. $! $ IF (F$GETSYI("CPU").LT.128) $ THEN @@ -584,19 +585,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -658,13 +659,13 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -677,7 +678,7 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything. +$ WRITE SYS$OUTPUT " ALL : Just Build Everything." $ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." $ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." $ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." @@ -687,15 +688,16 @@ $ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For: " $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." +$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -752,7 +754,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -817,7 +819,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -882,7 +884,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -904,9 +906,9 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" @@ -919,7 +921,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -944,7 +946,7 @@ $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -976,7 +978,7 @@ $! Show user the result $! $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/src/lib/libcrypto/des/rpc_des.h b/src/lib/libcrypto/des/rpc_des.h index 4cbb4d2dcd..41328d7965 100644 --- a/src/lib/libcrypto/des/rpc_des.h +++ b/src/lib/libcrypto/des/rpc_des.h @@ -122,10 +122,10 @@ struct desparams { /* * Encrypt an arbitrary sized buffer */ -#define DESIOCBLOCK _IOWR(d, 6, struct desparams) +#define DESIOCBLOCK _IOWR('d', 6, struct desparams) /* * Encrypt of small amount of data, quickly */ -#define DESIOCQUICK _IOWR(d, 7, struct desparams) +#define DESIOCQUICK _IOWR('d', 7, struct desparams) diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile index d01fa960eb..f23b4f7fde 100644 --- a/src/lib/libcrypto/dh/Makefile +++ b/src/lib/libcrypto/dh/Makefile @@ -17,8 +17,10 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \ + dh_ameth.c dh_pmeth.c dh_prn.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \ + dh_ameth.o dh_pmeth.o dh_prn.o SRC= $(LIBSRC) @@ -33,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,6 +76,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_ameth.o: ../../include/openssl/opensslconf.h +dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +dh_ameth.o: dh_ameth.c dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -129,11 +146,35 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dh_lib.o: ../cryptlib.h dh_lib.c +dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +dh_pmeth.o: dh_pmeth.c +dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile index 2cc45cdc62..8073c4ecfe 100644 --- a/src/lib/libcrypto/dsa/Makefile +++ b/src/lib/libcrypto/dsa/Makefile @@ -18,14 +18,14 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c + dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o + dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o SRC= $(LIBSRC) EXHEADER= dsa.h -HEADER= $(EXHEADER) +HEADER= dsa_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,12 +76,27 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_ameth.o: ../../include/openssl/objects.h +dsa_ameth.o: ../../include/openssl/opensslconf.h +dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +dsa_ameth.o: dsa_ameth.c dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -91,9 +106,8 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_depr.o: ../../include/openssl/opensslconf.h +dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -110,13 +124,12 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_gen.o: ../cryptlib.h dsa_gen.c +dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -132,14 +145,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -148,40 +161,48 @@ dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_ossl.o: ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_ossl.o: ../cryptlib.h dsa_ossl.c -dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c +dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_pmeth.o: ../../include/openssl/objects.h +dsa_pmeth.o: ../../include/openssl/opensslconf.h +dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +dsa_pmeth.o: dsa_locl.h dsa_pmeth.c +dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_prn.o: ../cryptlib.h dsa_prn.c +dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h -dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_sign.o: ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c -dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c -dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h +dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_vrf.o: ../cryptlib.h dsa_vrf.c diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c index 912317bb44..edffd24e6b 100644 --- a/src/lib/libcrypto/dsa/dsatest.c +++ b/src/lib/libcrypto/dsa/dsatest.c @@ -169,7 +169,6 @@ int main(int argc, char **argv) } BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); - if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); if (counter != 105) { @@ -223,7 +222,7 @@ end: ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile index 52f152888c..fb2709ed63 100644 --- a/src/lib/libcrypto/dso/Makefile +++ b/src/lib/libcrypto/dso/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c dso_win32.c dso_vms.c + dso_openssl.c dso_win32.c dso_vms.c dso_beos.c LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \ - dso_openssl.o dso_win32.o dso_vms.o + dso_openssl.o dso_win32.o dso_vms.o dso_beos.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,6 +76,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dso_beos.o: ../../e_os.h ../../include/openssl/bio.h +dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dso_beos.o: ../../include/openssl/opensslconf.h +dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c dso_dl.o: ../../e_os.h ../../include/openssl/bio.h dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c index 417abb6ea9..fc4236bd9a 100644 --- a/src/lib/libcrypto/dso/dso_dl.c +++ b/src/lib/libcrypto/dso/dso_dl.c @@ -85,6 +85,8 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dl_pathbyaddr(void *addr,char *path,int sz); +static void *dl_globallookup(const char *name); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -101,7 +103,9 @@ static DSO_METHOD dso_meth_dl = { dl_name_converter, dl_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + dl_pathbyaddr, + dl_globallookup }; DSO_METHOD *DSO_METHOD_dl(void) @@ -350,4 +354,40 @@ static char *dl_name_converter(DSO *dso, const char *filename) return(translated); } +static int dl_pathbyaddr(void *addr,char *path,int sz) + { + struct shl_descriptor inf; + int i,len; + + if (addr == NULL) + { + union { int(*f)(void*,char*,int); void *p; } t = + { dl_pathbyaddr }; + addr = t.p; + } + + for (i=-1;shl_get_r(i,&inf)==0;i++) + { + if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || + ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) + { + len = (int)strlen(inf.filename); + if (sz <= 0) return len+1; + if (len >= sz) len=sz-1; + memcpy(path,inf.filename,len); + path[len++] = 0; + return len; + } + } + + return -1; + } + +static void *dl_globallookup(const char *name) + { + void *ret; + shl_t h = NULL; + + return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret; + } #endif /* DSO_DL */ diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c index 2c434ee8a6..321512772a 100644 --- a/src/lib/libcrypto/dso/dso_vms.c +++ b/src/lib/libcrypto/dso/dso_vms.c @@ -215,7 +215,7 @@ static int vms_load(DSO *dso) p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; p->imagename_dsc.dsc$a_pointer = p->imagename; - if(!sk_push(dso->meth_data, (char *)p)) + if(!sk_void_push(dso->meth_data, (char *)p)) { DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR); goto err; @@ -245,9 +245,9 @@ static int vms_unload(DSO *dso) DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) return(1); - p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); + p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data); if(p == NULL) { DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE); @@ -302,13 +302,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); return; } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); return; } - ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, - sk_num(dso->meth_data) - 1); + ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, + sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE); diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c index fd3dd6a7fe..6fb6c54181 100644 --- a/src/lib/libcrypto/dso/dso_win32.c +++ b/src/lib/libcrypto/dso/dso_win32.c @@ -96,7 +96,11 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) #else fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); #endif - if (fnamw == NULL) return NULL; + if (fnamw == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return NULL; + } #if defined(_WIN32_WCE) && _WIN32_WCE>=101 if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0)) @@ -124,6 +128,8 @@ static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); static char *win32_name_converter(DSO *dso, const char *filename); static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int win32_pathbyaddr(void *addr,char *path,int sz); +static void *win32_globallookup(const char *name); static const char *openssl_strnchr(const char *string, int c, size_t len); @@ -142,7 +148,9 @@ static DSO_METHOD dso_meth_win32 = { win32_name_converter, win32_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + win32_pathbyaddr, + win32_globallookup }; DSO_METHOD *DSO_METHOD_win32(void) @@ -180,7 +188,7 @@ static int win32_load(DSO *dso) goto err; } *p = h; - if(!sk_push(dso->meth_data, (char *)p)) + if(!sk_void_push(dso->meth_data, p)) { DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); goto err; @@ -207,9 +215,9 @@ static int win32_unload(DSO *dso) DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) return(1); - p = (HINSTANCE *)sk_pop(dso->meth_data); + p = sk_void_pop(dso->meth_data); if(p == NULL) { DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE); @@ -220,7 +228,7 @@ static int win32_unload(DSO *dso) DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED); /* We should push the value back onto the stack in * case of a retry. */ - sk_push(dso->meth_data, (char *)p); + sk_void_push(dso->meth_data, p); return(0); } /* Cleanup */ @@ -240,12 +248,12 @@ static void *win32_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR); return(NULL); } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE); @@ -271,12 +279,12 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR); return(NULL); } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE); @@ -327,8 +335,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, memset(result, 0, sizeof(struct file_st)); position = IN_DEVICE; - if(filename[0] == '\\' && filename[1] == '\\' - || filename[0] == '/' && filename[1] == '/') + if((filename[0] == '\\' && filename[1] == '\\') + || (filename[0] == '/' && filename[1] == '/')) { position = IN_NODE; filename += 2; @@ -347,10 +355,11 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); /*goto err;*/ + OPENSSL_free(result); return(NULL); } result->device = start; - result->devicelen = filename - start; + result->devicelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; @@ -359,7 +368,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, case '/': if(position == IN_NODE) { - result->nodelen = filename - start; + result->nodelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; @@ -369,20 +378,20 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, position = IN_FILE; filename++; result->dir = start; - result->dirlen = filename - start; + result->dirlen = (int)(filename - start); start = filename; } else { filename++; - result->dirlen += filename - start; + result->dirlen += (int)(filename - start); start = filename; } break; case '\0': if(position == IN_NODE) { - result->nodelen = filename - start; + result->nodelen = (int)(filename - start); } else { @@ -396,13 +405,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, result->dirlen = 0; } result->dirlen += - filename - start; + (int)(filename - start); } else { result->file = start; result->filelen = - filename - start; + (int)(filename - start); } } } @@ -496,7 +505,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + file_split->predirlen - (start - file_split->predir); strncpy(&result[offset], start, - end - start); offset += end - start; + end - start); offset += (int)(end - start); result[offset] = '\\'; offset++; start = end + 1; } @@ -517,7 +526,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + file_split->dirlen - (start - file_split->dir); strncpy(&result[offset], start, - end - start); offset += end - start; + end - start); offset += (int)(end - start); result[offset] = '\\'; offset++; start = end + 1; } @@ -613,6 +622,8 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2 merged = win32_joiner(dso, filespec1_split); } + OPENSSL_free(filespec1_split); + OPENSSL_free(filespec2_split); return(merged); } @@ -656,5 +667,178 @@ static const char *openssl_strnchr(const char *string, int c, size_t len) return NULL; } +#include +#ifdef _WIN32_WCE +# define DLLNAME "TOOLHELP.DLL" +#else +# ifdef MODULEENTRY32 +# undef MODULEENTRY32 /* unmask the ASCII version! */ +# endif +# define DLLNAME "KERNEL32.DLL" +#endif + +typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); +typedef BOOL (WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *); -#endif /* OPENSSL_SYS_WIN32 */ +static int win32_pathbyaddr(void *addr,char *path,int sz) + { + HMODULE dll; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + MODULEENTRY32 me32; + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; + int len; + + if (addr == NULL) + { + union { int(*f)(void*,char*,int); void *p; } t = + { win32_pathbyaddr }; + addr = t.p; + } + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) + { + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + + create_snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CreateToolhelp32Snapshot"); + if (create_snap == NULL) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + /* We take the rest for granted... */ +#ifdef _WIN32_WCE + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CloseToolhelp32Snapshot"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll,"Module32First"); + module_next = (MODULE32)GetProcAddress(dll,"Module32Next"); + + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); + if( hModuleSnap == INVALID_HANDLE_VALUE ) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + + me32.dwSize = sizeof(me32); + + if(!(*module_first)(hModuleSnap,&me32)) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_FAILURE); + return -1; + } + + do { + if ((BYTE *)addr >= me32.modBaseAddr && + (BYTE *)addr < me32.modBaseAddr+me32.modBaseSize) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); +#ifdef _WIN32_WCE +# if _WIN32_WCE >= 101 + return WideCharToMultiByte(CP_ACP,0,me32.szExePath,-1, + path,sz,NULL,NULL); +# else + len = (int)wcslen(me32.szExePath); + if (sz <= 0) return len+1; + if (len >= sz) len=sz-1; + for(i=0;i= sz) len=sz-1; + memcpy(path,me32.szExePath,len); + path[len++] = 0; + return len; +#endif + } + } while((*module_next)(hModuleSnap, &me32)); + + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return 0; + } + +static void *win32_globallookup(const char *name) + { + HMODULE dll; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + MODULEENTRY32 me32; + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; + FARPROC ret=NULL; + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) + { + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + + create_snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CreateToolhelp32Snapshot"); + if (create_snap == NULL) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + /* We take the rest for granted... */ +#ifdef _WIN32_WCE + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CloseToolhelp32Snapshot"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll,"Module32First"); + module_next = (MODULE32)GetProcAddress(dll,"Module32Next"); + + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); + if( hModuleSnap == INVALID_HANDLE_VALUE ) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + + me32.dwSize = sizeof(me32); + + if (!(*module_first)(hModuleSnap,&me32)) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return NULL; + } + + do { + if ((ret = GetProcAddress(me32.hModule,name))) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return ret; + } + } while((*module_next)(hModuleSnap,&me32)); + + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return NULL; + } +#endif /* DSO_WIN32 */ diff --git a/src/lib/libcrypto/ec/Makefile b/src/lib/libcrypto/ec/Makefile index b5bbc9faa1..db380ed16f 100644 --- a/src/lib/libcrypto/ec/Makefile +++ b/src/lib/libcrypto/ec/Makefile @@ -19,11 +19,11 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\ - ec2_smpl.c ec2_smpt.c ec2_mult.c + ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ - ec2_smpl.o ec2_mult.o + ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o SRC= $(LIBSRC) @@ -38,7 +38,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h -ec2_smpt.o: ec2_smpt.c +ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h +ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ec_ameth.o: ../../include/openssl/opensslconf.h +ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +ec_ameth.o: ec_ameth.c ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c +ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +ec_pmeth.o: ec_pmeth.c ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c +eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h +eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c index 6148d553f9..7509cb9c7c 100644 --- a/src/lib/libcrypto/ec/ectest.c +++ b/src/lib/libcrypto/ec/ectest.c @@ -432,9 +432,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -478,9 +476,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -525,9 +521,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -577,9 +571,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -635,9 +627,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -809,7 +799,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ fprintf(stdout, "."); \ fflush(stdout); \ - /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \ + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ fprintf(stdout, " ok\n"); \ @@ -1336,7 +1326,7 @@ int main(int argc, char *argv[]) #endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); return 0; diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile index 0cc3722089..9c214824eb 100644 --- a/src/lib/libcrypto/engine/Makefile +++ b/src/lib/libcrypto/engine/Makefile @@ -20,13 +20,13 @@ LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ - tb_cipher.c tb_digest.c \ - eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ + eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ - tb_cipher.o tb_digest.o \ - eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o + tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ + eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o SRC= $(LIBSRC) @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,35 +88,34 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_all.o: ../cryptlib.h eng_all.c eng_int.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h @@ -131,9 +130,8 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -145,50 +143,49 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_err.o: eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_init.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -200,23 +197,22 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c +eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_list.o: ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -229,9 +225,8 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_openssl.o: ../../include/openssl/objects.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h @@ -241,31 +236,14 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c -eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h -eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_padlock.o: ../../include/openssl/objects.h -eng_padlock.o: ../../include/openssl/opensslconf.h -eng_padlock.o: ../../include/openssl/opensslv.h -eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_pkey.o: ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -277,8 +255,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -286,14 +264,29 @@ eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_table.o: eng_table.c +tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h +tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_asnmth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_asnmth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_asnmth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_asnmth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_asnmth.o: ../../include/openssl/objects.h +tb_asnmth.o: ../../include/openssl/opensslconf.h +tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +tb_asnmth.o: eng_int.h tb_asnmth.c tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -306,22 +299,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -334,78 +327,89 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h +tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_pkmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_pkmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_pkmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_pkmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_pkmeth.o: ../../include/openssl/objects.h +tb_pkmeth.o: ../../include/openssl/opensslconf.h +tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h +tb_pkmeth.o: tb_pkmeth.c tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c tb_store.o: ../../e_os.h ../../include/openssl/asn1.h tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_store.o: ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c index ab38cd52f0..52f4ca3901 100644 --- a/src/lib/libcrypto/engine/eng_cryptodev.c +++ b/src/lib/libcrypto/engine/eng_cryptodev.c @@ -32,7 +32,7 @@ #include #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD_version)) + (defined(OpenBSD) || defined(__FreeBSD__)) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void) #include #include +#include +#include +#include +#include #include #include #include @@ -68,6 +72,16 @@ ENGINE_load_cryptodev(void) struct dev_crypto_state { struct session_op d_sess; int d_fd; + +#ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; + + unsigned char digest_res[HASH_MAX_LEN]; + char *mac_data; + int mac_len; + + int copy; +#endif }; static u_int32_t cryptodev_asymfeat = 0; @@ -75,15 +89,14 @@ static u_int32_t cryptodev_asymfeat = 0; static int get_asym_dev_crypto(void); static int open_dev_crypto(void); static int get_dev_crypto(void); -static int cryptodev_max_iv(int cipher); -static int cryptodev_key_length_valid(int cipher, int len); -static int cipher_nid_to_cryptodev(int nid); static int get_cryptodev_ciphers(const int **cnids); +#ifdef USE_CRYPTODEV_DIGESTS static int get_cryptodev_digests(const int **cnids); +#endif static int cryptodev_usable_ciphers(const int **nids); static int cryptodev_usable_digests(const int **nids); static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); @@ -100,7 +113,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); + RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -117,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)()); + void (*f)(void)); void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { @@ -130,27 +143,34 @@ static struct { int ivmax; int keylen; } ciphers[] = { + { CRYPTO_ARC4, NID_rc4, 0, 16, }, { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, { 0, NID_undef, 0, 0, }, }; +#ifdef USE_CRYPTODEV_DIGESTS static struct { int id; int nid; + int keylen; } digests[] = { - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, - { CRYPTO_MD5_KPDK, NID_undef, }, - { CRYPTO_SHA1_KPDK, NID_undef, }, - { CRYPTO_MD5, NID_md5, }, - { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, + { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, + { CRYPTO_MD5_KPDK, NID_undef, 0}, + { CRYPTO_SHA1_KPDK, NID_undef, 0}, + { CRYPTO_MD5, NID_md5, 16}, + { CRYPTO_SHA1, NID_sha1, 20}, + { 0, NID_undef, 0}, }; +#endif /* * Return a fd if /dev/crypto seems usable, 0 otherwise. @@ -202,50 +222,6 @@ get_asym_dev_crypto(void) return fd; } -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ -static int -cryptodev_max_iv(int cipher) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].ivmax); - return (0); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. For now, fake it out - but most of these - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ -static int -cryptodev_key_length_valid(int cipher, int len) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); - return (0); -} - -/* convert libcrypto nids to cryptodev */ -static int -cipher_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (0); -} - /* * Find out what ciphers /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -264,7 +240,7 @@ get_cryptodev_ciphers(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; + sess.key = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (ciphers[i].nid == NID_undef) @@ -285,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids) return (count); } +#ifdef USE_CRYPTODEV_DIGESTS /* * Find out what digests /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -303,10 +280,12 @@ get_cryptodev_digests(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); + sess.mackey = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (digests[i].nid == NID_undef) continue; sess.mac = digests[i].id; + sess.mackeylen = digests[i].keylen; sess.cipher = 0; if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ioctl(fd, CIOCFSESSION, &sess.ses) != -1) @@ -320,6 +299,7 @@ get_cryptodev_digests(const int **cnids) *cnids = NULL; return (count); } +#endif /* 0 */ /* * Find the useable ciphers|digests from dev/crypto - this is the first @@ -351,6 +331,9 @@ cryptodev_usable_ciphers(const int **nids) static int cryptodev_usable_digests(const int **nids) { +#ifdef USE_CRYPTODEV_DIGESTS + return (get_cryptodev_digests(nids)); +#else /* * XXXX just disable all digests for now, because it sucks. * we need a better way to decide this - i.e. I may not @@ -365,16 +348,17 @@ cryptodev_usable_digests(const int **nids) */ *nids = NULL; return (0); +#endif } static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { struct crypt_op cryp; struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - void *iiv; + const void *iiv; unsigned char save_iv[EVP_MAX_IV_LENGTH]; if (state->d_fd < 0) @@ -398,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { cryp.iv = (caddr_t) ctx->iv; if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; + iiv = in + inl - ctx->cipher->iv_len; memcpy(save_iv, iiv, ctx->cipher->iv_len); } } else @@ -413,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; + iiv = out + inl - ctx->cipher->iv_len; else iiv = save_iv; memcpy(ctx->iv, iiv, ctx->cipher->iv_len); @@ -427,23 +411,27 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - int cipher; + int cipher = -1, i; - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) - return (0); - - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) - return (0); + for (i = 0; ciphers[i].id; i++) + if (ctx->cipher->nid == ciphers[i].nid && + ctx->cipher->iv_len <= ciphers[i].ivmax && + ctx->key_len == ciphers[i].keylen) { + cipher = ciphers[i].id; + break; + } - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) + if (!ciphers[i].id) { + state->d_fd = -1; return (0); + } memset(sess, 0, sizeof(struct session_op)); if ((state->d_fd = get_dev_crypto()) < 0) return (0); - sess->key = (unsigned char *)key; + sess->key = (caddr_t)key; sess->keylen = ctx->key_len; sess->cipher = cipher; @@ -496,6 +484,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) * gets called when libcrypto requests a cipher NID. */ +/* RC4 */ +const EVP_CIPHER cryptodev_rc4 = { + NID_rc4, + 1, 16, 0, + EVP_CIPH_VARIABLE_LENGTH, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + NULL, + NULL, + NULL +}; + /* DES CBC EVP */ const EVP_CIPHER cryptodev_des_cbc = { NID_des_cbc, @@ -563,6 +565,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { NULL }; +const EVP_CIPHER cryptodev_aes_192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_aes_256_cbc = { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the @@ -576,6 +604,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (cryptodev_usable_ciphers(nids)); switch (nid) { + case NID_rc4: + *cipher = &cryptodev_rc4; + break; case NID_des_ede3_cbc: *cipher = &cryptodev_3des_cbc; break; @@ -591,6 +622,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = &cryptodev_aes_cbc; break; + case NID_aes_192_cbc: + *cipher = &cryptodev_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; default: *cipher = NULL; break; @@ -598,6 +635,234 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (*cipher != NULL); } + +#ifdef USE_CRYPTODEV_DIGESTS + +/* convert digest type to cryptodev */ +static int +digest_nid_to_cryptodev(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return (digests[i].id); + return (0); +} + + +static int +digest_key_length(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return digests[i].keylen; + return (0); +} + + +static int cryptodev_digest_init(EVP_MD_CTX *ctx) +{ + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + int digest; + + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ + printf("cryptodev_digest_init: Can't get digest \n"); + return (0); + } + + memset(state, 0, sizeof(struct dev_crypto_state)); + + if ((state->d_fd = get_dev_crypto()) < 0) { + printf("cryptodev_digest_init: Can't get Dev \n"); + return (0); + } + + sess->mackey = state->dummy_mac_key; + sess->mackeylen = digest_key_length(ctx->digest->type); + sess->mac = digest; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { + close(state->d_fd); + state->d_fd = -1; + printf("cryptodev_digest_init: Open session failed\n"); + return (0); + } + + return (1); +} + +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + size_t count) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (!data || state->d_fd < 0) { + printf("cryptodev_digest_update: illegal inputs \n"); + return (0); + } + + if (!count) { + return (0); + } + + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { + /* if application doesn't support one buffer */ + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); + + if (!state->mac_data) { + printf("cryptodev_digest_update: realloc failed\n"); + return (0); + } + + memcpy(state->mac_data + state->mac_len, data, count); + state->mac_len += count; + + return (1); + } + + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = count; + cryp.src = (caddr_t) data; + cryp.dst = NULL; + cryp.mac = (caddr_t) state->digest_res; + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_update: digest failed\n"); + return (0); + } + return (1); +} + + +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + int ret = 1; + + if (!md || state->d_fd < 0) { + printf("cryptodev_digest_final: illegal input\n"); + return(0); + } + + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { + /* if application doesn't support one buffer */ + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = state->mac_len; + cryp.src = state->mac_data; + cryp.dst = NULL; + cryp.mac = (caddr_t)md; + + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_final: digest failed\n"); + return (0); + } + + return 1; + } + + memcpy(md, state->digest_res, ctx->digest->md_size); + + return (ret); +} + + +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) +{ + int ret = 1; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (state->d_fd < 0) { + printf("cryptodev_digest_cleanup: illegal input\n"); + return (0); + } + + if (state->mac_data) { + OPENSSL_free(state->mac_data); + state->mac_data = NULL; + state->mac_len = 0; + } + + if (state->copy) + return 1; + + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { + printf("cryptodev_digest_cleanup: failed to close session\n"); + ret = 0; + } else { + ret = 1; + } + close(state->d_fd); + state->d_fd = -1; + + return (ret); +} + +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) +{ + struct dev_crypto_state *fstate = from->md_data; + struct dev_crypto_state *dstate = to->md_data; + + memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); + + if (fstate->mac_len != 0) { + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); + } + + dstate->copy = 1; + + return 1; +} + + +const EVP_MD cryptodev_sha1 = { + NID_sha1, + NID_undef, + SHA_DIGEST_LENGTH, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + SHA_CBLOCK, + sizeof(struct dev_crypto_state), +}; + +const EVP_MD cryptodev_md5 = { + NID_md5, + NID_undef, + 16 /* MD5_DIGEST_LENGTH */, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + 64 /* MD5_CBLOCK */, + sizeof(struct dev_crypto_state), +}; + +#endif /* USE_CRYPTODEV_DIGESTS */ + + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) @@ -606,10 +871,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, return (cryptodev_usable_digests(nids)); switch (nid) { +#ifdef USE_CRYPTODEV_DIGESTS case NID_md5: - *digest = NULL; /* need to make a clean md5 critter */ + *digest = &cryptodev_md5; break; + case NID_sha1: + *digest = &cryptodev_sha1; + break; default: +#endif /* USE_CRYPTODEV_DIGESTS */ *digest = NULL; break; } @@ -625,7 +895,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) { int i, j, k; - ssize_t words, bytes, bits; + ssize_t bytes, bits; u_char *b; crp->crp_p = NULL; @@ -637,8 +907,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) b = malloc(bytes); if (b == NULL) return (1); + memset(b, 0, bytes); - crp->crp_p = b; + crp->crp_p = (caddr_t) b; crp->crp_nbits = bits; for (i = 0, j = 0; i < a->top; i++) { @@ -681,7 +952,7 @@ zapparams(struct crypt_kop *kop) { int i; - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { if (kop->crk_param[i].crp_p) free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; @@ -746,21 +1017,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; kop.crk_iparams = 3; - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, Running in software\n"); + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; - BN_CTX *ctx; - ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); BN_CTX_free(ctx); @@ -795,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; kop.crk_iparams = 6; - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, running in Software\n"); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); @@ -934,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, kop.crk_iparams = 7; if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { - dsaret = kop.crk_status; +/*OCF success value is 0, if not zero, change dsaret to fail*/ + if(0 != kop.crk_status) dsaret = 0; } else { const DSA_METHOD *meth = DSA_OpenSSL(); @@ -994,7 +1280,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; kop.crk_iparams = 3; - kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_p = (caddr_t) key; kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; @@ -1025,7 +1311,7 @@ static DH_METHOD cryptodev_dh = { * but I expect we'll want some options soon. */ static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { #ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c index e3834611db..f4d70e7e0a 100644 --- a/src/lib/libcrypto/engine/enginetest.c +++ b/src/lib/libcrypto/engine/enginetest.c @@ -276,7 +276,7 @@ end: ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); return to_return; } diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile index 91d1379d41..862b23ba17 100644 --- a/src/lib/libcrypto/err/Makefile +++ b/src/lib/libcrypto/err/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c -LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o +LIBSRC=err.c err_all.c err_prn.c +LIBOBJ=err.o err_all.o err_prn.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h err.o: ../cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h err_all.o: ../../include/openssl/x509v3.h err_all.c -err_bio.o: ../../e_os.h ../../include/openssl/bio.h -err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c -err_def.o: ../../e_os.h ../../include/openssl/bio.h -err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c -err_str.o: ../../e_os.h ../../include/openssl/bio.h -err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile index c204f84c1d..82825e5299 100644 --- a/src/lib/libcrypto/evp/Makefile +++ b/src/lib/libcrypto/evp/Makefile @@ -18,34 +18,34 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ +LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ + e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ + m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ - e_old.c + e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c -LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ - e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ + e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ + m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ - e_old.o + e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o SRC= $(LIBSRC) EXHEADER= evp.h -HEADER= $(EXHEADER) +HEADER= evp_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -55,7 +55,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -101,201 +101,185 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_b64.o: ../cryptlib.h bio_b64.c +bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_enc.o: ../cryptlib.h bio_enc.c +bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c +bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_md.o: ../cryptlib.h bio_md.c bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_ok.o: ../cryptlib.h bio_ok.c +bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c +c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_allc.o: ../cryptlib.h c_allc.c c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c -dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h -dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h +c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_alld.o: ../cryptlib.h c_alld.c digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h +digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +digest.o: ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h +e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c +e_aes.o: evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_bf.o: ../cryptlib.h e_bf.c evp_locl.h -e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c +e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h +e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_camellia.o: ../../include/openssl/opensslconf.h +e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_cast.o: ../cryptlib.h e_cast.c evp_locl.h +e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -e_des.o: ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -e_des3.o: ../cryptlib.h e_des3.c evp_locl.h +e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_idea.o: ../cryptlib.h e_idea.c evp_locl.h +e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c +e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_null.o: ../cryptlib.h e_null.c e_old.o: e_old.c e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h +e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h +e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h +e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c e_rc5.o: ../../e_os.h ../../include/openssl/bio.h e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -306,256 +290,221 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_seed.o: e_seed.c +e_seed.o: e_seed.c evp_locl.h e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_xcbc_d.o: ../../include/openssl/opensslconf.h +e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c -enc_min.o: ../../e_os.h ../../include/openssl/asn1.h -enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h -enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h +e_xcbc_d.o: evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c +encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +encode.o: ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_acnf.o: ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c -evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h -evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -evp_cnf.o: ../cryptlib.h evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_err.o: evp_err.c +evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_err.o: ../../include/openssl/symhacks.h evp_err.c evp_key.o: ../../e_os.h ../../include/openssl/asn1.h evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_key.o: ../cryptlib.h evp_key.c +evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_lib.o: ../cryptlib.h evp_lib.c +evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_pkey.o: ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c +evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c +m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss.o: ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c +m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss1.o: ../cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c -m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_md2.o: ../../e_os.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h -m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md2.o: ../cryptlib.h evp_locl.h m_md2.c +m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h -m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md4.o: ../cryptlib.h evp_locl.h m_md4.c +m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h +m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h -m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md5.o: ../cryptlib.h evp_locl.h m_md5.c -m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h +m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h +m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c +m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h +m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_null.o: ../cryptlib.h m_null.c +m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_ripemd.o: ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -567,62 +516,87 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c +m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha.o: ../cryptlib.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c +m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha1.o: ../cryptlib.h m_sha1.c +m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h +m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sigver.o: ../../include/openssl/opensslconf.h +m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h +m_sigver.o: m_sigver.c +m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h +m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_wp.o: ../cryptlib.h m_wp.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h names.o: ../../include/openssl/err.h ../../include/openssl/evp.h -names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -names.o: ../cryptlib.h names.c +names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c +p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_crpt.o: ../cryptlib.h p5_crpt.c p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_crpt2.o: ../../include/openssl/opensslconf.h +p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -633,37 +607,35 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_dec.o: ../cryptlib.h p_dec.c +p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_enc.o: ../cryptlib.h p_enc.c +p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c p_lib.o: ../../e_os.h ../../include/openssl/asn1.h p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -671,57 +643,91 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_lib.o: ../cryptlib.h p_lib.c +p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c +p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_open.o: ../cryptlib.h p_open.c p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_seal.o: ../cryptlib.h p_seal.c +p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_sign.o: ../cryptlib.h p_sign.c +p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_verify.o: ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c +pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h +pmeth_fn.o: pmeth_fn.c +pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pmeth_gn.o: ../../include/openssl/opensslconf.h +pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h +pmeth_gn.o: pmeth_gn.c +pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pmeth_lib.o: ../../include/openssl/objects.h +pmeth_lib.o: ../../include/openssl/opensslconf.h +pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pmeth_lib.o: evp_locl.h pmeth_lib.c diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c index 7054d8125d..c5f9268378 100644 --- a/src/lib/libcrypto/evp/c_allc.c +++ b/src/lib/libcrypto/evp/c_allc.c @@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb1()); + EVP_add_cipher(EVP_des_ede3_cfb8()); EVP_add_cipher(EVP_des_ofb()); EVP_add_cipher(EVP_des_ede_ofb()); @@ -219,7 +221,4 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); #endif - - PKCS12_PBE_add(); - PKCS5_PBE_add(); } diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c index d270b0ee03..311e1fe2f8 100644 --- a/src/lib/libcrypto/evp/c_alld.c +++ b/src/lib/libcrypto/evp/c_alld.c @@ -64,9 +64,6 @@ void OpenSSL_add_all_digests(void) { -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif @@ -81,7 +78,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_dss()); #endif #endif -#ifndef OPENSSL_NO_SHA +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); @@ -110,5 +107,8 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); +#endif +#ifndef OPENSSL_NO_WHIRLPOOL + EVP_add_digest(EVP_whirlpool()); #endif } diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index 436be20bf1..902efac975 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c @@ -153,8 +153,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(kn != c->key_len) { - fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn, - c->key_len); + fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn, + (unsigned long)c->key_len); test1_exit(5); } EVP_CIPHER_CTX_init(&ctx); @@ -441,7 +441,7 @@ int main(int argc,char **argv) #endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks_fp(stderr); diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c index 8eee6236ba..5ce849f161 100644 --- a/src/lib/libcrypto/evp/m_md2.c +++ b/src/lib/libcrypto/evp/m_md2.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #ifndef OPENSSL_NO_MD2 diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c index 9f9bcf06ed..b08d559803 100644 --- a/src/lib/libcrypto/evp/m_mdc2.c +++ b/src/lib/libcrypto/evp/m_mdc2.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #ifndef OPENSSL_NO_MDC2 @@ -66,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c index 3f30dfc579..acccc8f92d 100644 --- a/src/lib/libcrypto/evp/m_sha.c +++ b/src/lib/libcrypto/evp/m_sha.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile index 5cfa37d99c..0e91709f64 100644 --- a/src/lib/libcrypto/hmac/Makefile +++ b/src/lib/libcrypto/hmac/Makefile @@ -17,8 +17,8 @@ TEST=hmactest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=hmac.c -LIBOBJ=hmac.o +LIBSRC=hmac.c hm_ameth.c hm_pmeth.c +LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,13 +74,37 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h +hm_ameth.o: hm_ameth.c +hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hm_pmeth.o: ../../include/openssl/opensslconf.h +hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hmac.o: ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile index 55c0d4dbff..b2e7add666 100644 --- a/src/lib/libcrypto/idea/Makefile +++ b/src/lib/libcrypto/idea/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ofb64.o: i_ofb64.c idea_lcl.h -i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h -i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_skey.o: i_skey.c idea_lcl.h diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com index ffad1f97a7..ad3e4d48c7 100644 --- a/src/lib/libcrypto/install.com +++ b/src/lib/libcrypto/install.com @@ -3,15 +3,26 @@ $! $! Author: Richard Levitte $! Time of creation: 22-MAY-1998 10:13 $! +$! Changes by Zoltan Arpadffy +$! $! P1 root of the directory tree $! $ IF P1 .EQS. "" $ THEN $ WRITE SYS$OUTPUT "First argument missing." -$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." +$ WRITE SYS$OUTPUT - + "It should be the directory where you want things installed." $ EXIT $ ENDIF $ +$ IF (F$GETSYI("CPU").LT.128) +$ THEN +$ ARCH := VAX +$ ELSE +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" +$ ENDIF +$ $ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - @@ -19,30 +30,28 @@ $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - $ ROOT = ROOT_DEV + "[" + ROOT_DIR $ $ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] -$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB] +$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB] $ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[000000] -$ IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLVLIB: -$ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLALIB: +$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLLIB: $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLINCLUDE: $ $ SDIRS := ,- + _'ARCH',- OBJECTS,- - MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- + MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,- DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- UI,KRB5,- - STORE,PQUEUE,JPAKE -$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- - symhacks.h,ossl_typ.h + STORE,CMS,PQUEUE,TS,JPAKE +$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h +$ EXHEADER__'ARCH' := opensslconf.h $ EXHEADER_OBJECTS := objects.h,obj_mac.h $ EXHEADER_MD2 := md2.h $ EXHEADER_MD4 := md4.h @@ -51,6 +60,7 @@ $ EXHEADER_SHA := sha.h $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h +$ EXHEADER_WHRLPOOL := whrlpool.h $ EXHEADER_DES := des.h,des_old.h $ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h @@ -61,6 +71,7 @@ $ EXHEADER_BF := blowfish.h $ EXHEADER_CAST := cast.h $ EXHEADER_CAMELLIA := camellia.h $ EXHEADER_SEED := seed.h +$ EXHEADER_MODES := modes.h $ EXHEADER_BN := bn.h $ EXHEADER_EC := ec.h $ EXHEADER_RSA := rsa.h @@ -91,12 +102,13 @@ $ EXHEADER_UI := ui.h,ui_compat.h $ EXHEADER_KRB5 := krb5_asn.h $! EXHEADER_STORE := store.h,str_compat.h $ EXHEADER_STORE := store.h -$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h +$ EXHEADER_CMS := cms.h +$ EXHEADER_PQUEUE := pqueue.h +$ EXHEADER_TS := ts.h $ EXHEADER_JPAKE := jpake.h $ LIBS := LIBCRYPTO $ -$ VEXE_DIR := [-.VAX.EXE.CRYPTO] -$ AEXE_DIR := [-.AXP.EXE.CRYPTO] +$ EXE_DIR := [-.'ARCH'.EXE.CRYPTO] $ $ I = 0 $ LOOP_SDIRS: @@ -108,7 +120,12 @@ $ IF D .EQS. "" $ THEN $ COPY 'tmp' WRK_SSLINCLUDE: /LOG $ ELSE -$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG +$ IF D .EQS. "_''ARCH'" +$ THEN +$ COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG +$ ELSE +$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG +$ ENDIF $ ENDIF $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp' $ GOTO LOOP_SDIRS @@ -120,27 +137,16 @@ $ E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM") $ I = I + 1 $ IF E .EQS. "," THEN GOTO LOOP_LIB_END $ SET NOON -$ IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB -$ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE -$ ENDIF -$ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. "" +$ IF F$SEARCH(EXE_DIR+E+".OLB") .NES. "" $ THEN -$ COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB +$ COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log +$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB $ ENDIF $ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" +$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. "" $ THEN -$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE +$ COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE $ ENDIF $ SET ON $ GOTO LOOP_LIB diff --git a/src/lib/libcrypto/krb5/Makefile b/src/lib/libcrypto/krb5/Makefile index 8efb9e8910..14077390d6 100644 --- a/src/lib/libcrypto/krb5/Makefile +++ b/src/lib/libcrypto/krb5/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile index 35f0932971..82bddac474 100644 --- a/src/lib/libcrypto/lhash/Makefile +++ b/src/lib/libcrypto/lhash/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile index 7f43321ab2..17f878aeb7 100644 --- a/src/lib/libcrypto/md2/Makefile +++ b/src/lib/libcrypto/md2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,9 +74,7 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/src/lib/libcrypto/md2/md2.h b/src/lib/libcrypto/md2/md2.h index d59c9f2593..a46120e7d4 100644 --- a/src/lib/libcrypto/md2/md2.h +++ b/src/lib/libcrypto/md2/md2.h @@ -81,9 +81,6 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); -#ifdef OPENSSL_FIPS -int private_MD2_Init(MD2_CTX *c); -#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c index cc4eeaf7a7..c57b3da288 100644 --- a/src/lib/libcrypto/md2/md2_dgst.c +++ b/src/lib/libcrypto/md2/md2_dgst.c @@ -62,11 +62,6 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif - -#include const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; @@ -78,7 +73,7 @@ const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; static void md2_block(MD2_CTX *c, const unsigned char *d); /* The magic S table - I have converted it to hex since it is * basically just a random byte string. */ -static MD2_INT S[256]={ +static const MD2_INT S[256]={ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, @@ -121,7 +116,7 @@ const char *MD2_options(void) return("md2(int)"); } -FIPS_NON_FIPS_MD_Init(MD2) +int MD2_Init(MD2_CTX *c) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile index 0bc4896585..c94a1398ed 100644 --- a/src/lib/libcrypto/md4/Makefile +++ b/src/lib/libcrypto/md4/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -69,19 +69,16 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS) clean: rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h +md4_dgst.o: ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c md4_dgst.o: md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile index 3c450fcfc0..9858d53d31 100644 --- a/src/lib/libcrypto/md5/Makefile +++ b/src/lib/libcrypto/md5/Makefile @@ -38,21 +38,19 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@) -# COFF -mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@) -# a.out -mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) +md5-586.s: asm/md5-586.pl ../perlasm/x86asm.pl + $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ +md5-x86_64.s: asm/md5-x86_64.pl + $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@ + +md5-ia64.s: asm/md5-ia64.S + $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ + $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -91,13 +89,9 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c md5_dgst.o: md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile index ea25688d88..1d064f17a6 100644 --- a/src/lib/libcrypto/mdc2/Makefile +++ b/src/lib/libcrypto/mdc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h index 7e1354116a..72778a5212 100644 --- a/src/lib/libcrypto/mdc2/mdc2.h +++ b/src/lib/libcrypto/mdc2/mdc2.h @@ -80,9 +80,7 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; -#ifdef OPENSSL_FIPS -int private_MDC2_Init(MDC2_CTX *c); -#endif + int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c index 00ebaf0b9b..6f80dd33eb 100644 --- a/src/lib/libcrypto/mem.c +++ b/src/lib/libcrypto/mem.c @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) = free; /* may be changed as long as 'allow_customize_debug' is set */ /* XXX use correct function pointer types */ -#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) +#ifdef CRYPTO_MDEBUG /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; @@ -110,14 +110,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; - -static int (*push_info_func)(const char *info, const char *file, int line) - = CRYPTO_dbg_push_info; -static int (*pop_info_func)(void) - = CRYPTO_dbg_pop_info; -static int (*remove_all_info_func)(void) - = CRYPTO_dbg_remove_all_info; - #else /* applications can use CRYPTO_malloc_debug_init() to select above case * at run-time */ @@ -127,13 +119,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = NULL; static void (*set_debug_options_func)(long) = NULL; static long (*get_debug_options_func)(void) = NULL; - - -static int (*push_info_func)(const char *info, const char *file, int line) - = NULL; -static int (*pop_info_func)(void) = NULL; -static int (*remove_all_info_func)(void) = NULL; - #endif @@ -209,15 +194,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), return 1; } -void CRYPTO_set_mem_info_functions( - int (*push_info_fn)(const char *info, const char *file, int line), - int (*pop_info_fn)(void), - int (*remove_all_info_fn)(void)) - { - push_info_func = push_info_fn; - pop_info_func = pop_info_fn; - remove_all_info_func = remove_all_info_fn; - } void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), void (**f)(void *)) @@ -274,7 +250,6 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line) { void *ret = NULL; - extern unsigned char cleanse_ctr; if (num <= 0) return NULL; @@ -291,11 +266,15 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); +#ifndef OPENSSL_CPUID_OBJ /* Create a dependency on the value of 'cleanse_ctr' so our memory * sanitisation function can't be optimised out. NB: We only do * this for >2Kb so the overhead doesn't bother us. */ if(ret && (num > 2048)) + { extern unsigned char cleanse_ctr; ((unsigned char *)ret)[0] = cleanse_ctr; + } +#endif return ret; } @@ -315,7 +294,6 @@ void CRYPTO_free_locked(void *str) void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; - extern unsigned char cleanse_ctr; if (num <= 0) return NULL; @@ -332,12 +310,23 @@ void *CRYPTO_malloc(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); +#ifndef OPENSSL_CPUID_OBJ /* Create a dependency on the value of 'cleanse_ctr' so our memory * sanitisation function can't be optimised out. NB: We only do * this for >2Kb so the overhead doesn't bother us. */ if(ret && (num > 2048)) + { extern unsigned char cleanse_ctr; ((unsigned char *)ret)[0] = cleanse_ctr; + } +#endif + + return ret; + } +char *CRYPTO_strdup(const char *str, const char *file, int line) + { + char *ret = CRYPTO_malloc(strlen(str)+1, file, line); + strcpy(ret, str); return ret; } @@ -423,24 +412,3 @@ long CRYPTO_get_mem_debug_options(void) return get_debug_options_func(); return 0; } - -int CRYPTO_push_info_(const char *info, const char *file, int line) - { - if (push_info_func) - return push_info_func(info, file, line); - return 1; - } - -int CRYPTO_pop_info(void) - { - if (pop_info_func) - return pop_info_func(); - return 1; - } - -int CRYPTO_remove_all_info(void) - { - if (remove_all_info_func) - return remove_all_info_func(); - return 1; - } diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile index 25e8b23b5d..a8aedbd422 100644 --- a/src/lib/libcrypto/objects/Makefile +++ b/src/lib/libcrypto/objects/Makefile @@ -18,23 +18,23 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c -LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o +LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c +LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o SRC= $(LIBSRC) EXHEADER= objects.h obj_mac.h -HEADER= $(EXHEADER) obj_dat.h +HEADER= $(EXHEADER) obj_dat.h obj_xref.h ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -all: obj_dat.h lib +all: obj_dat.h obj_xref.h lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h @sleep 1; touch obj_mac.h; sleep 1 +obj_xref.h: objxref.pl obj_xref.txt obj_mac.num + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h + @sleep 1; touch obj_xref.h; sleep 1 + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h obj_lib.o: ../cryptlib.h obj_lib.c +obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_xref.o: ../../include/openssl/opensslconf.h +obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h diff --git a/src/lib/libcrypto/objects/obj_dat.h b/src/lib/libcrypto/objects/obj_dat.h index dccc15e03c..6449be6071 100644 --- a/src/lib/libcrypto/objects/obj_dat.h +++ b/src/lib/libcrypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 859 -#define NUM_SN 852 -#define NUM_LN 852 -#define NUM_OBJ 806 +#define NUM_NID 893 +#define NUM_SN 886 +#define NUM_LN 886 +#define NUM_OBJ 840 -static unsigned char lvalues[5722]={ +static const unsigned char lvalues[5824]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -707,7 +707,7 @@ static unsigned char lvalues[5722]={ 0x2B, /* [4582] OBJ_identified_organization */ 0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ 0x67,0x2B, /* [4586] OBJ_wap */ -0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +0x67,0x2B,0x01, /* [4588] OBJ_wap_wsg */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ @@ -763,17 +763,17 @@ static unsigned char lvalues[5722]={ 0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ 0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ 0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ -0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x67,0x2B,0x01,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ 0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ 0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ 0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ @@ -874,9 +874,43 @@ static unsigned char lvalues[5722]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ 0x55,0x1D,0x2E, /* [5710] OBJ_freshest_crl */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5713] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5721] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5724] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5727] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5730] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5733] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5736] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5739] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5742] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5745] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5748] OBJ_x121Address */ +0x55,0x04,0x19, /* [5751] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5754] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5757] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5760] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5763] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5766] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5769] OBJ_member */ +0x55,0x04,0x20, /* [5772] OBJ_owner */ +0x55,0x04,0x21, /* [5775] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5778] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5781] OBJ_userPassword */ +0x55,0x04,0x24, /* [5784] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5787] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5790] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5793] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5796] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5799] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5802] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5805] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5808] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5811] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5814] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5817] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5820] OBJ_dmdName */ }; -static ASN1_OBJECT nid_objs[NUM_NID]={ +static const ASN1_OBJECT nid_objs[NUM_NID]={ {"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0}, {"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0}, {"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0}, @@ -1928,7 +1962,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, @@ -2262,2524 +2296,2681 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[5710]),0}, {"id-on-permanentIdentifier","Permanent Identifier", NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0}, +{"businessCategory","businessCategory",NID_businessCategory,3, + &(lvalues[5724]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0}, +{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", + NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0}, +{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, + &(lvalues[5736]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0}, +{"teletexTerminalIdentifier","teletexTerminalIdentifier", + NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0}, +{"facsimileTelephoneNumber","facsimileTelephoneNumber", + NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0}, +{"internationaliSDNNumber","internationaliSDNNumber", + NID_internationaliSDNNumber,3,&(lvalues[5751]),0}, +{"registeredAddress","registeredAddress",NID_registeredAddress,3, + &(lvalues[5754]),0}, +{"destinationIndicator","destinationIndicator", + NID_destinationIndicator,3,&(lvalues[5757]),0}, +{"preferredDeliveryMethod","preferredDeliveryMethod", + NID_preferredDeliveryMethod,3,&(lvalues[5760]),0}, +{"presentationAddress","presentationAddress",NID_presentationAddress, + 3,&(lvalues[5763]),0}, +{"supportedApplicationContext","supportedApplicationContext", + NID_supportedApplicationContext,3,&(lvalues[5766]),0}, +{"member","member",NID_member,3,&(lvalues[5769]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5772]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0}, +{"userCertificate","userCertificate",NID_userCertificate,3, + &(lvalues[5784]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0}, +{"authorityRevocationList","authorityRevocationList", + NID_authorityRevocationList,3,&(lvalues[5790]),0}, +{"certificateRevocationList","certificateRevocationList", + NID_certificateRevocationList,3,&(lvalues[5793]),0}, +{"crossCertificatePair","crossCertificatePair", + NID_crossCertificatePair,3,&(lvalues[5796]),0}, +{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, + 3,&(lvalues[5799]),0}, +{"protocolInformation","protocolInformation",NID_protocolInformation, + 3,&(lvalues[5802]),0}, +{"distinguishedName","distinguishedName",NID_distinguishedName,3, + &(lvalues[5805]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0}, +{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, + &(lvalues[5811]),0}, +{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, + 3,&(lvalues[5814]),0}, +{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, + 3,&(lvalues[5817]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0}, }; -static ASN1_OBJECT *sn_objs[NUM_SN]={ -&(nid_objs[364]),/* "AD_DVCS" */ -&(nid_objs[419]),/* "AES-128-CBC" */ -&(nid_objs[421]),/* "AES-128-CFB" */ -&(nid_objs[650]),/* "AES-128-CFB1" */ -&(nid_objs[653]),/* "AES-128-CFB8" */ -&(nid_objs[418]),/* "AES-128-ECB" */ -&(nid_objs[420]),/* "AES-128-OFB" */ -&(nid_objs[423]),/* "AES-192-CBC" */ -&(nid_objs[425]),/* "AES-192-CFB" */ -&(nid_objs[651]),/* "AES-192-CFB1" */ -&(nid_objs[654]),/* "AES-192-CFB8" */ -&(nid_objs[422]),/* "AES-192-ECB" */ -&(nid_objs[424]),/* "AES-192-OFB" */ -&(nid_objs[427]),/* "AES-256-CBC" */ -&(nid_objs[429]),/* "AES-256-CFB" */ -&(nid_objs[652]),/* "AES-256-CFB1" */ -&(nid_objs[655]),/* "AES-256-CFB8" */ -&(nid_objs[426]),/* "AES-256-ECB" */ -&(nid_objs[428]),/* "AES-256-OFB" */ -&(nid_objs[91]),/* "BF-CBC" */ -&(nid_objs[93]),/* "BF-CFB" */ -&(nid_objs[92]),/* "BF-ECB" */ -&(nid_objs[94]),/* "BF-OFB" */ -&(nid_objs[14]),/* "C" */ -&(nid_objs[751]),/* "CAMELLIA-128-CBC" */ -&(nid_objs[757]),/* "CAMELLIA-128-CFB" */ -&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */ -&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */ -&(nid_objs[754]),/* "CAMELLIA-128-ECB" */ -&(nid_objs[766]),/* "CAMELLIA-128-OFB" */ -&(nid_objs[752]),/* "CAMELLIA-192-CBC" */ -&(nid_objs[758]),/* "CAMELLIA-192-CFB" */ -&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */ -&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */ -&(nid_objs[755]),/* "CAMELLIA-192-ECB" */ -&(nid_objs[767]),/* "CAMELLIA-192-OFB" */ -&(nid_objs[753]),/* "CAMELLIA-256-CBC" */ -&(nid_objs[759]),/* "CAMELLIA-256-CFB" */ -&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */ -&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */ -&(nid_objs[756]),/* "CAMELLIA-256-ECB" */ -&(nid_objs[768]),/* "CAMELLIA-256-OFB" */ -&(nid_objs[108]),/* "CAST5-CBC" */ -&(nid_objs[110]),/* "CAST5-CFB" */ -&(nid_objs[109]),/* "CAST5-ECB" */ -&(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[13]),/* "CN" */ -&(nid_objs[141]),/* "CRLReason" */ -&(nid_objs[417]),/* "CSPName" */ -&(nid_objs[367]),/* "CrlID" */ -&(nid_objs[391]),/* "DC" */ -&(nid_objs[31]),/* "DES-CBC" */ -&(nid_objs[643]),/* "DES-CDMF" */ -&(nid_objs[30]),/* "DES-CFB" */ -&(nid_objs[656]),/* "DES-CFB1" */ -&(nid_objs[657]),/* "DES-CFB8" */ -&(nid_objs[29]),/* "DES-ECB" */ -&(nid_objs[32]),/* "DES-EDE" */ -&(nid_objs[43]),/* "DES-EDE-CBC" */ -&(nid_objs[60]),/* "DES-EDE-CFB" */ -&(nid_objs[62]),/* "DES-EDE-OFB" */ -&(nid_objs[33]),/* "DES-EDE3" */ -&(nid_objs[44]),/* "DES-EDE3-CBC" */ -&(nid_objs[61]),/* "DES-EDE3-CFB" */ -&(nid_objs[658]),/* "DES-EDE3-CFB1" */ -&(nid_objs[659]),/* "DES-EDE3-CFB8" */ -&(nid_objs[63]),/* "DES-EDE3-OFB" */ -&(nid_objs[45]),/* "DES-OFB" */ -&(nid_objs[80]),/* "DESX-CBC" */ -&(nid_objs[380]),/* "DOD" */ -&(nid_objs[116]),/* "DSA" */ -&(nid_objs[66]),/* "DSA-SHA" */ -&(nid_objs[113]),/* "DSA-SHA1" */ -&(nid_objs[70]),/* "DSA-SHA1-old" */ -&(nid_objs[67]),/* "DSA-old" */ -&(nid_objs[297]),/* "DVCS" */ -&(nid_objs[99]),/* "GN" */ -&(nid_objs[855]),/* "HMAC" */ -&(nid_objs[780]),/* "HMAC-MD5" */ -&(nid_objs[781]),/* "HMAC-SHA1" */ -&(nid_objs[381]),/* "IANA" */ -&(nid_objs[34]),/* "IDEA-CBC" */ -&(nid_objs[35]),/* "IDEA-CFB" */ -&(nid_objs[36]),/* "IDEA-ECB" */ -&(nid_objs[46]),/* "IDEA-OFB" */ -&(nid_objs[181]),/* "ISO" */ -&(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[645]),/* "ITU-T" */ -&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */ -&(nid_objs[773]),/* "KISA" */ -&(nid_objs[15]),/* "L" */ -&(nid_objs[856]),/* "LocalKeySet" */ -&(nid_objs[ 3]),/* "MD2" */ -&(nid_objs[257]),/* "MD4" */ -&(nid_objs[ 4]),/* "MD5" */ -&(nid_objs[114]),/* "MD5-SHA1" */ -&(nid_objs[95]),/* "MDC2" */ -&(nid_objs[388]),/* "Mail" */ -&(nid_objs[393]),/* "NULL" */ -&(nid_objs[404]),/* "NULL" */ -&(nid_objs[57]),/* "Netscape" */ -&(nid_objs[366]),/* "Nonce" */ -&(nid_objs[17]),/* "O" */ -&(nid_objs[178]),/* "OCSP" */ -&(nid_objs[180]),/* "OCSPSigning" */ -&(nid_objs[379]),/* "ORG" */ -&(nid_objs[18]),/* "OU" */ -&(nid_objs[749]),/* "Oakley-EC2N-3" */ -&(nid_objs[750]),/* "Oakley-EC2N-4" */ -&(nid_objs[ 9]),/* "PBE-MD2-DES" */ -&(nid_objs[168]),/* "PBE-MD2-RC2-64" */ -&(nid_objs[10]),/* "PBE-MD5-DES" */ -&(nid_objs[169]),/* "PBE-MD5-RC2-64" */ -&(nid_objs[147]),/* "PBE-SHA1-2DES" */ -&(nid_objs[146]),/* "PBE-SHA1-3DES" */ -&(nid_objs[170]),/* "PBE-SHA1-DES" */ -&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */ -&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */ -&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */ -&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */ -&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */ -&(nid_objs[161]),/* "PBES2" */ -&(nid_objs[69]),/* "PBKDF2" */ -&(nid_objs[162]),/* "PBMAC1" */ -&(nid_objs[127]),/* "PKIX" */ -&(nid_objs[98]),/* "RC2-40-CBC" */ -&(nid_objs[166]),/* "RC2-64-CBC" */ -&(nid_objs[37]),/* "RC2-CBC" */ -&(nid_objs[39]),/* "RC2-CFB" */ -&(nid_objs[38]),/* "RC2-ECB" */ -&(nid_objs[40]),/* "RC2-OFB" */ -&(nid_objs[ 5]),/* "RC4" */ -&(nid_objs[97]),/* "RC4-40" */ -&(nid_objs[120]),/* "RC5-CBC" */ -&(nid_objs[122]),/* "RC5-CFB" */ -&(nid_objs[121]),/* "RC5-ECB" */ -&(nid_objs[123]),/* "RC5-OFB" */ -&(nid_objs[117]),/* "RIPEMD160" */ -&(nid_objs[124]),/* "RLE" */ -&(nid_objs[19]),/* "RSA" */ -&(nid_objs[ 7]),/* "RSA-MD2" */ -&(nid_objs[396]),/* "RSA-MD4" */ -&(nid_objs[ 8]),/* "RSA-MD5" */ -&(nid_objs[96]),/* "RSA-MDC2" */ -&(nid_objs[104]),/* "RSA-NP-MD5" */ -&(nid_objs[119]),/* "RSA-RIPEMD160" */ -&(nid_objs[42]),/* "RSA-SHA" */ -&(nid_objs[65]),/* "RSA-SHA1" */ -&(nid_objs[115]),/* "RSA-SHA1-2" */ -&(nid_objs[671]),/* "RSA-SHA224" */ -&(nid_objs[668]),/* "RSA-SHA256" */ -&(nid_objs[669]),/* "RSA-SHA384" */ -&(nid_objs[670]),/* "RSA-SHA512" */ -&(nid_objs[777]),/* "SEED-CBC" */ -&(nid_objs[779]),/* "SEED-CFB" */ -&(nid_objs[776]),/* "SEED-ECB" */ -&(nid_objs[778]),/* "SEED-OFB" */ -&(nid_objs[41]),/* "SHA" */ -&(nid_objs[64]),/* "SHA1" */ -&(nid_objs[675]),/* "SHA224" */ -&(nid_objs[672]),/* "SHA256" */ -&(nid_objs[673]),/* "SHA384" */ -&(nid_objs[674]),/* "SHA512" */ -&(nid_objs[188]),/* "SMIME" */ -&(nid_objs[167]),/* "SMIME-CAPS" */ -&(nid_objs[100]),/* "SN" */ -&(nid_objs[16]),/* "ST" */ -&(nid_objs[143]),/* "SXNetID" */ -&(nid_objs[458]),/* "UID" */ -&(nid_objs[ 0]),/* "UNDEF" */ -&(nid_objs[11]),/* "X500" */ -&(nid_objs[378]),/* "X500algorithms" */ -&(nid_objs[12]),/* "X509" */ -&(nid_objs[184]),/* "X9-57" */ -&(nid_objs[185]),/* "X9cm" */ -&(nid_objs[125]),/* "ZLIB" */ -&(nid_objs[478]),/* "aRecord" */ -&(nid_objs[289]),/* "aaControls" */ -&(nid_objs[287]),/* "ac-auditEntity" */ -&(nid_objs[397]),/* "ac-proxying" */ -&(nid_objs[288]),/* "ac-targeting" */ -&(nid_objs[368]),/* "acceptableResponses" */ -&(nid_objs[446]),/* "account" */ -&(nid_objs[363]),/* "ad_timestamping" */ -&(nid_objs[376]),/* "algorithm" */ -&(nid_objs[405]),/* "ansi-X9-62" */ -&(nid_objs[746]),/* "anyPolicy" */ -&(nid_objs[370]),/* "archiveCutoff" */ -&(nid_objs[484]),/* "associatedDomain" */ -&(nid_objs[485]),/* "associatedName" */ -&(nid_objs[501]),/* "audio" */ -&(nid_objs[177]),/* "authorityInfoAccess" */ -&(nid_objs[90]),/* "authorityKeyIdentifier" */ -&(nid_objs[87]),/* "basicConstraints" */ -&(nid_objs[365]),/* "basicOCSPResponse" */ -&(nid_objs[285]),/* "biometricInfo" */ -&(nid_objs[494]),/* "buildingName" */ -&(nid_objs[691]),/* "c2onb191v4" */ -&(nid_objs[692]),/* "c2onb191v5" */ -&(nid_objs[697]),/* "c2onb239v4" */ -&(nid_objs[698]),/* "c2onb239v5" */ -&(nid_objs[684]),/* "c2pnb163v1" */ -&(nid_objs[685]),/* "c2pnb163v2" */ -&(nid_objs[686]),/* "c2pnb163v3" */ -&(nid_objs[687]),/* "c2pnb176v1" */ -&(nid_objs[693]),/* "c2pnb208w1" */ -&(nid_objs[699]),/* "c2pnb272w1" */ -&(nid_objs[700]),/* "c2pnb304w1" */ -&(nid_objs[702]),/* "c2pnb368w1" */ -&(nid_objs[688]),/* "c2tnb191v1" */ -&(nid_objs[689]),/* "c2tnb191v2" */ -&(nid_objs[690]),/* "c2tnb191v3" */ -&(nid_objs[694]),/* "c2tnb239v1" */ -&(nid_objs[695]),/* "c2tnb239v2" */ -&(nid_objs[696]),/* "c2tnb239v3" */ -&(nid_objs[701]),/* "c2tnb359v1" */ -&(nid_objs[703]),/* "c2tnb431r1" */ -&(nid_objs[483]),/* "cNAMERecord" */ -&(nid_objs[179]),/* "caIssuers" */ -&(nid_objs[785]),/* "caRepository" */ -&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ -&(nid_objs[152]),/* "certBag" */ -&(nid_objs[677]),/* "certicom-arc" */ -&(nid_objs[771]),/* "certificateIssuer" */ -&(nid_objs[89]),/* "certificatePolicies" */ -&(nid_objs[54]),/* "challengePassword" */ -&(nid_objs[407]),/* "characteristic-two-field" */ -&(nid_objs[395]),/* "clearance" */ -&(nid_objs[130]),/* "clientAuth" */ -&(nid_objs[131]),/* "codeSigning" */ -&(nid_objs[50]),/* "contentType" */ -&(nid_objs[53]),/* "countersignature" */ -&(nid_objs[153]),/* "crlBag" */ -&(nid_objs[103]),/* "crlDistributionPoints" */ -&(nid_objs[88]),/* "crlNumber" */ -&(nid_objs[806]),/* "cryptocom" */ -&(nid_objs[805]),/* "cryptopro" */ -&(nid_objs[500]),/* "dITRedirect" */ -&(nid_objs[451]),/* "dNSDomain" */ -&(nid_objs[495]),/* "dSAQuality" */ -&(nid_objs[434]),/* "data" */ -&(nid_objs[390]),/* "dcobject" */ -&(nid_objs[140]),/* "deltaCRL" */ -&(nid_objs[107]),/* "description" */ -&(nid_objs[28]),/* "dhKeyAgreement" */ -&(nid_objs[382]),/* "directory" */ -&(nid_objs[174]),/* "dnQualifier" */ -&(nid_objs[447]),/* "document" */ -&(nid_objs[471]),/* "documentAuthor" */ -&(nid_objs[468]),/* "documentIdentifier" */ -&(nid_objs[472]),/* "documentLocation" */ -&(nid_objs[502]),/* "documentPublisher" */ -&(nid_objs[449]),/* "documentSeries" */ -&(nid_objs[469]),/* "documentTitle" */ -&(nid_objs[470]),/* "documentVersion" */ -&(nid_objs[392]),/* "domain" */ -&(nid_objs[452]),/* "domainRelatedObject" */ -&(nid_objs[802]),/* "dsa_with_SHA224" */ -&(nid_objs[803]),/* "dsa_with_SHA256" */ -&(nid_objs[791]),/* "ecdsa-with-Recommended" */ -&(nid_objs[416]),/* "ecdsa-with-SHA1" */ -&(nid_objs[793]),/* "ecdsa-with-SHA224" */ -&(nid_objs[794]),/* "ecdsa-with-SHA256" */ -&(nid_objs[795]),/* "ecdsa-with-SHA384" */ -&(nid_objs[796]),/* "ecdsa-with-SHA512" */ -&(nid_objs[792]),/* "ecdsa-with-Specified" */ -&(nid_objs[48]),/* "emailAddress" */ -&(nid_objs[132]),/* "emailProtection" */ -&(nid_objs[389]),/* "enterprises" */ -&(nid_objs[384]),/* "experimental" */ -&(nid_objs[172]),/* "extReq" */ -&(nid_objs[56]),/* "extendedCertificateAttributes" */ -&(nid_objs[126]),/* "extendedKeyUsage" */ -&(nid_objs[372]),/* "extendedStatus" */ -&(nid_objs[462]),/* "favouriteDrink" */ -&(nid_objs[857]),/* "freshestCRL" */ -&(nid_objs[453]),/* "friendlyCountry" */ -&(nid_objs[490]),/* "friendlyCountryName" */ -&(nid_objs[156]),/* "friendlyName" */ -&(nid_objs[509]),/* "generationQualifier" */ -&(nid_objs[815]),/* "gost-mac" */ -&(nid_objs[811]),/* "gost2001" */ -&(nid_objs[851]),/* "gost2001cc" */ -&(nid_objs[813]),/* "gost89" */ -&(nid_objs[814]),/* "gost89-cnt" */ -&(nid_objs[812]),/* "gost94" */ -&(nid_objs[850]),/* "gost94cc" */ -&(nid_objs[797]),/* "hmacWithMD5" */ -&(nid_objs[163]),/* "hmacWithSHA1" */ -&(nid_objs[798]),/* "hmacWithSHA224" */ -&(nid_objs[799]),/* "hmacWithSHA256" */ -&(nid_objs[800]),/* "hmacWithSHA384" */ -&(nid_objs[801]),/* "hmacWithSHA512" */ -&(nid_objs[432]),/* "holdInstructionCallIssuer" */ -&(nid_objs[430]),/* "holdInstructionCode" */ -&(nid_objs[431]),/* "holdInstructionNone" */ -&(nid_objs[433]),/* "holdInstructionReject" */ -&(nid_objs[486]),/* "homePostalAddress" */ -&(nid_objs[473]),/* "homeTelephoneNumber" */ -&(nid_objs[466]),/* "host" */ -&(nid_objs[442]),/* "iA5StringSyntax" */ -&(nid_objs[783]),/* "id-DHBasedMac" */ -&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ -&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ -&(nid_objs[849]),/* "id-Gost28147-89-cc" */ -&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */ -&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ -&(nid_objs[817]),/* "id-GostR3410-2001DH" */ -&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ -&(nid_objs[845]),/* "id-GostR3410-94-a" */ -&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ -&(nid_objs[847]),/* "id-GostR3410-94-b" */ -&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ -&(nid_objs[818]),/* "id-GostR3410-94DH" */ -&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ -&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ -&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */ -&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */ -&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */ -&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */ -&(nid_objs[810]),/* "id-HMACGostR3411-94" */ -&(nid_objs[782]),/* "id-PasswordBasedMAC" */ -&(nid_objs[266]),/* "id-aca" */ -&(nid_objs[355]),/* "id-aca-accessIdentity" */ -&(nid_objs[354]),/* "id-aca-authenticationInfo" */ -&(nid_objs[356]),/* "id-aca-chargingIdentity" */ -&(nid_objs[399]),/* "id-aca-encAttrs" */ -&(nid_objs[357]),/* "id-aca-group" */ -&(nid_objs[358]),/* "id-aca-role" */ -&(nid_objs[176]),/* "id-ad" */ -&(nid_objs[788]),/* "id-aes128-wrap" */ -&(nid_objs[789]),/* "id-aes192-wrap" */ -&(nid_objs[790]),/* "id-aes256-wrap" */ -&(nid_objs[262]),/* "id-alg" */ -&(nid_objs[323]),/* "id-alg-des40" */ -&(nid_objs[326]),/* "id-alg-dh-pop" */ -&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ -&(nid_objs[324]),/* "id-alg-noSignature" */ -&(nid_objs[268]),/* "id-cct" */ -&(nid_objs[361]),/* "id-cct-PKIData" */ -&(nid_objs[362]),/* "id-cct-PKIResponse" */ -&(nid_objs[360]),/* "id-cct-crs" */ -&(nid_objs[81]),/* "id-ce" */ -&(nid_objs[680]),/* "id-characteristic-two-basis" */ -&(nid_objs[263]),/* "id-cmc" */ -&(nid_objs[334]),/* "id-cmc-addExtensions" */ -&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ -&(nid_objs[330]),/* "id-cmc-dataReturn" */ -&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ -&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ -&(nid_objs[339]),/* "id-cmc-getCRL" */ -&(nid_objs[338]),/* "id-cmc-getCert" */ -&(nid_objs[328]),/* "id-cmc-identification" */ -&(nid_objs[329]),/* "id-cmc-identityProof" */ -&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ -&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ -&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ -&(nid_objs[343]),/* "id-cmc-queryPending" */ -&(nid_objs[333]),/* "id-cmc-recipientNonce" */ -&(nid_objs[341]),/* "id-cmc-regInfo" */ -&(nid_objs[342]),/* "id-cmc-responseInfo" */ -&(nid_objs[340]),/* "id-cmc-revokeRequest" */ -&(nid_objs[332]),/* "id-cmc-senderNonce" */ -&(nid_objs[327]),/* "id-cmc-statusInfo" */ -&(nid_objs[331]),/* "id-cmc-transactionId" */ -&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ -&(nid_objs[408]),/* "id-ecPublicKey" */ -&(nid_objs[508]),/* "id-hex-multipart-message" */ -&(nid_objs[507]),/* "id-hex-partial-message" */ -&(nid_objs[260]),/* "id-it" */ -&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ -&(nid_objs[298]),/* "id-it-caProtEncCert" */ -&(nid_objs[311]),/* "id-it-confirmWaitTime" */ -&(nid_objs[303]),/* "id-it-currentCRL" */ -&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ -&(nid_objs[310]),/* "id-it-implicitConfirm" */ -&(nid_objs[308]),/* "id-it-keyPairParamRep" */ -&(nid_objs[307]),/* "id-it-keyPairParamReq" */ -&(nid_objs[312]),/* "id-it-origPKIMessage" */ -&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ -&(nid_objs[309]),/* "id-it-revPassphrase" */ -&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ -&(nid_objs[305]),/* "id-it-subscriptionRequest" */ -&(nid_objs[306]),/* "id-it-subscriptionResponse" */ -&(nid_objs[784]),/* "id-it-suppLangTags" */ -&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ -&(nid_objs[128]),/* "id-kp" */ -&(nid_objs[280]),/* "id-mod-attribute-cert" */ -&(nid_objs[274]),/* "id-mod-cmc" */ -&(nid_objs[277]),/* "id-mod-cmp" */ -&(nid_objs[284]),/* "id-mod-cmp2000" */ -&(nid_objs[273]),/* "id-mod-crmf" */ -&(nid_objs[283]),/* "id-mod-dvcs" */ -&(nid_objs[275]),/* "id-mod-kea-profile-88" */ -&(nid_objs[276]),/* "id-mod-kea-profile-93" */ -&(nid_objs[282]),/* "id-mod-ocsp" */ -&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ -&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ -&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ -&(nid_objs[264]),/* "id-on" */ -&(nid_objs[858]),/* "id-on-permanentIdentifier" */ -&(nid_objs[347]),/* "id-on-personalData" */ -&(nid_objs[265]),/* "id-pda" */ -&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ -&(nid_objs[353]),/* "id-pda-countryOfResidence" */ -&(nid_objs[348]),/* "id-pda-dateOfBirth" */ -&(nid_objs[351]),/* "id-pda-gender" */ -&(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[175]),/* "id-pe" */ -&(nid_objs[261]),/* "id-pkip" */ -&(nid_objs[258]),/* "id-pkix-mod" */ -&(nid_objs[269]),/* "id-pkix1-explicit-88" */ -&(nid_objs[271]),/* "id-pkix1-explicit-93" */ -&(nid_objs[270]),/* "id-pkix1-implicit-88" */ -&(nid_objs[272]),/* "id-pkix1-implicit-93" */ -&(nid_objs[662]),/* "id-ppl" */ -&(nid_objs[664]),/* "id-ppl-anyLanguage" */ -&(nid_objs[667]),/* "id-ppl-independent" */ -&(nid_objs[665]),/* "id-ppl-inheritAll" */ -&(nid_objs[267]),/* "id-qcs" */ -&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ -&(nid_objs[259]),/* "id-qt" */ -&(nid_objs[164]),/* "id-qt-cps" */ -&(nid_objs[165]),/* "id-qt-unotice" */ -&(nid_objs[313]),/* "id-regCtrl" */ -&(nid_objs[316]),/* "id-regCtrl-authenticator" */ -&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ -&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ -&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ -&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ -&(nid_objs[315]),/* "id-regCtrl-regToken" */ -&(nid_objs[314]),/* "id-regInfo" */ -&(nid_objs[322]),/* "id-regInfo-certReq" */ -&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ -&(nid_objs[512]),/* "id-set" */ -&(nid_objs[191]),/* "id-smime-aa" */ -&(nid_objs[215]),/* "id-smime-aa-contentHint" */ -&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ -&(nid_objs[221]),/* "id-smime-aa-contentReference" */ -&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ -&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ -&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ -&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ -&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ -&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ -&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ -&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ -&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ -&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ -&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ -&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ -&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ -&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ -&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ -&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ -&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ -&(nid_objs[219]),/* "id-smime-aa-macValue" */ -&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ -&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ -&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ -&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ -&(nid_objs[239]),/* "id-smime-aa-signatureType" */ -&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ -&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ -&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ -&(nid_objs[192]),/* "id-smime-alg" */ -&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ -&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ -&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ -&(nid_objs[245]),/* "id-smime-alg-ESDH" */ -&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ -&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ -&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ -&(nid_objs[193]),/* "id-smime-cd" */ -&(nid_objs[248]),/* "id-smime-cd-ldap" */ -&(nid_objs[190]),/* "id-smime-ct" */ -&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ -&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ -&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ -&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ -&(nid_objs[205]),/* "id-smime-ct-authData" */ -&(nid_objs[786]),/* "id-smime-ct-compressedData" */ -&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ -&(nid_objs[206]),/* "id-smime-ct-publishCert" */ -&(nid_objs[204]),/* "id-smime-ct-receipt" */ -&(nid_objs[195]),/* "id-smime-cti" */ -&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ -&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ -&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ -&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ -&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ -&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ -&(nid_objs[189]),/* "id-smime-mod" */ -&(nid_objs[196]),/* "id-smime-mod-cms" */ -&(nid_objs[197]),/* "id-smime-mod-ess" */ -&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ -&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ -&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ -&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ -&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ -&(nid_objs[198]),/* "id-smime-mod-oid" */ -&(nid_objs[194]),/* "id-smime-spq" */ -&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ -&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ -&(nid_objs[676]),/* "identified-organization" */ -&(nid_objs[461]),/* "info" */ -&(nid_objs[748]),/* "inhibitAnyPolicy" */ -&(nid_objs[101]),/* "initials" */ -&(nid_objs[647]),/* "international-organizations" */ -&(nid_objs[142]),/* "invalidityDate" */ -&(nid_objs[294]),/* "ipsecEndSystem" */ -&(nid_objs[295]),/* "ipsecTunnel" */ -&(nid_objs[296]),/* "ipsecUser" */ -&(nid_objs[86]),/* "issuerAltName" */ -&(nid_objs[770]),/* "issuingDistributionPoint" */ -&(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[150]),/* "keyBag" */ -&(nid_objs[83]),/* "keyUsage" */ -&(nid_objs[477]),/* "lastModifiedBy" */ -&(nid_objs[476]),/* "lastModifiedTime" */ -&(nid_objs[157]),/* "localKeyID" */ -&(nid_objs[480]),/* "mXRecord" */ -&(nid_objs[460]),/* "mail" */ -&(nid_objs[493]),/* "mailPreferenceOption" */ -&(nid_objs[467]),/* "manager" */ -&(nid_objs[809]),/* "md_gost94" */ -&(nid_objs[182]),/* "member-body" */ -&(nid_objs[51]),/* "messageDigest" */ -&(nid_objs[383]),/* "mgmt" */ -&(nid_objs[504]),/* "mime-mhs" */ -&(nid_objs[506]),/* "mime-mhs-bodies" */ -&(nid_objs[505]),/* "mime-mhs-headings" */ -&(nid_objs[488]),/* "mobileTelephoneNumber" */ -&(nid_objs[136]),/* "msCTLSign" */ -&(nid_objs[135]),/* "msCodeCom" */ -&(nid_objs[134]),/* "msCodeInd" */ -&(nid_objs[138]),/* "msEFS" */ -&(nid_objs[171]),/* "msExtReq" */ -&(nid_objs[137]),/* "msSGC" */ -&(nid_objs[648]),/* "msSmartcardLogin" */ -&(nid_objs[649]),/* "msUPN" */ -&(nid_objs[481]),/* "nSRecord" */ -&(nid_objs[173]),/* "name" */ -&(nid_objs[666]),/* "nameConstraints" */ -&(nid_objs[369]),/* "noCheck" */ -&(nid_objs[403]),/* "noRevAvail" */ -&(nid_objs[72]),/* "nsBaseUrl" */ -&(nid_objs[76]),/* "nsCaPolicyUrl" */ -&(nid_objs[74]),/* "nsCaRevocationUrl" */ -&(nid_objs[58]),/* "nsCertExt" */ -&(nid_objs[79]),/* "nsCertSequence" */ -&(nid_objs[71]),/* "nsCertType" */ -&(nid_objs[78]),/* "nsComment" */ -&(nid_objs[59]),/* "nsDataType" */ -&(nid_objs[75]),/* "nsRenewalUrl" */ -&(nid_objs[73]),/* "nsRevocationUrl" */ -&(nid_objs[139]),/* "nsSGC" */ -&(nid_objs[77]),/* "nsSslServerName" */ -&(nid_objs[681]),/* "onBasis" */ -&(nid_objs[491]),/* "organizationalStatus" */ -&(nid_objs[475]),/* "otherMailbox" */ -&(nid_objs[489]),/* "pagerTelephoneNumber" */ -&(nid_objs[374]),/* "path" */ -&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ -&(nid_objs[499]),/* "personalSignature" */ -&(nid_objs[487]),/* "personalTitle" */ -&(nid_objs[464]),/* "photo" */ -&(nid_objs[437]),/* "pilot" */ -&(nid_objs[439]),/* "pilotAttributeSyntax" */ -&(nid_objs[438]),/* "pilotAttributeType" */ -&(nid_objs[479]),/* "pilotAttributeType27" */ -&(nid_objs[456]),/* "pilotDSA" */ -&(nid_objs[441]),/* "pilotGroups" */ -&(nid_objs[444]),/* "pilotObject" */ -&(nid_objs[440]),/* "pilotObjectClass" */ -&(nid_objs[455]),/* "pilotOrganization" */ -&(nid_objs[445]),/* "pilotPerson" */ -&(nid_objs[ 2]),/* "pkcs" */ -&(nid_objs[186]),/* "pkcs1" */ -&(nid_objs[27]),/* "pkcs3" */ -&(nid_objs[187]),/* "pkcs5" */ -&(nid_objs[20]),/* "pkcs7" */ -&(nid_objs[21]),/* "pkcs7-data" */ -&(nid_objs[25]),/* "pkcs7-digestData" */ -&(nid_objs[26]),/* "pkcs7-encryptedData" */ -&(nid_objs[23]),/* "pkcs7-envelopedData" */ -&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ -&(nid_objs[22]),/* "pkcs7-signedData" */ -&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ -&(nid_objs[47]),/* "pkcs9" */ -&(nid_objs[401]),/* "policyConstraints" */ -&(nid_objs[747]),/* "policyMappings" */ -&(nid_objs[661]),/* "postalCode" */ -&(nid_objs[683]),/* "ppBasis" */ -&(nid_objs[816]),/* "prf-gostr3411-94" */ -&(nid_objs[406]),/* "prime-field" */ -&(nid_objs[409]),/* "prime192v1" */ -&(nid_objs[410]),/* "prime192v2" */ -&(nid_objs[411]),/* "prime192v3" */ -&(nid_objs[412]),/* "prime239v1" */ -&(nid_objs[413]),/* "prime239v2" */ -&(nid_objs[414]),/* "prime239v3" */ -&(nid_objs[415]),/* "prime256v1" */ -&(nid_objs[385]),/* "private" */ -&(nid_objs[84]),/* "privateKeyUsagePeriod" */ -&(nid_objs[663]),/* "proxyCertInfo" */ -&(nid_objs[510]),/* "pseudonym" */ -&(nid_objs[435]),/* "pss" */ -&(nid_objs[286]),/* "qcStatements" */ -&(nid_objs[457]),/* "qualityLabelledData" */ -&(nid_objs[450]),/* "rFC822localPart" */ -&(nid_objs[400]),/* "role" */ -&(nid_objs[448]),/* "room" */ -&(nid_objs[463]),/* "roomNumber" */ -&(nid_objs[ 6]),/* "rsaEncryption" */ -&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ -&(nid_objs[377]),/* "rsaSignature" */ -&(nid_objs[ 1]),/* "rsadsi" */ -&(nid_objs[482]),/* "sOARecord" */ -&(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbgp-routerIdentifier" */ -&(nid_objs[159]),/* "sdsiCertificate" */ -&(nid_objs[704]),/* "secp112r1" */ -&(nid_objs[705]),/* "secp112r2" */ -&(nid_objs[706]),/* "secp128r1" */ -&(nid_objs[707]),/* "secp128r2" */ -&(nid_objs[708]),/* "secp160k1" */ -&(nid_objs[709]),/* "secp160r1" */ -&(nid_objs[710]),/* "secp160r2" */ -&(nid_objs[711]),/* "secp192k1" */ -&(nid_objs[712]),/* "secp224k1" */ -&(nid_objs[713]),/* "secp224r1" */ -&(nid_objs[714]),/* "secp256k1" */ -&(nid_objs[715]),/* "secp384r1" */ -&(nid_objs[716]),/* "secp521r1" */ -&(nid_objs[154]),/* "secretBag" */ -&(nid_objs[474]),/* "secretary" */ -&(nid_objs[717]),/* "sect113r1" */ -&(nid_objs[718]),/* "sect113r2" */ -&(nid_objs[719]),/* "sect131r1" */ -&(nid_objs[720]),/* "sect131r2" */ -&(nid_objs[721]),/* "sect163k1" */ -&(nid_objs[722]),/* "sect163r1" */ -&(nid_objs[723]),/* "sect163r2" */ -&(nid_objs[724]),/* "sect193r1" */ -&(nid_objs[725]),/* "sect193r2" */ -&(nid_objs[726]),/* "sect233k1" */ -&(nid_objs[727]),/* "sect233r1" */ -&(nid_objs[728]),/* "sect239k1" */ -&(nid_objs[729]),/* "sect283k1" */ -&(nid_objs[730]),/* "sect283r1" */ -&(nid_objs[731]),/* "sect409k1" */ -&(nid_objs[732]),/* "sect409r1" */ -&(nid_objs[733]),/* "sect571k1" */ -&(nid_objs[734]),/* "sect571r1" */ -&(nid_objs[386]),/* "security" */ -&(nid_objs[394]),/* "selected-attribute-types" */ -&(nid_objs[105]),/* "serialNumber" */ -&(nid_objs[129]),/* "serverAuth" */ -&(nid_objs[371]),/* "serviceLocator" */ -&(nid_objs[625]),/* "set-addPolicy" */ -&(nid_objs[515]),/* "set-attr" */ -&(nid_objs[518]),/* "set-brand" */ -&(nid_objs[638]),/* "set-brand-AmericanExpress" */ -&(nid_objs[637]),/* "set-brand-Diners" */ -&(nid_objs[636]),/* "set-brand-IATA-ATA" */ -&(nid_objs[639]),/* "set-brand-JCB" */ -&(nid_objs[641]),/* "set-brand-MasterCard" */ -&(nid_objs[642]),/* "set-brand-Novus" */ -&(nid_objs[640]),/* "set-brand-Visa" */ -&(nid_objs[517]),/* "set-certExt" */ -&(nid_objs[513]),/* "set-ctype" */ -&(nid_objs[514]),/* "set-msgExt" */ -&(nid_objs[516]),/* "set-policy" */ -&(nid_objs[607]),/* "set-policy-root" */ -&(nid_objs[624]),/* "set-rootKeyThumb" */ -&(nid_objs[620]),/* "setAttr-Cert" */ -&(nid_objs[631]),/* "setAttr-GenCryptgrm" */ -&(nid_objs[623]),/* "setAttr-IssCap" */ -&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ -&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ -&(nid_objs[629]),/* "setAttr-IssCap-T2" */ -&(nid_objs[621]),/* "setAttr-PGWYcap" */ -&(nid_objs[635]),/* "setAttr-SecDevSig" */ -&(nid_objs[632]),/* "setAttr-T2Enc" */ -&(nid_objs[633]),/* "setAttr-T2cleartxt" */ -&(nid_objs[634]),/* "setAttr-TokICCsig" */ -&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ -&(nid_objs[626]),/* "setAttr-Token-EMV" */ -&(nid_objs[622]),/* "setAttr-TokenType" */ -&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ -&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ -&(nid_objs[616]),/* "setCext-TokenIdentifier" */ -&(nid_objs[618]),/* "setCext-TokenType" */ -&(nid_objs[617]),/* "setCext-Track2Data" */ -&(nid_objs[611]),/* "setCext-cCertRequired" */ -&(nid_objs[609]),/* "setCext-certType" */ -&(nid_objs[608]),/* "setCext-hashedRoot" */ -&(nid_objs[610]),/* "setCext-merchData" */ -&(nid_objs[613]),/* "setCext-setExt" */ -&(nid_objs[614]),/* "setCext-setQualf" */ -&(nid_objs[612]),/* "setCext-tunneling" */ -&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ -&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ -&(nid_objs[570]),/* "setct-AuthReqTBE" */ -&(nid_objs[534]),/* "setct-AuthReqTBS" */ -&(nid_objs[527]),/* "setct-AuthResBaggage" */ -&(nid_objs[571]),/* "setct-AuthResTBE" */ -&(nid_objs[572]),/* "setct-AuthResTBEX" */ -&(nid_objs[535]),/* "setct-AuthResTBS" */ -&(nid_objs[536]),/* "setct-AuthResTBSX" */ -&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ -&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ -&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ -&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ -&(nid_objs[542]),/* "setct-AuthRevResData" */ -&(nid_objs[578]),/* "setct-AuthRevResTBE" */ -&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ -&(nid_objs[543]),/* "setct-AuthRevResTBS" */ -&(nid_objs[573]),/* "setct-AuthTokenTBE" */ -&(nid_objs[537]),/* "setct-AuthTokenTBS" */ -&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ -&(nid_objs[558]),/* "setct-BatchAdminReqData" */ -&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ -&(nid_objs[559]),/* "setct-BatchAdminResData" */ -&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ -&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ -&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ -&(nid_objs[580]),/* "setct-CapReqTBE" */ -&(nid_objs[581]),/* "setct-CapReqTBEX" */ -&(nid_objs[544]),/* "setct-CapReqTBS" */ -&(nid_objs[545]),/* "setct-CapReqTBSX" */ -&(nid_objs[546]),/* "setct-CapResData" */ -&(nid_objs[582]),/* "setct-CapResTBE" */ -&(nid_objs[583]),/* "setct-CapRevReqTBE" */ -&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ -&(nid_objs[547]),/* "setct-CapRevReqTBS" */ -&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ -&(nid_objs[549]),/* "setct-CapRevResData" */ -&(nid_objs[585]),/* "setct-CapRevResTBE" */ -&(nid_objs[538]),/* "setct-CapTokenData" */ -&(nid_objs[530]),/* "setct-CapTokenSeq" */ -&(nid_objs[574]),/* "setct-CapTokenTBE" */ -&(nid_objs[575]),/* "setct-CapTokenTBEX" */ -&(nid_objs[539]),/* "setct-CapTokenTBS" */ -&(nid_objs[560]),/* "setct-CardCInitResTBS" */ -&(nid_objs[566]),/* "setct-CertInqReqTBS" */ -&(nid_objs[563]),/* "setct-CertReqData" */ -&(nid_objs[595]),/* "setct-CertReqTBE" */ -&(nid_objs[596]),/* "setct-CertReqTBEX" */ -&(nid_objs[564]),/* "setct-CertReqTBS" */ -&(nid_objs[565]),/* "setct-CertResData" */ -&(nid_objs[597]),/* "setct-CertResTBE" */ -&(nid_objs[586]),/* "setct-CredReqTBE" */ -&(nid_objs[587]),/* "setct-CredReqTBEX" */ -&(nid_objs[550]),/* "setct-CredReqTBS" */ -&(nid_objs[551]),/* "setct-CredReqTBSX" */ -&(nid_objs[552]),/* "setct-CredResData" */ -&(nid_objs[588]),/* "setct-CredResTBE" */ -&(nid_objs[589]),/* "setct-CredRevReqTBE" */ -&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ -&(nid_objs[553]),/* "setct-CredRevReqTBS" */ -&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ -&(nid_objs[555]),/* "setct-CredRevResData" */ -&(nid_objs[591]),/* "setct-CredRevResTBE" */ -&(nid_objs[567]),/* "setct-ErrorTBS" */ -&(nid_objs[526]),/* "setct-HODInput" */ -&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ -&(nid_objs[522]),/* "setct-OIData" */ -&(nid_objs[519]),/* "setct-PANData" */ -&(nid_objs[521]),/* "setct-PANOnly" */ -&(nid_objs[520]),/* "setct-PANToken" */ -&(nid_objs[556]),/* "setct-PCertReqData" */ -&(nid_objs[557]),/* "setct-PCertResTBS" */ -&(nid_objs[523]),/* "setct-PI" */ -&(nid_objs[532]),/* "setct-PI-TBS" */ -&(nid_objs[524]),/* "setct-PIData" */ -&(nid_objs[525]),/* "setct-PIDataUnsigned" */ -&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ -&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ -&(nid_objs[531]),/* "setct-PInitResData" */ -&(nid_objs[533]),/* "setct-PResData" */ -&(nid_objs[594]),/* "setct-RegFormReqTBE" */ -&(nid_objs[562]),/* "setct-RegFormResTBS" */ -&(nid_objs[606]),/* "setext-cv" */ -&(nid_objs[601]),/* "setext-genCrypt" */ -&(nid_objs[602]),/* "setext-miAuth" */ -&(nid_objs[604]),/* "setext-pinAny" */ -&(nid_objs[603]),/* "setext-pinSecure" */ -&(nid_objs[605]),/* "setext-track2" */ -&(nid_objs[52]),/* "signingTime" */ -&(nid_objs[454]),/* "simpleSecurityObject" */ -&(nid_objs[496]),/* "singleLevelQuality" */ -&(nid_objs[387]),/* "snmpv2" */ -&(nid_objs[660]),/* "streetAddress" */ -&(nid_objs[85]),/* "subjectAltName" */ -&(nid_objs[769]),/* "subjectDirectoryAttributes" */ -&(nid_objs[398]),/* "subjectInfoAccess" */ -&(nid_objs[82]),/* "subjectKeyIdentifier" */ -&(nid_objs[498]),/* "subtreeMaximumQuality" */ -&(nid_objs[497]),/* "subtreeMinimumQuality" */ -&(nid_objs[402]),/* "targetInformation" */ -&(nid_objs[459]),/* "textEncodedORAddress" */ -&(nid_objs[293]),/* "textNotice" */ -&(nid_objs[133]),/* "timeStamping" */ -&(nid_objs[106]),/* "title" */ -&(nid_objs[682]),/* "tpBasis" */ -&(nid_objs[375]),/* "trustRoot" */ -&(nid_objs[436]),/* "ucl" */ -&(nid_objs[55]),/* "unstructuredAddress" */ -&(nid_objs[49]),/* "unstructuredName" */ -&(nid_objs[465]),/* "userClass" */ -&(nid_objs[373]),/* "valid" */ -&(nid_objs[678]),/* "wap" */ -&(nid_objs[679]),/* "wap-wsg" */ -&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ -&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ -&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ -&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ -&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ -&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ -&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ -&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ -&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ -&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ -&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ -&(nid_objs[804]),/* "whirlpool" */ -&(nid_objs[503]),/* "x500UniqueIdentifier" */ -&(nid_objs[158]),/* "x509Certificate" */ -&(nid_objs[160]),/* "x509Crl" */ +static const unsigned int sn_objs[NUM_SN]={ +364, /* "AD_DVCS" */ +419, /* "AES-128-CBC" */ +421, /* "AES-128-CFB" */ +650, /* "AES-128-CFB1" */ +653, /* "AES-128-CFB8" */ +418, /* "AES-128-ECB" */ +420, /* "AES-128-OFB" */ +423, /* "AES-192-CBC" */ +425, /* "AES-192-CFB" */ +651, /* "AES-192-CFB1" */ +654, /* "AES-192-CFB8" */ +422, /* "AES-192-ECB" */ +424, /* "AES-192-OFB" */ +427, /* "AES-256-CBC" */ +429, /* "AES-256-CFB" */ +652, /* "AES-256-CFB1" */ +655, /* "AES-256-CFB8" */ +426, /* "AES-256-ECB" */ +428, /* "AES-256-OFB" */ +91, /* "BF-CBC" */ +93, /* "BF-CFB" */ +92, /* "BF-ECB" */ +94, /* "BF-OFB" */ +14, /* "C" */ +751, /* "CAMELLIA-128-CBC" */ +757, /* "CAMELLIA-128-CFB" */ +760, /* "CAMELLIA-128-CFB1" */ +763, /* "CAMELLIA-128-CFB8" */ +754, /* "CAMELLIA-128-ECB" */ +766, /* "CAMELLIA-128-OFB" */ +752, /* "CAMELLIA-192-CBC" */ +758, /* "CAMELLIA-192-CFB" */ +761, /* "CAMELLIA-192-CFB1" */ +764, /* "CAMELLIA-192-CFB8" */ +755, /* "CAMELLIA-192-ECB" */ +767, /* "CAMELLIA-192-OFB" */ +753, /* "CAMELLIA-256-CBC" */ +759, /* "CAMELLIA-256-CFB" */ +762, /* "CAMELLIA-256-CFB1" */ +765, /* "CAMELLIA-256-CFB8" */ +756, /* "CAMELLIA-256-ECB" */ +768, /* "CAMELLIA-256-OFB" */ +108, /* "CAST5-CBC" */ +110, /* "CAST5-CFB" */ +109, /* "CAST5-ECB" */ +111, /* "CAST5-OFB" */ +13, /* "CN" */ +141, /* "CRLReason" */ +417, /* "CSPName" */ +367, /* "CrlID" */ +391, /* "DC" */ +31, /* "DES-CBC" */ +643, /* "DES-CDMF" */ +30, /* "DES-CFB" */ +656, /* "DES-CFB1" */ +657, /* "DES-CFB8" */ +29, /* "DES-ECB" */ +32, /* "DES-EDE" */ +43, /* "DES-EDE-CBC" */ +60, /* "DES-EDE-CFB" */ +62, /* "DES-EDE-OFB" */ +33, /* "DES-EDE3" */ +44, /* "DES-EDE3-CBC" */ +61, /* "DES-EDE3-CFB" */ +658, /* "DES-EDE3-CFB1" */ +659, /* "DES-EDE3-CFB8" */ +63, /* "DES-EDE3-OFB" */ +45, /* "DES-OFB" */ +80, /* "DESX-CBC" */ +380, /* "DOD" */ +116, /* "DSA" */ +66, /* "DSA-SHA" */ +113, /* "DSA-SHA1" */ +70, /* "DSA-SHA1-old" */ +67, /* "DSA-old" */ +297, /* "DVCS" */ +99, /* "GN" */ +855, /* "HMAC" */ +780, /* "HMAC-MD5" */ +781, /* "HMAC-SHA1" */ +381, /* "IANA" */ +34, /* "IDEA-CBC" */ +35, /* "IDEA-CFB" */ +36, /* "IDEA-ECB" */ +46, /* "IDEA-OFB" */ +181, /* "ISO" */ +183, /* "ISO-US" */ +645, /* "ITU-T" */ +646, /* "JOINT-ISO-ITU-T" */ +773, /* "KISA" */ +15, /* "L" */ +856, /* "LocalKeySet" */ + 3, /* "MD2" */ +257, /* "MD4" */ + 4, /* "MD5" */ +114, /* "MD5-SHA1" */ +95, /* "MDC2" */ +388, /* "Mail" */ +393, /* "NULL" */ +404, /* "NULL" */ +57, /* "Netscape" */ +366, /* "Nonce" */ +17, /* "O" */ +178, /* "OCSP" */ +180, /* "OCSPSigning" */ +379, /* "ORG" */ +18, /* "OU" */ +749, /* "Oakley-EC2N-3" */ +750, /* "Oakley-EC2N-4" */ + 9, /* "PBE-MD2-DES" */ +168, /* "PBE-MD2-RC2-64" */ +10, /* "PBE-MD5-DES" */ +169, /* "PBE-MD5-RC2-64" */ +147, /* "PBE-SHA1-2DES" */ +146, /* "PBE-SHA1-3DES" */ +170, /* "PBE-SHA1-DES" */ +148, /* "PBE-SHA1-RC2-128" */ +149, /* "PBE-SHA1-RC2-40" */ +68, /* "PBE-SHA1-RC2-64" */ +144, /* "PBE-SHA1-RC4-128" */ +145, /* "PBE-SHA1-RC4-40" */ +161, /* "PBES2" */ +69, /* "PBKDF2" */ +162, /* "PBMAC1" */ +127, /* "PKIX" */ +98, /* "RC2-40-CBC" */ +166, /* "RC2-64-CBC" */ +37, /* "RC2-CBC" */ +39, /* "RC2-CFB" */ +38, /* "RC2-ECB" */ +40, /* "RC2-OFB" */ + 5, /* "RC4" */ +97, /* "RC4-40" */ +120, /* "RC5-CBC" */ +122, /* "RC5-CFB" */ +121, /* "RC5-ECB" */ +123, /* "RC5-OFB" */ +117, /* "RIPEMD160" */ +124, /* "RLE" */ +19, /* "RSA" */ + 7, /* "RSA-MD2" */ +396, /* "RSA-MD4" */ + 8, /* "RSA-MD5" */ +96, /* "RSA-MDC2" */ +104, /* "RSA-NP-MD5" */ +119, /* "RSA-RIPEMD160" */ +42, /* "RSA-SHA" */ +65, /* "RSA-SHA1" */ +115, /* "RSA-SHA1-2" */ +671, /* "RSA-SHA224" */ +668, /* "RSA-SHA256" */ +669, /* "RSA-SHA384" */ +670, /* "RSA-SHA512" */ +777, /* "SEED-CBC" */ +779, /* "SEED-CFB" */ +776, /* "SEED-ECB" */ +778, /* "SEED-OFB" */ +41, /* "SHA" */ +64, /* "SHA1" */ +675, /* "SHA224" */ +672, /* "SHA256" */ +673, /* "SHA384" */ +674, /* "SHA512" */ +188, /* "SMIME" */ +167, /* "SMIME-CAPS" */ +100, /* "SN" */ +16, /* "ST" */ +143, /* "SXNetID" */ +458, /* "UID" */ + 0, /* "UNDEF" */ +11, /* "X500" */ +378, /* "X500algorithms" */ +12, /* "X509" */ +184, /* "X9-57" */ +185, /* "X9cm" */ +125, /* "ZLIB" */ +478, /* "aRecord" */ +289, /* "aaControls" */ +287, /* "ac-auditEntity" */ +397, /* "ac-proxying" */ +288, /* "ac-targeting" */ +368, /* "acceptableResponses" */ +446, /* "account" */ +363, /* "ad_timestamping" */ +376, /* "algorithm" */ +405, /* "ansi-X9-62" */ +746, /* "anyPolicy" */ +370, /* "archiveCutoff" */ +484, /* "associatedDomain" */ +485, /* "associatedName" */ +501, /* "audio" */ +177, /* "authorityInfoAccess" */ +90, /* "authorityKeyIdentifier" */ +882, /* "authorityRevocationList" */ +87, /* "basicConstraints" */ +365, /* "basicOCSPResponse" */ +285, /* "biometricInfo" */ +494, /* "buildingName" */ +860, /* "businessCategory" */ +691, /* "c2onb191v4" */ +692, /* "c2onb191v5" */ +697, /* "c2onb239v4" */ +698, /* "c2onb239v5" */ +684, /* "c2pnb163v1" */ +685, /* "c2pnb163v2" */ +686, /* "c2pnb163v3" */ +687, /* "c2pnb176v1" */ +693, /* "c2pnb208w1" */ +699, /* "c2pnb272w1" */ +700, /* "c2pnb304w1" */ +702, /* "c2pnb368w1" */ +688, /* "c2tnb191v1" */ +689, /* "c2tnb191v2" */ +690, /* "c2tnb191v3" */ +694, /* "c2tnb239v1" */ +695, /* "c2tnb239v2" */ +696, /* "c2tnb239v3" */ +701, /* "c2tnb359v1" */ +703, /* "c2tnb431r1" */ +881, /* "cACertificate" */ +483, /* "cNAMERecord" */ +179, /* "caIssuers" */ +785, /* "caRepository" */ +443, /* "caseIgnoreIA5StringSyntax" */ +152, /* "certBag" */ +677, /* "certicom-arc" */ +771, /* "certificateIssuer" */ +89, /* "certificatePolicies" */ +883, /* "certificateRevocationList" */ +54, /* "challengePassword" */ +407, /* "characteristic-two-field" */ +395, /* "clearance" */ +130, /* "clientAuth" */ +131, /* "codeSigning" */ +50, /* "contentType" */ +53, /* "countersignature" */ +153, /* "crlBag" */ +103, /* "crlDistributionPoints" */ +88, /* "crlNumber" */ +884, /* "crossCertificatePair" */ +806, /* "cryptocom" */ +805, /* "cryptopro" */ +500, /* "dITRedirect" */ +451, /* "dNSDomain" */ +495, /* "dSAQuality" */ +434, /* "data" */ +390, /* "dcobject" */ +140, /* "deltaCRL" */ +891, /* "deltaRevocationList" */ +107, /* "description" */ +871, /* "destinationIndicator" */ +28, /* "dhKeyAgreement" */ +382, /* "directory" */ +887, /* "distinguishedName" */ +892, /* "dmdName" */ +174, /* "dnQualifier" */ +447, /* "document" */ +471, /* "documentAuthor" */ +468, /* "documentIdentifier" */ +472, /* "documentLocation" */ +502, /* "documentPublisher" */ +449, /* "documentSeries" */ +469, /* "documentTitle" */ +470, /* "documentVersion" */ +392, /* "domain" */ +452, /* "domainRelatedObject" */ +802, /* "dsa_with_SHA224" */ +803, /* "dsa_with_SHA256" */ +791, /* "ecdsa-with-Recommended" */ +416, /* "ecdsa-with-SHA1" */ +793, /* "ecdsa-with-SHA224" */ +794, /* "ecdsa-with-SHA256" */ +795, /* "ecdsa-with-SHA384" */ +796, /* "ecdsa-with-SHA512" */ +792, /* "ecdsa-with-Specified" */ +48, /* "emailAddress" */ +132, /* "emailProtection" */ +885, /* "enhancedSearchGuide" */ +389, /* "enterprises" */ +384, /* "experimental" */ +172, /* "extReq" */ +56, /* "extendedCertificateAttributes" */ +126, /* "extendedKeyUsage" */ +372, /* "extendedStatus" */ +867, /* "facsimileTelephoneNumber" */ +462, /* "favouriteDrink" */ +857, /* "freshestCRL" */ +453, /* "friendlyCountry" */ +490, /* "friendlyCountryName" */ +156, /* "friendlyName" */ +509, /* "generationQualifier" */ +815, /* "gost-mac" */ +811, /* "gost2001" */ +851, /* "gost2001cc" */ +813, /* "gost89" */ +814, /* "gost89-cnt" */ +812, /* "gost94" */ +850, /* "gost94cc" */ +797, /* "hmacWithMD5" */ +163, /* "hmacWithSHA1" */ +798, /* "hmacWithSHA224" */ +799, /* "hmacWithSHA256" */ +800, /* "hmacWithSHA384" */ +801, /* "hmacWithSHA512" */ +432, /* "holdInstructionCallIssuer" */ +430, /* "holdInstructionCode" */ +431, /* "holdInstructionNone" */ +433, /* "holdInstructionReject" */ +486, /* "homePostalAddress" */ +473, /* "homeTelephoneNumber" */ +466, /* "host" */ +889, /* "houseIdentifier" */ +442, /* "iA5StringSyntax" */ +783, /* "id-DHBasedMac" */ +824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +820, /* "id-Gost28147-89-None-KeyMeshing" */ +823, /* "id-Gost28147-89-TestParamSet" */ +849, /* "id-Gost28147-89-cc" */ +840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +854, /* "id-GostR3410-2001-ParamSet-cc" */ +839, /* "id-GostR3410-2001-TestParamSet" */ +817, /* "id-GostR3410-2001DH" */ +832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +831, /* "id-GostR3410-94-TestParamSet" */ +845, /* "id-GostR3410-94-a" */ +846, /* "id-GostR3410-94-aBis" */ +847, /* "id-GostR3410-94-b" */ +848, /* "id-GostR3410-94-bBis" */ +818, /* "id-GostR3410-94DH" */ +822, /* "id-GostR3411-94-CryptoProParamSet" */ +821, /* "id-GostR3411-94-TestParamSet" */ +807, /* "id-GostR3411-94-with-GostR3410-2001" */ +853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ +808, /* "id-GostR3411-94-with-GostR3410-94" */ +852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ +810, /* "id-HMACGostR3411-94" */ +782, /* "id-PasswordBasedMAC" */ +266, /* "id-aca" */ +355, /* "id-aca-accessIdentity" */ +354, /* "id-aca-authenticationInfo" */ +356, /* "id-aca-chargingIdentity" */ +399, /* "id-aca-encAttrs" */ +357, /* "id-aca-group" */ +358, /* "id-aca-role" */ +176, /* "id-ad" */ +788, /* "id-aes128-wrap" */ +789, /* "id-aes192-wrap" */ +790, /* "id-aes256-wrap" */ +262, /* "id-alg" */ +323, /* "id-alg-des40" */ +326, /* "id-alg-dh-pop" */ +325, /* "id-alg-dh-sig-hmac-sha1" */ +324, /* "id-alg-noSignature" */ +268, /* "id-cct" */ +361, /* "id-cct-PKIData" */ +362, /* "id-cct-PKIResponse" */ +360, /* "id-cct-crs" */ +81, /* "id-ce" */ +680, /* "id-characteristic-two-basis" */ +263, /* "id-cmc" */ +334, /* "id-cmc-addExtensions" */ +346, /* "id-cmc-confirmCertAcceptance" */ +330, /* "id-cmc-dataReturn" */ +336, /* "id-cmc-decryptedPOP" */ +335, /* "id-cmc-encryptedPOP" */ +339, /* "id-cmc-getCRL" */ +338, /* "id-cmc-getCert" */ +328, /* "id-cmc-identification" */ +329, /* "id-cmc-identityProof" */ +337, /* "id-cmc-lraPOPWitness" */ +344, /* "id-cmc-popLinkRandom" */ +345, /* "id-cmc-popLinkWitness" */ +343, /* "id-cmc-queryPending" */ +333, /* "id-cmc-recipientNonce" */ +341, /* "id-cmc-regInfo" */ +342, /* "id-cmc-responseInfo" */ +340, /* "id-cmc-revokeRequest" */ +332, /* "id-cmc-senderNonce" */ +327, /* "id-cmc-statusInfo" */ +331, /* "id-cmc-transactionId" */ +787, /* "id-ct-asciiTextWithCRLF" */ +408, /* "id-ecPublicKey" */ +508, /* "id-hex-multipart-message" */ +507, /* "id-hex-partial-message" */ +260, /* "id-it" */ +302, /* "id-it-caKeyUpdateInfo" */ +298, /* "id-it-caProtEncCert" */ +311, /* "id-it-confirmWaitTime" */ +303, /* "id-it-currentCRL" */ +300, /* "id-it-encKeyPairTypes" */ +310, /* "id-it-implicitConfirm" */ +308, /* "id-it-keyPairParamRep" */ +307, /* "id-it-keyPairParamReq" */ +312, /* "id-it-origPKIMessage" */ +301, /* "id-it-preferredSymmAlg" */ +309, /* "id-it-revPassphrase" */ +299, /* "id-it-signKeyPairTypes" */ +305, /* "id-it-subscriptionRequest" */ +306, /* "id-it-subscriptionResponse" */ +784, /* "id-it-suppLangTags" */ +304, /* "id-it-unsupportedOIDs" */ +128, /* "id-kp" */ +280, /* "id-mod-attribute-cert" */ +274, /* "id-mod-cmc" */ +277, /* "id-mod-cmp" */ +284, /* "id-mod-cmp2000" */ +273, /* "id-mod-crmf" */ +283, /* "id-mod-dvcs" */ +275, /* "id-mod-kea-profile-88" */ +276, /* "id-mod-kea-profile-93" */ +282, /* "id-mod-ocsp" */ +278, /* "id-mod-qualified-cert-88" */ +279, /* "id-mod-qualified-cert-93" */ +281, /* "id-mod-timestamp-protocol" */ +264, /* "id-on" */ +858, /* "id-on-permanentIdentifier" */ +347, /* "id-on-personalData" */ +265, /* "id-pda" */ +352, /* "id-pda-countryOfCitizenship" */ +353, /* "id-pda-countryOfResidence" */ +348, /* "id-pda-dateOfBirth" */ +351, /* "id-pda-gender" */ +349, /* "id-pda-placeOfBirth" */ +175, /* "id-pe" */ +261, /* "id-pkip" */ +258, /* "id-pkix-mod" */ +269, /* "id-pkix1-explicit-88" */ +271, /* "id-pkix1-explicit-93" */ +270, /* "id-pkix1-implicit-88" */ +272, /* "id-pkix1-implicit-93" */ +662, /* "id-ppl" */ +664, /* "id-ppl-anyLanguage" */ +667, /* "id-ppl-independent" */ +665, /* "id-ppl-inheritAll" */ +267, /* "id-qcs" */ +359, /* "id-qcs-pkixQCSyntax-v1" */ +259, /* "id-qt" */ +164, /* "id-qt-cps" */ +165, /* "id-qt-unotice" */ +313, /* "id-regCtrl" */ +316, /* "id-regCtrl-authenticator" */ +319, /* "id-regCtrl-oldCertID" */ +318, /* "id-regCtrl-pkiArchiveOptions" */ +317, /* "id-regCtrl-pkiPublicationInfo" */ +320, /* "id-regCtrl-protocolEncrKey" */ +315, /* "id-regCtrl-regToken" */ +314, /* "id-regInfo" */ +322, /* "id-regInfo-certReq" */ +321, /* "id-regInfo-utf8Pairs" */ +512, /* "id-set" */ +191, /* "id-smime-aa" */ +215, /* "id-smime-aa-contentHint" */ +218, /* "id-smime-aa-contentIdentifier" */ +221, /* "id-smime-aa-contentReference" */ +240, /* "id-smime-aa-dvcs-dvc" */ +217, /* "id-smime-aa-encapContentType" */ +222, /* "id-smime-aa-encrypKeyPref" */ +220, /* "id-smime-aa-equivalentLabels" */ +232, /* "id-smime-aa-ets-CertificateRefs" */ +233, /* "id-smime-aa-ets-RevocationRefs" */ +238, /* "id-smime-aa-ets-archiveTimeStamp" */ +237, /* "id-smime-aa-ets-certCRLTimestamp" */ +234, /* "id-smime-aa-ets-certValues" */ +227, /* "id-smime-aa-ets-commitmentType" */ +231, /* "id-smime-aa-ets-contentTimestamp" */ +236, /* "id-smime-aa-ets-escTimeStamp" */ +230, /* "id-smime-aa-ets-otherSigCert" */ +235, /* "id-smime-aa-ets-revocationValues" */ +226, /* "id-smime-aa-ets-sigPolicyId" */ +229, /* "id-smime-aa-ets-signerAttr" */ +228, /* "id-smime-aa-ets-signerLocation" */ +219, /* "id-smime-aa-macValue" */ +214, /* "id-smime-aa-mlExpandHistory" */ +216, /* "id-smime-aa-msgSigDigest" */ +212, /* "id-smime-aa-receiptRequest" */ +213, /* "id-smime-aa-securityLabel" */ +239, /* "id-smime-aa-signatureType" */ +223, /* "id-smime-aa-signingCertificate" */ +224, /* "id-smime-aa-smimeEncryptCerts" */ +225, /* "id-smime-aa-timeStampToken" */ +192, /* "id-smime-alg" */ +243, /* "id-smime-alg-3DESwrap" */ +246, /* "id-smime-alg-CMS3DESwrap" */ +247, /* "id-smime-alg-CMSRC2wrap" */ +245, /* "id-smime-alg-ESDH" */ +241, /* "id-smime-alg-ESDHwith3DES" */ +242, /* "id-smime-alg-ESDHwithRC2" */ +244, /* "id-smime-alg-RC2wrap" */ +193, /* "id-smime-cd" */ +248, /* "id-smime-cd-ldap" */ +190, /* "id-smime-ct" */ +210, /* "id-smime-ct-DVCSRequestData" */ +211, /* "id-smime-ct-DVCSResponseData" */ +208, /* "id-smime-ct-TDTInfo" */ +207, /* "id-smime-ct-TSTInfo" */ +205, /* "id-smime-ct-authData" */ +786, /* "id-smime-ct-compressedData" */ +209, /* "id-smime-ct-contentInfo" */ +206, /* "id-smime-ct-publishCert" */ +204, /* "id-smime-ct-receipt" */ +195, /* "id-smime-cti" */ +255, /* "id-smime-cti-ets-proofOfApproval" */ +256, /* "id-smime-cti-ets-proofOfCreation" */ +253, /* "id-smime-cti-ets-proofOfDelivery" */ +251, /* "id-smime-cti-ets-proofOfOrigin" */ +252, /* "id-smime-cti-ets-proofOfReceipt" */ +254, /* "id-smime-cti-ets-proofOfSender" */ +189, /* "id-smime-mod" */ +196, /* "id-smime-mod-cms" */ +197, /* "id-smime-mod-ess" */ +202, /* "id-smime-mod-ets-eSigPolicy-88" */ +203, /* "id-smime-mod-ets-eSigPolicy-97" */ +200, /* "id-smime-mod-ets-eSignature-88" */ +201, /* "id-smime-mod-ets-eSignature-97" */ +199, /* "id-smime-mod-msg-v3" */ +198, /* "id-smime-mod-oid" */ +194, /* "id-smime-spq" */ +250, /* "id-smime-spq-ets-sqt-unotice" */ +249, /* "id-smime-spq-ets-sqt-uri" */ +676, /* "identified-organization" */ +461, /* "info" */ +748, /* "inhibitAnyPolicy" */ +101, /* "initials" */ +647, /* "international-organizations" */ +869, /* "internationaliSDNNumber" */ +142, /* "invalidityDate" */ +294, /* "ipsecEndSystem" */ +295, /* "ipsecTunnel" */ +296, /* "ipsecUser" */ +86, /* "issuerAltName" */ +770, /* "issuingDistributionPoint" */ +492, /* "janetMailbox" */ +150, /* "keyBag" */ +83, /* "keyUsage" */ +477, /* "lastModifiedBy" */ +476, /* "lastModifiedTime" */ +157, /* "localKeyID" */ +480, /* "mXRecord" */ +460, /* "mail" */ +493, /* "mailPreferenceOption" */ +467, /* "manager" */ +809, /* "md_gost94" */ +875, /* "member" */ +182, /* "member-body" */ +51, /* "messageDigest" */ +383, /* "mgmt" */ +504, /* "mime-mhs" */ +506, /* "mime-mhs-bodies" */ +505, /* "mime-mhs-headings" */ +488, /* "mobileTelephoneNumber" */ +136, /* "msCTLSign" */ +135, /* "msCodeCom" */ +134, /* "msCodeInd" */ +138, /* "msEFS" */ +171, /* "msExtReq" */ +137, /* "msSGC" */ +648, /* "msSmartcardLogin" */ +649, /* "msUPN" */ +481, /* "nSRecord" */ +173, /* "name" */ +666, /* "nameConstraints" */ +369, /* "noCheck" */ +403, /* "noRevAvail" */ +72, /* "nsBaseUrl" */ +76, /* "nsCaPolicyUrl" */ +74, /* "nsCaRevocationUrl" */ +58, /* "nsCertExt" */ +79, /* "nsCertSequence" */ +71, /* "nsCertType" */ +78, /* "nsComment" */ +59, /* "nsDataType" */ +75, /* "nsRenewalUrl" */ +73, /* "nsRevocationUrl" */ +139, /* "nsSGC" */ +77, /* "nsSslServerName" */ +681, /* "onBasis" */ +491, /* "organizationalStatus" */ +475, /* "otherMailbox" */ +876, /* "owner" */ +489, /* "pagerTelephoneNumber" */ +374, /* "path" */ +112, /* "pbeWithMD5AndCast5CBC" */ +499, /* "personalSignature" */ +487, /* "personalTitle" */ +464, /* "photo" */ +863, /* "physicalDeliveryOfficeName" */ +437, /* "pilot" */ +439, /* "pilotAttributeSyntax" */ +438, /* "pilotAttributeType" */ +479, /* "pilotAttributeType27" */ +456, /* "pilotDSA" */ +441, /* "pilotGroups" */ +444, /* "pilotObject" */ +440, /* "pilotObjectClass" */ +455, /* "pilotOrganization" */ +445, /* "pilotPerson" */ + 2, /* "pkcs" */ +186, /* "pkcs1" */ +27, /* "pkcs3" */ +187, /* "pkcs5" */ +20, /* "pkcs7" */ +21, /* "pkcs7-data" */ +25, /* "pkcs7-digestData" */ +26, /* "pkcs7-encryptedData" */ +23, /* "pkcs7-envelopedData" */ +24, /* "pkcs7-signedAndEnvelopedData" */ +22, /* "pkcs7-signedData" */ +151, /* "pkcs8ShroudedKeyBag" */ +47, /* "pkcs9" */ +401, /* "policyConstraints" */ +747, /* "policyMappings" */ +862, /* "postOfficeBox" */ +861, /* "postalAddress" */ +661, /* "postalCode" */ +683, /* "ppBasis" */ +872, /* "preferredDeliveryMethod" */ +873, /* "presentationAddress" */ +816, /* "prf-gostr3411-94" */ +406, /* "prime-field" */ +409, /* "prime192v1" */ +410, /* "prime192v2" */ +411, /* "prime192v3" */ +412, /* "prime239v1" */ +413, /* "prime239v2" */ +414, /* "prime239v3" */ +415, /* "prime256v1" */ +385, /* "private" */ +84, /* "privateKeyUsagePeriod" */ +886, /* "protocolInformation" */ +663, /* "proxyCertInfo" */ +510, /* "pseudonym" */ +435, /* "pss" */ +286, /* "qcStatements" */ +457, /* "qualityLabelledData" */ +450, /* "rFC822localPart" */ +870, /* "registeredAddress" */ +400, /* "role" */ +877, /* "roleOccupant" */ +448, /* "room" */ +463, /* "roomNumber" */ + 6, /* "rsaEncryption" */ +644, /* "rsaOAEPEncryptionSET" */ +377, /* "rsaSignature" */ + 1, /* "rsadsi" */ +482, /* "sOARecord" */ +155, /* "safeContentsBag" */ +291, /* "sbgp-autonomousSysNum" */ +290, /* "sbgp-ipAddrBlock" */ +292, /* "sbgp-routerIdentifier" */ +159, /* "sdsiCertificate" */ +859, /* "searchGuide" */ +704, /* "secp112r1" */ +705, /* "secp112r2" */ +706, /* "secp128r1" */ +707, /* "secp128r2" */ +708, /* "secp160k1" */ +709, /* "secp160r1" */ +710, /* "secp160r2" */ +711, /* "secp192k1" */ +712, /* "secp224k1" */ +713, /* "secp224r1" */ +714, /* "secp256k1" */ +715, /* "secp384r1" */ +716, /* "secp521r1" */ +154, /* "secretBag" */ +474, /* "secretary" */ +717, /* "sect113r1" */ +718, /* "sect113r2" */ +719, /* "sect131r1" */ +720, /* "sect131r2" */ +721, /* "sect163k1" */ +722, /* "sect163r1" */ +723, /* "sect163r2" */ +724, /* "sect193r1" */ +725, /* "sect193r2" */ +726, /* "sect233k1" */ +727, /* "sect233r1" */ +728, /* "sect239k1" */ +729, /* "sect283k1" */ +730, /* "sect283r1" */ +731, /* "sect409k1" */ +732, /* "sect409r1" */ +733, /* "sect571k1" */ +734, /* "sect571r1" */ +386, /* "security" */ +878, /* "seeAlso" */ +394, /* "selected-attribute-types" */ +105, /* "serialNumber" */ +129, /* "serverAuth" */ +371, /* "serviceLocator" */ +625, /* "set-addPolicy" */ +515, /* "set-attr" */ +518, /* "set-brand" */ +638, /* "set-brand-AmericanExpress" */ +637, /* "set-brand-Diners" */ +636, /* "set-brand-IATA-ATA" */ +639, /* "set-brand-JCB" */ +641, /* "set-brand-MasterCard" */ +642, /* "set-brand-Novus" */ +640, /* "set-brand-Visa" */ +517, /* "set-certExt" */ +513, /* "set-ctype" */ +514, /* "set-msgExt" */ +516, /* "set-policy" */ +607, /* "set-policy-root" */ +624, /* "set-rootKeyThumb" */ +620, /* "setAttr-Cert" */ +631, /* "setAttr-GenCryptgrm" */ +623, /* "setAttr-IssCap" */ +628, /* "setAttr-IssCap-CVM" */ +630, /* "setAttr-IssCap-Sig" */ +629, /* "setAttr-IssCap-T2" */ +621, /* "setAttr-PGWYcap" */ +635, /* "setAttr-SecDevSig" */ +632, /* "setAttr-T2Enc" */ +633, /* "setAttr-T2cleartxt" */ +634, /* "setAttr-TokICCsig" */ +627, /* "setAttr-Token-B0Prime" */ +626, /* "setAttr-Token-EMV" */ +622, /* "setAttr-TokenType" */ +619, /* "setCext-IssuerCapabilities" */ +615, /* "setCext-PGWYcapabilities" */ +616, /* "setCext-TokenIdentifier" */ +618, /* "setCext-TokenType" */ +617, /* "setCext-Track2Data" */ +611, /* "setCext-cCertRequired" */ +609, /* "setCext-certType" */ +608, /* "setCext-hashedRoot" */ +610, /* "setCext-merchData" */ +613, /* "setCext-setExt" */ +614, /* "setCext-setQualf" */ +612, /* "setCext-tunneling" */ +540, /* "setct-AcqCardCodeMsg" */ +576, /* "setct-AcqCardCodeMsgTBE" */ +570, /* "setct-AuthReqTBE" */ +534, /* "setct-AuthReqTBS" */ +527, /* "setct-AuthResBaggage" */ +571, /* "setct-AuthResTBE" */ +572, /* "setct-AuthResTBEX" */ +535, /* "setct-AuthResTBS" */ +536, /* "setct-AuthResTBSX" */ +528, /* "setct-AuthRevReqBaggage" */ +577, /* "setct-AuthRevReqTBE" */ +541, /* "setct-AuthRevReqTBS" */ +529, /* "setct-AuthRevResBaggage" */ +542, /* "setct-AuthRevResData" */ +578, /* "setct-AuthRevResTBE" */ +579, /* "setct-AuthRevResTBEB" */ +543, /* "setct-AuthRevResTBS" */ +573, /* "setct-AuthTokenTBE" */ +537, /* "setct-AuthTokenTBS" */ +600, /* "setct-BCIDistributionTBS" */ +558, /* "setct-BatchAdminReqData" */ +592, /* "setct-BatchAdminReqTBE" */ +559, /* "setct-BatchAdminResData" */ +593, /* "setct-BatchAdminResTBE" */ +599, /* "setct-CRLNotificationResTBS" */ +598, /* "setct-CRLNotificationTBS" */ +580, /* "setct-CapReqTBE" */ +581, /* "setct-CapReqTBEX" */ +544, /* "setct-CapReqTBS" */ +545, /* "setct-CapReqTBSX" */ +546, /* "setct-CapResData" */ +582, /* "setct-CapResTBE" */ +583, /* "setct-CapRevReqTBE" */ +584, /* "setct-CapRevReqTBEX" */ +547, /* "setct-CapRevReqTBS" */ +548, /* "setct-CapRevReqTBSX" */ +549, /* "setct-CapRevResData" */ +585, /* "setct-CapRevResTBE" */ +538, /* "setct-CapTokenData" */ +530, /* "setct-CapTokenSeq" */ +574, /* "setct-CapTokenTBE" */ +575, /* "setct-CapTokenTBEX" */ +539, /* "setct-CapTokenTBS" */ +560, /* "setct-CardCInitResTBS" */ +566, /* "setct-CertInqReqTBS" */ +563, /* "setct-CertReqData" */ +595, /* "setct-CertReqTBE" */ +596, /* "setct-CertReqTBEX" */ +564, /* "setct-CertReqTBS" */ +565, /* "setct-CertResData" */ +597, /* "setct-CertResTBE" */ +586, /* "setct-CredReqTBE" */ +587, /* "setct-CredReqTBEX" */ +550, /* "setct-CredReqTBS" */ +551, /* "setct-CredReqTBSX" */ +552, /* "setct-CredResData" */ +588, /* "setct-CredResTBE" */ +589, /* "setct-CredRevReqTBE" */ +590, /* "setct-CredRevReqTBEX" */ +553, /* "setct-CredRevReqTBS" */ +554, /* "setct-CredRevReqTBSX" */ +555, /* "setct-CredRevResData" */ +591, /* "setct-CredRevResTBE" */ +567, /* "setct-ErrorTBS" */ +526, /* "setct-HODInput" */ +561, /* "setct-MeAqCInitResTBS" */ +522, /* "setct-OIData" */ +519, /* "setct-PANData" */ +521, /* "setct-PANOnly" */ +520, /* "setct-PANToken" */ +556, /* "setct-PCertReqData" */ +557, /* "setct-PCertResTBS" */ +523, /* "setct-PI" */ +532, /* "setct-PI-TBS" */ +524, /* "setct-PIData" */ +525, /* "setct-PIDataUnsigned" */ +568, /* "setct-PIDualSignedTBE" */ +569, /* "setct-PIUnsignedTBE" */ +531, /* "setct-PInitResData" */ +533, /* "setct-PResData" */ +594, /* "setct-RegFormReqTBE" */ +562, /* "setct-RegFormResTBS" */ +606, /* "setext-cv" */ +601, /* "setext-genCrypt" */ +602, /* "setext-miAuth" */ +604, /* "setext-pinAny" */ +603, /* "setext-pinSecure" */ +605, /* "setext-track2" */ +52, /* "signingTime" */ +454, /* "simpleSecurityObject" */ +496, /* "singleLevelQuality" */ +387, /* "snmpv2" */ +660, /* "street" */ +85, /* "subjectAltName" */ +769, /* "subjectDirectoryAttributes" */ +398, /* "subjectInfoAccess" */ +82, /* "subjectKeyIdentifier" */ +498, /* "subtreeMaximumQuality" */ +497, /* "subtreeMinimumQuality" */ +890, /* "supportedAlgorithms" */ +874, /* "supportedApplicationContext" */ +402, /* "targetInformation" */ +864, /* "telephoneNumber" */ +866, /* "teletexTerminalIdentifier" */ +865, /* "telexNumber" */ +459, /* "textEncodedORAddress" */ +293, /* "textNotice" */ +133, /* "timeStamping" */ +106, /* "title" */ +682, /* "tpBasis" */ +375, /* "trustRoot" */ +436, /* "ucl" */ +888, /* "uniqueMember" */ +55, /* "unstructuredAddress" */ +49, /* "unstructuredName" */ +880, /* "userCertificate" */ +465, /* "userClass" */ +879, /* "userPassword" */ +373, /* "valid" */ +678, /* "wap" */ +679, /* "wap-wsg" */ +735, /* "wap-wsg-idm-ecid-wtls1" */ +743, /* "wap-wsg-idm-ecid-wtls10" */ +744, /* "wap-wsg-idm-ecid-wtls11" */ +745, /* "wap-wsg-idm-ecid-wtls12" */ +736, /* "wap-wsg-idm-ecid-wtls3" */ +737, /* "wap-wsg-idm-ecid-wtls4" */ +738, /* "wap-wsg-idm-ecid-wtls5" */ +739, /* "wap-wsg-idm-ecid-wtls6" */ +740, /* "wap-wsg-idm-ecid-wtls7" */ +741, /* "wap-wsg-idm-ecid-wtls8" */ +742, /* "wap-wsg-idm-ecid-wtls9" */ +804, /* "whirlpool" */ +868, /* "x121Address" */ +503, /* "x500UniqueIdentifier" */ +158, /* "x509Certificate" */ +160, /* "x509Crl" */ }; -static ASN1_OBJECT *ln_objs[NUM_LN]={ -&(nid_objs[363]),/* "AD Time Stamping" */ -&(nid_objs[405]),/* "ANSI X9.62" */ -&(nid_objs[368]),/* "Acceptable OCSP Responses" */ -&(nid_objs[664]),/* "Any language" */ -&(nid_objs[177]),/* "Authority Information Access" */ -&(nid_objs[365]),/* "Basic OCSP Response" */ -&(nid_objs[285]),/* "Biometric Info" */ -&(nid_objs[179]),/* "CA Issuers" */ -&(nid_objs[785]),/* "CA Repository" */ -&(nid_objs[131]),/* "Code Signing" */ -&(nid_objs[783]),/* "Diffie-Hellman based MAC" */ -&(nid_objs[382]),/* "Directory" */ -&(nid_objs[392]),/* "Domain" */ -&(nid_objs[132]),/* "E-mail Protection" */ -&(nid_objs[389]),/* "Enterprises" */ -&(nid_objs[384]),/* "Experimental" */ -&(nid_objs[372]),/* "Extended OCSP Status" */ -&(nid_objs[172]),/* "Extension Request" */ -&(nid_objs[813]),/* "GOST 28147-89" */ -&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */ -&(nid_objs[815]),/* "GOST 28147-89 MAC" */ -&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */ -&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */ -&(nid_objs[811]),/* "GOST R 34.10-2001" */ -&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */ -&(nid_objs[812]),/* "GOST R 34.10-94" */ -&(nid_objs[818]),/* "GOST R 34.10-94 DH" */ -&(nid_objs[809]),/* "GOST R 34.11-94" */ -&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */ -&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */ -&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ -&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */ -&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ -&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */ -&(nid_objs[810]),/* "HMAC GOST 34.11-94" */ -&(nid_objs[432]),/* "Hold Instruction Call Issuer" */ -&(nid_objs[430]),/* "Hold Instruction Code" */ -&(nid_objs[431]),/* "Hold Instruction None" */ -&(nid_objs[433]),/* "Hold Instruction Reject" */ -&(nid_objs[634]),/* "ICC or token signature" */ -&(nid_objs[294]),/* "IPSec End System" */ -&(nid_objs[295]),/* "IPSec Tunnel" */ -&(nid_objs[296]),/* "IPSec User" */ -&(nid_objs[182]),/* "ISO Member Body" */ -&(nid_objs[183]),/* "ISO US Member Body" */ -&(nid_objs[667]),/* "Independent" */ -&(nid_objs[665]),/* "Inherit all" */ -&(nid_objs[647]),/* "International Organizations" */ -&(nid_objs[142]),/* "Invalidity Date" */ -&(nid_objs[504]),/* "MIME MHS" */ -&(nid_objs[388]),/* "Mail" */ -&(nid_objs[383]),/* "Management" */ -&(nid_objs[417]),/* "Microsoft CSP Name" */ -&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */ -&(nid_objs[138]),/* "Microsoft Encrypted File System" */ -&(nid_objs[171]),/* "Microsoft Extension Request" */ -&(nid_objs[134]),/* "Microsoft Individual Code Signing" */ -&(nid_objs[856]),/* "Microsoft Local Key set" */ -&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ -&(nid_objs[648]),/* "Microsoft Smartcardlogin" */ -&(nid_objs[136]),/* "Microsoft Trust List Signing" */ -&(nid_objs[649]),/* "Microsoft Universal Principal Name" */ -&(nid_objs[393]),/* "NULL" */ -&(nid_objs[404]),/* "NULL" */ -&(nid_objs[72]),/* "Netscape Base Url" */ -&(nid_objs[76]),/* "Netscape CA Policy Url" */ -&(nid_objs[74]),/* "Netscape CA Revocation Url" */ -&(nid_objs[71]),/* "Netscape Cert Type" */ -&(nid_objs[58]),/* "Netscape Certificate Extension" */ -&(nid_objs[79]),/* "Netscape Certificate Sequence" */ -&(nid_objs[78]),/* "Netscape Comment" */ -&(nid_objs[57]),/* "Netscape Communications Corp." */ -&(nid_objs[59]),/* "Netscape Data Type" */ -&(nid_objs[75]),/* "Netscape Renewal Url" */ -&(nid_objs[73]),/* "Netscape Revocation Url" */ -&(nid_objs[77]),/* "Netscape SSL Server Name" */ -&(nid_objs[139]),/* "Netscape Server Gated Crypto" */ -&(nid_objs[178]),/* "OCSP" */ -&(nid_objs[370]),/* "OCSP Archive Cutoff" */ -&(nid_objs[367]),/* "OCSP CRL ID" */ -&(nid_objs[369]),/* "OCSP No Check" */ -&(nid_objs[366]),/* "OCSP Nonce" */ -&(nid_objs[371]),/* "OCSP Service Locator" */ -&(nid_objs[180]),/* "OCSP Signing" */ -&(nid_objs[161]),/* "PBES2" */ -&(nid_objs[69]),/* "PBKDF2" */ -&(nid_objs[162]),/* "PBMAC1" */ -&(nid_objs[127]),/* "PKIX" */ -&(nid_objs[858]),/* "Permanent Identifier" */ -&(nid_objs[164]),/* "Policy Qualifier CPS" */ -&(nid_objs[165]),/* "Policy Qualifier User Notice" */ -&(nid_objs[385]),/* "Private" */ -&(nid_objs[663]),/* "Proxy Certificate Information" */ -&(nid_objs[ 1]),/* "RSA Data Security, Inc." */ -&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */ -&(nid_objs[188]),/* "S/MIME" */ -&(nid_objs[167]),/* "S/MIME Capabilities" */ -&(nid_objs[387]),/* "SNMPv2" */ -&(nid_objs[512]),/* "Secure Electronic Transactions" */ -&(nid_objs[386]),/* "Security" */ -&(nid_objs[394]),/* "Selected Attribute Types" */ -&(nid_objs[143]),/* "Strong Extranet ID" */ -&(nid_objs[398]),/* "Subject Information Access" */ -&(nid_objs[130]),/* "TLS Web Client Authentication" */ -&(nid_objs[129]),/* "TLS Web Server Authentication" */ -&(nid_objs[133]),/* "Time Stamping" */ -&(nid_objs[375]),/* "Trust Root" */ -&(nid_objs[12]),/* "X509" */ -&(nid_objs[402]),/* "X509v3 AC Targeting" */ -&(nid_objs[746]),/* "X509v3 Any Policy" */ -&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ -&(nid_objs[87]),/* "X509v3 Basic Constraints" */ -&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ -&(nid_objs[88]),/* "X509v3 CRL Number" */ -&(nid_objs[141]),/* "X509v3 CRL Reason Code" */ -&(nid_objs[771]),/* "X509v3 Certificate Issuer" */ -&(nid_objs[89]),/* "X509v3 Certificate Policies" */ -&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ -&(nid_objs[126]),/* "X509v3 Extended Key Usage" */ -&(nid_objs[857]),/* "X509v3 Freshest CRL" */ -&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */ -&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ -&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */ -&(nid_objs[83]),/* "X509v3 Key Usage" */ -&(nid_objs[666]),/* "X509v3 Name Constraints" */ -&(nid_objs[403]),/* "X509v3 No Revocation Available" */ -&(nid_objs[401]),/* "X509v3 Policy Constraints" */ -&(nid_objs[747]),/* "X509v3 Policy Mappings" */ -&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ -&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ -&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */ -&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ -&(nid_objs[184]),/* "X9.57" */ -&(nid_objs[185]),/* "X9.57 CM ?" */ -&(nid_objs[478]),/* "aRecord" */ -&(nid_objs[289]),/* "aaControls" */ -&(nid_objs[287]),/* "ac-auditEntity" */ -&(nid_objs[397]),/* "ac-proxying" */ -&(nid_objs[288]),/* "ac-targeting" */ -&(nid_objs[446]),/* "account" */ -&(nid_objs[364]),/* "ad dvcs" */ -&(nid_objs[606]),/* "additional verification" */ -&(nid_objs[419]),/* "aes-128-cbc" */ -&(nid_objs[421]),/* "aes-128-cfb" */ -&(nid_objs[650]),/* "aes-128-cfb1" */ -&(nid_objs[653]),/* "aes-128-cfb8" */ -&(nid_objs[418]),/* "aes-128-ecb" */ -&(nid_objs[420]),/* "aes-128-ofb" */ -&(nid_objs[423]),/* "aes-192-cbc" */ -&(nid_objs[425]),/* "aes-192-cfb" */ -&(nid_objs[651]),/* "aes-192-cfb1" */ -&(nid_objs[654]),/* "aes-192-cfb8" */ -&(nid_objs[422]),/* "aes-192-ecb" */ -&(nid_objs[424]),/* "aes-192-ofb" */ -&(nid_objs[427]),/* "aes-256-cbc" */ -&(nid_objs[429]),/* "aes-256-cfb" */ -&(nid_objs[652]),/* "aes-256-cfb1" */ -&(nid_objs[655]),/* "aes-256-cfb8" */ -&(nid_objs[426]),/* "aes-256-ecb" */ -&(nid_objs[428]),/* "aes-256-ofb" */ -&(nid_objs[376]),/* "algorithm" */ -&(nid_objs[484]),/* "associatedDomain" */ -&(nid_objs[485]),/* "associatedName" */ -&(nid_objs[501]),/* "audio" */ -&(nid_objs[91]),/* "bf-cbc" */ -&(nid_objs[93]),/* "bf-cfb" */ -&(nid_objs[92]),/* "bf-ecb" */ -&(nid_objs[94]),/* "bf-ofb" */ -&(nid_objs[494]),/* "buildingName" */ -&(nid_objs[691]),/* "c2onb191v4" */ -&(nid_objs[692]),/* "c2onb191v5" */ -&(nid_objs[697]),/* "c2onb239v4" */ -&(nid_objs[698]),/* "c2onb239v5" */ -&(nid_objs[684]),/* "c2pnb163v1" */ -&(nid_objs[685]),/* "c2pnb163v2" */ -&(nid_objs[686]),/* "c2pnb163v3" */ -&(nid_objs[687]),/* "c2pnb176v1" */ -&(nid_objs[693]),/* "c2pnb208w1" */ -&(nid_objs[699]),/* "c2pnb272w1" */ -&(nid_objs[700]),/* "c2pnb304w1" */ -&(nid_objs[702]),/* "c2pnb368w1" */ -&(nid_objs[688]),/* "c2tnb191v1" */ -&(nid_objs[689]),/* "c2tnb191v2" */ -&(nid_objs[690]),/* "c2tnb191v3" */ -&(nid_objs[694]),/* "c2tnb239v1" */ -&(nid_objs[695]),/* "c2tnb239v2" */ -&(nid_objs[696]),/* "c2tnb239v3" */ -&(nid_objs[701]),/* "c2tnb359v1" */ -&(nid_objs[703]),/* "c2tnb431r1" */ -&(nid_objs[483]),/* "cNAMERecord" */ -&(nid_objs[751]),/* "camellia-128-cbc" */ -&(nid_objs[757]),/* "camellia-128-cfb" */ -&(nid_objs[760]),/* "camellia-128-cfb1" */ -&(nid_objs[763]),/* "camellia-128-cfb8" */ -&(nid_objs[754]),/* "camellia-128-ecb" */ -&(nid_objs[766]),/* "camellia-128-ofb" */ -&(nid_objs[752]),/* "camellia-192-cbc" */ -&(nid_objs[758]),/* "camellia-192-cfb" */ -&(nid_objs[761]),/* "camellia-192-cfb1" */ -&(nid_objs[764]),/* "camellia-192-cfb8" */ -&(nid_objs[755]),/* "camellia-192-ecb" */ -&(nid_objs[767]),/* "camellia-192-ofb" */ -&(nid_objs[753]),/* "camellia-256-cbc" */ -&(nid_objs[759]),/* "camellia-256-cfb" */ -&(nid_objs[762]),/* "camellia-256-cfb1" */ -&(nid_objs[765]),/* "camellia-256-cfb8" */ -&(nid_objs[756]),/* "camellia-256-ecb" */ -&(nid_objs[768]),/* "camellia-256-ofb" */ -&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ -&(nid_objs[108]),/* "cast5-cbc" */ -&(nid_objs[110]),/* "cast5-cfb" */ -&(nid_objs[109]),/* "cast5-ecb" */ -&(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[152]),/* "certBag" */ -&(nid_objs[677]),/* "certicom-arc" */ -&(nid_objs[517]),/* "certificate extensions" */ -&(nid_objs[54]),/* "challengePassword" */ -&(nid_objs[407]),/* "characteristic-two-field" */ -&(nid_objs[395]),/* "clearance" */ -&(nid_objs[633]),/* "cleartext track 2" */ -&(nid_objs[13]),/* "commonName" */ -&(nid_objs[513]),/* "content types" */ -&(nid_objs[50]),/* "contentType" */ -&(nid_objs[53]),/* "countersignature" */ -&(nid_objs[14]),/* "countryName" */ -&(nid_objs[153]),/* "crlBag" */ -&(nid_objs[806]),/* "cryptocom" */ -&(nid_objs[805]),/* "cryptopro" */ -&(nid_objs[500]),/* "dITRedirect" */ -&(nid_objs[451]),/* "dNSDomain" */ -&(nid_objs[495]),/* "dSAQuality" */ -&(nid_objs[434]),/* "data" */ -&(nid_objs[390]),/* "dcObject" */ -&(nid_objs[31]),/* "des-cbc" */ -&(nid_objs[643]),/* "des-cdmf" */ -&(nid_objs[30]),/* "des-cfb" */ -&(nid_objs[656]),/* "des-cfb1" */ -&(nid_objs[657]),/* "des-cfb8" */ -&(nid_objs[29]),/* "des-ecb" */ -&(nid_objs[32]),/* "des-ede" */ -&(nid_objs[43]),/* "des-ede-cbc" */ -&(nid_objs[60]),/* "des-ede-cfb" */ -&(nid_objs[62]),/* "des-ede-ofb" */ -&(nid_objs[33]),/* "des-ede3" */ -&(nid_objs[44]),/* "des-ede3-cbc" */ -&(nid_objs[61]),/* "des-ede3-cfb" */ -&(nid_objs[658]),/* "des-ede3-cfb1" */ -&(nid_objs[659]),/* "des-ede3-cfb8" */ -&(nid_objs[63]),/* "des-ede3-ofb" */ -&(nid_objs[45]),/* "des-ofb" */ -&(nid_objs[107]),/* "description" */ -&(nid_objs[80]),/* "desx-cbc" */ -&(nid_objs[28]),/* "dhKeyAgreement" */ -&(nid_objs[11]),/* "directory services (X.500)" */ -&(nid_objs[378]),/* "directory services - algorithms" */ -&(nid_objs[174]),/* "dnQualifier" */ -&(nid_objs[447]),/* "document" */ -&(nid_objs[471]),/* "documentAuthor" */ -&(nid_objs[468]),/* "documentIdentifier" */ -&(nid_objs[472]),/* "documentLocation" */ -&(nid_objs[502]),/* "documentPublisher" */ -&(nid_objs[449]),/* "documentSeries" */ -&(nid_objs[469]),/* "documentTitle" */ -&(nid_objs[470]),/* "documentVersion" */ -&(nid_objs[380]),/* "dod" */ -&(nid_objs[391]),/* "domainComponent" */ -&(nid_objs[452]),/* "domainRelatedObject" */ -&(nid_objs[116]),/* "dsaEncryption" */ -&(nid_objs[67]),/* "dsaEncryption-old" */ -&(nid_objs[66]),/* "dsaWithSHA" */ -&(nid_objs[113]),/* "dsaWithSHA1" */ -&(nid_objs[70]),/* "dsaWithSHA1-old" */ -&(nid_objs[802]),/* "dsa_with_SHA224" */ -&(nid_objs[803]),/* "dsa_with_SHA256" */ -&(nid_objs[297]),/* "dvcs" */ -&(nid_objs[791]),/* "ecdsa-with-Recommended" */ -&(nid_objs[416]),/* "ecdsa-with-SHA1" */ -&(nid_objs[793]),/* "ecdsa-with-SHA224" */ -&(nid_objs[794]),/* "ecdsa-with-SHA256" */ -&(nid_objs[795]),/* "ecdsa-with-SHA384" */ -&(nid_objs[796]),/* "ecdsa-with-SHA512" */ -&(nid_objs[792]),/* "ecdsa-with-Specified" */ -&(nid_objs[48]),/* "emailAddress" */ -&(nid_objs[632]),/* "encrypted track 2" */ -&(nid_objs[56]),/* "extendedCertificateAttributes" */ -&(nid_objs[462]),/* "favouriteDrink" */ -&(nid_objs[453]),/* "friendlyCountry" */ -&(nid_objs[490]),/* "friendlyCountryName" */ -&(nid_objs[156]),/* "friendlyName" */ -&(nid_objs[631]),/* "generate cryptogram" */ -&(nid_objs[509]),/* "generationQualifier" */ -&(nid_objs[601]),/* "generic cryptogram" */ -&(nid_objs[99]),/* "givenName" */ -&(nid_objs[814]),/* "gost89-cnt" */ -&(nid_objs[855]),/* "hmac" */ -&(nid_objs[780]),/* "hmac-md5" */ -&(nid_objs[781]),/* "hmac-sha1" */ -&(nid_objs[797]),/* "hmacWithMD5" */ -&(nid_objs[163]),/* "hmacWithSHA1" */ -&(nid_objs[798]),/* "hmacWithSHA224" */ -&(nid_objs[799]),/* "hmacWithSHA256" */ -&(nid_objs[800]),/* "hmacWithSHA384" */ -&(nid_objs[801]),/* "hmacWithSHA512" */ -&(nid_objs[486]),/* "homePostalAddress" */ -&(nid_objs[473]),/* "homeTelephoneNumber" */ -&(nid_objs[466]),/* "host" */ -&(nid_objs[442]),/* "iA5StringSyntax" */ -&(nid_objs[381]),/* "iana" */ -&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ -&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ -&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ -&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ -&(nid_objs[845]),/* "id-GostR3410-94-a" */ -&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ -&(nid_objs[847]),/* "id-GostR3410-94-b" */ -&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ -&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ -&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ -&(nid_objs[266]),/* "id-aca" */ -&(nid_objs[355]),/* "id-aca-accessIdentity" */ -&(nid_objs[354]),/* "id-aca-authenticationInfo" */ -&(nid_objs[356]),/* "id-aca-chargingIdentity" */ -&(nid_objs[399]),/* "id-aca-encAttrs" */ -&(nid_objs[357]),/* "id-aca-group" */ -&(nid_objs[358]),/* "id-aca-role" */ -&(nid_objs[176]),/* "id-ad" */ -&(nid_objs[788]),/* "id-aes128-wrap" */ -&(nid_objs[789]),/* "id-aes192-wrap" */ -&(nid_objs[790]),/* "id-aes256-wrap" */ -&(nid_objs[262]),/* "id-alg" */ -&(nid_objs[323]),/* "id-alg-des40" */ -&(nid_objs[326]),/* "id-alg-dh-pop" */ -&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ -&(nid_objs[324]),/* "id-alg-noSignature" */ -&(nid_objs[268]),/* "id-cct" */ -&(nid_objs[361]),/* "id-cct-PKIData" */ -&(nid_objs[362]),/* "id-cct-PKIResponse" */ -&(nid_objs[360]),/* "id-cct-crs" */ -&(nid_objs[81]),/* "id-ce" */ -&(nid_objs[680]),/* "id-characteristic-two-basis" */ -&(nid_objs[263]),/* "id-cmc" */ -&(nid_objs[334]),/* "id-cmc-addExtensions" */ -&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ -&(nid_objs[330]),/* "id-cmc-dataReturn" */ -&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ -&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ -&(nid_objs[339]),/* "id-cmc-getCRL" */ -&(nid_objs[338]),/* "id-cmc-getCert" */ -&(nid_objs[328]),/* "id-cmc-identification" */ -&(nid_objs[329]),/* "id-cmc-identityProof" */ -&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ -&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ -&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ -&(nid_objs[343]),/* "id-cmc-queryPending" */ -&(nid_objs[333]),/* "id-cmc-recipientNonce" */ -&(nid_objs[341]),/* "id-cmc-regInfo" */ -&(nid_objs[342]),/* "id-cmc-responseInfo" */ -&(nid_objs[340]),/* "id-cmc-revokeRequest" */ -&(nid_objs[332]),/* "id-cmc-senderNonce" */ -&(nid_objs[327]),/* "id-cmc-statusInfo" */ -&(nid_objs[331]),/* "id-cmc-transactionId" */ -&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ -&(nid_objs[408]),/* "id-ecPublicKey" */ -&(nid_objs[508]),/* "id-hex-multipart-message" */ -&(nid_objs[507]),/* "id-hex-partial-message" */ -&(nid_objs[260]),/* "id-it" */ -&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ -&(nid_objs[298]),/* "id-it-caProtEncCert" */ -&(nid_objs[311]),/* "id-it-confirmWaitTime" */ -&(nid_objs[303]),/* "id-it-currentCRL" */ -&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ -&(nid_objs[310]),/* "id-it-implicitConfirm" */ -&(nid_objs[308]),/* "id-it-keyPairParamRep" */ -&(nid_objs[307]),/* "id-it-keyPairParamReq" */ -&(nid_objs[312]),/* "id-it-origPKIMessage" */ -&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ -&(nid_objs[309]),/* "id-it-revPassphrase" */ -&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ -&(nid_objs[305]),/* "id-it-subscriptionRequest" */ -&(nid_objs[306]),/* "id-it-subscriptionResponse" */ -&(nid_objs[784]),/* "id-it-suppLangTags" */ -&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ -&(nid_objs[128]),/* "id-kp" */ -&(nid_objs[280]),/* "id-mod-attribute-cert" */ -&(nid_objs[274]),/* "id-mod-cmc" */ -&(nid_objs[277]),/* "id-mod-cmp" */ -&(nid_objs[284]),/* "id-mod-cmp2000" */ -&(nid_objs[273]),/* "id-mod-crmf" */ -&(nid_objs[283]),/* "id-mod-dvcs" */ -&(nid_objs[275]),/* "id-mod-kea-profile-88" */ -&(nid_objs[276]),/* "id-mod-kea-profile-93" */ -&(nid_objs[282]),/* "id-mod-ocsp" */ -&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ -&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ -&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ -&(nid_objs[264]),/* "id-on" */ -&(nid_objs[347]),/* "id-on-personalData" */ -&(nid_objs[265]),/* "id-pda" */ -&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ -&(nid_objs[353]),/* "id-pda-countryOfResidence" */ -&(nid_objs[348]),/* "id-pda-dateOfBirth" */ -&(nid_objs[351]),/* "id-pda-gender" */ -&(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[175]),/* "id-pe" */ -&(nid_objs[261]),/* "id-pkip" */ -&(nid_objs[258]),/* "id-pkix-mod" */ -&(nid_objs[269]),/* "id-pkix1-explicit-88" */ -&(nid_objs[271]),/* "id-pkix1-explicit-93" */ -&(nid_objs[270]),/* "id-pkix1-implicit-88" */ -&(nid_objs[272]),/* "id-pkix1-implicit-93" */ -&(nid_objs[662]),/* "id-ppl" */ -&(nid_objs[267]),/* "id-qcs" */ -&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ -&(nid_objs[259]),/* "id-qt" */ -&(nid_objs[313]),/* "id-regCtrl" */ -&(nid_objs[316]),/* "id-regCtrl-authenticator" */ -&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ -&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ -&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ -&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ -&(nid_objs[315]),/* "id-regCtrl-regToken" */ -&(nid_objs[314]),/* "id-regInfo" */ -&(nid_objs[322]),/* "id-regInfo-certReq" */ -&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ -&(nid_objs[191]),/* "id-smime-aa" */ -&(nid_objs[215]),/* "id-smime-aa-contentHint" */ -&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ -&(nid_objs[221]),/* "id-smime-aa-contentReference" */ -&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ -&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ -&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ -&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ -&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ -&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ -&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ -&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ -&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ -&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ -&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ -&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ -&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ -&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ -&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ -&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ -&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ -&(nid_objs[219]),/* "id-smime-aa-macValue" */ -&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ -&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ -&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ -&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ -&(nid_objs[239]),/* "id-smime-aa-signatureType" */ -&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ -&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ -&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ -&(nid_objs[192]),/* "id-smime-alg" */ -&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ -&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ -&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ -&(nid_objs[245]),/* "id-smime-alg-ESDH" */ -&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ -&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ -&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ -&(nid_objs[193]),/* "id-smime-cd" */ -&(nid_objs[248]),/* "id-smime-cd-ldap" */ -&(nid_objs[190]),/* "id-smime-ct" */ -&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ -&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ -&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ -&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ -&(nid_objs[205]),/* "id-smime-ct-authData" */ -&(nid_objs[786]),/* "id-smime-ct-compressedData" */ -&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ -&(nid_objs[206]),/* "id-smime-ct-publishCert" */ -&(nid_objs[204]),/* "id-smime-ct-receipt" */ -&(nid_objs[195]),/* "id-smime-cti" */ -&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ -&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ -&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ -&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ -&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ -&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ -&(nid_objs[189]),/* "id-smime-mod" */ -&(nid_objs[196]),/* "id-smime-mod-cms" */ -&(nid_objs[197]),/* "id-smime-mod-ess" */ -&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ -&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ -&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ -&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ -&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ -&(nid_objs[198]),/* "id-smime-mod-oid" */ -&(nid_objs[194]),/* "id-smime-spq" */ -&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ -&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ -&(nid_objs[34]),/* "idea-cbc" */ -&(nid_objs[35]),/* "idea-cfb" */ -&(nid_objs[36]),/* "idea-ecb" */ -&(nid_objs[46]),/* "idea-ofb" */ -&(nid_objs[676]),/* "identified-organization" */ -&(nid_objs[461]),/* "info" */ -&(nid_objs[101]),/* "initials" */ -&(nid_objs[749]),/* "ipsec3" */ -&(nid_objs[750]),/* "ipsec4" */ -&(nid_objs[181]),/* "iso" */ -&(nid_objs[623]),/* "issuer capabilities" */ -&(nid_objs[645]),/* "itu-t" */ -&(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[646]),/* "joint-iso-itu-t" */ -&(nid_objs[150]),/* "keyBag" */ -&(nid_objs[773]),/* "kisa" */ -&(nid_objs[477]),/* "lastModifiedBy" */ -&(nid_objs[476]),/* "lastModifiedTime" */ -&(nid_objs[157]),/* "localKeyID" */ -&(nid_objs[15]),/* "localityName" */ -&(nid_objs[480]),/* "mXRecord" */ -&(nid_objs[493]),/* "mailPreferenceOption" */ -&(nid_objs[467]),/* "manager" */ -&(nid_objs[ 3]),/* "md2" */ -&(nid_objs[ 7]),/* "md2WithRSAEncryption" */ -&(nid_objs[257]),/* "md4" */ -&(nid_objs[396]),/* "md4WithRSAEncryption" */ -&(nid_objs[ 4]),/* "md5" */ -&(nid_objs[114]),/* "md5-sha1" */ -&(nid_objs[104]),/* "md5WithRSA" */ -&(nid_objs[ 8]),/* "md5WithRSAEncryption" */ -&(nid_objs[95]),/* "mdc2" */ -&(nid_objs[96]),/* "mdc2WithRSA" */ -&(nid_objs[602]),/* "merchant initiated auth" */ -&(nid_objs[514]),/* "message extensions" */ -&(nid_objs[51]),/* "messageDigest" */ -&(nid_objs[506]),/* "mime-mhs-bodies" */ -&(nid_objs[505]),/* "mime-mhs-headings" */ -&(nid_objs[488]),/* "mobileTelephoneNumber" */ -&(nid_objs[481]),/* "nSRecord" */ -&(nid_objs[173]),/* "name" */ -&(nid_objs[681]),/* "onBasis" */ -&(nid_objs[379]),/* "org" */ -&(nid_objs[17]),/* "organizationName" */ -&(nid_objs[491]),/* "organizationalStatus" */ -&(nid_objs[18]),/* "organizationalUnitName" */ -&(nid_objs[475]),/* "otherMailbox" */ -&(nid_objs[489]),/* "pagerTelephoneNumber" */ -&(nid_objs[782]),/* "password based MAC" */ -&(nid_objs[374]),/* "path" */ -&(nid_objs[621]),/* "payment gateway capabilities" */ -&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ -&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */ -&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ -&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */ -&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */ -&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */ -&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */ -&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */ -&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */ -&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */ -&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */ -&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */ -&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */ -&(nid_objs[499]),/* "personalSignature" */ -&(nid_objs[487]),/* "personalTitle" */ -&(nid_objs[464]),/* "photo" */ -&(nid_objs[437]),/* "pilot" */ -&(nid_objs[439]),/* "pilotAttributeSyntax" */ -&(nid_objs[438]),/* "pilotAttributeType" */ -&(nid_objs[479]),/* "pilotAttributeType27" */ -&(nid_objs[456]),/* "pilotDSA" */ -&(nid_objs[441]),/* "pilotGroups" */ -&(nid_objs[444]),/* "pilotObject" */ -&(nid_objs[440]),/* "pilotObjectClass" */ -&(nid_objs[455]),/* "pilotOrganization" */ -&(nid_objs[445]),/* "pilotPerson" */ -&(nid_objs[186]),/* "pkcs1" */ -&(nid_objs[27]),/* "pkcs3" */ -&(nid_objs[187]),/* "pkcs5" */ -&(nid_objs[20]),/* "pkcs7" */ -&(nid_objs[21]),/* "pkcs7-data" */ -&(nid_objs[25]),/* "pkcs7-digestData" */ -&(nid_objs[26]),/* "pkcs7-encryptedData" */ -&(nid_objs[23]),/* "pkcs7-envelopedData" */ -&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ -&(nid_objs[22]),/* "pkcs7-signedData" */ -&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ -&(nid_objs[47]),/* "pkcs9" */ -&(nid_objs[661]),/* "postalCode" */ -&(nid_objs[683]),/* "ppBasis" */ -&(nid_objs[406]),/* "prime-field" */ -&(nid_objs[409]),/* "prime192v1" */ -&(nid_objs[410]),/* "prime192v2" */ -&(nid_objs[411]),/* "prime192v3" */ -&(nid_objs[412]),/* "prime239v1" */ -&(nid_objs[413]),/* "prime239v2" */ -&(nid_objs[414]),/* "prime239v3" */ -&(nid_objs[415]),/* "prime256v1" */ -&(nid_objs[510]),/* "pseudonym" */ -&(nid_objs[435]),/* "pss" */ -&(nid_objs[286]),/* "qcStatements" */ -&(nid_objs[457]),/* "qualityLabelledData" */ -&(nid_objs[450]),/* "rFC822localPart" */ -&(nid_objs[98]),/* "rc2-40-cbc" */ -&(nid_objs[166]),/* "rc2-64-cbc" */ -&(nid_objs[37]),/* "rc2-cbc" */ -&(nid_objs[39]),/* "rc2-cfb" */ -&(nid_objs[38]),/* "rc2-ecb" */ -&(nid_objs[40]),/* "rc2-ofb" */ -&(nid_objs[ 5]),/* "rc4" */ -&(nid_objs[97]),/* "rc4-40" */ -&(nid_objs[120]),/* "rc5-cbc" */ -&(nid_objs[122]),/* "rc5-cfb" */ -&(nid_objs[121]),/* "rc5-ecb" */ -&(nid_objs[123]),/* "rc5-ofb" */ -&(nid_objs[460]),/* "rfc822Mailbox" */ -&(nid_objs[117]),/* "ripemd160" */ -&(nid_objs[119]),/* "ripemd160WithRSA" */ -&(nid_objs[400]),/* "role" */ -&(nid_objs[448]),/* "room" */ -&(nid_objs[463]),/* "roomNumber" */ -&(nid_objs[19]),/* "rsa" */ -&(nid_objs[ 6]),/* "rsaEncryption" */ -&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ -&(nid_objs[377]),/* "rsaSignature" */ -&(nid_objs[124]),/* "run length compression" */ -&(nid_objs[482]),/* "sOARecord" */ -&(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbgp-routerIdentifier" */ -&(nid_objs[159]),/* "sdsiCertificate" */ -&(nid_objs[704]),/* "secp112r1" */ -&(nid_objs[705]),/* "secp112r2" */ -&(nid_objs[706]),/* "secp128r1" */ -&(nid_objs[707]),/* "secp128r2" */ -&(nid_objs[708]),/* "secp160k1" */ -&(nid_objs[709]),/* "secp160r1" */ -&(nid_objs[710]),/* "secp160r2" */ -&(nid_objs[711]),/* "secp192k1" */ -&(nid_objs[712]),/* "secp224k1" */ -&(nid_objs[713]),/* "secp224r1" */ -&(nid_objs[714]),/* "secp256k1" */ -&(nid_objs[715]),/* "secp384r1" */ -&(nid_objs[716]),/* "secp521r1" */ -&(nid_objs[154]),/* "secretBag" */ -&(nid_objs[474]),/* "secretary" */ -&(nid_objs[717]),/* "sect113r1" */ -&(nid_objs[718]),/* "sect113r2" */ -&(nid_objs[719]),/* "sect131r1" */ -&(nid_objs[720]),/* "sect131r2" */ -&(nid_objs[721]),/* "sect163k1" */ -&(nid_objs[722]),/* "sect163r1" */ -&(nid_objs[723]),/* "sect163r2" */ -&(nid_objs[724]),/* "sect193r1" */ -&(nid_objs[725]),/* "sect193r2" */ -&(nid_objs[726]),/* "sect233k1" */ -&(nid_objs[727]),/* "sect233r1" */ -&(nid_objs[728]),/* "sect239k1" */ -&(nid_objs[729]),/* "sect283k1" */ -&(nid_objs[730]),/* "sect283r1" */ -&(nid_objs[731]),/* "sect409k1" */ -&(nid_objs[732]),/* "sect409r1" */ -&(nid_objs[733]),/* "sect571k1" */ -&(nid_objs[734]),/* "sect571r1" */ -&(nid_objs[635]),/* "secure device signature" */ -&(nid_objs[777]),/* "seed-cbc" */ -&(nid_objs[779]),/* "seed-cfb" */ -&(nid_objs[776]),/* "seed-ecb" */ -&(nid_objs[778]),/* "seed-ofb" */ -&(nid_objs[105]),/* "serialNumber" */ -&(nid_objs[625]),/* "set-addPolicy" */ -&(nid_objs[515]),/* "set-attr" */ -&(nid_objs[518]),/* "set-brand" */ -&(nid_objs[638]),/* "set-brand-AmericanExpress" */ -&(nid_objs[637]),/* "set-brand-Diners" */ -&(nid_objs[636]),/* "set-brand-IATA-ATA" */ -&(nid_objs[639]),/* "set-brand-JCB" */ -&(nid_objs[641]),/* "set-brand-MasterCard" */ -&(nid_objs[642]),/* "set-brand-Novus" */ -&(nid_objs[640]),/* "set-brand-Visa" */ -&(nid_objs[516]),/* "set-policy" */ -&(nid_objs[607]),/* "set-policy-root" */ -&(nid_objs[624]),/* "set-rootKeyThumb" */ -&(nid_objs[620]),/* "setAttr-Cert" */ -&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ -&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ -&(nid_objs[629]),/* "setAttr-IssCap-T2" */ -&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ -&(nid_objs[626]),/* "setAttr-Token-EMV" */ -&(nid_objs[622]),/* "setAttr-TokenType" */ -&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ -&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ -&(nid_objs[616]),/* "setCext-TokenIdentifier" */ -&(nid_objs[618]),/* "setCext-TokenType" */ -&(nid_objs[617]),/* "setCext-Track2Data" */ -&(nid_objs[611]),/* "setCext-cCertRequired" */ -&(nid_objs[609]),/* "setCext-certType" */ -&(nid_objs[608]),/* "setCext-hashedRoot" */ -&(nid_objs[610]),/* "setCext-merchData" */ -&(nid_objs[613]),/* "setCext-setExt" */ -&(nid_objs[614]),/* "setCext-setQualf" */ -&(nid_objs[612]),/* "setCext-tunneling" */ -&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ -&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ -&(nid_objs[570]),/* "setct-AuthReqTBE" */ -&(nid_objs[534]),/* "setct-AuthReqTBS" */ -&(nid_objs[527]),/* "setct-AuthResBaggage" */ -&(nid_objs[571]),/* "setct-AuthResTBE" */ -&(nid_objs[572]),/* "setct-AuthResTBEX" */ -&(nid_objs[535]),/* "setct-AuthResTBS" */ -&(nid_objs[536]),/* "setct-AuthResTBSX" */ -&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ -&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ -&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ -&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ -&(nid_objs[542]),/* "setct-AuthRevResData" */ -&(nid_objs[578]),/* "setct-AuthRevResTBE" */ -&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ -&(nid_objs[543]),/* "setct-AuthRevResTBS" */ -&(nid_objs[573]),/* "setct-AuthTokenTBE" */ -&(nid_objs[537]),/* "setct-AuthTokenTBS" */ -&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ -&(nid_objs[558]),/* "setct-BatchAdminReqData" */ -&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ -&(nid_objs[559]),/* "setct-BatchAdminResData" */ -&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ -&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ -&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ -&(nid_objs[580]),/* "setct-CapReqTBE" */ -&(nid_objs[581]),/* "setct-CapReqTBEX" */ -&(nid_objs[544]),/* "setct-CapReqTBS" */ -&(nid_objs[545]),/* "setct-CapReqTBSX" */ -&(nid_objs[546]),/* "setct-CapResData" */ -&(nid_objs[582]),/* "setct-CapResTBE" */ -&(nid_objs[583]),/* "setct-CapRevReqTBE" */ -&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ -&(nid_objs[547]),/* "setct-CapRevReqTBS" */ -&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ -&(nid_objs[549]),/* "setct-CapRevResData" */ -&(nid_objs[585]),/* "setct-CapRevResTBE" */ -&(nid_objs[538]),/* "setct-CapTokenData" */ -&(nid_objs[530]),/* "setct-CapTokenSeq" */ -&(nid_objs[574]),/* "setct-CapTokenTBE" */ -&(nid_objs[575]),/* "setct-CapTokenTBEX" */ -&(nid_objs[539]),/* "setct-CapTokenTBS" */ -&(nid_objs[560]),/* "setct-CardCInitResTBS" */ -&(nid_objs[566]),/* "setct-CertInqReqTBS" */ -&(nid_objs[563]),/* "setct-CertReqData" */ -&(nid_objs[595]),/* "setct-CertReqTBE" */ -&(nid_objs[596]),/* "setct-CertReqTBEX" */ -&(nid_objs[564]),/* "setct-CertReqTBS" */ -&(nid_objs[565]),/* "setct-CertResData" */ -&(nid_objs[597]),/* "setct-CertResTBE" */ -&(nid_objs[586]),/* "setct-CredReqTBE" */ -&(nid_objs[587]),/* "setct-CredReqTBEX" */ -&(nid_objs[550]),/* "setct-CredReqTBS" */ -&(nid_objs[551]),/* "setct-CredReqTBSX" */ -&(nid_objs[552]),/* "setct-CredResData" */ -&(nid_objs[588]),/* "setct-CredResTBE" */ -&(nid_objs[589]),/* "setct-CredRevReqTBE" */ -&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ -&(nid_objs[553]),/* "setct-CredRevReqTBS" */ -&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ -&(nid_objs[555]),/* "setct-CredRevResData" */ -&(nid_objs[591]),/* "setct-CredRevResTBE" */ -&(nid_objs[567]),/* "setct-ErrorTBS" */ -&(nid_objs[526]),/* "setct-HODInput" */ -&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ -&(nid_objs[522]),/* "setct-OIData" */ -&(nid_objs[519]),/* "setct-PANData" */ -&(nid_objs[521]),/* "setct-PANOnly" */ -&(nid_objs[520]),/* "setct-PANToken" */ -&(nid_objs[556]),/* "setct-PCertReqData" */ -&(nid_objs[557]),/* "setct-PCertResTBS" */ -&(nid_objs[523]),/* "setct-PI" */ -&(nid_objs[532]),/* "setct-PI-TBS" */ -&(nid_objs[524]),/* "setct-PIData" */ -&(nid_objs[525]),/* "setct-PIDataUnsigned" */ -&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ -&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ -&(nid_objs[531]),/* "setct-PInitResData" */ -&(nid_objs[533]),/* "setct-PResData" */ -&(nid_objs[594]),/* "setct-RegFormReqTBE" */ -&(nid_objs[562]),/* "setct-RegFormResTBS" */ -&(nid_objs[604]),/* "setext-pinAny" */ -&(nid_objs[603]),/* "setext-pinSecure" */ -&(nid_objs[605]),/* "setext-track2" */ -&(nid_objs[41]),/* "sha" */ -&(nid_objs[64]),/* "sha1" */ -&(nid_objs[115]),/* "sha1WithRSA" */ -&(nid_objs[65]),/* "sha1WithRSAEncryption" */ -&(nid_objs[675]),/* "sha224" */ -&(nid_objs[671]),/* "sha224WithRSAEncryption" */ -&(nid_objs[672]),/* "sha256" */ -&(nid_objs[668]),/* "sha256WithRSAEncryption" */ -&(nid_objs[673]),/* "sha384" */ -&(nid_objs[669]),/* "sha384WithRSAEncryption" */ -&(nid_objs[674]),/* "sha512" */ -&(nid_objs[670]),/* "sha512WithRSAEncryption" */ -&(nid_objs[42]),/* "shaWithRSAEncryption" */ -&(nid_objs[52]),/* "signingTime" */ -&(nid_objs[454]),/* "simpleSecurityObject" */ -&(nid_objs[496]),/* "singleLevelQuality" */ -&(nid_objs[16]),/* "stateOrProvinceName" */ -&(nid_objs[660]),/* "streetAddress" */ -&(nid_objs[498]),/* "subtreeMaximumQuality" */ -&(nid_objs[497]),/* "subtreeMinimumQuality" */ -&(nid_objs[100]),/* "surname" */ -&(nid_objs[459]),/* "textEncodedORAddress" */ -&(nid_objs[293]),/* "textNotice" */ -&(nid_objs[106]),/* "title" */ -&(nid_objs[682]),/* "tpBasis" */ -&(nid_objs[436]),/* "ucl" */ -&(nid_objs[ 0]),/* "undefined" */ -&(nid_objs[55]),/* "unstructuredAddress" */ -&(nid_objs[49]),/* "unstructuredName" */ -&(nid_objs[465]),/* "userClass" */ -&(nid_objs[458]),/* "userId" */ -&(nid_objs[373]),/* "valid" */ -&(nid_objs[678]),/* "wap" */ -&(nid_objs[679]),/* "wap-wsg" */ -&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ -&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ -&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ -&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ -&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ -&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ -&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ -&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ -&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ -&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ -&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ -&(nid_objs[804]),/* "whirlpool" */ -&(nid_objs[503]),/* "x500UniqueIdentifier" */ -&(nid_objs[158]),/* "x509Certificate" */ -&(nid_objs[160]),/* "x509Crl" */ -&(nid_objs[125]),/* "zlib compression" */ +static const unsigned int ln_objs[NUM_LN]={ +363, /* "AD Time Stamping" */ +405, /* "ANSI X9.62" */ +368, /* "Acceptable OCSP Responses" */ +664, /* "Any language" */ +177, /* "Authority Information Access" */ +365, /* "Basic OCSP Response" */ +285, /* "Biometric Info" */ +179, /* "CA Issuers" */ +785, /* "CA Repository" */ +131, /* "Code Signing" */ +783, /* "Diffie-Hellman based MAC" */ +382, /* "Directory" */ +392, /* "Domain" */ +132, /* "E-mail Protection" */ +389, /* "Enterprises" */ +384, /* "Experimental" */ +372, /* "Extended OCSP Status" */ +172, /* "Extension Request" */ +813, /* "GOST 28147-89" */ +849, /* "GOST 28147-89 Cryptocom ParamSet" */ +815, /* "GOST 28147-89 MAC" */ +851, /* "GOST 34.10-2001 Cryptocom" */ +850, /* "GOST 34.10-94 Cryptocom" */ +811, /* "GOST R 34.10-2001" */ +817, /* "GOST R 34.10-2001 DH" */ +812, /* "GOST R 34.10-94" */ +818, /* "GOST R 34.10-94 DH" */ +809, /* "GOST R 34.11-94" */ +816, /* "GOST R 34.11-94 PRF" */ +807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ +853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ +808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ +852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ +854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ +810, /* "HMAC GOST 34.11-94" */ +432, /* "Hold Instruction Call Issuer" */ +430, /* "Hold Instruction Code" */ +431, /* "Hold Instruction None" */ +433, /* "Hold Instruction Reject" */ +634, /* "ICC or token signature" */ +294, /* "IPSec End System" */ +295, /* "IPSec Tunnel" */ +296, /* "IPSec User" */ +182, /* "ISO Member Body" */ +183, /* "ISO US Member Body" */ +667, /* "Independent" */ +665, /* "Inherit all" */ +647, /* "International Organizations" */ +142, /* "Invalidity Date" */ +504, /* "MIME MHS" */ +388, /* "Mail" */ +383, /* "Management" */ +417, /* "Microsoft CSP Name" */ +135, /* "Microsoft Commercial Code Signing" */ +138, /* "Microsoft Encrypted File System" */ +171, /* "Microsoft Extension Request" */ +134, /* "Microsoft Individual Code Signing" */ +856, /* "Microsoft Local Key set" */ +137, /* "Microsoft Server Gated Crypto" */ +648, /* "Microsoft Smartcardlogin" */ +136, /* "Microsoft Trust List Signing" */ +649, /* "Microsoft Universal Principal Name" */ +393, /* "NULL" */ +404, /* "NULL" */ +72, /* "Netscape Base Url" */ +76, /* "Netscape CA Policy Url" */ +74, /* "Netscape CA Revocation Url" */ +71, /* "Netscape Cert Type" */ +58, /* "Netscape Certificate Extension" */ +79, /* "Netscape Certificate Sequence" */ +78, /* "Netscape Comment" */ +57, /* "Netscape Communications Corp." */ +59, /* "Netscape Data Type" */ +75, /* "Netscape Renewal Url" */ +73, /* "Netscape Revocation Url" */ +77, /* "Netscape SSL Server Name" */ +139, /* "Netscape Server Gated Crypto" */ +178, /* "OCSP" */ +370, /* "OCSP Archive Cutoff" */ +367, /* "OCSP CRL ID" */ +369, /* "OCSP No Check" */ +366, /* "OCSP Nonce" */ +371, /* "OCSP Service Locator" */ +180, /* "OCSP Signing" */ +161, /* "PBES2" */ +69, /* "PBKDF2" */ +162, /* "PBMAC1" */ +127, /* "PKIX" */ +858, /* "Permanent Identifier" */ +164, /* "Policy Qualifier CPS" */ +165, /* "Policy Qualifier User Notice" */ +385, /* "Private" */ +663, /* "Proxy Certificate Information" */ + 1, /* "RSA Data Security, Inc." */ + 2, /* "RSA Data Security, Inc. PKCS" */ +188, /* "S/MIME" */ +167, /* "S/MIME Capabilities" */ +387, /* "SNMPv2" */ +512, /* "Secure Electronic Transactions" */ +386, /* "Security" */ +394, /* "Selected Attribute Types" */ +143, /* "Strong Extranet ID" */ +398, /* "Subject Information Access" */ +130, /* "TLS Web Client Authentication" */ +129, /* "TLS Web Server Authentication" */ +133, /* "Time Stamping" */ +375, /* "Trust Root" */ +12, /* "X509" */ +402, /* "X509v3 AC Targeting" */ +746, /* "X509v3 Any Policy" */ +90, /* "X509v3 Authority Key Identifier" */ +87, /* "X509v3 Basic Constraints" */ +103, /* "X509v3 CRL Distribution Points" */ +88, /* "X509v3 CRL Number" */ +141, /* "X509v3 CRL Reason Code" */ +771, /* "X509v3 Certificate Issuer" */ +89, /* "X509v3 Certificate Policies" */ +140, /* "X509v3 Delta CRL Indicator" */ +126, /* "X509v3 Extended Key Usage" */ +857, /* "X509v3 Freshest CRL" */ +748, /* "X509v3 Inhibit Any Policy" */ +86, /* "X509v3 Issuer Alternative Name" */ +770, /* "X509v3 Issuing Distrubution Point" */ +83, /* "X509v3 Key Usage" */ +666, /* "X509v3 Name Constraints" */ +403, /* "X509v3 No Revocation Available" */ +401, /* "X509v3 Policy Constraints" */ +747, /* "X509v3 Policy Mappings" */ +84, /* "X509v3 Private Key Usage Period" */ +85, /* "X509v3 Subject Alternative Name" */ +769, /* "X509v3 Subject Directory Attributes" */ +82, /* "X509v3 Subject Key Identifier" */ +184, /* "X9.57" */ +185, /* "X9.57 CM ?" */ +478, /* "aRecord" */ +289, /* "aaControls" */ +287, /* "ac-auditEntity" */ +397, /* "ac-proxying" */ +288, /* "ac-targeting" */ +446, /* "account" */ +364, /* "ad dvcs" */ +606, /* "additional verification" */ +419, /* "aes-128-cbc" */ +421, /* "aes-128-cfb" */ +650, /* "aes-128-cfb1" */ +653, /* "aes-128-cfb8" */ +418, /* "aes-128-ecb" */ +420, /* "aes-128-ofb" */ +423, /* "aes-192-cbc" */ +425, /* "aes-192-cfb" */ +651, /* "aes-192-cfb1" */ +654, /* "aes-192-cfb8" */ +422, /* "aes-192-ecb" */ +424, /* "aes-192-ofb" */ +427, /* "aes-256-cbc" */ +429, /* "aes-256-cfb" */ +652, /* "aes-256-cfb1" */ +655, /* "aes-256-cfb8" */ +426, /* "aes-256-ecb" */ +428, /* "aes-256-ofb" */ +376, /* "algorithm" */ +484, /* "associatedDomain" */ +485, /* "associatedName" */ +501, /* "audio" */ +882, /* "authorityRevocationList" */ +91, /* "bf-cbc" */ +93, /* "bf-cfb" */ +92, /* "bf-ecb" */ +94, /* "bf-ofb" */ +494, /* "buildingName" */ +860, /* "businessCategory" */ +691, /* "c2onb191v4" */ +692, /* "c2onb191v5" */ +697, /* "c2onb239v4" */ +698, /* "c2onb239v5" */ +684, /* "c2pnb163v1" */ +685, /* "c2pnb163v2" */ +686, /* "c2pnb163v3" */ +687, /* "c2pnb176v1" */ +693, /* "c2pnb208w1" */ +699, /* "c2pnb272w1" */ +700, /* "c2pnb304w1" */ +702, /* "c2pnb368w1" */ +688, /* "c2tnb191v1" */ +689, /* "c2tnb191v2" */ +690, /* "c2tnb191v3" */ +694, /* "c2tnb239v1" */ +695, /* "c2tnb239v2" */ +696, /* "c2tnb239v3" */ +701, /* "c2tnb359v1" */ +703, /* "c2tnb431r1" */ +881, /* "cACertificate" */ +483, /* "cNAMERecord" */ +751, /* "camellia-128-cbc" */ +757, /* "camellia-128-cfb" */ +760, /* "camellia-128-cfb1" */ +763, /* "camellia-128-cfb8" */ +754, /* "camellia-128-ecb" */ +766, /* "camellia-128-ofb" */ +752, /* "camellia-192-cbc" */ +758, /* "camellia-192-cfb" */ +761, /* "camellia-192-cfb1" */ +764, /* "camellia-192-cfb8" */ +755, /* "camellia-192-ecb" */ +767, /* "camellia-192-ofb" */ +753, /* "camellia-256-cbc" */ +759, /* "camellia-256-cfb" */ +762, /* "camellia-256-cfb1" */ +765, /* "camellia-256-cfb8" */ +756, /* "camellia-256-ecb" */ +768, /* "camellia-256-ofb" */ +443, /* "caseIgnoreIA5StringSyntax" */ +108, /* "cast5-cbc" */ +110, /* "cast5-cfb" */ +109, /* "cast5-ecb" */ +111, /* "cast5-ofb" */ +152, /* "certBag" */ +677, /* "certicom-arc" */ +517, /* "certificate extensions" */ +883, /* "certificateRevocationList" */ +54, /* "challengePassword" */ +407, /* "characteristic-two-field" */ +395, /* "clearance" */ +633, /* "cleartext track 2" */ +13, /* "commonName" */ +513, /* "content types" */ +50, /* "contentType" */ +53, /* "countersignature" */ +14, /* "countryName" */ +153, /* "crlBag" */ +884, /* "crossCertificatePair" */ +806, /* "cryptocom" */ +805, /* "cryptopro" */ +500, /* "dITRedirect" */ +451, /* "dNSDomain" */ +495, /* "dSAQuality" */ +434, /* "data" */ +390, /* "dcObject" */ +891, /* "deltaRevocationList" */ +31, /* "des-cbc" */ +643, /* "des-cdmf" */ +30, /* "des-cfb" */ +656, /* "des-cfb1" */ +657, /* "des-cfb8" */ +29, /* "des-ecb" */ +32, /* "des-ede" */ +43, /* "des-ede-cbc" */ +60, /* "des-ede-cfb" */ +62, /* "des-ede-ofb" */ +33, /* "des-ede3" */ +44, /* "des-ede3-cbc" */ +61, /* "des-ede3-cfb" */ +658, /* "des-ede3-cfb1" */ +659, /* "des-ede3-cfb8" */ +63, /* "des-ede3-ofb" */ +45, /* "des-ofb" */ +107, /* "description" */ +871, /* "destinationIndicator" */ +80, /* "desx-cbc" */ +28, /* "dhKeyAgreement" */ +11, /* "directory services (X.500)" */ +378, /* "directory services - algorithms" */ +887, /* "distinguishedName" */ +892, /* "dmdName" */ +174, /* "dnQualifier" */ +447, /* "document" */ +471, /* "documentAuthor" */ +468, /* "documentIdentifier" */ +472, /* "documentLocation" */ +502, /* "documentPublisher" */ +449, /* "documentSeries" */ +469, /* "documentTitle" */ +470, /* "documentVersion" */ +380, /* "dod" */ +391, /* "domainComponent" */ +452, /* "domainRelatedObject" */ +116, /* "dsaEncryption" */ +67, /* "dsaEncryption-old" */ +66, /* "dsaWithSHA" */ +113, /* "dsaWithSHA1" */ +70, /* "dsaWithSHA1-old" */ +802, /* "dsa_with_SHA224" */ +803, /* "dsa_with_SHA256" */ +297, /* "dvcs" */ +791, /* "ecdsa-with-Recommended" */ +416, /* "ecdsa-with-SHA1" */ +793, /* "ecdsa-with-SHA224" */ +794, /* "ecdsa-with-SHA256" */ +795, /* "ecdsa-with-SHA384" */ +796, /* "ecdsa-with-SHA512" */ +792, /* "ecdsa-with-Specified" */ +48, /* "emailAddress" */ +632, /* "encrypted track 2" */ +885, /* "enhancedSearchGuide" */ +56, /* "extendedCertificateAttributes" */ +867, /* "facsimileTelephoneNumber" */ +462, /* "favouriteDrink" */ +453, /* "friendlyCountry" */ +490, /* "friendlyCountryName" */ +156, /* "friendlyName" */ +631, /* "generate cryptogram" */ +509, /* "generationQualifier" */ +601, /* "generic cryptogram" */ +99, /* "givenName" */ +814, /* "gost89-cnt" */ +855, /* "hmac" */ +780, /* "hmac-md5" */ +781, /* "hmac-sha1" */ +797, /* "hmacWithMD5" */ +163, /* "hmacWithSHA1" */ +798, /* "hmacWithSHA224" */ +799, /* "hmacWithSHA256" */ +800, /* "hmacWithSHA384" */ +801, /* "hmacWithSHA512" */ +486, /* "homePostalAddress" */ +473, /* "homeTelephoneNumber" */ +466, /* "host" */ +889, /* "houseIdentifier" */ +442, /* "iA5StringSyntax" */ +381, /* "iana" */ +824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +820, /* "id-Gost28147-89-None-KeyMeshing" */ +823, /* "id-Gost28147-89-TestParamSet" */ +840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +839, /* "id-GostR3410-2001-TestParamSet" */ +832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +831, /* "id-GostR3410-94-TestParamSet" */ +845, /* "id-GostR3410-94-a" */ +846, /* "id-GostR3410-94-aBis" */ +847, /* "id-GostR3410-94-b" */ +848, /* "id-GostR3410-94-bBis" */ +822, /* "id-GostR3411-94-CryptoProParamSet" */ +821, /* "id-GostR3411-94-TestParamSet" */ +266, /* "id-aca" */ +355, /* "id-aca-accessIdentity" */ +354, /* "id-aca-authenticationInfo" */ +356, /* "id-aca-chargingIdentity" */ +399, /* "id-aca-encAttrs" */ +357, /* "id-aca-group" */ +358, /* "id-aca-role" */ +176, /* "id-ad" */ +788, /* "id-aes128-wrap" */ +789, /* "id-aes192-wrap" */ +790, /* "id-aes256-wrap" */ +262, /* "id-alg" */ +323, /* "id-alg-des40" */ +326, /* "id-alg-dh-pop" */ +325, /* "id-alg-dh-sig-hmac-sha1" */ +324, /* "id-alg-noSignature" */ +268, /* "id-cct" */ +361, /* "id-cct-PKIData" */ +362, /* "id-cct-PKIResponse" */ +360, /* "id-cct-crs" */ +81, /* "id-ce" */ +680, /* "id-characteristic-two-basis" */ +263, /* "id-cmc" */ +334, /* "id-cmc-addExtensions" */ +346, /* "id-cmc-confirmCertAcceptance" */ +330, /* "id-cmc-dataReturn" */ +336, /* "id-cmc-decryptedPOP" */ +335, /* "id-cmc-encryptedPOP" */ +339, /* "id-cmc-getCRL" */ +338, /* "id-cmc-getCert" */ +328, /* "id-cmc-identification" */ +329, /* "id-cmc-identityProof" */ +337, /* "id-cmc-lraPOPWitness" */ +344, /* "id-cmc-popLinkRandom" */ +345, /* "id-cmc-popLinkWitness" */ +343, /* "id-cmc-queryPending" */ +333, /* "id-cmc-recipientNonce" */ +341, /* "id-cmc-regInfo" */ +342, /* "id-cmc-responseInfo" */ +340, /* "id-cmc-revokeRequest" */ +332, /* "id-cmc-senderNonce" */ +327, /* "id-cmc-statusInfo" */ +331, /* "id-cmc-transactionId" */ +787, /* "id-ct-asciiTextWithCRLF" */ +408, /* "id-ecPublicKey" */ +508, /* "id-hex-multipart-message" */ +507, /* "id-hex-partial-message" */ +260, /* "id-it" */ +302, /* "id-it-caKeyUpdateInfo" */ +298, /* "id-it-caProtEncCert" */ +311, /* "id-it-confirmWaitTime" */ +303, /* "id-it-currentCRL" */ +300, /* "id-it-encKeyPairTypes" */ +310, /* "id-it-implicitConfirm" */ +308, /* "id-it-keyPairParamRep" */ +307, /* "id-it-keyPairParamReq" */ +312, /* "id-it-origPKIMessage" */ +301, /* "id-it-preferredSymmAlg" */ +309, /* "id-it-revPassphrase" */ +299, /* "id-it-signKeyPairTypes" */ +305, /* "id-it-subscriptionRequest" */ +306, /* "id-it-subscriptionResponse" */ +784, /* "id-it-suppLangTags" */ +304, /* "id-it-unsupportedOIDs" */ +128, /* "id-kp" */ +280, /* "id-mod-attribute-cert" */ +274, /* "id-mod-cmc" */ +277, /* "id-mod-cmp" */ +284, /* "id-mod-cmp2000" */ +273, /* "id-mod-crmf" */ +283, /* "id-mod-dvcs" */ +275, /* "id-mod-kea-profile-88" */ +276, /* "id-mod-kea-profile-93" */ +282, /* "id-mod-ocsp" */ +278, /* "id-mod-qualified-cert-88" */ +279, /* "id-mod-qualified-cert-93" */ +281, /* "id-mod-timestamp-protocol" */ +264, /* "id-on" */ +347, /* "id-on-personalData" */ +265, /* "id-pda" */ +352, /* "id-pda-countryOfCitizenship" */ +353, /* "id-pda-countryOfResidence" */ +348, /* "id-pda-dateOfBirth" */ +351, /* "id-pda-gender" */ +349, /* "id-pda-placeOfBirth" */ +175, /* "id-pe" */ +261, /* "id-pkip" */ +258, /* "id-pkix-mod" */ +269, /* "id-pkix1-explicit-88" */ +271, /* "id-pkix1-explicit-93" */ +270, /* "id-pkix1-implicit-88" */ +272, /* "id-pkix1-implicit-93" */ +662, /* "id-ppl" */ +267, /* "id-qcs" */ +359, /* "id-qcs-pkixQCSyntax-v1" */ +259, /* "id-qt" */ +313, /* "id-regCtrl" */ +316, /* "id-regCtrl-authenticator" */ +319, /* "id-regCtrl-oldCertID" */ +318, /* "id-regCtrl-pkiArchiveOptions" */ +317, /* "id-regCtrl-pkiPublicationInfo" */ +320, /* "id-regCtrl-protocolEncrKey" */ +315, /* "id-regCtrl-regToken" */ +314, /* "id-regInfo" */ +322, /* "id-regInfo-certReq" */ +321, /* "id-regInfo-utf8Pairs" */ +191, /* "id-smime-aa" */ +215, /* "id-smime-aa-contentHint" */ +218, /* "id-smime-aa-contentIdentifier" */ +221, /* "id-smime-aa-contentReference" */ +240, /* "id-smime-aa-dvcs-dvc" */ +217, /* "id-smime-aa-encapContentType" */ +222, /* "id-smime-aa-encrypKeyPref" */ +220, /* "id-smime-aa-equivalentLabels" */ +232, /* "id-smime-aa-ets-CertificateRefs" */ +233, /* "id-smime-aa-ets-RevocationRefs" */ +238, /* "id-smime-aa-ets-archiveTimeStamp" */ +237, /* "id-smime-aa-ets-certCRLTimestamp" */ +234, /* "id-smime-aa-ets-certValues" */ +227, /* "id-smime-aa-ets-commitmentType" */ +231, /* "id-smime-aa-ets-contentTimestamp" */ +236, /* "id-smime-aa-ets-escTimeStamp" */ +230, /* "id-smime-aa-ets-otherSigCert" */ +235, /* "id-smime-aa-ets-revocationValues" */ +226, /* "id-smime-aa-ets-sigPolicyId" */ +229, /* "id-smime-aa-ets-signerAttr" */ +228, /* "id-smime-aa-ets-signerLocation" */ +219, /* "id-smime-aa-macValue" */ +214, /* "id-smime-aa-mlExpandHistory" */ +216, /* "id-smime-aa-msgSigDigest" */ +212, /* "id-smime-aa-receiptRequest" */ +213, /* "id-smime-aa-securityLabel" */ +239, /* "id-smime-aa-signatureType" */ +223, /* "id-smime-aa-signingCertificate" */ +224, /* "id-smime-aa-smimeEncryptCerts" */ +225, /* "id-smime-aa-timeStampToken" */ +192, /* "id-smime-alg" */ +243, /* "id-smime-alg-3DESwrap" */ +246, /* "id-smime-alg-CMS3DESwrap" */ +247, /* "id-smime-alg-CMSRC2wrap" */ +245, /* "id-smime-alg-ESDH" */ +241, /* "id-smime-alg-ESDHwith3DES" */ +242, /* "id-smime-alg-ESDHwithRC2" */ +244, /* "id-smime-alg-RC2wrap" */ +193, /* "id-smime-cd" */ +248, /* "id-smime-cd-ldap" */ +190, /* "id-smime-ct" */ +210, /* "id-smime-ct-DVCSRequestData" */ +211, /* "id-smime-ct-DVCSResponseData" */ +208, /* "id-smime-ct-TDTInfo" */ +207, /* "id-smime-ct-TSTInfo" */ +205, /* "id-smime-ct-authData" */ +786, /* "id-smime-ct-compressedData" */ +209, /* "id-smime-ct-contentInfo" */ +206, /* "id-smime-ct-publishCert" */ +204, /* "id-smime-ct-receipt" */ +195, /* "id-smime-cti" */ +255, /* "id-smime-cti-ets-proofOfApproval" */ +256, /* "id-smime-cti-ets-proofOfCreation" */ +253, /* "id-smime-cti-ets-proofOfDelivery" */ +251, /* "id-smime-cti-ets-proofOfOrigin" */ +252, /* "id-smime-cti-ets-proofOfReceipt" */ +254, /* "id-smime-cti-ets-proofOfSender" */ +189, /* "id-smime-mod" */ +196, /* "id-smime-mod-cms" */ +197, /* "id-smime-mod-ess" */ +202, /* "id-smime-mod-ets-eSigPolicy-88" */ +203, /* "id-smime-mod-ets-eSigPolicy-97" */ +200, /* "id-smime-mod-ets-eSignature-88" */ +201, /* "id-smime-mod-ets-eSignature-97" */ +199, /* "id-smime-mod-msg-v3" */ +198, /* "id-smime-mod-oid" */ +194, /* "id-smime-spq" */ +250, /* "id-smime-spq-ets-sqt-unotice" */ +249, /* "id-smime-spq-ets-sqt-uri" */ +34, /* "idea-cbc" */ +35, /* "idea-cfb" */ +36, /* "idea-ecb" */ +46, /* "idea-ofb" */ +676, /* "identified-organization" */ +461, /* "info" */ +101, /* "initials" */ +869, /* "internationaliSDNNumber" */ +749, /* "ipsec3" */ +750, /* "ipsec4" */ +181, /* "iso" */ +623, /* "issuer capabilities" */ +645, /* "itu-t" */ +492, /* "janetMailbox" */ +646, /* "joint-iso-itu-t" */ +150, /* "keyBag" */ +773, /* "kisa" */ +477, /* "lastModifiedBy" */ +476, /* "lastModifiedTime" */ +157, /* "localKeyID" */ +15, /* "localityName" */ +480, /* "mXRecord" */ +493, /* "mailPreferenceOption" */ +467, /* "manager" */ + 3, /* "md2" */ + 7, /* "md2WithRSAEncryption" */ +257, /* "md4" */ +396, /* "md4WithRSAEncryption" */ + 4, /* "md5" */ +114, /* "md5-sha1" */ +104, /* "md5WithRSA" */ + 8, /* "md5WithRSAEncryption" */ +95, /* "mdc2" */ +96, /* "mdc2WithRSA" */ +875, /* "member" */ +602, /* "merchant initiated auth" */ +514, /* "message extensions" */ +51, /* "messageDigest" */ +506, /* "mime-mhs-bodies" */ +505, /* "mime-mhs-headings" */ +488, /* "mobileTelephoneNumber" */ +481, /* "nSRecord" */ +173, /* "name" */ +681, /* "onBasis" */ +379, /* "org" */ +17, /* "organizationName" */ +491, /* "organizationalStatus" */ +18, /* "organizationalUnitName" */ +475, /* "otherMailbox" */ +876, /* "owner" */ +489, /* "pagerTelephoneNumber" */ +782, /* "password based MAC" */ +374, /* "path" */ +621, /* "payment gateway capabilities" */ + 9, /* "pbeWithMD2AndDES-CBC" */ +168, /* "pbeWithMD2AndRC2-CBC" */ +112, /* "pbeWithMD5AndCast5CBC" */ +10, /* "pbeWithMD5AndDES-CBC" */ +169, /* "pbeWithMD5AndRC2-CBC" */ +148, /* "pbeWithSHA1And128BitRC2-CBC" */ +144, /* "pbeWithSHA1And128BitRC4" */ +147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ +146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ +149, /* "pbeWithSHA1And40BitRC2-CBC" */ +145, /* "pbeWithSHA1And40BitRC4" */ +170, /* "pbeWithSHA1AndDES-CBC" */ +68, /* "pbeWithSHA1AndRC2-CBC" */ +499, /* "personalSignature" */ +487, /* "personalTitle" */ +464, /* "photo" */ +863, /* "physicalDeliveryOfficeName" */ +437, /* "pilot" */ +439, /* "pilotAttributeSyntax" */ +438, /* "pilotAttributeType" */ +479, /* "pilotAttributeType27" */ +456, /* "pilotDSA" */ +441, /* "pilotGroups" */ +444, /* "pilotObject" */ +440, /* "pilotObjectClass" */ +455, /* "pilotOrganization" */ +445, /* "pilotPerson" */ +186, /* "pkcs1" */ +27, /* "pkcs3" */ +187, /* "pkcs5" */ +20, /* "pkcs7" */ +21, /* "pkcs7-data" */ +25, /* "pkcs7-digestData" */ +26, /* "pkcs7-encryptedData" */ +23, /* "pkcs7-envelopedData" */ +24, /* "pkcs7-signedAndEnvelopedData" */ +22, /* "pkcs7-signedData" */ +151, /* "pkcs8ShroudedKeyBag" */ +47, /* "pkcs9" */ +862, /* "postOfficeBox" */ +861, /* "postalAddress" */ +661, /* "postalCode" */ +683, /* "ppBasis" */ +872, /* "preferredDeliveryMethod" */ +873, /* "presentationAddress" */ +406, /* "prime-field" */ +409, /* "prime192v1" */ +410, /* "prime192v2" */ +411, /* "prime192v3" */ +412, /* "prime239v1" */ +413, /* "prime239v2" */ +414, /* "prime239v3" */ +415, /* "prime256v1" */ +886, /* "protocolInformation" */ +510, /* "pseudonym" */ +435, /* "pss" */ +286, /* "qcStatements" */ +457, /* "qualityLabelledData" */ +450, /* "rFC822localPart" */ +98, /* "rc2-40-cbc" */ +166, /* "rc2-64-cbc" */ +37, /* "rc2-cbc" */ +39, /* "rc2-cfb" */ +38, /* "rc2-ecb" */ +40, /* "rc2-ofb" */ + 5, /* "rc4" */ +97, /* "rc4-40" */ +120, /* "rc5-cbc" */ +122, /* "rc5-cfb" */ +121, /* "rc5-ecb" */ +123, /* "rc5-ofb" */ +870, /* "registeredAddress" */ +460, /* "rfc822Mailbox" */ +117, /* "ripemd160" */ +119, /* "ripemd160WithRSA" */ +400, /* "role" */ +877, /* "roleOccupant" */ +448, /* "room" */ +463, /* "roomNumber" */ +19, /* "rsa" */ + 6, /* "rsaEncryption" */ +644, /* "rsaOAEPEncryptionSET" */ +377, /* "rsaSignature" */ +124, /* "run length compression" */ +482, /* "sOARecord" */ +155, /* "safeContentsBag" */ +291, /* "sbgp-autonomousSysNum" */ +290, /* "sbgp-ipAddrBlock" */ +292, /* "sbgp-routerIdentifier" */ +159, /* "sdsiCertificate" */ +859, /* "searchGuide" */ +704, /* "secp112r1" */ +705, /* "secp112r2" */ +706, /* "secp128r1" */ +707, /* "secp128r2" */ +708, /* "secp160k1" */ +709, /* "secp160r1" */ +710, /* "secp160r2" */ +711, /* "secp192k1" */ +712, /* "secp224k1" */ +713, /* "secp224r1" */ +714, /* "secp256k1" */ +715, /* "secp384r1" */ +716, /* "secp521r1" */ +154, /* "secretBag" */ +474, /* "secretary" */ +717, /* "sect113r1" */ +718, /* "sect113r2" */ +719, /* "sect131r1" */ +720, /* "sect131r2" */ +721, /* "sect163k1" */ +722, /* "sect163r1" */ +723, /* "sect163r2" */ +724, /* "sect193r1" */ +725, /* "sect193r2" */ +726, /* "sect233k1" */ +727, /* "sect233r1" */ +728, /* "sect239k1" */ +729, /* "sect283k1" */ +730, /* "sect283r1" */ +731, /* "sect409k1" */ +732, /* "sect409r1" */ +733, /* "sect571k1" */ +734, /* "sect571r1" */ +635, /* "secure device signature" */ +878, /* "seeAlso" */ +777, /* "seed-cbc" */ +779, /* "seed-cfb" */ +776, /* "seed-ecb" */ +778, /* "seed-ofb" */ +105, /* "serialNumber" */ +625, /* "set-addPolicy" */ +515, /* "set-attr" */ +518, /* "set-brand" */ +638, /* "set-brand-AmericanExpress" */ +637, /* "set-brand-Diners" */ +636, /* "set-brand-IATA-ATA" */ +639, /* "set-brand-JCB" */ +641, /* "set-brand-MasterCard" */ +642, /* "set-brand-Novus" */ +640, /* "set-brand-Visa" */ +516, /* "set-policy" */ +607, /* "set-policy-root" */ +624, /* "set-rootKeyThumb" */ +620, /* "setAttr-Cert" */ +628, /* "setAttr-IssCap-CVM" */ +630, /* "setAttr-IssCap-Sig" */ +629, /* "setAttr-IssCap-T2" */ +627, /* "setAttr-Token-B0Prime" */ +626, /* "setAttr-Token-EMV" */ +622, /* "setAttr-TokenType" */ +619, /* "setCext-IssuerCapabilities" */ +615, /* "setCext-PGWYcapabilities" */ +616, /* "setCext-TokenIdentifier" */ +618, /* "setCext-TokenType" */ +617, /* "setCext-Track2Data" */ +611, /* "setCext-cCertRequired" */ +609, /* "setCext-certType" */ +608, /* "setCext-hashedRoot" */ +610, /* "setCext-merchData" */ +613, /* "setCext-setExt" */ +614, /* "setCext-setQualf" */ +612, /* "setCext-tunneling" */ +540, /* "setct-AcqCardCodeMsg" */ +576, /* "setct-AcqCardCodeMsgTBE" */ +570, /* "setct-AuthReqTBE" */ +534, /* "setct-AuthReqTBS" */ +527, /* "setct-AuthResBaggage" */ +571, /* "setct-AuthResTBE" */ +572, /* "setct-AuthResTBEX" */ +535, /* "setct-AuthResTBS" */ +536, /* "setct-AuthResTBSX" */ +528, /* "setct-AuthRevReqBaggage" */ +577, /* "setct-AuthRevReqTBE" */ +541, /* "setct-AuthRevReqTBS" */ +529, /* "setct-AuthRevResBaggage" */ +542, /* "setct-AuthRevResData" */ +578, /* "setct-AuthRevResTBE" */ +579, /* "setct-AuthRevResTBEB" */ +543, /* "setct-AuthRevResTBS" */ +573, /* "setct-AuthTokenTBE" */ +537, /* "setct-AuthTokenTBS" */ +600, /* "setct-BCIDistributionTBS" */ +558, /* "setct-BatchAdminReqData" */ +592, /* "setct-BatchAdminReqTBE" */ +559, /* "setct-BatchAdminResData" */ +593, /* "setct-BatchAdminResTBE" */ +599, /* "setct-CRLNotificationResTBS" */ +598, /* "setct-CRLNotificationTBS" */ +580, /* "setct-CapReqTBE" */ +581, /* "setct-CapReqTBEX" */ +544, /* "setct-CapReqTBS" */ +545, /* "setct-CapReqTBSX" */ +546, /* "setct-CapResData" */ +582, /* "setct-CapResTBE" */ +583, /* "setct-CapRevReqTBE" */ +584, /* "setct-CapRevReqTBEX" */ +547, /* "setct-CapRevReqTBS" */ +548, /* "setct-CapRevReqTBSX" */ +549, /* "setct-CapRevResData" */ +585, /* "setct-CapRevResTBE" */ +538, /* "setct-CapTokenData" */ +530, /* "setct-CapTokenSeq" */ +574, /* "setct-CapTokenTBE" */ +575, /* "setct-CapTokenTBEX" */ +539, /* "setct-CapTokenTBS" */ +560, /* "setct-CardCInitResTBS" */ +566, /* "setct-CertInqReqTBS" */ +563, /* "setct-CertReqData" */ +595, /* "setct-CertReqTBE" */ +596, /* "setct-CertReqTBEX" */ +564, /* "setct-CertReqTBS" */ +565, /* "setct-CertResData" */ +597, /* "setct-CertResTBE" */ +586, /* "setct-CredReqTBE" */ +587, /* "setct-CredReqTBEX" */ +550, /* "setct-CredReqTBS" */ +551, /* "setct-CredReqTBSX" */ +552, /* "setct-CredResData" */ +588, /* "setct-CredResTBE" */ +589, /* "setct-CredRevReqTBE" */ +590, /* "setct-CredRevReqTBEX" */ +553, /* "setct-CredRevReqTBS" */ +554, /* "setct-CredRevReqTBSX" */ +555, /* "setct-CredRevResData" */ +591, /* "setct-CredRevResTBE" */ +567, /* "setct-ErrorTBS" */ +526, /* "setct-HODInput" */ +561, /* "setct-MeAqCInitResTBS" */ +522, /* "setct-OIData" */ +519, /* "setct-PANData" */ +521, /* "setct-PANOnly" */ +520, /* "setct-PANToken" */ +556, /* "setct-PCertReqData" */ +557, /* "setct-PCertResTBS" */ +523, /* "setct-PI" */ +532, /* "setct-PI-TBS" */ +524, /* "setct-PIData" */ +525, /* "setct-PIDataUnsigned" */ +568, /* "setct-PIDualSignedTBE" */ +569, /* "setct-PIUnsignedTBE" */ +531, /* "setct-PInitResData" */ +533, /* "setct-PResData" */ +594, /* "setct-RegFormReqTBE" */ +562, /* "setct-RegFormResTBS" */ +604, /* "setext-pinAny" */ +603, /* "setext-pinSecure" */ +605, /* "setext-track2" */ +41, /* "sha" */ +64, /* "sha1" */ +115, /* "sha1WithRSA" */ +65, /* "sha1WithRSAEncryption" */ +675, /* "sha224" */ +671, /* "sha224WithRSAEncryption" */ +672, /* "sha256" */ +668, /* "sha256WithRSAEncryption" */ +673, /* "sha384" */ +669, /* "sha384WithRSAEncryption" */ +674, /* "sha512" */ +670, /* "sha512WithRSAEncryption" */ +42, /* "shaWithRSAEncryption" */ +52, /* "signingTime" */ +454, /* "simpleSecurityObject" */ +496, /* "singleLevelQuality" */ +16, /* "stateOrProvinceName" */ +660, /* "streetAddress" */ +498, /* "subtreeMaximumQuality" */ +497, /* "subtreeMinimumQuality" */ +890, /* "supportedAlgorithms" */ +874, /* "supportedApplicationContext" */ +100, /* "surname" */ +864, /* "telephoneNumber" */ +866, /* "teletexTerminalIdentifier" */ +865, /* "telexNumber" */ +459, /* "textEncodedORAddress" */ +293, /* "textNotice" */ +106, /* "title" */ +682, /* "tpBasis" */ +436, /* "ucl" */ + 0, /* "undefined" */ +888, /* "uniqueMember" */ +55, /* "unstructuredAddress" */ +49, /* "unstructuredName" */ +880, /* "userCertificate" */ +465, /* "userClass" */ +458, /* "userId" */ +879, /* "userPassword" */ +373, /* "valid" */ +678, /* "wap" */ +679, /* "wap-wsg" */ +735, /* "wap-wsg-idm-ecid-wtls1" */ +743, /* "wap-wsg-idm-ecid-wtls10" */ +744, /* "wap-wsg-idm-ecid-wtls11" */ +745, /* "wap-wsg-idm-ecid-wtls12" */ +736, /* "wap-wsg-idm-ecid-wtls3" */ +737, /* "wap-wsg-idm-ecid-wtls4" */ +738, /* "wap-wsg-idm-ecid-wtls5" */ +739, /* "wap-wsg-idm-ecid-wtls6" */ +740, /* "wap-wsg-idm-ecid-wtls7" */ +741, /* "wap-wsg-idm-ecid-wtls8" */ +742, /* "wap-wsg-idm-ecid-wtls9" */ +804, /* "whirlpool" */ +868, /* "x121Address" */ +503, /* "x500UniqueIdentifier" */ +158, /* "x509Certificate" */ +160, /* "x509Crl" */ +125, /* "zlib compression" */ }; -static ASN1_OBJECT *obj_objs[NUM_OBJ]={ -&(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ -&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ -&(nid_objs[645]),/* OBJ_itu_t 0 */ -&(nid_objs[434]),/* OBJ_data 0 9 */ -&(nid_objs[181]),/* OBJ_iso 1 */ -&(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[379]),/* OBJ_org 1 3 */ -&(nid_objs[676]),/* OBJ_identified_organization 1 3 */ -&(nid_objs[646]),/* OBJ_joint_iso_itu_t 2 */ -&(nid_objs[11]),/* OBJ_X500 2 5 */ -&(nid_objs[647]),/* OBJ_international_organizations 2 23 */ -&(nid_objs[380]),/* OBJ_dod 1 3 6 */ -&(nid_objs[12]),/* OBJ_X509 2 5 4 */ -&(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ -&(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ -&(nid_objs[512]),/* OBJ_id_set 2 23 42 */ -&(nid_objs[678]),/* OBJ_wap 2 23 43 */ -&(nid_objs[435]),/* OBJ_pss 0 9 2342 */ -&(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ -&(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ -&(nid_objs[677]),/* OBJ_certicom_arc 1 3 132 */ -&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ -&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ -&(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ -&(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */ -&(nid_objs[14]),/* OBJ_countryName 2 5 4 6 */ -&(nid_objs[15]),/* OBJ_localityName 2 5 4 7 */ -&(nid_objs[16]),/* OBJ_stateOrProvinceName 2 5 4 8 */ -&(nid_objs[660]),/* OBJ_streetAddress 2 5 4 9 */ -&(nid_objs[17]),/* OBJ_organizationName 2 5 4 10 */ -&(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ -&(nid_objs[106]),/* OBJ_title 2 5 4 12 */ -&(nid_objs[107]),/* OBJ_description 2 5 4 13 */ -&(nid_objs[661]),/* OBJ_postalCode 2 5 4 17 */ -&(nid_objs[173]),/* OBJ_name 2 5 4 41 */ -&(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ -&(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ -&(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ -&(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ -&(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ -&(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ -&(nid_objs[400]),/* OBJ_role 2 5 4 72 */ -&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */ -&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ -&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ -&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */ -&(nid_objs[85]),/* OBJ_subject_alt_name 2 5 29 17 */ -&(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */ -&(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */ -&(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */ -&(nid_objs[141]),/* OBJ_crl_reason 2 5 29 21 */ -&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ -&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ -&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ -&(nid_objs[770]),/* OBJ_issuing_distribution_point 2 5 29 28 */ -&(nid_objs[771]),/* OBJ_certificate_issuer 2 5 29 29 */ -&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */ -&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ -&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ -&(nid_objs[747]),/* OBJ_policy_mappings 2 5 29 33 */ -&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ -&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ -&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ -&(nid_objs[857]),/* OBJ_freshest_crl 2 5 29 46 */ -&(nid_objs[748]),/* OBJ_inhibit_any_policy 2 5 29 54 */ -&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ -&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ -&(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ -&(nid_objs[514]),/* OBJ_set_msgExt 2 23 42 1 */ -&(nid_objs[515]),/* OBJ_set_attr 2 23 42 3 */ -&(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ -&(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ -&(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ -&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 13 */ -&(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ -&(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ -&(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ -&(nid_objs[385]),/* OBJ_Private 1 3 6 1 4 */ -&(nid_objs[386]),/* OBJ_Security 1 3 6 1 5 */ -&(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */ -&(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */ -&(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */ -&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */ -&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ -&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ -&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ -&(nid_objs[746]),/* OBJ_any_policy 2 5 29 32 0 */ -&(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ -&(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ -&(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ -&(nid_objs[522]),/* OBJ_setct_OIData 2 23 42 0 3 */ -&(nid_objs[523]),/* OBJ_setct_PI 2 23 42 0 4 */ -&(nid_objs[524]),/* OBJ_setct_PIData 2 23 42 0 5 */ -&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ -&(nid_objs[526]),/* OBJ_setct_HODInput 2 23 42 0 7 */ -&(nid_objs[527]),/* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ -&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ -&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ -&(nid_objs[530]),/* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ -&(nid_objs[531]),/* OBJ_setct_PInitResData 2 23 42 0 12 */ -&(nid_objs[532]),/* OBJ_setct_PI_TBS 2 23 42 0 13 */ -&(nid_objs[533]),/* OBJ_setct_PResData 2 23 42 0 14 */ -&(nid_objs[534]),/* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ -&(nid_objs[535]),/* OBJ_setct_AuthResTBS 2 23 42 0 17 */ -&(nid_objs[536]),/* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ -&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ -&(nid_objs[538]),/* OBJ_setct_CapTokenData 2 23 42 0 20 */ -&(nid_objs[539]),/* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ -&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ -&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ -&(nid_objs[542]),/* OBJ_setct_AuthRevResData 2 23 42 0 24 */ -&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ -&(nid_objs[544]),/* OBJ_setct_CapReqTBS 2 23 42 0 26 */ -&(nid_objs[545]),/* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ -&(nid_objs[546]),/* OBJ_setct_CapResData 2 23 42 0 28 */ -&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ -&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ -&(nid_objs[549]),/* OBJ_setct_CapRevResData 2 23 42 0 31 */ -&(nid_objs[550]),/* OBJ_setct_CredReqTBS 2 23 42 0 32 */ -&(nid_objs[551]),/* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ -&(nid_objs[552]),/* OBJ_setct_CredResData 2 23 42 0 34 */ -&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ -&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ -&(nid_objs[555]),/* OBJ_setct_CredRevResData 2 23 42 0 37 */ -&(nid_objs[556]),/* OBJ_setct_PCertReqData 2 23 42 0 38 */ -&(nid_objs[557]),/* OBJ_setct_PCertResTBS 2 23 42 0 39 */ -&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ -&(nid_objs[559]),/* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ -&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ -&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ -&(nid_objs[562]),/* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ -&(nid_objs[563]),/* OBJ_setct_CertReqData 2 23 42 0 45 */ -&(nid_objs[564]),/* OBJ_setct_CertReqTBS 2 23 42 0 46 */ -&(nid_objs[565]),/* OBJ_setct_CertResData 2 23 42 0 47 */ -&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ -&(nid_objs[567]),/* OBJ_setct_ErrorTBS 2 23 42 0 49 */ -&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ -&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ -&(nid_objs[570]),/* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ -&(nid_objs[571]),/* OBJ_setct_AuthResTBE 2 23 42 0 53 */ -&(nid_objs[572]),/* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ -&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ -&(nid_objs[574]),/* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ -&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ -&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ -&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ -&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ -&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ -&(nid_objs[580]),/* OBJ_setct_CapReqTBE 2 23 42 0 62 */ -&(nid_objs[581]),/* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ -&(nid_objs[582]),/* OBJ_setct_CapResTBE 2 23 42 0 64 */ -&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ -&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ -&(nid_objs[585]),/* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ -&(nid_objs[586]),/* OBJ_setct_CredReqTBE 2 23 42 0 68 */ -&(nid_objs[587]),/* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ -&(nid_objs[588]),/* OBJ_setct_CredResTBE 2 23 42 0 70 */ -&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ -&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ -&(nid_objs[591]),/* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ -&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ -&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ -&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ -&(nid_objs[595]),/* OBJ_setct_CertReqTBE 2 23 42 0 77 */ -&(nid_objs[596]),/* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ -&(nid_objs[597]),/* OBJ_setct_CertResTBE 2 23 42 0 79 */ -&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ -&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ -&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ -&(nid_objs[601]),/* OBJ_setext_genCrypt 2 23 42 1 1 */ -&(nid_objs[602]),/* OBJ_setext_miAuth 2 23 42 1 3 */ -&(nid_objs[603]),/* OBJ_setext_pinSecure 2 23 42 1 4 */ -&(nid_objs[604]),/* OBJ_setext_pinAny 2 23 42 1 5 */ -&(nid_objs[605]),/* OBJ_setext_track2 2 23 42 1 7 */ -&(nid_objs[606]),/* OBJ_setext_cv 2 23 42 1 8 */ -&(nid_objs[620]),/* OBJ_setAttr_Cert 2 23 42 3 0 */ -&(nid_objs[621]),/* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ -&(nid_objs[622]),/* OBJ_setAttr_TokenType 2 23 42 3 2 */ -&(nid_objs[623]),/* OBJ_setAttr_IssCap 2 23 42 3 3 */ -&(nid_objs[607]),/* OBJ_set_policy_root 2 23 42 5 0 */ -&(nid_objs[608]),/* OBJ_setCext_hashedRoot 2 23 42 7 0 */ -&(nid_objs[609]),/* OBJ_setCext_certType 2 23 42 7 1 */ -&(nid_objs[610]),/* OBJ_setCext_merchData 2 23 42 7 2 */ -&(nid_objs[611]),/* OBJ_setCext_cCertRequired 2 23 42 7 3 */ -&(nid_objs[612]),/* OBJ_setCext_tunneling 2 23 42 7 4 */ -&(nid_objs[613]),/* OBJ_setCext_setExt 2 23 42 7 5 */ -&(nid_objs[614]),/* OBJ_setCext_setQualf 2 23 42 7 6 */ -&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ -&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ -&(nid_objs[617]),/* OBJ_setCext_Track2Data 2 23 42 7 9 */ -&(nid_objs[618]),/* OBJ_setCext_TokenType 2 23 42 7 10 */ -&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ -&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ -&(nid_objs[640]),/* OBJ_set_brand_Visa 2 23 42 8 4 */ -&(nid_objs[641]),/* OBJ_set_brand_MasterCard 2 23 42 8 5 */ -&(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ -&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ -&(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ -&(nid_objs[805]),/* OBJ_cryptopro 1 2 643 2 2 */ -&(nid_objs[806]),/* OBJ_cryptocom 1 2 643 2 9 */ -&(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ -&(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ -&(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ -&(nid_objs[504]),/* OBJ_mime_mhs 1 3 6 1 7 1 */ -&(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ -&(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ -&(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ -&(nid_objs[45]),/* OBJ_des_ofb64 1 3 14 3 2 8 */ -&(nid_objs[30]),/* OBJ_des_cfb64 1 3 14 3 2 9 */ -&(nid_objs[377]),/* OBJ_rsaSignature 1 3 14 3 2 11 */ -&(nid_objs[67]),/* OBJ_dsa_2 1 3 14 3 2 12 */ -&(nid_objs[66]),/* OBJ_dsaWithSHA 1 3 14 3 2 13 */ -&(nid_objs[42]),/* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -&(nid_objs[32]),/* OBJ_des_ede_ecb 1 3 14 3 2 17 */ -&(nid_objs[41]),/* OBJ_sha 1 3 14 3 2 18 */ -&(nid_objs[64]),/* OBJ_sha1 1 3 14 3 2 26 */ -&(nid_objs[70]),/* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ -&(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ -&(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ -&(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ -&(nid_objs[721]),/* OBJ_sect163k1 1 3 132 0 1 */ -&(nid_objs[722]),/* OBJ_sect163r1 1 3 132 0 2 */ -&(nid_objs[728]),/* OBJ_sect239k1 1 3 132 0 3 */ -&(nid_objs[717]),/* OBJ_sect113r1 1 3 132 0 4 */ -&(nid_objs[718]),/* OBJ_sect113r2 1 3 132 0 5 */ -&(nid_objs[704]),/* OBJ_secp112r1 1 3 132 0 6 */ -&(nid_objs[705]),/* OBJ_secp112r2 1 3 132 0 7 */ -&(nid_objs[709]),/* OBJ_secp160r1 1 3 132 0 8 */ -&(nid_objs[708]),/* OBJ_secp160k1 1 3 132 0 9 */ -&(nid_objs[714]),/* OBJ_secp256k1 1 3 132 0 10 */ -&(nid_objs[723]),/* OBJ_sect163r2 1 3 132 0 15 */ -&(nid_objs[729]),/* OBJ_sect283k1 1 3 132 0 16 */ -&(nid_objs[730]),/* OBJ_sect283r1 1 3 132 0 17 */ -&(nid_objs[719]),/* OBJ_sect131r1 1 3 132 0 22 */ -&(nid_objs[720]),/* OBJ_sect131r2 1 3 132 0 23 */ -&(nid_objs[724]),/* OBJ_sect193r1 1 3 132 0 24 */ -&(nid_objs[725]),/* OBJ_sect193r2 1 3 132 0 25 */ -&(nid_objs[726]),/* OBJ_sect233k1 1 3 132 0 26 */ -&(nid_objs[727]),/* OBJ_sect233r1 1 3 132 0 27 */ -&(nid_objs[706]),/* OBJ_secp128r1 1 3 132 0 28 */ -&(nid_objs[707]),/* OBJ_secp128r2 1 3 132 0 29 */ -&(nid_objs[710]),/* OBJ_secp160r2 1 3 132 0 30 */ -&(nid_objs[711]),/* OBJ_secp192k1 1 3 132 0 31 */ -&(nid_objs[712]),/* OBJ_secp224k1 1 3 132 0 32 */ -&(nid_objs[713]),/* OBJ_secp224r1 1 3 132 0 33 */ -&(nid_objs[715]),/* OBJ_secp384r1 1 3 132 0 34 */ -&(nid_objs[716]),/* OBJ_secp521r1 1 3 132 0 35 */ -&(nid_objs[731]),/* OBJ_sect409k1 1 3 132 0 36 */ -&(nid_objs[732]),/* OBJ_sect409r1 1 3 132 0 37 */ -&(nid_objs[733]),/* OBJ_sect571k1 1 3 132 0 38 */ -&(nid_objs[734]),/* OBJ_sect571r1 1 3 132 0 39 */ -&(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ -&(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ -&(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ -&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ -&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ -&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ -&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ -&(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ -&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ -&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 13 4 3 */ -&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 13 4 4 */ -&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 13 4 5 */ -&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ -&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 13 4 7 */ -&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ -&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ -&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ -&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ -&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ -&(nid_objs[804]),/* OBJ_whirlpool 1 0 10118 3 0 55 */ -&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ -&(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ -&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ -&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ -&(nid_objs[809]),/* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ -&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ -&(nid_objs[811]),/* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ -&(nid_objs[812]),/* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ -&(nid_objs[813]),/* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ -&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ -&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ -&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ -&(nid_objs[818]),/* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ -&(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ -&(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ -&(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ -&(nid_objs[505]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ -&(nid_objs[506]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ -&(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ -&(nid_objs[632]),/* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ -&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ -&(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ -&(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ -&(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ -&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ -&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ -&(nid_objs[845]),/* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ -&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ -&(nid_objs[847]),/* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ -&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ -&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ -&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ -&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ -&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ -&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ -&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ -&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ -&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ -&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ -&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ -&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ -&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ -&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ -&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ -&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ -&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ -&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ -&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ -&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ -&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ -&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ -&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ -&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ -&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ -&(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ -&(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ -&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -&(nid_objs[433]),/* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ -&(nid_objs[116]),/* OBJ_dsa 1 2 840 10040 4 1 */ -&(nid_objs[113]),/* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ -&(nid_objs[406]),/* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ -&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ -&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ -&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ -&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ -&(nid_objs[792]),/* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ -&(nid_objs[258]),/* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ -&(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ -&(nid_objs[259]),/* OBJ_id_qt 1 3 6 1 5 5 7 2 */ -&(nid_objs[128]),/* OBJ_id_kp 1 3 6 1 5 5 7 3 */ -&(nid_objs[260]),/* OBJ_id_it 1 3 6 1 5 5 7 4 */ -&(nid_objs[261]),/* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ -&(nid_objs[262]),/* OBJ_id_alg 1 3 6 1 5 5 7 6 */ -&(nid_objs[263]),/* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ -&(nid_objs[264]),/* OBJ_id_on 1 3 6 1 5 5 7 8 */ -&(nid_objs[265]),/* OBJ_id_pda 1 3 6 1 5 5 7 9 */ -&(nid_objs[266]),/* OBJ_id_aca 1 3 6 1 5 5 7 10 */ -&(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ -&(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ -&(nid_objs[662]),/* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ -&(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ -&(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ -&(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ -&(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ -&(nid_objs[754]),/* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ -&(nid_objs[766]),/* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ -&(nid_objs[757]),/* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ -&(nid_objs[755]),/* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ -&(nid_objs[767]),/* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ -&(nid_objs[758]),/* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ -&(nid_objs[756]),/* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ -&(nid_objs[768]),/* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ -&(nid_objs[759]),/* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ -&(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ -&(nid_objs[776]),/* OBJ_seed_ecb 1 2 410 200004 1 3 */ -&(nid_objs[777]),/* OBJ_seed_cbc 1 2 410 200004 1 4 */ -&(nid_objs[779]),/* OBJ_seed_cfb128 1 2 410 200004 1 5 */ -&(nid_objs[778]),/* OBJ_seed_ofb128 1 2 410 200004 1 6 */ -&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ -&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ -&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ -&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ -&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ -&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -&(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ -&(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ -&(nid_objs[187]),/* OBJ_pkcs5 1 2 840 113549 1 5 */ -&(nid_objs[20]),/* OBJ_pkcs7 1 2 840 113549 1 7 */ -&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */ -&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */ -&(nid_objs[257]),/* OBJ_md4 1 2 840 113549 2 4 */ -&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */ -&(nid_objs[797]),/* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ -&(nid_objs[163]),/* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ -&(nid_objs[798]),/* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ -&(nid_objs[799]),/* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ -&(nid_objs[800]),/* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ -&(nid_objs[801]),/* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ -&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */ -&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ -&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ -&(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ -&(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ -&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ -&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ -&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ -&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ -&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ -&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ -&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ -&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ -&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ -&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ -&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ -&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ -&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ -&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ -&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ -&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ -&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ -&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ -&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ -&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ -&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ -&(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ -&(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ -&(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ -&(nid_objs[412]),/* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ -&(nid_objs[413]),/* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ -&(nid_objs[414]),/* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ -&(nid_objs[415]),/* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ -&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ -&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ -&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ -&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ -&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ -&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ -&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ -&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ -&(nid_objs[273]),/* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ -&(nid_objs[274]),/* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ -&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ -&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ -&(nid_objs[277]),/* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ -&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ -&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ -&(nid_objs[280]),/* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ -&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ -&(nid_objs[282]),/* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ -&(nid_objs[283]),/* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ -&(nid_objs[284]),/* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ -&(nid_objs[177]),/* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ -&(nid_objs[285]),/* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ -&(nid_objs[286]),/* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ -&(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ -&(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ -&(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ -&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ -&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ -&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ -&(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ -&(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ -&(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ -&(nid_objs[129]),/* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ -&(nid_objs[130]),/* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ -&(nid_objs[131]),/* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ -&(nid_objs[132]),/* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ -&(nid_objs[294]),/* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -&(nid_objs[295]),/* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -&(nid_objs[296]),/* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ -&(nid_objs[133]),/* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ -&(nid_objs[180]),/* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ -&(nid_objs[297]),/* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ -&(nid_objs[298]),/* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ -&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ -&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ -&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ -&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ -&(nid_objs[303]),/* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ -&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ -&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ -&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ -&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ -&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ -&(nid_objs[309]),/* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ -&(nid_objs[310]),/* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ -&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ -&(nid_objs[312]),/* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ -&(nid_objs[784]),/* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ -&(nid_objs[313]),/* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ -&(nid_objs[314]),/* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ -&(nid_objs[323]),/* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ -&(nid_objs[324]),/* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ -&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ -&(nid_objs[326]),/* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ -&(nid_objs[327]),/* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ -&(nid_objs[328]),/* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ -&(nid_objs[329]),/* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ -&(nid_objs[330]),/* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ -&(nid_objs[331]),/* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ -&(nid_objs[332]),/* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ -&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ -&(nid_objs[334]),/* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ -&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ -&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ -&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ -&(nid_objs[338]),/* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ -&(nid_objs[339]),/* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ -&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ -&(nid_objs[341]),/* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ -&(nid_objs[342]),/* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ -&(nid_objs[343]),/* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ -&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ -&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ -&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ -&(nid_objs[347]),/* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ -&(nid_objs[858]),/* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ -&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ -&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -&(nid_objs[351]),/* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ -&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ -&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ -&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ -&(nid_objs[355]),/* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ -&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ -&(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ -&(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ -&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ -&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ -&(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ -&(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ -&(nid_objs[362]),/* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ -&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ -&(nid_objs[665]),/* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ -&(nid_objs[667]),/* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ -&(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ -&(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ -&(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ -&(nid_objs[364]),/* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ -&(nid_objs[785]),/* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ -&(nid_objs[780]),/* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ -&(nid_objs[781]),/* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ -&(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ -&(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ -&(nid_objs[438]),/* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ -&(nid_objs[439]),/* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ -&(nid_objs[440]),/* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ -&(nid_objs[441]),/* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -&(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ -&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ -&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -&(nid_objs[783]),/* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ -&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ -&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ -&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ -&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ -&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ -&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ -&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ -&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ -&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ -&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ -&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ -&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ -&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ -&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ -&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ -&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ -&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ -&(nid_objs[69]),/* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ -&(nid_objs[161]),/* OBJ_pbes2 1 2 840 113549 1 5 13 */ -&(nid_objs[162]),/* OBJ_pbmac1 1 2 840 113549 1 5 14 */ -&(nid_objs[21]),/* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ -&(nid_objs[22]),/* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ -&(nid_objs[23]),/* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ -&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ -&(nid_objs[25]),/* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ -&(nid_objs[26]),/* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ -&(nid_objs[48]),/* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ -&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ -&(nid_objs[50]),/* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ -&(nid_objs[51]),/* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ -&(nid_objs[52]),/* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ -&(nid_objs[53]),/* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ -&(nid_objs[54]),/* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ -&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ -&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ -&(nid_objs[172]),/* OBJ_ext_req 1 2 840 113549 1 9 14 */ -&(nid_objs[167]),/* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ -&(nid_objs[188]),/* OBJ_SMIME 1 2 840 113549 1 9 16 */ -&(nid_objs[156]),/* OBJ_friendlyName 1 2 840 113549 1 9 20 */ -&(nid_objs[157]),/* OBJ_localKeyID 1 2 840 113549 1 9 21 */ -&(nid_objs[681]),/* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ -&(nid_objs[682]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ -&(nid_objs[683]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ -&(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ -&(nid_objs[856]),/* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ -&(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ -&(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ -&(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ -&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ -&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ -&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ -&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ -&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ -&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ -&(nid_objs[322]),/* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ -&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ -&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ -&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ -&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ -&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ -&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ -&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ -&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ -&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ -&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ -&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ -&(nid_objs[418]),/* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ -&(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -&(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ -&(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ -&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ -&(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ -&(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -&(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ -&(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ -&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ -&(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ -&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ -&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ -&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ -&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ -&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ -&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ -&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ -&(nid_objs[802]),/* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ -&(nid_objs[803]),/* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ -&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ -&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ -&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ -&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ -&(nid_objs[75]),/* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ -&(nid_objs[76]),/* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ -&(nid_objs[77]),/* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ -&(nid_objs[78]),/* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ -&(nid_objs[79]),/* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ -&(nid_objs[139]),/* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ -&(nid_objs[458]),/* OBJ_userId 0 9 2342 19200300 100 1 1 */ -&(nid_objs[459]),/* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ -&(nid_objs[460]),/* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ -&(nid_objs[461]),/* OBJ_info 0 9 2342 19200300 100 1 4 */ -&(nid_objs[462]),/* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ -&(nid_objs[463]),/* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ -&(nid_objs[464]),/* OBJ_photo 0 9 2342 19200300 100 1 7 */ -&(nid_objs[465]),/* OBJ_userClass 0 9 2342 19200300 100 1 8 */ -&(nid_objs[466]),/* OBJ_host 0 9 2342 19200300 100 1 9 */ -&(nid_objs[467]),/* OBJ_manager 0 9 2342 19200300 100 1 10 */ -&(nid_objs[468]),/* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ -&(nid_objs[469]),/* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ -&(nid_objs[470]),/* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ -&(nid_objs[471]),/* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ -&(nid_objs[472]),/* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ -&(nid_objs[473]),/* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ -&(nid_objs[474]),/* OBJ_secretary 0 9 2342 19200300 100 1 21 */ -&(nid_objs[475]),/* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ -&(nid_objs[476]),/* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ -&(nid_objs[477]),/* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ -&(nid_objs[391]),/* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ -&(nid_objs[478]),/* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ -&(nid_objs[479]),/* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ -&(nid_objs[480]),/* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ -&(nid_objs[481]),/* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ -&(nid_objs[482]),/* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ -&(nid_objs[483]),/* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ -&(nid_objs[484]),/* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ -&(nid_objs[485]),/* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ -&(nid_objs[486]),/* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ -&(nid_objs[487]),/* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ -&(nid_objs[488]),/* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ -&(nid_objs[489]),/* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ -&(nid_objs[490]),/* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ -&(nid_objs[491]),/* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ -&(nid_objs[492]),/* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ -&(nid_objs[493]),/* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ -&(nid_objs[494]),/* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ -&(nid_objs[495]),/* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ -&(nid_objs[496]),/* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ -&(nid_objs[497]),/* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ -&(nid_objs[498]),/* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ -&(nid_objs[499]),/* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ -&(nid_objs[500]),/* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ -&(nid_objs[501]),/* OBJ_audio 0 9 2342 19200300 100 1 55 */ -&(nid_objs[502]),/* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ -&(nid_objs[442]),/* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ -&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ -&(nid_objs[444]),/* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ -&(nid_objs[445]),/* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ -&(nid_objs[446]),/* OBJ_account 0 9 2342 19200300 100 4 5 */ -&(nid_objs[447]),/* OBJ_document 0 9 2342 19200300 100 4 6 */ -&(nid_objs[448]),/* OBJ_room 0 9 2342 19200300 100 4 7 */ -&(nid_objs[449]),/* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ -&(nid_objs[392]),/* OBJ_Domain 0 9 2342 19200300 100 4 13 */ -&(nid_objs[450]),/* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ -&(nid_objs[451]),/* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ -&(nid_objs[452]),/* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ -&(nid_objs[453]),/* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ -&(nid_objs[454]),/* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ -&(nid_objs[455]),/* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ -&(nid_objs[456]),/* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ -&(nid_objs[457]),/* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ -&(nid_objs[189]),/* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ -&(nid_objs[190]),/* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ -&(nid_objs[191]),/* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ -&(nid_objs[192]),/* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ -&(nid_objs[193]),/* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ -&(nid_objs[194]),/* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ -&(nid_objs[195]),/* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ -&(nid_objs[158]),/* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ -&(nid_objs[159]),/* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ -&(nid_objs[160]),/* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ -&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ -&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ -&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ -&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ -&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ -&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ -&(nid_objs[171]),/* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ -&(nid_objs[134]),/* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ -&(nid_objs[135]),/* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ -&(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ -&(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ -&(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ -&(nid_objs[648]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ -&(nid_objs[649]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ -&(nid_objs[751]),/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ -&(nid_objs[752]),/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ -&(nid_objs[753]),/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ -&(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ -&(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ -&(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ -&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ -&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ -&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ -&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ -&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ -&(nid_objs[204]),/* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ -&(nid_objs[205]),/* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ -&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ -&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ -&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ -&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ -&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ -&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ -&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ -&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ -&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ -&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ -&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ -&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ -&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ -&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ -&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ -&(nid_objs[219]),/* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ -&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ -&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ -&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ -&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ -&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ -&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ -&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ -&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ -&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ -&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ -&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ -&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ -&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ -&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ -&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ -&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ -&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ -&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ -&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ -&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ -&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ -&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ -&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ -&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ -&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ -&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ -&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ -&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ -&(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ -&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ -&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ -&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ -&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ -&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ -&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ -&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ -&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ -&(nid_objs[150]),/* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ -&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ -&(nid_objs[152]),/* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ -&(nid_objs[153]),/* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ -&(nid_objs[154]),/* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ -&(nid_objs[155]),/* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ -&(nid_objs[34]),/* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ +static const unsigned int obj_objs[NUM_OBJ]={ + 0, /* OBJ_undef 0 */ +393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +404, /* OBJ_ccitt OBJ_itu_t */ +645, /* OBJ_itu_t 0 */ +434, /* OBJ_data 0 9 */ +181, /* OBJ_iso 1 */ +182, /* OBJ_member_body 1 2 */ +379, /* OBJ_org 1 3 */ +676, /* OBJ_identified_organization 1 3 */ +646, /* OBJ_joint_iso_itu_t 2 */ +11, /* OBJ_X500 2 5 */ +647, /* OBJ_international_organizations 2 23 */ +380, /* OBJ_dod 1 3 6 */ +12, /* OBJ_X509 2 5 4 */ +378, /* OBJ_X500algorithms 2 5 8 */ +81, /* OBJ_id_ce 2 5 29 */ +512, /* OBJ_id_set 2 23 42 */ +678, /* OBJ_wap 2 23 43 */ +435, /* OBJ_pss 0 9 2342 */ +183, /* OBJ_ISO_US 1 2 840 */ +381, /* OBJ_iana 1 3 6 1 */ +677, /* OBJ_certicom_arc 1 3 132 */ +394, /* OBJ_selected_attribute_types 2 5 1 5 */ +13, /* OBJ_commonName 2 5 4 3 */ +100, /* OBJ_surname 2 5 4 4 */ +105, /* OBJ_serialNumber 2 5 4 5 */ +14, /* OBJ_countryName 2 5 4 6 */ +15, /* OBJ_localityName 2 5 4 7 */ +16, /* OBJ_stateOrProvinceName 2 5 4 8 */ +660, /* OBJ_streetAddress 2 5 4 9 */ +17, /* OBJ_organizationName 2 5 4 10 */ +18, /* OBJ_organizationalUnitName 2 5 4 11 */ +106, /* OBJ_title 2 5 4 12 */ +107, /* OBJ_description 2 5 4 13 */ +859, /* OBJ_searchGuide 2 5 4 14 */ +860, /* OBJ_businessCategory 2 5 4 15 */ +861, /* OBJ_postalAddress 2 5 4 16 */ +661, /* OBJ_postalCode 2 5 4 17 */ +862, /* OBJ_postOfficeBox 2 5 4 18 */ +863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ +864, /* OBJ_telephoneNumber 2 5 4 20 */ +865, /* OBJ_telexNumber 2 5 4 21 */ +866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ +867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ +868, /* OBJ_x121Address 2 5 4 24 */ +869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ +870, /* OBJ_registeredAddress 2 5 4 26 */ +871, /* OBJ_destinationIndicator 2 5 4 27 */ +872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ +873, /* OBJ_presentationAddress 2 5 4 29 */ +874, /* OBJ_supportedApplicationContext 2 5 4 30 */ +875, /* OBJ_member 2 5 4 31 */ +876, /* OBJ_owner 2 5 4 32 */ +877, /* OBJ_roleOccupant 2 5 4 33 */ +878, /* OBJ_seeAlso 2 5 4 34 */ +879, /* OBJ_userPassword 2 5 4 35 */ +880, /* OBJ_userCertificate 2 5 4 36 */ +881, /* OBJ_cACertificate 2 5 4 37 */ +882, /* OBJ_authorityRevocationList 2 5 4 38 */ +883, /* OBJ_certificateRevocationList 2 5 4 39 */ +884, /* OBJ_crossCertificatePair 2 5 4 40 */ +173, /* OBJ_name 2 5 4 41 */ +99, /* OBJ_givenName 2 5 4 42 */ +101, /* OBJ_initials 2 5 4 43 */ +509, /* OBJ_generationQualifier 2 5 4 44 */ +503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ +174, /* OBJ_dnQualifier 2 5 4 46 */ +885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ +886, /* OBJ_protocolInformation 2 5 4 48 */ +887, /* OBJ_distinguishedName 2 5 4 49 */ +888, /* OBJ_uniqueMember 2 5 4 50 */ +889, /* OBJ_houseIdentifier 2 5 4 51 */ +890, /* OBJ_supportedAlgorithms 2 5 4 52 */ +891, /* OBJ_deltaRevocationList 2 5 4 53 */ +892, /* OBJ_dmdName 2 5 4 54 */ +510, /* OBJ_pseudonym 2 5 4 65 */ +400, /* OBJ_role 2 5 4 72 */ +769, /* OBJ_subject_directory_attributes 2 5 29 9 */ +82, /* OBJ_subject_key_identifier 2 5 29 14 */ +83, /* OBJ_key_usage 2 5 29 15 */ +84, /* OBJ_private_key_usage_period 2 5 29 16 */ +85, /* OBJ_subject_alt_name 2 5 29 17 */ +86, /* OBJ_issuer_alt_name 2 5 29 18 */ +87, /* OBJ_basic_constraints 2 5 29 19 */ +88, /* OBJ_crl_number 2 5 29 20 */ +141, /* OBJ_crl_reason 2 5 29 21 */ +430, /* OBJ_hold_instruction_code 2 5 29 23 */ +142, /* OBJ_invalidity_date 2 5 29 24 */ +140, /* OBJ_delta_crl 2 5 29 27 */ +770, /* OBJ_issuing_distribution_point 2 5 29 28 */ +771, /* OBJ_certificate_issuer 2 5 29 29 */ +666, /* OBJ_name_constraints 2 5 29 30 */ +103, /* OBJ_crl_distribution_points 2 5 29 31 */ +89, /* OBJ_certificate_policies 2 5 29 32 */ +747, /* OBJ_policy_mappings 2 5 29 33 */ +90, /* OBJ_authority_key_identifier 2 5 29 35 */ +401, /* OBJ_policy_constraints 2 5 29 36 */ +126, /* OBJ_ext_key_usage 2 5 29 37 */ +857, /* OBJ_freshest_crl 2 5 29 46 */ +748, /* OBJ_inhibit_any_policy 2 5 29 54 */ +402, /* OBJ_target_information 2 5 29 55 */ +403, /* OBJ_no_rev_avail 2 5 29 56 */ +513, /* OBJ_set_ctype 2 23 42 0 */ +514, /* OBJ_set_msgExt 2 23 42 1 */ +515, /* OBJ_set_attr 2 23 42 3 */ +516, /* OBJ_set_policy 2 23 42 5 */ +517, /* OBJ_set_certExt 2 23 42 7 */ +518, /* OBJ_set_brand 2 23 42 8 */ +679, /* OBJ_wap_wsg 2 23 43 1 */ +382, /* OBJ_Directory 1 3 6 1 1 */ +383, /* OBJ_Management 1 3 6 1 2 */ +384, /* OBJ_Experimental 1 3 6 1 3 */ +385, /* OBJ_Private 1 3 6 1 4 */ +386, /* OBJ_Security 1 3 6 1 5 */ +387, /* OBJ_SNMPv2 1 3 6 1 6 */ +388, /* OBJ_Mail 1 3 6 1 7 */ +376, /* OBJ_algorithm 1 3 14 3 2 */ +395, /* OBJ_clearance 2 5 1 5 55 */ +19, /* OBJ_rsa 2 5 8 1 1 */ +96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ +95, /* OBJ_mdc2 2 5 8 3 101 */ +746, /* OBJ_any_policy 2 5 29 32 0 */ +519, /* OBJ_setct_PANData 2 23 42 0 0 */ +520, /* OBJ_setct_PANToken 2 23 42 0 1 */ +521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ +522, /* OBJ_setct_OIData 2 23 42 0 3 */ +523, /* OBJ_setct_PI 2 23 42 0 4 */ +524, /* OBJ_setct_PIData 2 23 42 0 5 */ +525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +526, /* OBJ_setct_HODInput 2 23 42 0 7 */ +527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ +532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ +533, /* OBJ_setct_PResData 2 23 42 0 14 */ +534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ +539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +546, /* OBJ_setct_CapResData 2 23 42 0 28 */ +547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ +550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +552, /* OBJ_setct_CredResData 2 23 42 0 34 */ +553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ +556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ +557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ +564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +565, /* OBJ_setct_CertResData 2 23 42 0 47 */ +566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ +583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ +589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ +598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ +602, /* OBJ_setext_miAuth 2 23 42 1 3 */ +603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ +604, /* OBJ_setext_pinAny 2 23 42 1 5 */ +605, /* OBJ_setext_track2 2 23 42 1 7 */ +606, /* OBJ_setext_cv 2 23 42 1 8 */ +620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ +621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ +623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ +607, /* OBJ_set_policy_root 2 23 42 5 0 */ +608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +609, /* OBJ_setCext_certType 2 23 42 7 1 */ +610, /* OBJ_setCext_merchData 2 23 42 7 2 */ +611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ +613, /* OBJ_setCext_setExt 2 23 42 7 5 */ +614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ +615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ +618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ +619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ +641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ +638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ +805, /* OBJ_cryptopro 1 2 643 2 2 */ +806, /* OBJ_cryptocom 1 2 643 2 9 */ +184, /* OBJ_X9_57 1 2 840 10040 */ +405, /* OBJ_ansi_X9_62 1 2 840 10045 */ +389, /* OBJ_Enterprises 1 3 6 1 4 1 */ +504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ +104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ +29, /* OBJ_des_ecb 1 3 14 3 2 6 */ +31, /* OBJ_des_cbc 1 3 14 3 2 7 */ +45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ +30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ +377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ +67, /* OBJ_dsa_2 1 3 14 3 2 12 */ +66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ +42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ +32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ +41, /* OBJ_sha 1 3 14 3 2 18 */ +64, /* OBJ_sha1 1 3 14 3 2 26 */ +70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ +115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ +117, /* OBJ_ripemd160 1 3 36 3 2 1 */ +143, /* OBJ_sxnet 1 3 101 1 4 1 */ +721, /* OBJ_sect163k1 1 3 132 0 1 */ +722, /* OBJ_sect163r1 1 3 132 0 2 */ +728, /* OBJ_sect239k1 1 3 132 0 3 */ +717, /* OBJ_sect113r1 1 3 132 0 4 */ +718, /* OBJ_sect113r2 1 3 132 0 5 */ +704, /* OBJ_secp112r1 1 3 132 0 6 */ +705, /* OBJ_secp112r2 1 3 132 0 7 */ +709, /* OBJ_secp160r1 1 3 132 0 8 */ +708, /* OBJ_secp160k1 1 3 132 0 9 */ +714, /* OBJ_secp256k1 1 3 132 0 10 */ +723, /* OBJ_sect163r2 1 3 132 0 15 */ +729, /* OBJ_sect283k1 1 3 132 0 16 */ +730, /* OBJ_sect283r1 1 3 132 0 17 */ +719, /* OBJ_sect131r1 1 3 132 0 22 */ +720, /* OBJ_sect131r2 1 3 132 0 23 */ +724, /* OBJ_sect193r1 1 3 132 0 24 */ +725, /* OBJ_sect193r2 1 3 132 0 25 */ +726, /* OBJ_sect233k1 1 3 132 0 26 */ +727, /* OBJ_sect233r1 1 3 132 0 27 */ +706, /* OBJ_secp128r1 1 3 132 0 28 */ +707, /* OBJ_secp128r2 1 3 132 0 29 */ +710, /* OBJ_secp160r2 1 3 132 0 30 */ +711, /* OBJ_secp192k1 1 3 132 0 31 */ +712, /* OBJ_secp224k1 1 3 132 0 32 */ +713, /* OBJ_secp224r1 1 3 132 0 33 */ +715, /* OBJ_secp384r1 1 3 132 0 34 */ +716, /* OBJ_secp521r1 1 3 132 0 35 */ +731, /* OBJ_sect409k1 1 3 132 0 36 */ +732, /* OBJ_sect409r1 1 3 132 0 37 */ +733, /* OBJ_sect571k1 1 3 132 0 38 */ +734, /* OBJ_sect571r1 1 3 132 0 39 */ +624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ +626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ +735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ +736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ +737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ +738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ +739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ +740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ +741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ +742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ +743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ +744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ +745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ +804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ +124, /* OBJ_rle_compression 1 1 1 1 666 1 */ +773, /* OBJ_kisa 1 2 410 200004 */ +807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ +808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ +809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ +810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ +811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ +812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ +813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ +815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ +816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ +817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ +818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ + 1, /* OBJ_rsadsi 1 2 840 113549 */ +185, /* OBJ_X9cm 1 2 840 10040 4 */ +127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ +505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ +506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ +119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ +436, /* OBJ_ucl 0 9 2342 19200300 */ +820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ +819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ +845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ +846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ +847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ +848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ +821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ +822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ +823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ +824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ +825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ +826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ +827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ +828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ +829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ +830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ +831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ +832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ +833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ +834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ +835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ +836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ +837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ +838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ +839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ +840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ +841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ +842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ +843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ +844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ + 2, /* OBJ_pkcs 1 2 840 113549 1 */ +431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ +432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ +433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ +116, /* OBJ_dsa 1 2 840 10040 4 1 */ +113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ +406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ +407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ +408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ +416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ +258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ +175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ +259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ +128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ +260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ +261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ +262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ +263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ +264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ +265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ +266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ +267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ +268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ +176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ +507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ +508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ +57, /* OBJ_netscape 2 16 840 1 113730 */ +754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ +766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ +757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ +767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ +758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ +768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ +759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ +437, /* OBJ_pilot 0 9 2342 19200300 100 */ +776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ +777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ +779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ +778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ +852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ +853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ +850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ +851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ +849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ +854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ +186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ +27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ +187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ +20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ +47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ + 3, /* OBJ_md2 1 2 840 113549 2 2 */ +257, /* OBJ_md4 1 2 840 113549 2 4 */ + 4, /* OBJ_md5 1 2 840 113549 2 5 */ +797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ +163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ +798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ +799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ +800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ +801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ +37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ + 5, /* OBJ_rc4 1 2 840 113549 3 4 */ +44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ +120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ +680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ +409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ +410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ +411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ +412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ +413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ +414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ +415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ +269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ +270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ +271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ +272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ +273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ +274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ +275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ +276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ +277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ +278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ +279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ +280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ +281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ +282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ +283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ +284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ +177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ +285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ +286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ +287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ +288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ +289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ +290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ +398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ +165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ +293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ +129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ +130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ +131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ +132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ +294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ +295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ +296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ +133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ +180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ +297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ +299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ +300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ +301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ +302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ +303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ +304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ +305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ +306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ +307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ +308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ +309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ +310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ +311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ +312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ +313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ +314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ +323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ +324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ +325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ +326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ +327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ +328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ +329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ +330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ +331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ +332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ +333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ +334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ +335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ +336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ +337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ +338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ +339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ +340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ +341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ +342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ +343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ +344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ +345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ +346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ +347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ +858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ +348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ +349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ +351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ +352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ +353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ +354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ +355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ +356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ +357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ +358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ +399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ +359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ +360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ +361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ +362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ +178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ +179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ +363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ +364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ +58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ +59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ +438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ +439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ +440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ +441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ +108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ +112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ + 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ + 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ + 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ +65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ +669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ +670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ +671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ +28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ + 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ +10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ +168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ +169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ +170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ +68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ +69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ +161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ +162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ +21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ +22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ +23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ +24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ +25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ +26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ +48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ +49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ +50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ +51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ +52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ +53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ +54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ +55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ +56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ +172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ +167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ +188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ +156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ +157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ +417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ +390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ +91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ +315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ +316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ +317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ +318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ +319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ +320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ +321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ +322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ +365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ +366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ +367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ +368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ +369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ +370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ +371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ +372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ +373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ +374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ +375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ +418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ +419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ +420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ +421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ +422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ +423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ +424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ +425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ +426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ +427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ +428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ +429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ +672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ +673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ +674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ +675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ +802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ +803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ +71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ +72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ +73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ +74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ +75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ +76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ +77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ +78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ +79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ +139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ +458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ +459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ +460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ +461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ +462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ +463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ +464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ +465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ +466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ +467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ +468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ +469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ +470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ +471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ +472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ +473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ +474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ +475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ +476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ +477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ +391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ +478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ +479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ +480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ +481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ +482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ +483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ +484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ +485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ +486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ +487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ +488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ +489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ +490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ +491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ +492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ +493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ +494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ +495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ +496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ +497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ +498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ +499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ +500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ +501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ +502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ +442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ +443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ +444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ +445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ +446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ +447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ +448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ +449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ +392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ +450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ +451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ +452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ +453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ +454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ +455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ +456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ +457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ +189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ +190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ +191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ +192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ +193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ +194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ +195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ +158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ +159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ +160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ +144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ +145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ +146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ +147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ +148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ +149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ +171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ +134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ +135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ +136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ +137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ +138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ +752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ +753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ +196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ +197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ +198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ +199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ +200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ +201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ +202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ +203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ +204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ +205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ +206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ +207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ +208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ +209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ +210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ +211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ +212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ +213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ +214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ +215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ +216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ +217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ +218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ +219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ +220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ +221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ +222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ +223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ +224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ +225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ +226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ +227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ +228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ +229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ +230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ +231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ +232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ +233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ +234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ +235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ +236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ +237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ +238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ +239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ +240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ +241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ +242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ +243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ +244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ +245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ +246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ +247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ +248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ +249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ +250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ +251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ +252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ +253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ +254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ +255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ +256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ +150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ +151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ +152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ +153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ +154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ +155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ +34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ }; diff --git a/src/lib/libcrypto/objects/obj_mac.h b/src/lib/libcrypto/objects/obj_mac.h index ad5f7cfc10..282f11a8a8 100644 --- a/src/lib/libcrypto/objects/obj_mac.h +++ b/src/lib/libcrypto/objects/obj_mac.h @@ -122,7 +122,7 @@ #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 679 -#define OBJ_wap_wsg OBJ_wap,13L +#define OBJ_wap_wsg OBJ_wap,1L #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" @@ -2049,6 +2049,7 @@ #define NID_stateOrProvinceName 16 #define OBJ_stateOrProvinceName OBJ_X509,8L +#define SN_streetAddress "street" #define LN_streetAddress "streetAddress" #define NID_streetAddress 660 #define OBJ_streetAddress OBJ_X509,9L @@ -2063,6 +2064,7 @@ #define NID_organizationalUnitName 18 #define OBJ_organizationalUnitName OBJ_X509,11L +#define SN_title "title" #define LN_title "title" #define NID_title 106 #define OBJ_title OBJ_X509,12L @@ -2071,10 +2073,114 @@ #define NID_description 107 #define OBJ_description OBJ_X509,13L +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + #define LN_postalCode "postalCode" #define NID_postalCode 661 #define OBJ_postalCode OBJ_X509,17L +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + #define SN_name "name" #define LN_name "name" #define NID_name 173 @@ -2085,6 +2191,7 @@ #define NID_givenName 99 #define OBJ_givenName OBJ_X509,42L +#define SN_initials "initials" #define LN_initials "initials" #define NID_initials 101 #define OBJ_initials OBJ_X509,43L @@ -2102,6 +2209,38 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + #define LN_pseudonym "pseudonym" #define NID_pseudonym 510 #define OBJ_pseudonym OBJ_X509,65L diff --git a/src/lib/libcrypto/ocsp/Makefile b/src/lib/libcrypto/ocsp/Makefile index 30a00b3372..60c414cf4d 100644 --- a/src/lib/libcrypto/ocsp/Makefile +++ b/src/lib/libcrypto/ocsp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_asn.o: ../../include/openssl/opensslconf.h +ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c +ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_err.o: ../../include/openssl/opensslconf.h +ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ht.o: ocsp_ht.c +ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_prn.o: ../../include/openssl/opensslconf.h +ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_srv.o: ../../include/openssl/opensslconf.h ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_vfy.o: ../../include/openssl/opensslconf.h +ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libcrypto/opensslconf.h b/src/lib/libcrypto/opensslconf.h index 60505327d3..c21b3913f0 100644 --- a/src/lib/libcrypto/opensslconf.h +++ b/src/lib/libcrypto/opensslconf.h @@ -5,15 +5,6 @@ #ifndef OPENSSL_DOING_MAKEDEPEND -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -23,8 +14,8 @@ #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 #endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 @@ -32,8 +23,8 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE #endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -47,15 +38,6 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -# define NO_CAMELLIA -# endif -# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -# define NO_CAPIENG -# endif -# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -# define NO_CMS -# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -65,8 +47,8 @@ # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif -# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -# define NO_MDC2 +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 # endif # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 @@ -74,28 +56,13 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif -# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -# define NO_SEED +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE # endif #endif /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -159,14 +126,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in index 1c77f03c3d..97e3745563 100644 --- a/src/lib/libcrypto/opensslconf.h.in +++ b/src/lib/libcrypto/opensslconf.h.in @@ -1,20 +1,5 @@ /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -78,14 +63,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile index 669f36612c..2cc7801529 100644 --- a/src/lib/libcrypto/pem/Makefile +++ b/src/lib/libcrypto/pem/Makefile @@ -18,10 +18,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \ - pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c + pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \ - pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o + pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o SRC= $(LIBSRC) @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_all.o: ../cryptlib.h pem_all.c +pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c +pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c pem_info.o: ../../e_os.h ../../include/openssl/asn1.h pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h +pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h @@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c +pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c +pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c +pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h +pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_pk8.o: ../cryptlib.h pem_pk8.c pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c +pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_pkey.o: pem_pkey.c pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_seal.o: ../../include/openssl/opensslconf.h pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_sign.o: ../../include/openssl/opensslconf.h pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_x509.o: ../../include/openssl/opensslconf.h pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_xaux.o: ../../include/openssl/opensslconf.h pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c +pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl index fa38f89c09..ce2bed9bb2 100644 --- a/src/lib/libcrypto/perlasm/x86nasm.pl +++ b/src/lib/libcrypto/perlasm/x86nasm.pl @@ -1,455 +1,166 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl package x86nasm; -$label="L000"; -$under=($main'netware)?'':'_'; +*out=\@::out; -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); +$::lbdecor="L\$"; # local label decoration +$nmdecor=$::netware?"":"_"; # external name decoration +$drdecor=$::mwerks?".":""; # directive decoration -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); +$initseg=""; -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } +sub ::generic +{ my $opcode=shift; + my $tmp; -sub main'external_label -{ - push(@labels,@_); - foreach (@_) { - push(@out,".") if ($main'mwerks); - push(@out, "extern\t${under}$_\n"); - } + if (!$::mwerks) + { if ($opcode =~ m/^j/o && $#_==0) # optimize jumps + { $_[0] = "NEAR $_[0]"; } + elsif ($opcode eq "lea" && $#_==1) # wipe storage qualifier from lea + { $_[1] =~ s/^[^\[]*\[/\[/o; } + } + &::emit($opcode,@_); + 1; } - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'QWP - { - &get_mem("",@_); - } - -sub main'BC - { - return (($main'mwerks)?"":"BYTE ")."@_"; - } - -sub main'DWC - { - return (($main'mwerks)?"":"DWORD ")."@_"; - } - -sub main'stack_push - { - my($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - my($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::emit("call",@_); } +sub ::jmp_ptr { &::emit("jmp",@_); } sub get_mem - { - my($size,$addr,$reg1,$reg2,$idx)=@_; - my($t,$post); - my($ret)=$size; - if ($ret ne "") - { - $ret .= " PTR" if ($main'mwerks); - $ret .= " "; - } - $ret .= "["; - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="$under$2"; - } - elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) - { - $addr="$under$addr"; - } - - if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.="${addr}+"; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="$reg2$t$reg1$post]"; - } - else - { - $ret.="$reg1$post]" - } - $ret =~ s/\+\]/]/; # in case $addr was the only argument - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'sbb { &out2("sbb",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'imul { &out2("imul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } - -# This is a bit of a kludge: declare all branches as NEAR. -$near=($main'mwerks)?'':'NEAR'; -sub main'je { &out1("je $near",@_); } -sub main'jle { &out1("jle $near",@_); } -sub main'jz { &out1("jz $near",@_); } -sub main'jge { &out1("jge $near",@_); } -sub main'jl { &out1("jl $near",@_); } -sub main'ja { &out1("ja $near",@_); } -sub main'jae { &out1("jae $near",@_); } -sub main'jb { &out1("jb $near",@_); } -sub main'jbe { &out1("jbe $near",@_); } -sub main'jc { &out1("jc $near",@_); } -sub main'jnc { &out1("jnc $near",@_); } -sub main'jnz { &out1("jnz $near",@_); } -sub main'jne { &out1("jne $near",@_); } -sub main'jno { &out1("jno $near",@_); } - -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'pushf { &out0("pushfd"); $stack+=4; } -sub main'popf { &out0("popfd"); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); } -sub main'call_ptr { &out1p("call",@_); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } -sub main'test { &out2("test",@_); } -sub main'bt { &out2("bt",@_); } -sub main'leave { &out0("leave"); } -sub main'cpuid { &out0("cpuid"); } -sub main'rdtsc { &out0("rdtsc"); } -sub main'halt { &out0("hlt"); } -sub main'movz { &out2("movzx",@_); } -sub main'neg { &out1("neg",@_); } -sub main'cld { &out0("cld"); } - -# SSE2 -sub main'emms { &out0("emms"); } -sub main'movd { &out2("movd",@_); } -sub main'movq { &out2("movq",@_); } -sub main'movdqu { &out2("movdqu",@_); } -sub main'movdqa { &out2("movdqa",@_); } -sub main'movdq2q{ &out2("movdq2q",@_); } -sub main'movq2dq{ &out2("movq2dq",@_); } -sub main'paddq { &out2("paddq",@_); } -sub main'pmuludq{ &out2("pmuludq",@_); } -sub main'psrlq { &out2("psrlq",@_); } -sub main'psllq { &out2("psllq",@_); } -sub main'pxor { &out2("pxor",@_); } -sub main'por { &out2("por",@_); } -sub main'pand { &out2("pand",@_); } - -sub out2 - { - my($name,$p1,$p2)=@_; - my($l,$t); - - push(@out,"\t$name\t"); - if (!$main'mwerks and $name eq "lea") - { - $p1 =~ s/^[^\[]*\[/\[/; - $p2 =~ s/^[^\[]*\[/\[/; - } - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - my($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - my($name,$p1)=@_; - my($l,$t); - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - my($p)=@_; - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - if ($main'mwerks) { push(@out,".section\t.text\n"); } - else { - local $tmp=<<___; -%ifdef __omf__ -section code use32 class=code +{ my($size,$addr,$reg1,$reg2,$idx)=@_; + my($post,$ret); + + if ($size ne "") + { $ret .= "$size"; + $ret .= " PTR" if ($::mwerks); + $ret .= " "; + } + $ret .= "["; + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige; + # put address arithmetic expression in parenthesis + $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); + + if (($addr ne "") && ($addr ne 0)) + { if ($addr !~ /^-/) { $ret .= "$addr+"; } + else { $post=$addr; } + } + + if ($reg2 ne "") + { $idx!=0 or $idx=1; + $ret .= "$reg2*$idx"; + $ret .= "+$reg1" if ($reg1 ne ""); + } + else + { $ret .= "$reg1"; } + + $ret .= "$post]"; + $ret =~ s/\+\]/]/; # in case $addr was the only argument + + $ret; +} +sub ::BP { &get_mem("BYTE",@_); } +sub ::DWP { &get_mem("DWORD",@_); } +sub ::QWP { &get_mem("",@_); } +sub ::BC { (($::mwerks)?"":"BYTE ")."@_"; } +sub ::DWC { (($::mwerks)?"":"DWORD ")."@_"; } + +sub ::file +{ if ($::mwerks) { push(@out,".section\t.text,64\n"); } + else + { my $tmp=<<___; +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +\$\@feat.00 equ 1 +section .text code align=64 %else -section .text +section .text code %endif ___ - push(@out,$tmp); - } - } - -sub main'function_begin - { - my($func,$extra)=@_; - - push(@labels,$func); - push(@out,".") if ($main'mwerks); - my($tmp)=<<"EOF"; -global $under$func -$under$func: - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - my($func,$extra)=@_; - push(@out,".") if ($main'mwerks); - my($tmp)=<<"EOF"; -global $under$func -$under$func: -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - $stack=0; - %label=(); - } - -sub main'function_end_A - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - } - -sub main'wparam - { - my($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } + } +} -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# my($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } + $begin =~ s/^\@/./ if ($::mwerks); # the torture never stops -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func=$nmdecor.$func; -sub main'public_label - { - $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); - push(@out,".") if ($main'mwerks); - push(@out,"global\t$label{$_[0]}\n"); - } + push(@out,"${drdecor}global $func\n") if ($global); + push(@out,"${drdecor}align 16\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); + $::stack=4; +} -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\@${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } +sub ::function_end_B +{ $::stack=0; + &::wipe_labels(); +} -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\@${label}${_[0]}"; - $label++; - } - if ($_[1]!=0 && $_[1]>1) - { - main'align($_[1]); - } - push(@out,"$label{$_[0]}:\n"); - } +sub ::file_end +{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; +${drdecor}segment .bss +${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 4 +___ + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; + push (@out,$comm) + } + push (@out,$initseg) if ($initseg); +} -sub main'data_byte - { - push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n"); - } +sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } -sub main'data_word - { - push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n"); - } +sub ::external_label +{ foreach(@_) + { push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n"); } +} -sub main'align - { - push(@out,".") if ($main'mwerks); - push(@out,"align\t$_[0]\n"); - } +sub ::public_label +{ push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } -sub out1p - { - my($name,$p1)=@_; - my($l,$t); +sub ::data_byte +{ push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n"); } - push(@out,"\t$name\t".&conv($p1)."\n"); - } +sub ::data_word +{ push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n"); } -sub main'picmeup - { - local($dst,$sym)=@_; - &main'lea($dst,&main'DWP($sym)); - } +sub ::align +{ push(@out,"${drdecor}align\t$_[0]\n"); } -sub main'blindpop { &out1("pop",@_); } +sub ::picmeup +{ my($dst,$sym)=@_; + &::lea($dst,&::DWP($sym)); +} -sub main'initseg - { - local($f)=@_; - if ($main'win32) - { - local($tmp)=<<___; -segment .CRT\$XCU data -extern $under$f -DD $under$f +sub ::initseg +{ my $f=$nmdecor.shift; + if ($::win32) + { $initseg=<<___; +segment .CRT\$XCU data align=4 +extern $f +dd $f ___ - push(@out,$tmp); - } - } + } +} + +sub ::dataseg +{ if ($mwerks) { push(@out,".section\t.data,4\n"); } + else { push(@out,"section\t.data align=4\n"); } +} 1; diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile index eed226b30d..3a7498fe7a 100644 --- a/src/lib/libcrypto/pkcs12/Makefile +++ b/src/lib/libcrypto/pkcs12/Makefile @@ -39,7 +39,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c +p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c +p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_asn.c p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c +p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c +p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_key.o: ../cryptlib.h p12_key.c p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_mutl.o: ../../include/openssl/opensslconf.h +p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_npas.o: ../../include/openssl/opensslconf.h +p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h @@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c +p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c +p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c +p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c +pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk12err.o: pk12err.c diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile index 790d8edf36..56dc6823d1 100644 --- a/src/lib/libcrypto/pkcs7/Makefile +++ b/src/lib/libcrypto/pkcs7/Makefile @@ -21,9 +21,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \ - pk7_mime.c + pk7_mime.c bio_pk7.c LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \ - pk7_mime.o + pk7_mime.o bio_pk7.o SRC= $(LIBSRC) @@ -54,7 +54,7 @@ verify: verify.o example.o lib $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -95,26 +95,31 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_asn1.o: ../../include/openssl/opensslconf.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_attr.o: ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_doit.o: ../../include/openssl/opensslconf.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile index 30794305cb..27694aa664 100644 --- a/src/lib/libcrypto/rand/Makefile +++ b/src/lib/libcrypto/rand/Makefile @@ -17,9 +17,9 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \ +LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_os2.c rand_nw.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \ +LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,34 +79,17 @@ clean: md_rand.o: ../../e_os.h ../../include/openssl/asn1.h md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md_rand.o: md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_egd.o: rand_egd.c -rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h -rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -116,39 +99,34 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c +rand_lib.o: ../cryptlib.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c +rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_os2.o: ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -158,8 +136,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_unix.o: ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -170,9 +148,8 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_win.o: ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c index 0f8dd3e00f..88088ce73c 100644 --- a/src/lib/libcrypto/rand/md_rand.c +++ b/src/lib/libcrypto/rand/md_rand.c @@ -126,10 +126,6 @@ #include #include -#ifdef OPENSSL_FIPS -#include -#endif - #ifdef BN_DEBUG # define PREDICT @@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ #ifdef PREDICT @@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) /* check if we already have the lock */ if (crypto_lock_rand) { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add) } else MD_Update(&m,&(state[st_idx]),j); - + + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ MD_Update(&m,buf,j); + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. The problem is not, it's + with the caller. Removing that line will make + sure you get really bad randomness and thereby + other problems such as very insecure keys. */ + MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); MD_Final(&m,local_md); md_c[1]++; @@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; -#ifdef OPENSSL_FIPS - if(FIPS_mode()) - { - FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); - return 0; - } -#endif - #ifdef PREDICT if (rand_predictable) { @@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_current(&locking_threadid); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif MD_Update(&m,local_md,MD_DIGEST_LENGTH); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -#ifndef PURIFY - MD_Update(&m,buf,j); /* purify complains */ + +#ifndef PURIFY /* purify complains */ + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + MD_Update(&m,buf,j); + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. */ #endif + k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; if (k > 0) { @@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) static int ssleay_rand_status(void) { + CRYPTO_THREADID cur; int ret; int do_not_lock; + CRYPTO_THREADID_current(&cur); /* check if we already have the lock * (could happen if a RAND_poll() implementation calls RAND_status()) */ if (crypto_lock_rand) { CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -559,7 +565,7 @@ static int ssleay_rand_status(void) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_cpy(&locking_threadid, &cur); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; } diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c index 50bce6caba..d53b916ebe 100644 --- a/src/lib/libcrypto/rand/rand_egd.c +++ b/src/lib/libcrypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h index 18cc9b1e4a..618a8ec899 100644 --- a/src/lib/libcrypto/rand/rand_lcl.h +++ b/src/lib/libcrypto/rand/rand_lcl.h @@ -154,16 +154,5 @@ #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) #endif -#ifndef OPENSSL_NO_ENGINE -void int_RAND_set_callbacks( - int (*set_rand_func)(const RAND_METHOD *meth, - const RAND_METHOD **pmeth), - const RAND_METHOD *(*get_rand_func) - (const RAND_METHOD **pmeth)); -int eng_RAND_set_rand_method(const RAND_METHOD *meth, - const RAND_METHOD **pmeth); -const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth); -#endif - #endif diff --git a/src/lib/libcrypto/rand/rand_os2.c b/src/lib/libcrypto/rand/rand_os2.c index c3e36d4e5e..fc1e78b179 100644 --- a/src/lib/libcrypto/rand/rand_os2.c +++ b/src/lib/libcrypto/rand/rand_os2.c @@ -78,8 +78,10 @@ typedef struct _CPUUTIL { ULONG ulIntrHigh; /* High 32 bits of interrupt time */ } CPUUTIL; +#ifndef __KLIBC__ APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; +#endif HMODULE hDoscalls = 0; int RAND_poll(void) @@ -91,6 +93,7 @@ int RAND_poll(void) if (hDoscalls == 0) { ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); +#ifndef __KLIBC__ if (rc == 0) { rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); @@ -102,6 +105,7 @@ int RAND_poll(void) if (rc) DosQuerySysState = NULL; } +#endif } /* Sample the hi-res timer, runs at around 1.1 MHz */ @@ -122,7 +126,9 @@ int RAND_poll(void) RAND_add(&util, sizeof(util), 10); } else { +#ifndef __KLIBC__ DosPerfSysCall = NULL; +#endif } } diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c index 71b98ec212..e9ead3a529 100644 --- a/src/lib/libcrypto/rand/rand_unix.c +++ b/src/lib/libcrypto/rand/rand_unix.c @@ -133,7 +133,50 @@ # define FD_SETSIZE (8*sizeof(fd_set)) #endif -#ifdef __OpenBSD__ +#ifdef __VOS__ +int RAND_poll(void) +{ + unsigned char buf[ENTROPY_NEEDED]; + pid_t curr_pid; + uid_t curr_uid; + static int first=1; + int i; + long rnd = 0; + struct timespec ts; + unsigned seed; + +/* The VOS random() function starts from a static seed so its + initial value is predictable. If random() returns the + initial value, reseed it with dynamic data. The VOS + real-time clock has a granularity of 1 nsec so it should be + reasonably difficult to predict its exact value. Do not + gratuitously reseed the PRNG because other code in this + process or thread may be using it. */ + + if (first) { + first = 0; + rnd = random (); + if (rnd == 1804289383) { + clock_gettime (CLOCK_REALTIME, &ts); + curr_pid = getpid(); + curr_uid = getuid(); + seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid; + srandom (seed); + } + } + + for (i = 0; i < sizeof(buf); i++) { + if (i % 4 == 0) + rnd = random(); + buf[i] = rnd; + rnd >>= 8; + } + RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); + memset(buf, 0, sizeof(buf)); + + return 1; +} +#elif defined __OpenBSD__ int RAND_poll(void) { u_int32_t rnd = 0, i; @@ -163,7 +206,7 @@ int RAND_poll(void) static const char *randomfiles[] = { DEVRANDOM }; struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; int fd; - size_t i; + unsigned int i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -176,7 +219,8 @@ int RAND_poll(void) * have this. Use /dev/urandom if you can as /dev/random may block * if it runs out of random entries. */ - for (i=0; i 0) n += r; +#if defined(OPENSSL_SYS_BEOS_R5) + if (r == 0) + snooze(t.tv_usec); +#endif } else r = -1; @@ -311,6 +364,14 @@ int RAND_poll(void) l=time(NULL); RAND_add(&l,sizeof(l),0.0); +#if defined(OPENSSL_SYS_BEOS) + { + system_info sysInfo; + get_system_info(&sysInfo); + RAND_add(&sysInfo,sizeof(sysInfo),0); + } +#endif + #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) return 1; #else diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c index 00dbe4232c..5d134e186b 100644 --- a/src/lib/libcrypto/rand/rand_win.c +++ b/src/lib/libcrypto/rand/rand_win.c @@ -463,7 +463,7 @@ int RAND_poll(void) PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; - DWORD stoptime = 0; + DWORD starttime = 0; snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CreateToolhelp32Snapshot"); @@ -494,12 +494,29 @@ int RAND_poll(void) * each entry. Consider each field a source of 1 byte * of entropy. */ + ZeroMemory(&hlist, sizeof(HEAPLIST32)); hlist.dwSize = sizeof(HEAPLIST32); - if (good) stoptime = GetTickCount() + MAXDELAY; + if (good) starttime = GetTickCount(); +#ifdef _MSC_VER if (heaplist_first(handle, &hlist)) + { + /* + following discussion on dev ML, exception on WinCE (or other Win + platform) is theoretically of unknown origin; prevent infinite + loop here when this theoretical case occurs; otherwise cope with + the expected (MSDN documented) exception-throwing behaviour of + Heap32Next() on WinCE. + + based on patch in original message by Tanguy Fautré (2009/03/02) + Subject: RAND_poll() and CreateToolhelp32Snapshot() stability + */ + int ex_cnt_limit = 42; do { RAND_add(&hlist, hlist.dwSize, 3); + __try + { + ZeroMemory(&hentry, sizeof(HEAPENTRY32)); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, @@ -510,10 +527,42 @@ int RAND_poll(void) RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) + && (!good || (GetTickCount()-starttime) 0); } - } while (heaplist_next(handle, - &hlist) && GetTickCount() < stoptime); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + /* ignore access violations when walking the heap list */ + ex_cnt_limit--; + } + } while (heaplist_next(handle, &hlist) + && (!good || (GetTickCount()-starttime) 0); + } + +#else + if (heaplist_first(handle, &hlist)) + { + do + { + RAND_add(&hlist, hlist.dwSize, 3); + hentry.dwSize = sizeof(HEAPENTRY32); + if (heap_first(&hentry, + hlist.th32ProcessID, + hlist.th32HeapID)) + { + int entrycnt = 80; + do + RAND_add(&hentry, + hentry.dwSize, 5); + while (heap_next(&hentry) + && --entrycnt > 0); + } + } while (heaplist_next(handle, &hlist) + && (!good || (GetTickCount()-starttime)= 0x80000000 || !OPENSSL_isservice()) + if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) return; /* Create a screen DC and a memory DC compatible to screen DC */ diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile index 4b6292b65f..73eac347e7 100644 --- a/src/lib/libcrypto/rc2/Makefile +++ b/src/lib/libcrypto/rc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_cbc.o: rc2_cbc.c rc2_locl.h rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h -rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_skey.o: rc2_locl.h rc2_skey.c rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2cfb64.o: rc2_locl.h rc2cfb64.c diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile index f0bd7678fc..264451a213 100644 --- a/src/lib/libcrypto/rc4/Makefile +++ b/src/lib/libcrypto/rc4/Makefile @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c -LIBOBJ=$(RC4_ENC) rc4_fblk.o +LIBSRC=rc4_skey.c rc4_enc.c +LIBOBJ=$(RC4_ENC) SRC= $(LIBSRC) @@ -37,26 +37,26 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@) -# COFF -rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@) -# a.out -rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) +rc4-586.s: asm/rc4-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ +rc4-x86_64.s: asm/rc4-x86_64.pl + $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@ -rc4-ia64.s: asm/rc4-ia64.S +rc4-ia64.S: asm/rc4-ia64.pl + $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@ + +rc4-s390x.s: asm/rc4-s390x.pl + $(PERL) asm/rc4-s390x.pl > $@ + +rc4-ia64.s: rc4-ia64.S @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ - int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \ - char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \ + int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \ + char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \ *) exit 1 ;; \ esac @@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h -rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h -rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_fblk.o: ../../include/openssl/opensslconf.h -rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_skey.o: ../../include/openssl/opensslconf.h +rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c index 54b597fa26..633a79e758 100644 --- a/src/lib/libcrypto/rc4/rc4test.c +++ b/src/lib/libcrypto/rc4/rc4test.c @@ -114,8 +114,8 @@ static unsigned char output[7][30]={ int main(int argc, char *argv[]) { - int err=0; - unsigned int i, j; + int i,err=0; + int j; unsigned char *p; RC4_KEY key; unsigned char obuf[512]; @@ -129,12 +129,12 @@ int main(int argc, char *argv[]) { printf("error calculating RC4\n"); printf("output:"); - for (j=0; j ../$@) -# COFF -r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@) -# a.out -r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@) +rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h index f73a2a02a4..4b3c153b50 100644 --- a/src/lib/libcrypto/rc5/rc5.h +++ b/src/lib/libcrypto/rc5/rc5.h @@ -94,10 +94,7 @@ typedef struct rc5_key_st RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; } RC5_32_KEY; -#ifdef OPENSSL_FIPS -void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds); -#endif + void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds); void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile index 6145f13699..d5b1067dbe 100644 --- a/src/lib/libcrypto/ripemd/Makefile +++ b/src/lib/libcrypto/ripemd/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@) -# COFF -rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@) -# a.out -rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@) +rmd-586.s: asm/rmd-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -89,13 +82,8 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rmd_dgst.o: ../../include/openssl/opensslconf.h -rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h -rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile index 7b1fd6428c..bb64223e05 100644 --- a/src/lib/libcrypto/rsa/Makefile +++ b/src/lib/libcrypto/rsa/Makefile @@ -19,10 +19,12 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c + rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \ + rsa_pmeth.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o + rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \ + rsa_pmeth.o SRC= $(LIBSRC) @@ -37,7 +39,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,6 +80,22 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h +rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_ameth.o: ../../include/openssl/objects.h +rsa_ameth.o: ../../include/openssl/opensslconf.h +rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -114,21 +132,6 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c -rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -151,15 +154,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -182,9 +185,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_oaep.o: ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -199,27 +202,50 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c +rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pmeth.o: ../../include/openssl/opensslconf.h +rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c +rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_prn.o: ../cryptlib.h rsa_prn.c rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_pss.o: ../cryptlib.h rsa_pss.c +rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_saos.o: ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -232,15 +258,14 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_sign.o: ../cryptlib.h rsa_sign.c +rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -260,11 +285,3 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c -rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_x931g.o: rsa_x931g.c diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c index 4080de8bcf..c8705a0f6e 100644 --- a/src/lib/libcrypto/rsa/rsa_test.c +++ b/src/lib/libcrypto/rsa/rsa_test.c @@ -328,7 +328,7 @@ int main(int argc, char *argv[]) } CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile index f4741b9ee6..e6eccb05f9 100644 --- a/src/lib/libcrypto/sha/Makefile +++ b/src/lib/libcrypto/sha/Makefile @@ -38,25 +38,16 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sha1-ia64.s: asm/sha1-ia64.pl (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS)) @@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl sha512-ia64.s: asm/sha512-ia64.pl (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha256-armv4.s: asm/sha256-armv4.pl + $(PERL) $< $@ + # Solaris make has to be explicitly told -sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@ -sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ -sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) +sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) +sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + +sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ +sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +sha1-%.s: asm/sha1-%.pl; $(PERL) $< $@ +sha256-%.s: asm/sha512-%.pl; $(PERL) $< $@ +sha512-%.s: asm/sha512-%.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha1_one.o: sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -sha1dgst.o: ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha256.o: ../md32_common.h sha256.c +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c sha512.o: ../../e_os.h ../../include/openssl/bio.h sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c index 598f4d721a..70eb56032c 100644 --- a/src/lib/libcrypto/sha/sha_dgst.c +++ b/src/lib/libcrypto/sha/sha_dgst.c @@ -57,12 +57,6 @@ */ #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - -#include #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c index ed0fe06a7b..27614646d1 100644 --- a/src/lib/libcrypto/sha/shatest.c +++ b/src/lib/libcrypto/sha/shatest.c @@ -123,9 +123,9 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL); + EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL); p=pt(md); - if (strcmp(p,(char *)*R) != 0) + if (strcmp(p,*R) != 0) { printf("error calculating SHA on '%s'\n",*P); printf("got %s instead of %s\n",p,*R); diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile index 489a77b93c..5327692ac8 100644 --- a/src/lib/libcrypto/stack/Makefile +++ b/src/lib/libcrypto/stack/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h index 8728e6124d..3fd4a81692 100644 --- a/src/lib/libcrypto/symhacks.h +++ b/src/lib/libcrypto/symhacks.h @@ -60,12 +60,13 @@ /* Hacks to solve the problem with linkers incapable of handling very long symbol names. In the case of VMS, the limit is 31 characters on VMS for VAX. */ +/* Note that this affects util/libeay.num and util/ssleay.num... you may + change those manually, but that's not recommended, as those files are + controlled centrally and updated on Unix, and the central definition + may disagree with yours, which in turn may come with shareable library + incompatibilities. */ #ifdef OPENSSL_SYS_VMS -/* Hack a long name in crypto/cryptlib.c */ -#undef int_CRYPTO_set_do_dynlock_callback -#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb - /* Hack a long name in crypto/ex_data.c */ #undef CRYPTO_get_ex_data_implementation #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl @@ -137,6 +138,8 @@ #define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers #undef X509_STORE_CTX_get_explicit_policy #define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +#undef X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer /* Hack some long CRYPTO names */ #undef CRYPTO_set_dynlock_destroy_callback @@ -144,9 +147,9 @@ #undef CRYPTO_set_dynlock_create_callback #define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb #undef CRYPTO_set_dynlock_lock_callback -#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb #undef CRYPTO_get_dynlock_lock_callback -#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb #undef CRYPTO_get_dynlock_destroy_callback #define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb #undef CRYPTO_get_dynlock_create_callback @@ -158,7 +161,7 @@ /* Hack some long SSL names */ #undef SSL_CTX_set_default_verify_paths -#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths #undef SSL_get_ex_data_X509_STORE_CTX_idx #define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx #undef SSL_add_file_cert_subjects_to_stack @@ -168,21 +171,38 @@ #undef SSL_CTX_use_certificate_chain_file #define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file #undef SSL_CTX_set_cert_verify_callback -#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb #undef SSL_CTX_set_default_passwd_cb_userdata #define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud #undef SSL_COMP_get_compression_methods #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +#undef ssl_add_clienthello_renegotiate_ext +#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +#undef ssl_add_serverhello_renegotiate_ext +#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +#undef ssl_parse_clienthello_renegotiate_ext +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +#undef ssl_parse_serverhello_renegotiate_ext +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext + /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt #undef ENGINE_set_default_BN_mod_exp_crt #define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt #undef ENGINE_set_load_privkey_function -#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn #undef ENGINE_get_load_privkey_function -#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_unregister_pkey_asn1_meths +#define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths +#undef ENGINE_register_all_pkey_asn1_meths +#define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths +#undef ENGINE_set_default_pkey_asn1_meths +#define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths +#undef ENGINE_get_pkey_asn1_meth_engine +#define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng #undef ENGINE_set_load_ssl_client_cert_function #define ENGINE_set_load_ssl_client_cert_function \ ENGINE_set_ld_ssl_clnt_cert_fn @@ -191,7 +211,7 @@ /* Hack some long OCSP names */ #undef OCSP_REQUEST_get_ext_by_critical -#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit #undef OCSP_BASICRESP_get_ext_by_critical #define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit #undef OCSP_SINGLERESP_get_ext_by_critical @@ -208,6 +228,8 @@ #define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf #undef OPENSSL_add_all_algorithms_conf #define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf +#undef EVP_PKEY_meth_set_verify_recover +#define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover /* Hack some long EC names */ #undef EC_GROUP_set_point_conversion_form @@ -236,15 +258,15 @@ #define EC_POINT_set_compressed_coordinates_GF2m \ EC_POINT_set_compr_coords_GF2m #undef ec_GF2m_simple_group_clear_finish -#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish #undef ec_GF2m_simple_group_check_discriminant #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim #undef ec_GF2m_simple_point_clear_finish -#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish #undef ec_GF2m_simple_point_set_to_infinity -#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf #undef ec_GF2m_simple_points_make_affine -#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine #undef ec_GF2m_simple_point_set_affine_coordinates #define ec_GF2m_simple_point_set_affine_coordinates \ ec_GF2m_smp_pt_set_af_coords @@ -259,19 +281,19 @@ #undef ec_GFp_simple_group_get_curve_GFp #define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_group_clear_finish -#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish #undef ec_GFp_simple_group_set_generator #define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator #undef ec_GFp_simple_group_get0_generator #define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator #undef ec_GFp_simple_group_get_cofactor -#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor #undef ec_GFp_simple_point_clear_finish -#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish #undef ec_GFp_simple_point_set_to_infinity #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf #undef ec_GFp_simple_points_make_affine -#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine #undef ec_GFp_simple_group_get_curve_GFp #define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_set_Jprojective_coordinates_GFp @@ -351,6 +373,14 @@ #undef STORE_method_get_unlock_store_function #define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn +/* Hack some long TS names */ +#undef TS_RESP_CTX_set_status_info_cond +#define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond +#undef TS_RESP_CTX_set_clock_precision_digits +#define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits +#undef TS_CONF_set_clock_precision_digits +#define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits + /* Hack some long CMS names */ #undef CMS_RecipientInfo_ktri_get0_algs #define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs @@ -365,24 +395,34 @@ #undef cms_SignerIdentifier_get0_signer_id #define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +/* Hack some long DTLS1 names */ +#undef dtls1_retransmit_buffered_messages +#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + +/* Hack some long UI names */ +#undef UI_method_get_prompt_constructor +#define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +#undef UI_method_set_prompt_constructor +#define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + #endif /* defined OPENSSL_SYS_VMS */ -/* Case insensiteve linking causes problems.... */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +/* Case insensitive linking causes problems.... */ +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) #undef ERR_load_CRYPTO_strings #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings #undef OCSP_crlID_new -#define OCSP_crlID_new OCSP_crlID2_new +#define OCSP_crlID_new OCSP_crlID2_new #undef d2i_ECPARAMETERS -#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS #undef i2d_ECPARAMETERS -#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS #undef d2i_ECPKPARAMETERS -#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS #undef i2d_ECPKPARAMETERS -#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS /* These functions do not seem to exist! However, I'm paranoid... Original command in x509v3.h: @@ -391,19 +431,19 @@ hide them a little, by giving them an extra 'o' at the beginning of the name... */ #undef X509v3_cleanup_extensions -#define X509v3_cleanup_extensions oX509v3_cleanup_extensions +#define X509v3_cleanup_extensions oX509v3_cleanup_extensions #undef X509v3_add_extension -#define X509v3_add_extension oX509v3_add_extension +#define X509v3_add_extension oX509v3_add_extension #undef X509v3_add_netscape_extensions -#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions #undef X509v3_add_standard_extensions -#define X509v3_add_standard_extensions oX509v3_add_standard_extensions +#define X509v3_add_standard_extensions oX509v3_add_standard_extensions +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create #endif #endif /* ! defined HEADER_VMS_IDHACKS_H */ -/* This one clashes with CMS_data_create */ -#undef cms_Data_create -#define cms_Data_create priv_cms_Data_create diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c index f6f3df4b6a..eba7aa8a6e 100644 --- a/src/lib/libcrypto/threads/mttest.c +++ b/src/lib/libcrypto/threads/mttest.c @@ -117,11 +117,13 @@ void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); void netware_locking_callback(int mode,int type,char *file,int line); +void beos_locking_callback(int mode,int type,const char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); unsigned long netware_thread_id(void ); +unsigned long beos_thread_id(void ); #if defined(OPENSSL_SYS_NETWARE) static MPKMutex *lock_cs; @@ -1209,3 +1211,100 @@ unsigned long netware_thread_id(void) return(ret); } #endif /* NETWARE */ + +#ifdef BEOS_THREADS + +#include + +static BLocker** lock_cs; +static long* lock_count; + +void thread_setup(void) + { + int i; + + lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*)); + lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; iLock(); + lock_count[type]++; + } + else + { + lock_cs[type]->Unlock(); + } + } + +void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) + { + SSL_CTX *ssl_ctx[2]; + thread_id thread_ctx[MAX_THREAD_NUMBER]; + int i; + + ssl_ctx[0]=s_ctx; + ssl_ctx[1]=c_ctx; + + for (i=0; ireferences,c_ctx->references); + } + +unsigned long beos_thread_id(void) + { + unsigned long ret; + + ret=(unsigned long)find_thread(NULL); + return(ret); + } + +#endif /* BEOS_THREADS */ diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com index 63f5b8cc2e..1cf92bdf57 100644 --- a/src/lib/libcrypto/threads/pthreads-vms.com +++ b/src/lib/libcrypto/threads/pthreads-vms.com @@ -2,8 +2,13 @@ $! To compile mttest on VMS. $! $! WARNING: only tested with DEC C so far. $ -$ arch := vax -$ if f$getsyi("CPU") .ge. 128 then arch := axp +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := VAX +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif $ define/user openssl [--.include.openssl] $ cc/def=PTHREADS mttest.c $ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile index 87e57b49f6..e6f30331d8 100644 --- a/src/lib/libcrypto/txt_db/Makefile +++ b/src/lib/libcrypto/txt_db/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/ui/Makefile b/src/lib/libcrypto/ui/Makefile index 4755e206f6..a685659fb4 100644 --- a/src/lib/libcrypto/ui/Makefile +++ b/src/lib/libcrypto/ui/Makefile @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl index 344b422c34..f13af5c50b 100644 --- a/src/lib/libcrypto/util/ck_errf.pl +++ b/src/lib/libcrypto/util/ck_errf.pl @@ -7,8 +7,16 @@ # perl util/ck_errf.pl */*.c */*/*.c # +my $err_strict = 0; +my $bad = 0; + foreach $file (@ARGV) { + if ($file eq "-strict") + { + $err_strict = 1; + next; + } open(IN,"<$file") || die "unable to open $file\n"; $func=""; while () @@ -20,13 +28,13 @@ foreach $file (@ARGV) $func = $1; $func =~ tr/A-Z/a-z/; } - if (/([A-Z0-9]+)err\(([^,]+)/) + if (/([A-Z0-9]+)err\(([^,]+)/ && ! /ckerr_ignore/) { $errlib=$1; $n=$2; if ($func eq "") - { print "$file:$.:???:$n\n"; next; } + { print "$file:$.:???:$n\n"; $bad = 1; next; } if ($n !~ /([^_]+)_F_(.+)$/) { @@ -37,14 +45,20 @@ foreach $file (@ARGV) $n=$2; if ($lib ne $errlib) - { print "$file:$.:$func:$n [${errlib}err]\n"; next; } + { print "$file:$.:$func:$n [${errlib}err]\n"; $bad = 1; next; } $n =~ tr/A-Z/a-z/; if (($n ne $func) && ($errlib ne "SYS")) - { print "$file:$.:$func:$n\n"; next; } + { print "$file:$.:$func:$n\n"; $bad = 1; next; } # print "$func:$1\n"; } } close(IN); } +if ($bad && $err_strict) + { + print STDERR "FATAL: error discrepancy\n"; + exit 1; + } + diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl index 2b2bdb4048..d3525b0ed0 100644 --- a/src/lib/libcrypto/util/clean-depend.pl +++ b/src/lib/libcrypto/util/clean-depend.pl @@ -42,6 +42,7 @@ foreach $file (sort keys %files) { my @deps = map { $_ =~ s/^\.\///; $_ } @{$files{$file}}; foreach $dep (sort @deps) { + $dep=~s/^\.\///; next if $prevdep eq $dep; # to exterminate duplicates... $prevdep = $dep; $len=0 if $len+length($dep)+1 >= 80; diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh index 89d1dda95b..a4f2e740b4 100644 --- a/src/lib/libcrypto/util/cygwin.sh +++ b/src/lib/libcrypto/util/cygwin.sh @@ -7,7 +7,7 @@ # Uncomment when debugging #set -x -CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2" +CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5" INSTALL_PREFIX=/tmp/install VERSION= @@ -66,7 +66,7 @@ function create_cygwin_readme() ./config ${CONFIG_OPTIONS} - The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or + The IDEA and RC5 algorithms are disabled due to patent and/or licensing issues. EOF } diff --git a/src/lib/libcrypto/util/deltree.com b/src/lib/libcrypto/util/deltree.com new file mode 100644 index 0000000000..9f36b1a5e9 --- /dev/null +++ b/src/lib/libcrypto/util/deltree.com @@ -0,0 +1,34 @@ +$! DELTREE.COM +$ +$ call deltree 'p1' +$ exit $status +$ +$ deltree: subroutine ! P1 is a name of a directory +$ on control_y then goto dt_STOP +$ on warning then goto dt_exit +$ _dt_def = f$trnlnm("SYS$DISK")+f$directory() +$ if f$parse(p1) .eqs. "" then exit +$ set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")' +$ p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE") +$ _fp = f$parse(".DIR",p1) +$ dt_loop: +$ _f = f$search(_fp) +$ if _f .eqs. "" then goto dt_loopend +$ call deltree [.'f$parse(_f,,,"NAME")']*.* +$ goto dt_loop +$ dt_loopend: +$ _fp = f$parse(p1,".;*") +$ if f$search(_fp) .eqs. "" then goto dt_exit +$ set noon +$ set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp' +$ set on +$ delete/nolog '_fp' +$ dt_exit: +$ set default '_dt_def' +$ goto dt_end +$ dt_STOP: +$ set default '_dt_def' +$ stop/id="" +$ exit +$ dt_end: +$ endsubroutine diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd index 560ebeaf82..bab48cb7a2 100644 --- a/src/lib/libcrypto/util/domd +++ b/src/lib/libcrypto/util/domd @@ -14,7 +14,7 @@ if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi cp Makefile Makefile.save # fake the presence of Kerberos touch $TOP/krb5.h -if [ "$MAKEDEPEND" = "gcc" ]; then +if expr "$MAKEDEPEND" : '.*gcc$' > /dev/null; then args="" while [ $# -gt 0 ]; do if [ "$1" != "--" ]; then args="$args $1"; fi @@ -22,13 +22,17 @@ if [ "$MAKEDEPEND" = "gcc" ]; then done sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - ${CC:-gcc} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp + ${MAKEDEPEND} -Werror -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp || exit 1 ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new + RC=$? rm -f Makefile.tmp else - ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ + ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \ ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new + RC=$? fi mv Makefile.new Makefile # unfake the presence of Kerberos rm $TOP/krb5.h + +exit $RC diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num index 74eb337227..6f3067ae2b 100644 --- a/src/lib/libcrypto/util/libeay.num +++ b/src/lib/libcrypto/util/libeay.num @@ -1,9 +1,9 @@ SSLeay 1 EXIST::FUNCTION: SSLeay_version 2 EXIST::FUNCTION: -ASN1_BIT_STRING_asn1_meth 3 EXIST::FUNCTION: -ASN1_HEADER_free 4 EXIST::FUNCTION: -ASN1_HEADER_new 5 EXIST::FUNCTION: -ASN1_IA5STRING_asn1_meth 6 EXIST::FUNCTION: +ASN1_BIT_STRING_asn1_meth 3 NOEXIST::FUNCTION: +ASN1_HEADER_free 4 NOEXIST::FUNCTION: +ASN1_HEADER_new 5 NOEXIST::FUNCTION: +ASN1_IA5STRING_asn1_meth 6 NOEXIST::FUNCTION: ASN1_INTEGER_get 7 EXIST::FUNCTION: ASN1_INTEGER_set 8 EXIST::FUNCTION: ASN1_INTEGER_to_BN 9 EXIST::FUNCTION: @@ -75,8 +75,8 @@ BIO_new 78 EXIST::FUNCTION: BIO_new_accept 79 EXIST::FUNCTION: BIO_new_connect 80 EXIST::FUNCTION: BIO_new_fd 81 EXIST::FUNCTION: -BIO_new_file 82 EXIST:!WIN16:FUNCTION:FP_API -BIO_new_fp 83 EXIST:!WIN16:FUNCTION:FP_API +BIO_new_file 82 EXIST::FUNCTION:FP_API +BIO_new_fp 83 EXIST::FUNCTION:FP_API BIO_new_socket 84 EXIST::FUNCTION: BIO_pop 85 EXIST::FUNCTION: BIO_printf 86 EXIST::FUNCTION: @@ -86,7 +86,7 @@ BIO_read 89 EXIST::FUNCTION: BIO_s_accept 90 EXIST::FUNCTION: BIO_s_connect 91 EXIST::FUNCTION: BIO_s_fd 92 EXIST::FUNCTION: -BIO_s_file 93 EXIST:!WIN16:FUNCTION:FP_API +BIO_s_file 93 EXIST::FUNCTION:FP_API BIO_s_mem 95 EXIST::FUNCTION: BIO_s_null 96 EXIST::FUNCTION: BIO_s_proxy_client 97 NOEXIST::FUNCTION: @@ -172,7 +172,7 @@ CRYPTO_dbg_realloc 179 EXIST::FUNCTION: CRYPTO_dbg_remalloc 180 NOEXIST::FUNCTION: CRYPTO_free 181 EXIST::FUNCTION: CRYPTO_get_add_lock_callback 182 EXIST::FUNCTION: -CRYPTO_get_id_callback 183 EXIST::FUNCTION: +CRYPTO_get_id_callback 183 EXIST::FUNCTION:DEPRECATED CRYPTO_get_lock_name 184 EXIST::FUNCTION: CRYPTO_get_locking_callback 185 EXIST::FUNCTION: CRYPTO_get_mem_functions 186 EXIST::FUNCTION: @@ -185,10 +185,10 @@ CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API CRYPTO_realloc 193 EXIST::FUNCTION: CRYPTO_remalloc 194 EXIST::FUNCTION: CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION: -CRYPTO_set_id_callback 196 EXIST::FUNCTION: +CRYPTO_set_id_callback 196 EXIST::FUNCTION:DEPRECATED CRYPTO_set_locking_callback 197 EXIST::FUNCTION: CRYPTO_set_mem_functions 198 EXIST::FUNCTION: -CRYPTO_thread_id 199 EXIST::FUNCTION: +CRYPTO_thread_id 199 EXIST::FUNCTION:DEPRECATED DH_check 200 EXIST::FUNCTION:DH DH_compute_key 201 EXIST::FUNCTION:DH DH_free 202 EXIST::FUNCTION:DH @@ -243,7 +243,7 @@ ERR_print_errors 250 EXIST::FUNCTION:BIO ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API ERR_put_error 252 EXIST::FUNCTION: ERR_reason_error_string 253 EXIST::FUNCTION: -ERR_remove_state 254 EXIST::FUNCTION: +ERR_remove_state 254 EXIST::FUNCTION:DEPRECATED EVP_BytesToKey 255 EXIST::FUNCTION: EVP_CIPHER_CTX_cleanup 256 EXIST::FUNCTION: EVP_CipherFinal 257 EXIST::FUNCTION: @@ -343,7 +343,7 @@ NETSCAPE_SPKI_new 350 EXIST::FUNCTION: NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP OBJ_add_object 353 EXIST::FUNCTION: -OBJ_bsearch 354 EXIST::FUNCTION: +OBJ_bsearch 354 NOEXIST::FUNCTION: OBJ_cleanup 355 EXIST::FUNCTION: OBJ_cmp 356 EXIST::FUNCTION: OBJ_create 357 EXIST::FUNCTION: @@ -356,9 +356,9 @@ OBJ_nid2sn 363 EXIST::FUNCTION: OBJ_obj2nid 364 EXIST::FUNCTION: OBJ_sn2nid 365 EXIST::FUNCTION: OBJ_txt2nid 366 EXIST::FUNCTION: -PEM_ASN1_read 367 EXIST:!WIN16:FUNCTION: +PEM_ASN1_read 367 EXIST::FUNCTION: PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO -PEM_ASN1_write 369 EXIST:!WIN16:FUNCTION: +PEM_ASN1_write 369 EXIST::FUNCTION: PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO PEM_SealFinal 371 EXIST::FUNCTION:RSA PEM_SealInit 372 EXIST::FUNCTION:RSA @@ -366,14 +366,14 @@ PEM_SealUpdate 373 EXIST::FUNCTION:RSA PEM_SignFinal 374 EXIST::FUNCTION: PEM_SignInit 375 EXIST::FUNCTION: PEM_SignUpdate 376 EXIST::FUNCTION: -PEM_X509_INFO_read 377 EXIST:!WIN16:FUNCTION: +PEM_X509_INFO_read 377 EXIST::FUNCTION: PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO PEM_dek_info 380 EXIST::FUNCTION: PEM_do_header 381 EXIST::FUNCTION: PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION: PEM_proc_type 383 EXIST::FUNCTION: -PEM_read 384 EXIST:!WIN16:FUNCTION: +PEM_read 384 EXIST::FUNCTION: PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA @@ -393,7 +393,7 @@ PEM_read_bio_RSAPrivateKey 400 EXIST::FUNCTION:RSA PEM_read_bio_X509 401 EXIST::FUNCTION: PEM_read_bio_X509_CRL 402 EXIST::FUNCTION: PEM_read_bio_X509_REQ 403 EXIST::FUNCTION: -PEM_write 404 EXIST:!WIN16:FUNCTION: +PEM_write 404 EXIST::FUNCTION: PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA @@ -469,7 +469,7 @@ RC2_set_key 476 EXIST::FUNCTION:RC2 RC4 477 EXIST::FUNCTION:RC4 RC4_options 478 EXIST::FUNCTION:RC4 RC4_set_key 479 EXIST::FUNCTION:RC4 -RSAPrivateKey_asn1_meth 480 EXIST::FUNCTION:RSA +RSAPrivateKey_asn1_meth 480 NOEXIST::FUNCTION: RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA RSAPublicKey_dup 482 EXIST::FUNCTION:RSA RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA @@ -624,7 +624,7 @@ X509_STORE_set_default_paths 630 EXIST::FUNCTION:STDIO X509_VAL_free 631 EXIST::FUNCTION: X509_VAL_new 632 EXIST::FUNCTION: X509_add_ext 633 EXIST::FUNCTION: -X509_asn1_meth 634 EXIST::FUNCTION: +X509_asn1_meth 634 NOEXIST::FUNCTION: X509_certificate_type 635 EXIST::FUNCTION: X509_check_private_key 636 EXIST::FUNCTION: X509_cmp_current_time 637 EXIST::FUNCTION: @@ -704,7 +704,7 @@ bn_sqr_words 710 EXIST::FUNCTION: _ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: -d2i_ASN1_HEADER 714 EXIST::FUNCTION: +d2i_ASN1_HEADER 714 NOEXIST::FUNCTION: d2i_ASN1_IA5STRING 715 EXIST::FUNCTION: d2i_ASN1_INTEGER 716 EXIST::FUNCTION: d2i_ASN1_OBJECT 717 EXIST::FUNCTION: @@ -809,7 +809,7 @@ i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION: i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION: -i2d_ASN1_HEADER 820 EXIST::FUNCTION: +i2d_ASN1_HEADER 820 NOEXIST::FUNCTION: i2d_ASN1_IA5STRING 821 EXIST::FUNCTION: i2d_ASN1_INTEGER 822 EXIST::FUNCTION: i2d_ASN1_OBJECT 823 EXIST::FUNCTION: @@ -950,9 +950,9 @@ ERR_get_next_error_library 966 EXIST::FUNCTION: EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION: HMAC_cleanup 968 NOEXIST::FUNCTION: BIO_ptr_ctrl 969 EXIST::FUNCTION: -BIO_new_file_internal 970 EXIST:WIN16:FUNCTION:FP_API -BIO_new_fp_internal 971 EXIST:WIN16:FUNCTION:FP_API -BIO_s_file_internal 972 EXIST:WIN16:FUNCTION:FP_API +BIO_new_file_internal 970 NOEXIST::FUNCTION: +BIO_new_fp_internal 971 NOEXIST::FUNCTION: +BIO_s_file_internal 972 NOEXIST::FUNCTION: BN_BLINDING_convert 973 EXIST::FUNCTION: BN_BLINDING_invert 974 EXIST::FUNCTION: BN_BLINDING_update 975 EXIST::FUNCTION: @@ -984,8 +984,8 @@ BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION: CRYPTO_free_ex_data 1004 EXIST::FUNCTION: CRYPTO_get_ex_data 1005 EXIST::FUNCTION: CRYPTO_set_ex_data 1007 EXIST::FUNCTION: -ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION: -ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION: +ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS:FUNCTION: +ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS:FUNCTION: EVP_PKEY_bits 1010 EXIST::FUNCTION: MD5_Transform 1011 EXIST::FUNCTION:MD5 SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1 @@ -1117,11 +1117,11 @@ COMP_compress_block 1144 EXIST::FUNCTION: COMP_expand_block 1145 EXIST::FUNCTION: COMP_rle 1146 EXIST::FUNCTION: COMP_zlib 1147 EXIST::FUNCTION: -ms_time_diff 1148 EXIST::FUNCTION: -ms_time_new 1149 EXIST::FUNCTION: -ms_time_free 1150 EXIST::FUNCTION: -ms_time_cmp 1151 EXIST::FUNCTION: -ms_time_get 1152 EXIST::FUNCTION: +ms_time_diff 1148 NOEXIST::FUNCTION: +ms_time_new 1149 NOEXIST::FUNCTION: +ms_time_free 1150 NOEXIST::FUNCTION: +ms_time_cmp 1151 NOEXIST::FUNCTION: +ms_time_get 1152 NOEXIST::FUNCTION: PKCS7_set_attributes 1153 EXIST::FUNCTION: PKCS7_set_signed_attributes 1154 EXIST::FUNCTION: X509_ATTRIBUTE_create 1155 EXIST::FUNCTION: @@ -1255,8 +1255,8 @@ PKCS12_gen_mac 1278 EXIST::FUNCTION: PKCS12_verify_mac 1279 EXIST::FUNCTION: PKCS12_set_mac 1280 EXIST::FUNCTION: PKCS12_setup_mac 1281 EXIST::FUNCTION: -asc2uni 1282 EXIST::FUNCTION: -uni2asc 1283 EXIST::FUNCTION: +OPENSSL_asc2uni 1282 EXIST::FUNCTION: +OPENSSL_uni2asc 1283 EXIST::FUNCTION: i2d_PKCS12_BAGS 1284 EXIST::FUNCTION: PKCS12_BAGS_new 1285 EXIST::FUNCTION: d2i_PKCS12_BAGS 1286 EXIST::FUNCTION: @@ -2081,7 +2081,7 @@ NETSCAPE_SPKAC_it 2641 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA NETSCAPE_SPKAC_it 2641 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_STRING_encode 2643 EXIST::FUNCTION: +ASN1_STRING_encode 2643 NOEXIST::FUNCTION: EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES KRB5_AUTHENT_free 2645 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION: @@ -2732,8 +2732,8 @@ EC_POINT_point2oct 3178 EXIST::FUNCTION:EC KRB5_APREQ_free 3179 EXIST::FUNCTION: ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: -OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: +OCSP_crlID_new 3181 EXIST:!OS2,!VMS:FUNCTION: +OCSP_crlID2_new 3181 EXIST:OS2,VMS:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE @@ -2804,57 +2804,57 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: +FIPS_selftest_des 3250 NOEXIST::FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_mode_set 3253 NOEXIST::FUNCTION: +FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: -AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES +AES_cfbr_encrypt_block 3260 NOEXIST::FUNCTION: AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_seed 3262 NOEXIST::FUNCTION: +FIPS_corrupt_des 3263 NOEXIST::FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_aes 3265 NOEXIST::FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_method 3270 NOEXIST::FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: +ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: +FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: +FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: +FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: +FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_check 3281 NOEXIST::FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_mode 3283 NOEXIST::FUNCTION: +FIPS_selftest_failed 3284 NOEXIST::FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA +private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC -private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 -private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST -private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD -private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 -private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 -private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 -private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 -private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 -private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 -private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF -private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 +private_SHA_Init 3289 NOEXIST::FUNCTION: +private_CAST_set_key 3290 NOEXIST::FUNCTION: +private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: +private_RC5_32_set_key 3292 NOEXIST::FUNCTION: +private_MD5_Init 3293 NOEXIST::FUNCTION: +private_RC4_set_key 3294 NOEXIST::FUNCTION: +private_MDC2_Init 3295 NOEXIST::FUNCTION: +private_RC2_set_key 3296 NOEXIST::FUNCTION: +private_MD4_Init 3297 NOEXIST::FUNCTION: +private_BF_set_key 3298 NOEXIST::FUNCTION: +private_MD2_Init 3299 NOEXIST::FUNCTION: d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: -EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 -EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 +FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: +FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA PKCS1_MGF1 3324 EXIST::FUNCTION:RSA -BN_X931_generate_Xpq 3325 EXIST::FUNCTION: +BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: RSA_X931_generate_key 3326 NOEXIST::FUNCTION: BN_X931_derive_prime 3327 NOEXIST::FUNCTION: BN_X931_generate_prime 3328 NOEXIST::FUNCTION: @@ -2893,43 +2893,43 @@ ERR_set_mark 3332 EXIST::FUNCTION: X509_STORE_CTX_set0_crls 3333 EXIST::FUNCTION: ENGINE_set_STORE 3334 EXIST::FUNCTION:ENGINE ENGINE_register_ECDSA 3335 EXIST::FUNCTION:ENGINE -STORE_method_set_list_start_function 3336 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_start_fn 3336 EXIST:VMS:FUNCTION: +STORE_meth_set_list_start_fn 3336 NOEXIST::FUNCTION: +STORE_method_set_list_start_function 3336 NOEXIST::FUNCTION: BN_BLINDING_invert_ex 3337 EXIST::FUNCTION: NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION: -STORE_ATTR_INFO_set_number 3339 EXIST::FUNCTION: -BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION: +STORE_ATTR_INFO_set_number 3339 NOEXIST::FUNCTION: +BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:DEPRECATED X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION: POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_parse_attrs_start 3343 EXIST::FUNCTION: +STORE_parse_attrs_start 3343 NOEXIST::FUNCTION: POLICY_CONSTRAINTS_free 3344 EXIST::FUNCTION: EVP_PKEY_add1_attr_by_NID 3345 EXIST::FUNCTION: BN_nist_mod_192 3346 EXIST::FUNCTION: EC_GROUP_get_trinomial_basis 3347 EXIST::FUNCTION:EC -STORE_set_method 3348 EXIST::FUNCTION: +STORE_set_method 3348 NOEXIST::FUNCTION: GENERAL_SUBTREE_free 3349 EXIST::FUNCTION: NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH PKCS12_add_safe 3352 EXIST::FUNCTION: EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC -STORE_method_get_update_store_function 3354 EXIST:!VMS:FUNCTION: -STORE_meth_get_update_store_fn 3354 EXIST:VMS:FUNCTION: +STORE_meth_get_update_store_fn 3354 NOEXIST::FUNCTION: +STORE_method_get_update_store_function 3354 NOEXIST::FUNCTION: ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE -SHA512_Update 3356 EXIST::FUNCTION:SHA,SHA512 +SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC BN_get0_nist_prime_192 3358 EXIST::FUNCTION: -STORE_modify_certificate 3359 EXIST::FUNCTION: +STORE_modify_certificate 3359 NOEXIST::FUNCTION: EC_POINT_set_affine_coordinates_GF2m 3360 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GF2m 3360 EXIST:VMS:FUNCTION:EC BN_GF2m_mod_exp_arr 3361 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_number 3362 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_number 3362 NOEXIST::FUNCTION: X509_keyid_get0 3363 EXIST::FUNCTION: ENGINE_load_gmp 3364 EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE pitem_new 3365 EXIST::FUNCTION: BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION: -STORE_list_public_key_endp 3367 EXIST::FUNCTION: +STORE_list_public_key_endp 3367 NOEXIST::FUNCTION: o2i_ECPublicKey 3368 EXIST::FUNCTION:EC EC_KEY_copy 3369 EXIST::FUNCTION:EC BIO_dump_fp 3370 EXIST::FUNCTION:FP_API @@ -2938,25 +2938,25 @@ EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC i2o_ECPublicKey 3373 EXIST::FUNCTION:EC EC_KEY_precompute_mult 3374 EXIST::FUNCTION:EC a2i_IPADDRESS 3375 EXIST::FUNCTION: -STORE_method_set_initialise_function 3376 EXIST:!VMS:FUNCTION: -STORE_meth_set_initialise_fn 3376 EXIST:VMS:FUNCTION: +STORE_meth_set_initialise_fn 3376 NOEXIST::FUNCTION: +STORE_method_set_initialise_function 3376 NOEXIST::FUNCTION: X509_STORE_CTX_set_depth 3377 EXIST::FUNCTION: X509_VERIFY_PARAM_inherit 3378 EXIST::FUNCTION: EC_POINT_point2bn 3379 EXIST::FUNCTION:EC -STORE_ATTR_INFO_set_dn 3380 EXIST::FUNCTION: +STORE_ATTR_INFO_set_dn 3380 NOEXIST::FUNCTION: X509_policy_tree_get0_policies 3381 EXIST::FUNCTION: EC_GROUP_new_curve_GF2m 3382 EXIST::FUNCTION:EC -STORE_destroy_method 3383 EXIST::FUNCTION: +STORE_destroy_method 3383 NOEXIST::FUNCTION: ENGINE_unregister_STORE 3384 EXIST::FUNCTION:ENGINE EVP_PKEY_get1_EC_KEY 3385 EXIST::FUNCTION:EC -STORE_ATTR_INFO_get0_number 3386 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_number 3386 NOEXIST::FUNCTION: ENGINE_get_default_ECDH 3387 EXIST::FUNCTION:ENGINE EC_KEY_get_conv_form 3388 EXIST::FUNCTION:EC ASN1_OCTET_STRING_NDEF_it 3389 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OCTET_STRING_NDEF_it 3389 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_delete_public_key 3390 EXIST::FUNCTION: -STORE_get_public_key 3391 EXIST::FUNCTION: -STORE_modify_arbitrary 3392 EXIST::FUNCTION: +STORE_delete_public_key 3390 NOEXIST::FUNCTION: +STORE_get_public_key 3391 NOEXIST::FUNCTION: +STORE_modify_arbitrary 3392 NOEXIST::FUNCTION: ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE pqueue_iterator 3394 EXIST::FUNCTION: ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA @@ -2965,14 +2965,14 @@ BN_GF2m_mod_sqr 3397 EXIST::FUNCTION: EC_POINT_bn2point 3398 EXIST::FUNCTION:EC X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION: EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC -STORE_get_method 3401 EXIST::FUNCTION: +STORE_get_method 3401 NOEXIST::FUNCTION: EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA -STORE_parse_attrs_end 3404 EXIST::FUNCTION: +STORE_parse_attrs_end 3404 NOEXIST::FUNCTION: EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC -STORE_method_set_store_function 3406 EXIST::FUNCTION: -STORE_ATTR_INFO_in 3407 EXIST::FUNCTION: +STORE_method_set_store_function 3406 NOEXIST::FUNCTION: +STORE_ATTR_INFO_in 3407 NOEXIST::FUNCTION: PEM_read_bio_ECPKParameters 3408 EXIST::FUNCTION:EC EC_GROUP_get_pentanomial_basis 3409 EXIST::FUNCTION:EC EVP_PKEY_add1_attr_by_txt 3410 EXIST::FUNCTION: @@ -2980,7 +2980,7 @@ BN_BLINDING_set_flags 3411 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION: X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION: -STORE_get_number 3415 EXIST::FUNCTION: +STORE_get_number 3415 NOEXIST::FUNCTION: ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION: EC_KEY_up_ref 3418 EXIST::FUNCTION:EC @@ -2988,14 +2988,14 @@ POLICY_MAPPING_free 3419 EXIST::FUNCTION: BN_GF2m_mod_div 3420 EXIST::FUNCTION: X509_VERIFY_PARAM_set_flags 3421 EXIST::FUNCTION: EC_KEY_free 3422 EXIST::FUNCTION:EC -STORE_method_set_list_next_function 3423 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_next_fn 3423 EXIST:VMS:FUNCTION: +STORE_meth_set_list_next_fn 3423 NOEXIST::FUNCTION: +STORE_method_set_list_next_function 3423 NOEXIST::FUNCTION: PEM_write_bio_ECPrivateKey 3424 EXIST::FUNCTION:EC d2i_EC_PUBKEY 3425 EXIST::FUNCTION:EC -STORE_method_get_generate_function 3426 EXIST:!VMS:FUNCTION: -STORE_meth_get_generate_fn 3426 EXIST:VMS:FUNCTION: -STORE_method_set_list_end_function 3427 EXIST:!VMS:FUNCTION: -STORE_meth_set_list_end_fn 3427 EXIST:VMS:FUNCTION: +STORE_meth_get_generate_fn 3426 NOEXIST::FUNCTION: +STORE_method_get_generate_function 3426 NOEXIST::FUNCTION: +STORE_meth_set_list_end_fn 3427 NOEXIST::FUNCTION: +STORE_method_set_list_end_function 3427 NOEXIST::FUNCTION: pqueue_print 3428 EXIST::FUNCTION: EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API @@ -3003,8 +3003,8 @@ BN_GF2m_mod_arr 3431 EXIST::FUNCTION: PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION: EVP_PKEY_cmp 3433 EXIST::FUNCTION: X509_policy_level_node_count 3434 EXIST::FUNCTION: -STORE_new_engine 3435 EXIST::FUNCTION: -STORE_list_public_key_start 3436 EXIST::FUNCTION: +STORE_new_engine 3435 NOEXIST::FUNCTION: +STORE_list_public_key_start 3436 NOEXIST::FUNCTION: X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION: ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH EVP_PKEY_get_attr 3439 EXIST::FUNCTION: @@ -3014,11 +3014,11 @@ ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC EC_POINT_dup 3444 EXIST::FUNCTION:EC GENERAL_SUBTREE_new 3445 EXIST::FUNCTION: -STORE_list_crl_endp 3446 EXIST::FUNCTION: +STORE_list_crl_endp 3446 NOEXIST::FUNCTION: EC_get_builtin_curves 3447 EXIST::FUNCTION:EC X509_policy_node_get0_qualifiers 3448 EXIST:!VMS:FUNCTION: X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION: -STORE_list_crl_end 3449 EXIST::FUNCTION: +STORE_list_crl_end 3449 NOEXIST::FUNCTION: EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION: i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC @@ -3026,60 +3026,60 @@ ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API pqueue_find 3454 EXIST::FUNCTION: ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC -STORE_method_set_ctrl_function 3457 EXIST::FUNCTION: -STORE_list_public_key_end 3458 EXIST::FUNCTION: +STORE_method_set_ctrl_function 3457 NOEXIST::FUNCTION: +STORE_list_public_key_end 3458 NOEXIST::FUNCTION: EC_KEY_set_private_key 3459 EXIST::FUNCTION:EC pqueue_peek 3460 EXIST::FUNCTION: -STORE_get_arbitrary 3461 EXIST::FUNCTION: -STORE_store_crl 3462 EXIST::FUNCTION: +STORE_get_arbitrary 3461 NOEXIST::FUNCTION: +STORE_store_crl 3462 NOEXIST::FUNCTION: X509_policy_node_get0_policy 3463 EXIST::FUNCTION: PKCS12_add_safes 3464 EXIST::FUNCTION: BN_BLINDING_convert_ex 3465 EXIST::FUNCTION: X509_policy_tree_free 3466 EXIST::FUNCTION: OPENSSL_ia32cap_loc 3467 EXIST::FUNCTION: BN_GF2m_poly2arr 3468 EXIST::FUNCTION: -STORE_ctrl 3469 EXIST::FUNCTION: -STORE_ATTR_INFO_compare 3470 EXIST::FUNCTION: +STORE_ctrl 3469 NOEXIST::FUNCTION: +STORE_ATTR_INFO_compare 3470 NOEXIST::FUNCTION: BN_get0_nist_prime_224 3471 EXIST::FUNCTION: i2d_ECParameters 3472 EXIST::FUNCTION:EC i2d_ECPKParameters 3473 EXIST::FUNCTION:EC BN_GENCB_call 3474 EXIST::FUNCTION: d2i_ECPKParameters 3475 EXIST::FUNCTION:EC -STORE_method_set_generate_function 3476 EXIST:!VMS:FUNCTION: -STORE_meth_set_generate_fn 3476 EXIST:VMS:FUNCTION: +STORE_meth_set_generate_fn 3476 NOEXIST::FUNCTION: +STORE_method_set_generate_function 3476 NOEXIST::FUNCTION: ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION: SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256 EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC -STORE_ATTR_INFO_set_cstr 3482 EXIST::FUNCTION: -STORE_list_crl_next 3483 EXIST::FUNCTION: -STORE_ATTR_INFO_in_range 3484 EXIST::FUNCTION: +STORE_ATTR_INFO_set_cstr 3482 NOEXIST::FUNCTION: +STORE_list_crl_next 3483 NOEXIST::FUNCTION: +STORE_ATTR_INFO_in_range 3484 NOEXIST::FUNCTION: ECParameters_print 3485 EXIST::FUNCTION:BIO,EC -STORE_method_set_delete_function 3486 EXIST:!VMS:FUNCTION: -STORE_meth_set_delete_fn 3486 EXIST:VMS:FUNCTION: -STORE_list_certificate_next 3487 EXIST::FUNCTION: +STORE_meth_set_delete_fn 3486 NOEXIST::FUNCTION: +STORE_method_set_delete_function 3486 NOEXIST::FUNCTION: +STORE_list_certificate_next 3487 NOEXIST::FUNCTION: ASN1_generate_nconf 3488 EXIST::FUNCTION: BUF_memdup 3489 EXIST::FUNCTION: BN_GF2m_mod_mul 3490 EXIST::FUNCTION: -STORE_method_get_list_next_function 3491 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_next_fn 3491 EXIST:VMS:FUNCTION: -STORE_ATTR_INFO_get0_dn 3492 EXIST::FUNCTION: -STORE_list_private_key_next 3493 EXIST::FUNCTION: +STORE_meth_get_list_next_fn 3491 NOEXIST::FUNCTION: +STORE_method_get_list_next_function 3491 NOEXIST::FUNCTION: +STORE_ATTR_INFO_get0_dn 3492 NOEXIST::FUNCTION: +STORE_list_private_key_next 3493 NOEXIST::FUNCTION: EC_GROUP_set_seed 3494 EXIST::FUNCTION:EC X509_VERIFY_PARAM_set_trust 3495 EXIST::FUNCTION: -STORE_ATTR_INFO_free 3496 EXIST::FUNCTION: -STORE_get_private_key 3497 EXIST::FUNCTION: +STORE_ATTR_INFO_free 3496 NOEXIST::FUNCTION: +STORE_get_private_key 3497 NOEXIST::FUNCTION: EVP_PKEY_get_attr_count 3498 EXIST::FUNCTION: -STORE_ATTR_INFO_new 3499 EXIST::FUNCTION: +STORE_ATTR_INFO_new 3499 NOEXIST::FUNCTION: EC_GROUP_get_curve_GF2m 3500 EXIST::FUNCTION:EC -STORE_method_set_revoke_function 3501 EXIST:!VMS:FUNCTION: -STORE_meth_set_revoke_fn 3501 EXIST:VMS:FUNCTION: -STORE_store_number 3502 EXIST::FUNCTION: +STORE_meth_set_revoke_fn 3501 NOEXIST::FUNCTION: +STORE_method_set_revoke_function 3501 NOEXIST::FUNCTION: +STORE_store_number 3502 NOEXIST::FUNCTION: BN_is_prime_ex 3503 EXIST::FUNCTION: -STORE_revoke_public_key 3504 EXIST::FUNCTION: +STORE_revoke_public_key 3504 NOEXIST::FUNCTION: X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION: -STORE_delete_arbitrary 3506 EXIST::FUNCTION: +STORE_delete_arbitrary 3506 NOEXIST::FUNCTION: PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION: X509_STORE_set_depth 3508 EXIST::FUNCTION: ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA @@ -3087,40 +3087,40 @@ SHA224 3510 EXIST::FUNCTION:SHA,SHA256 BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API EC_KEY_set_group 3512 EXIST::FUNCTION:EC BUF_strndup 3513 EXIST::FUNCTION: -STORE_list_certificate_start 3514 EXIST::FUNCTION: +STORE_list_certificate_start 3514 NOEXIST::FUNCTION: BN_GF2m_mod 3515 EXIST::FUNCTION: X509_REQ_check_private_key 3516 EXIST::FUNCTION: EC_GROUP_get_seed_len 3517 EXIST::FUNCTION:EC -ERR_load_STORE_strings 3518 EXIST::FUNCTION: +ERR_load_STORE_strings 3518 NOEXIST::FUNCTION: PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC -STORE_list_private_key_end 3520 EXIST::FUNCTION: +STORE_list_private_key_end 3520 NOEXIST::FUNCTION: i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA ASN1_put_eoc 3523 EXIST::FUNCTION: X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION: X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION: X509_VERIFY_PARAM_table_cleanup 3525 EXIST::FUNCTION: -STORE_modify_private_key 3526 EXIST::FUNCTION: +STORE_modify_private_key 3526 NOEXIST::FUNCTION: X509_VERIFY_PARAM_free 3527 EXIST::FUNCTION: EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC EC_GFp_nist_method 3529 EXIST::FUNCTION:EC -STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION: -STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION: -STORE_parse_attrs_next 3531 EXIST::FUNCTION: -ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE +STORE_meth_set_modify_fn 3530 NOEXIST::FUNCTION: +STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: +STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: +ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_method_get_revoke_function 3535 EXIST:!VMS:FUNCTION: -STORE_meth_get_revoke_fn 3535 EXIST:VMS:FUNCTION: -STORE_method_set_get_function 3536 EXIST::FUNCTION: -STORE_modify_number 3537 EXIST::FUNCTION: -STORE_method_get_store_function 3538 EXIST::FUNCTION: -STORE_store_private_key 3539 EXIST::FUNCTION: +STORE_meth_get_revoke_fn 3535 NOEXIST::FUNCTION: +STORE_method_get_revoke_function 3535 NOEXIST::FUNCTION: +STORE_method_set_get_function 3536 NOEXIST::FUNCTION: +STORE_modify_number 3537 NOEXIST::FUNCTION: +STORE_method_get_store_function 3538 NOEXIST::FUNCTION: +STORE_store_private_key 3539 NOEXIST::FUNCTION: BN_GF2m_mod_sqr_arr 3540 EXIST::FUNCTION: RSA_setup_blinding 3541 EXIST::FUNCTION:RSA BIO_s_datagram 3542 EXIST::FUNCTION:DGRAM -STORE_Memory 3543 EXIST::FUNCTION: +STORE_Memory 3543 NOEXIST::FUNCTION: sk_find_ex 3544 EXIST::FUNCTION: EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE @@ -3128,69 +3128,69 @@ POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION: BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION: ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH EC_KEY_generate_key 3550 EXIST::FUNCTION:EC -SHA384_Update 3551 EXIST::FUNCTION:SHA,SHA512 +SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 BN_GF2m_arr2poly 3552 EXIST::FUNCTION: -STORE_method_get_get_function 3553 EXIST::FUNCTION: -STORE_method_set_cleanup_function 3554 EXIST:!VMS:FUNCTION: -STORE_meth_set_cleanup_fn 3554 EXIST:VMS:FUNCTION: +STORE_method_get_get_function 3553 NOEXIST::FUNCTION: +STORE_meth_set_cleanup_fn 3554 NOEXIST::FUNCTION: +STORE_method_set_cleanup_function 3554 NOEXIST::FUNCTION: EC_GROUP_check 3555 EXIST::FUNCTION:EC d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC -STORE_method_get_lock_store_function 3558 EXIST:!VMS:FUNCTION: -STORE_meth_get_lock_store_fn 3558 EXIST:VMS:FUNCTION: +STORE_meth_get_lock_store_fn 3558 NOEXIST::FUNCTION: +STORE_method_get_lock_store_function 3558 NOEXIST::FUNCTION: X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION: SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256 -STORE_method_set_update_store_function 3561 EXIST:!VMS:FUNCTION: -STORE_meth_set_update_store_fn 3561 EXIST:VMS:FUNCTION: +STORE_meth_set_update_store_fn 3561 NOEXIST::FUNCTION: +STORE_method_set_update_store_function 3561 NOEXIST::FUNCTION: SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256 d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC ASN1_item_ndef_i2d 3564 EXIST::FUNCTION: -STORE_delete_private_key 3565 EXIST::FUNCTION: +STORE_delete_private_key 3565 NOEXIST::FUNCTION: ERR_pop_to_mark 3566 EXIST::FUNCTION: ENGINE_register_all_STORE 3567 EXIST::FUNCTION:ENGINE X509_policy_level_get0_node 3568 EXIST::FUNCTION: i2d_PKCS7_NDEF 3569 EXIST::FUNCTION: EC_GROUP_get_degree 3570 EXIST::FUNCTION:EC ASN1_generate_v3 3571 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_cstr 3572 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_cstr 3572 NOEXIST::FUNCTION: X509_policy_tree_level_count 3573 EXIST::FUNCTION: BN_GF2m_add 3574 EXIST::FUNCTION: EC_KEY_get0_group 3575 EXIST::FUNCTION:EC -STORE_generate_crl 3576 EXIST::FUNCTION: -STORE_store_public_key 3577 EXIST::FUNCTION: +STORE_generate_crl 3576 NOEXIST::FUNCTION: +STORE_store_public_key 3577 NOEXIST::FUNCTION: X509_CERT_PAIR_free 3578 EXIST::FUNCTION: -STORE_revoke_private_key 3579 EXIST::FUNCTION: +STORE_revoke_private_key 3579 NOEXIST::FUNCTION: BN_nist_mod_224 3580 EXIST::FUNCTION: -SHA512_Final 3581 EXIST::FUNCTION:SHA,SHA512 -STORE_ATTR_INFO_modify_dn 3582 EXIST::FUNCTION: -STORE_method_get_initialise_function 3583 EXIST:!VMS:FUNCTION: -STORE_meth_get_initialise_fn 3583 EXIST:VMS:FUNCTION: -STORE_delete_number 3584 EXIST::FUNCTION: +SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +STORE_ATTR_INFO_modify_dn 3582 NOEXIST::FUNCTION: +STORE_meth_get_initialise_fn 3583 NOEXIST::FUNCTION: +STORE_method_get_initialise_function 3583 NOEXIST::FUNCTION: +STORE_delete_number 3584 NOEXIST::FUNCTION: i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION: EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC -STORE_ATTR_INFO_in_ex 3588 EXIST::FUNCTION: -STORE_list_crl_start 3589 EXIST::FUNCTION: +STORE_ATTR_INFO_in_ex 3588 NOEXIST::FUNCTION: +STORE_list_crl_start 3589 NOEXIST::FUNCTION: ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH -STORE_method_get_modify_function 3591 EXIST:!VMS:FUNCTION: -STORE_meth_get_modify_fn 3591 EXIST:VMS:FUNCTION: +STORE_meth_get_modify_fn 3591 NOEXIST::FUNCTION: +STORE_method_get_modify_function 3591 NOEXIST::FUNCTION: v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION: -STORE_store_certificate 3593 EXIST::FUNCTION: -OBJ_bsearch_ex 3594 EXIST::FUNCTION: +STORE_store_certificate 3593 NOEXIST::FUNCTION: +OBJ_bsearch_ex 3594 NOEXIST::FUNCTION: X509_STORE_CTX_set_default 3595 EXIST::FUNCTION: -STORE_ATTR_INFO_set_sha1str 3596 EXIST::FUNCTION: +STORE_ATTR_INFO_set_sha1str 3596 NOEXIST::FUNCTION: BN_GF2m_mod_inv 3597 EXIST::FUNCTION: BN_GF2m_mod_exp 3598 EXIST::FUNCTION: -STORE_modify_public_key 3599 EXIST::FUNCTION: -STORE_method_get_list_start_function 3600 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_start_fn 3600 EXIST:VMS:FUNCTION: +STORE_modify_public_key 3599 NOEXIST::FUNCTION: +STORE_meth_get_list_start_fn 3600 NOEXIST::FUNCTION: +STORE_method_get_list_start_function 3600 NOEXIST::FUNCTION: EC_GROUP_get0_seed 3601 EXIST::FUNCTION:EC -STORE_store_arbitrary 3602 EXIST::FUNCTION: -STORE_method_set_unlock_store_function 3603 EXIST:!VMS:FUNCTION: -STORE_meth_set_unlock_store_fn 3603 EXIST:VMS:FUNCTION: +STORE_store_arbitrary 3602 NOEXIST::FUNCTION: +STORE_meth_set_unlock_store_fn 3603 NOEXIST::FUNCTION: +STORE_method_set_unlock_store_function 3603 NOEXIST::FUNCTION: BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION: ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE -STORE_create_method 3606 EXIST::FUNCTION: +STORE_create_method 3606 NOEXIST::FUNCTION: ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC @@ -3198,7 +3198,7 @@ X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION: ECDH_set_method 3611 EXIST::FUNCTION:ECDH v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION: ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH -STORE_generate_key 3614 EXIST::FUNCTION: +STORE_generate_key 3614 NOEXIST::FUNCTION: BN_nist_mod_521 3615 EXIST::FUNCTION: X509_policy_tree_get0_level 3616 EXIST::FUNCTION: EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC @@ -3206,7 +3206,7 @@ EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA -STORE_delete_crl 3621 EXIST::FUNCTION: +STORE_delete_crl 3621 NOEXIST::FUNCTION: EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC ASN1_const_check_infinite_end 3623 EXIST::FUNCTION: EVP_PKEY_delete_attr 3624 EXIST::FUNCTION: @@ -3214,31 +3214,31 @@ ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC EC_GROUP_cmp 3627 EXIST::FUNCTION:EC -STORE_revoke_certificate 3628 EXIST::FUNCTION: +STORE_revoke_certificate 3628 NOEXIST::FUNCTION: BN_get0_nist_prime_256 3629 EXIST::FUNCTION: -STORE_method_get_delete_function 3630 EXIST:!VMS:FUNCTION: -STORE_meth_get_delete_fn 3630 EXIST:VMS:FUNCTION: +STORE_meth_get_delete_fn 3630 NOEXIST::FUNCTION: +STORE_method_get_delete_function 3630 NOEXIST::FUNCTION: SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256 PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC -SHA512_Init 3633 EXIST::FUNCTION:SHA,SHA512 -STORE_parse_attrs_endp 3634 EXIST::FUNCTION: +SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +STORE_parse_attrs_endp 3634 NOEXIST::FUNCTION: BN_set_negative 3635 EXIST::FUNCTION: ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC -STORE_list_public_key_next 3638 EXIST::FUNCTION: +STORE_list_public_key_next 3638 NOEXIST::FUNCTION: i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION: -STORE_OBJECT_free 3640 EXIST::FUNCTION: +STORE_OBJECT_free 3640 NOEXIST::FUNCTION: BN_nist_mod_384 3641 EXIST::FUNCTION: i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION: PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC ECDH_compute_key 3644 EXIST::FUNCTION:ECDH -STORE_ATTR_INFO_get0_sha1str 3645 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_sha1str 3645 NOEXIST::FUNCTION: ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE pqueue_pop 3647 EXIST::FUNCTION: -STORE_ATTR_INFO_get0_cstr 3648 EXIST::FUNCTION: +STORE_ATTR_INFO_get0_cstr 3648 NOEXIST::FUNCTION: POLICY_CONSTRAINTS_it 3649 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_CONSTRAINTS_it 3649 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -STORE_get_ex_new_index 3650 EXIST::FUNCTION: +STORE_get_ex_new_index 3650 NOEXIST::FUNCTION: EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION: X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION: BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION: @@ -3259,20 +3259,20 @@ EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC ECDSA_verify 3666 EXIST::FUNCTION:ECDSA EC_POINT_point2hex 3667 EXIST::FUNCTION:EC ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE -SHA512 3669 EXIST::FUNCTION:SHA,SHA512 -STORE_get_certificate 3670 EXIST::FUNCTION: +SHA512 3669 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 +STORE_get_certificate 3670 NOEXIST::FUNCTION: ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API -STORE_delete_certificate 3674 EXIST::FUNCTION: -SHA512_Transform 3675 EXIST::FUNCTION:SHA,SHA512 +STORE_delete_certificate 3674 NOEXIST::FUNCTION: +SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 X509_STORE_set1_param 3676 EXIST::FUNCTION: -STORE_method_get_ctrl_function 3677 EXIST::FUNCTION: -STORE_free 3678 EXIST::FUNCTION: +STORE_method_get_ctrl_function 3677 NOEXIST::FUNCTION: +STORE_free 3678 NOEXIST::FUNCTION: PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC -STORE_method_get_unlock_store_function 3680 EXIST:!VMS:FUNCTION: -STORE_meth_get_unlock_store_fn 3680 EXIST:VMS:FUNCTION: -STORE_get_ex_data 3681 EXIST::FUNCTION: +STORE_meth_get_unlock_store_fn 3680 NOEXIST::FUNCTION: +STORE_method_get_unlock_store_function 3680 NOEXIST::FUNCTION: +STORE_get_ex_data 3681 NOEXIST::FUNCTION: EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC X509_CERT_PAIR_new 3684 EXIST::FUNCTION: @@ -3282,8 +3282,8 @@ DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API X509V3_NAME_from_section 3689 EXIST::FUNCTION: EVP_PKEY_add1_attr 3690 EXIST::FUNCTION: -STORE_modify_crl 3691 EXIST::FUNCTION: -STORE_list_private_key_start 3692 EXIST::FUNCTION: +STORE_modify_crl 3691 NOEXIST::FUNCTION: +STORE_list_private_key_start 3692 NOEXIST::FUNCTION: POLICY_MAPPINGS_it 3693 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -3292,7 +3292,7 @@ EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION: BIO_dump_indent_cb 3697 EXIST::FUNCTION: d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION: -STORE_list_private_key_endp 3699 EXIST::FUNCTION: +STORE_list_private_key_endp 3699 NOEXIST::FUNCTION: asn1_const_Finish 3700 EXIST::FUNCTION: i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API BN_nist_mod_256 3702 EXIST::FUNCTION: @@ -3302,47 +3302,47 @@ BN_BLINDING_create_param 3705 EXIST::FUNCTION: ECDSA_size 3706 EXIST::FUNCTION:ECDSA d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC BN_get0_nist_prime_521 3708 EXIST::FUNCTION: -STORE_ATTR_INFO_modify_sha1str 3709 EXIST::FUNCTION: +STORE_ATTR_INFO_modify_sha1str 3709 NOEXIST::FUNCTION: BN_generate_prime_ex 3710 EXIST::FUNCTION: EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256 DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC -STORE_method_get_cleanup_function 3715 EXIST:!VMS:FUNCTION: -STORE_meth_get_cleanup_fn 3715 EXIST:VMS:FUNCTION: +STORE_meth_get_cleanup_fn 3715 NOEXIST::FUNCTION: +STORE_method_get_cleanup_function 3715 NOEXIST::FUNCTION: ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION: ECDSA_sign 3719 EXIST::FUNCTION:ECDSA X509_policy_check 3720 EXIST::FUNCTION: EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION: -STORE_set_ex_data 3722 EXIST::FUNCTION: +STORE_set_ex_data 3722 NOEXIST::FUNCTION: ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE EVP_ecdsa 3724 EXIST::FUNCTION:SHA BN_BLINDING_get_flags 3725 EXIST::FUNCTION: PKCS12_add_cert 3726 EXIST::FUNCTION: -STORE_OBJECT_new 3727 EXIST::FUNCTION: +STORE_OBJECT_new 3727 NOEXIST::FUNCTION: ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH EC_KEY_dup 3729 EXIST::FUNCTION:EC EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION: ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA a2i_IPADDRESS_NC 3732 EXIST::FUNCTION: d2i_ECParameters 3733 EXIST::FUNCTION:EC -STORE_list_certificate_end 3734 EXIST::FUNCTION: -STORE_get_crl 3735 EXIST::FUNCTION: +STORE_list_certificate_end 3734 NOEXIST::FUNCTION: +STORE_get_crl 3735 NOEXIST::FUNCTION: X509_POLICY_NODE_print 3736 EXIST::FUNCTION: -SHA384_Init 3737 EXIST::FUNCTION:SHA,SHA512 +SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA -SHA384_Final 3740 EXIST::FUNCTION:SHA,SHA512 +SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 PKCS7_set_digest 3741 EXIST::FUNCTION: EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC -STORE_method_set_lock_store_function 3743 EXIST:!VMS:FUNCTION: -STORE_meth_set_lock_store_fn 3743 EXIST:VMS:FUNCTION: +STORE_meth_set_lock_store_fn 3743 NOEXIST::FUNCTION: +STORE_method_set_lock_store_function 3743 NOEXIST::FUNCTION: ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA -SHA384 3745 EXIST::FUNCTION:SHA,SHA512 +SHA384 3745 EXIST:!VMSVAX:FUNCTION:SHA,SHA512 POLICY_MAPPING_new 3746 EXIST::FUNCTION: -STORE_list_certificate_endp 3747 EXIST::FUNCTION: +STORE_list_certificate_endp 3747 NOEXIST::FUNCTION: X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION: EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC EC_KEY_check_key 3750 EXIST::FUNCTION:EC @@ -3350,13 +3350,13 @@ d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API PKCS7_set0_type_other 3752 EXIST::FUNCTION: PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION: pqueue_next 3754 EXIST::FUNCTION: -STORE_method_get_list_end_function 3755 EXIST:!VMS:FUNCTION: -STORE_meth_get_list_end_fn 3755 EXIST:VMS:FUNCTION: +STORE_meth_get_list_end_fn 3755 NOEXIST::FUNCTION: +STORE_method_get_list_end_function 3755 NOEXIST::FUNCTION: EVP_PKEY_add1_attr_by_OBJ 3756 EXIST::FUNCTION: X509_VERIFY_PARAM_set_time 3757 EXIST::FUNCTION: pqueue_new 3758 EXIST::FUNCTION: ENGINE_set_default_ECDH 3759 EXIST::FUNCTION:ENGINE -STORE_new_method 3760 EXIST::FUNCTION: +STORE_new_method 3760 NOEXIST::FUNCTION: PKCS12_add_key 3761 EXIST::FUNCTION: DSO_merge 3762 EXIST::FUNCTION: EC_POINT_hex2point 3763 EXIST::FUNCTION:EC @@ -3366,7 +3366,7 @@ pqueue_insert 3766 EXIST::FUNCTION: pitem_free 3767 EXIST::FUNCTION: BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION: ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE -BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION: +BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:DEPRECATED get_rfc3526_prime_8192 3771 EXIST::FUNCTION: X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION: get_rfc2409_prime_1024 3773 EXIST::FUNCTION: @@ -3385,7 +3385,7 @@ Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA -Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA +Camellia_cfbr_encrypt_block 3789 NOEXIST::FUNCTION: Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA @@ -3585,7 +3585,7 @@ CMS_data_create 3975 EXIST::FUNCTION:CMS i2d_CMS_bio 3976 EXIST::FUNCTION:CMS CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS CMS_decrypt 3978 EXIST::FUNCTION:CMS -int_smime_write_ASN1 3979 EXIST::FUNCTION: +int_smime_write_ASN1 3979 NOEXIST::FUNCTION: CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS CMS_add_smimecap 3982 EXIST::FUNCTION:CMS @@ -3657,53 +3657,52 @@ ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE -ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE +ENGINE_load_capi 4047 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OPENSSL_isservice 4048 EXIST::FUNCTION: -FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA +FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: -FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: -CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: -RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA -int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: -int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION: -int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION: -FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_status 4051 NOEXIST::FUNCTION: +FIPS_rand_set_key 4052 NOEXIST::FUNCTION: +CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: +int_ERR_set_state_func 4055 NOEXIST::FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: +int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: +FIPS_rng_stick 4058 NOEXIST::FUNCTION: EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: -BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: -FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: -CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION: -FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA -RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA -FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA -FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: -fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: +BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: +FIPS_selftest_check 4061 NOEXIST::FUNCTION: +FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: +CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: +FIPS_dsa_free 4064 NOEXIST::FUNCTION: +RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: +FIPS_rsa_new 4066 NOEXIST::FUNCTION: +FIPS_rand_bytes 4067 NOEXIST::FUNCTION: +fips_cipher_test 4068 NOEXIST::FUNCTION: EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: -CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION: -CRYPTO_dbg_push_info 4071 EXIST::FUNCTION: -FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH -FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH -fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: -EVP_add_alg_module 4077 EXIST::FUNCTION: -int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: -FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA -int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: -int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION: -int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE -FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA -FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA -CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: -OPENSSL_init 4091 EXIST::FUNCTION: -private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA +CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: +FIPS_dh_new 4073 NOEXIST::FUNCTION: +FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: +FIPS_dh_free 4075 NOEXIST::FUNCTION: +fips_pkey_signature_test 4076 NOEXIST::FUNCTION: +EVP_add_alg_module 4077 NOEXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: +int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: +int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: +FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: +FIPS_rand_reset 4082 NOEXIST::FUNCTION: +FIPS_dsa_new 4083 NOEXIST::FUNCTION: +int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: +BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: +int_ERR_lib_init 4086 NOEXIST::FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: +FIPS_rsa_free 4088 NOEXIST::FUNCTION: +FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: +CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: +OPENSSL_init 4091 NOEXIST::FUNCTION: +private_Camellia_set_key 4092 NOEXIST::FUNCTION: CRYPTO_strdup 4093 EXIST::FUNCTION: JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE @@ -3725,3 +3724,457 @@ JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE +pqueue_size 4114 EXIST::FUNCTION: +i2d_TS_ACCURACY 4115 EXIST::FUNCTION: +i2d_TS_MSG_IMPRINT_fp 4116 EXIST::FUNCTION: +i2d_TS_MSG_IMPRINT 4117 EXIST::FUNCTION: +EVP_PKEY_print_public 4118 EXIST::FUNCTION: +EVP_PKEY_CTX_new 4119 EXIST::FUNCTION: +i2d_TS_TST_INFO 4120 EXIST::FUNCTION: +EVP_PKEY_asn1_find 4121 EXIST::FUNCTION: +DSO_METHOD_beos 4122 EXIST::FUNCTION: +TS_CONF_load_cert 4123 EXIST::FUNCTION: +TS_REQ_get_ext 4124 EXIST::FUNCTION: +EVP_PKEY_sign_init 4125 EXIST::FUNCTION: +ASN1_item_print 4126 EXIST::FUNCTION: +TS_TST_INFO_set_nonce 4127 EXIST::FUNCTION: +TS_RESP_dup 4128 EXIST::FUNCTION: +ENGINE_register_pkey_meths 4129 EXIST::FUNCTION:ENGINE +EVP_PKEY_asn1_add0 4130 EXIST::FUNCTION: +PKCS7_add0_attrib_signing_time 4131 EXIST::FUNCTION: +i2d_TS_TST_INFO_fp 4132 EXIST::FUNCTION: +BIO_asn1_get_prefix 4133 EXIST::FUNCTION: +TS_TST_INFO_set_time 4134 EXIST::FUNCTION: +EVP_PKEY_meth_set_decrypt 4135 EXIST::FUNCTION: +EVP_PKEY_set_type_str 4136 EXIST::FUNCTION: +EVP_PKEY_CTX_get_keygen_info 4137 EXIST::FUNCTION: +TS_REQ_set_policy_id 4138 EXIST::FUNCTION: +d2i_TS_RESP_fp 4139 EXIST::FUNCTION: +ENGINE_get_pkey_asn1_meth_engine 4140 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_pkey_asn1_meth_eng 4140 EXIST:VMS:FUNCTION:ENGINE +WHIRLPOOL_Init 4141 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +TS_RESP_set_status_info 4142 EXIST::FUNCTION: +EVP_PKEY_keygen 4143 EXIST::FUNCTION: +EVP_DigestSignInit 4144 EXIST::FUNCTION: +TS_ACCURACY_set_millis 4145 EXIST::FUNCTION: +TS_REQ_dup 4146 EXIST::FUNCTION: +GENERAL_NAME_dup 4147 EXIST::FUNCTION: +ASN1_SEQUENCE_ANY_it 4148 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_SEQUENCE_ANY_it 4148 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +WHIRLPOOL 4149 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +X509_STORE_get1_crls 4150 EXIST::FUNCTION: +ENGINE_get_pkey_asn1_meth 4151 EXIST::FUNCTION:ENGINE +EVP_PKEY_asn1_new 4152 EXIST::FUNCTION: +BIO_new_NDEF 4153 EXIST::FUNCTION: +ENGINE_get_pkey_meth 4154 EXIST::FUNCTION:ENGINE +TS_MSG_IMPRINT_set_algo 4155 EXIST::FUNCTION: +i2d_TS_TST_INFO_bio 4156 EXIST::FUNCTION: +TS_TST_INFO_set_ordering 4157 EXIST::FUNCTION: +TS_TST_INFO_get_ext_by_OBJ 4158 EXIST::FUNCTION: +CRYPTO_THREADID_set_pointer 4159 EXIST::FUNCTION: +TS_CONF_get_tsa_section 4160 EXIST::FUNCTION: +SMIME_write_ASN1 4161 EXIST::FUNCTION: +TS_RESP_CTX_set_signer_key 4162 EXIST::FUNCTION: +EVP_PKEY_encrypt_old 4163 EXIST::FUNCTION: +EVP_PKEY_encrypt_init 4164 EXIST::FUNCTION: +CRYPTO_THREADID_cpy 4165 EXIST::FUNCTION: +ASN1_PCTX_get_cert_flags 4166 EXIST::FUNCTION: +i2d_ESS_SIGNING_CERT 4167 EXIST::FUNCTION: +TS_CONF_load_key 4168 EXIST::FUNCTION: +i2d_ASN1_SEQUENCE_ANY 4169 EXIST::FUNCTION: +d2i_TS_MSG_IMPRINT_bio 4170 EXIST::FUNCTION: +EVP_PKEY_asn1_set_public 4171 EXIST::FUNCTION: +b2i_PublicKey_bio 4172 EXIST::FUNCTION: +BIO_asn1_set_prefix 4173 EXIST::FUNCTION: +EVP_PKEY_new_mac_key 4174 EXIST::FUNCTION: +BIO_new_CMS 4175 EXIST::FUNCTION:CMS +CRYPTO_THREADID_cmp 4176 EXIST::FUNCTION: +TS_REQ_ext_free 4177 EXIST::FUNCTION: +EVP_PKEY_asn1_set_free 4178 EXIST::FUNCTION: +EVP_PKEY_get0_asn1 4179 EXIST::FUNCTION: +d2i_NETSCAPE_X509 4180 EXIST::FUNCTION: +EVP_PKEY_verify_recover_init 4181 EXIST::FUNCTION: +EVP_PKEY_CTX_set_data 4182 EXIST::FUNCTION: +EVP_PKEY_keygen_init 4183 EXIST::FUNCTION: +TS_RESP_CTX_set_status_info 4184 EXIST::FUNCTION: +TS_MSG_IMPRINT_get_algo 4185 EXIST::FUNCTION: +TS_REQ_print_bio 4186 EXIST::FUNCTION: +EVP_PKEY_CTX_ctrl_str 4187 EXIST::FUNCTION: +EVP_PKEY_get_default_digest_nid 4188 EXIST::FUNCTION: +PEM_write_bio_PKCS7_stream 4189 EXIST::FUNCTION: +TS_MSG_IMPRINT_print_bio 4190 EXIST::FUNCTION: +BN_asc2bn 4191 EXIST::FUNCTION: +TS_REQ_get_policy_id 4192 EXIST::FUNCTION: +ENGINE_set_default_pkey_asn1_meths 4193 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_def_pkey_asn1_meths 4193 EXIST:VMS:FUNCTION:ENGINE +d2i_TS_ACCURACY 4194 EXIST::FUNCTION: +DSO_global_lookup 4195 EXIST::FUNCTION: +TS_CONF_set_tsa_name 4196 EXIST::FUNCTION: +i2d_ASN1_SET_ANY 4197 EXIST::FUNCTION: +ENGINE_load_gost 4198 EXIST::FUNCTION:ENGINE,GOST,STATIC_ENGINE +WHIRLPOOL_BitUpdate 4199 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +ASN1_PCTX_get_flags 4200 EXIST::FUNCTION: +TS_TST_INFO_get_ext_by_NID 4201 EXIST::FUNCTION: +TS_RESP_new 4202 EXIST::FUNCTION: +ESS_CERT_ID_dup 4203 EXIST::FUNCTION: +TS_STATUS_INFO_dup 4204 EXIST::FUNCTION: +TS_REQ_delete_ext 4205 EXIST::FUNCTION: +EVP_DigestVerifyFinal 4206 EXIST::FUNCTION: +EVP_PKEY_print_params 4207 EXIST::FUNCTION: +i2d_CMS_bio_stream 4208 EXIST::FUNCTION:CMS +TS_REQ_get_msg_imprint 4209 EXIST::FUNCTION: +OBJ_find_sigid_by_algs 4210 EXIST::FUNCTION: +TS_TST_INFO_get_serial 4211 EXIST::FUNCTION: +TS_REQ_get_nonce 4212 EXIST::FUNCTION: +X509_PUBKEY_set0_param 4213 EXIST::FUNCTION: +EVP_PKEY_CTX_set0_keygen_info 4214 EXIST::FUNCTION: +DIST_POINT_set_dpname 4215 EXIST::FUNCTION: +i2d_ISSUING_DIST_POINT 4216 EXIST::FUNCTION: +ASN1_SET_ANY_it 4217 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ASN1_SET_ANY_it 4217 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +EVP_PKEY_CTX_get_data 4218 EXIST::FUNCTION: +TS_STATUS_INFO_print_bio 4219 EXIST::FUNCTION: +EVP_PKEY_derive_init 4220 EXIST::FUNCTION: +d2i_TS_TST_INFO 4221 EXIST::FUNCTION: +EVP_PKEY_asn1_add_alias 4222 EXIST::FUNCTION: +d2i_TS_RESP_bio 4223 EXIST::FUNCTION: +OTHERNAME_cmp 4224 EXIST::FUNCTION: +GENERAL_NAME_set0_value 4225 EXIST::FUNCTION: +PKCS7_RECIP_INFO_get0_alg 4226 EXIST::FUNCTION: +TS_RESP_CTX_new 4227 EXIST::FUNCTION: +TS_RESP_set_tst_info 4228 EXIST::FUNCTION: +PKCS7_final 4229 EXIST::FUNCTION: +EVP_PKEY_base_id 4230 EXIST::FUNCTION: +TS_RESP_CTX_set_signer_cert 4231 EXIST::FUNCTION: +TS_REQ_set_msg_imprint 4232 EXIST::FUNCTION: +EVP_PKEY_CTX_ctrl 4233 EXIST::FUNCTION: +TS_CONF_set_digests 4234 EXIST::FUNCTION: +d2i_TS_MSG_IMPRINT 4235 EXIST::FUNCTION: +EVP_PKEY_meth_set_ctrl 4236 EXIST::FUNCTION: +TS_REQ_get_ext_by_NID 4237 EXIST::FUNCTION: +PKCS5_pbe_set0_algor 4238 EXIST::FUNCTION: +BN_BLINDING_thread_id 4239 EXIST::FUNCTION: +TS_ACCURACY_new 4240 EXIST::FUNCTION: +X509_CRL_METHOD_free 4241 EXIST::FUNCTION: +ASN1_PCTX_get_nm_flags 4242 EXIST::FUNCTION: +EVP_PKEY_meth_set_sign 4243 EXIST::FUNCTION: +CRYPTO_THREADID_current 4244 EXIST::FUNCTION: +EVP_PKEY_decrypt_init 4245 EXIST::FUNCTION: +NETSCAPE_X509_free 4246 EXIST::FUNCTION: +i2b_PVK_bio 4247 EXIST::FUNCTION:RC4 +EVP_PKEY_print_private 4248 EXIST::FUNCTION: +GENERAL_NAME_get0_value 4249 EXIST::FUNCTION: +b2i_PVK_bio 4250 EXIST::FUNCTION:RC4 +ASN1_UTCTIME_adj 4251 EXIST::FUNCTION: +TS_TST_INFO_new 4252 EXIST::FUNCTION: +EVP_MD_do_all_sorted 4253 EXIST::FUNCTION: +TS_CONF_set_default_engine 4254 EXIST::FUNCTION: +TS_ACCURACY_set_seconds 4255 EXIST::FUNCTION: +TS_TST_INFO_get_time 4256 EXIST::FUNCTION: +PKCS8_pkey_get0 4257 EXIST::FUNCTION: +EVP_PKEY_asn1_get0 4258 EXIST::FUNCTION: +OBJ_add_sigid 4259 EXIST::FUNCTION: +PKCS7_SIGNER_INFO_sign 4260 EXIST::FUNCTION: +EVP_PKEY_paramgen_init 4261 EXIST::FUNCTION: +EVP_PKEY_sign 4262 EXIST::FUNCTION: +OBJ_sigid_free 4263 EXIST::FUNCTION: +EVP_PKEY_meth_set_init 4264 EXIST::FUNCTION: +d2i_ESS_ISSUER_SERIAL 4265 EXIST::FUNCTION: +ISSUING_DIST_POINT_new 4266 EXIST::FUNCTION: +ASN1_TIME_adj 4267 EXIST::FUNCTION: +TS_OBJ_print_bio 4268 EXIST::FUNCTION: +EVP_PKEY_meth_set_verify_recover 4269 EXIST:!VMS:FUNCTION: +EVP_PKEY_meth_set_vrfy_recover 4269 EXIST:VMS:FUNCTION: +TS_RESP_get_status_info 4270 EXIST::FUNCTION: +CMS_stream 4271 EXIST::FUNCTION:CMS +EVP_PKEY_CTX_set_cb 4272 EXIST::FUNCTION: +PKCS7_to_TS_TST_INFO 4273 EXIST::FUNCTION: +ASN1_PCTX_get_oid_flags 4274 EXIST::FUNCTION: +TS_TST_INFO_add_ext 4275 EXIST::FUNCTION: +EVP_PKEY_meth_set_derive 4276 EXIST::FUNCTION: +i2d_TS_RESP_fp 4277 EXIST::FUNCTION: +i2d_TS_MSG_IMPRINT_bio 4278 EXIST::FUNCTION: +TS_RESP_CTX_set_accuracy 4279 EXIST::FUNCTION: +TS_REQ_set_nonce 4280 EXIST::FUNCTION: +ESS_CERT_ID_new 4281 EXIST::FUNCTION: +ENGINE_pkey_asn1_find_str 4282 EXIST::FUNCTION:ENGINE +TS_REQ_get_ext_count 4283 EXIST::FUNCTION: +BUF_reverse 4284 EXIST::FUNCTION: +TS_TST_INFO_print_bio 4285 EXIST::FUNCTION: +d2i_ISSUING_DIST_POINT 4286 EXIST::FUNCTION: +ENGINE_get_pkey_meths 4287 EXIST::FUNCTION:ENGINE +i2b_PrivateKey_bio 4288 EXIST::FUNCTION: +i2d_TS_RESP 4289 EXIST::FUNCTION: +b2i_PublicKey 4290 EXIST::FUNCTION: +TS_VERIFY_CTX_cleanup 4291 EXIST::FUNCTION: +TS_STATUS_INFO_free 4292 EXIST::FUNCTION: +TS_RESP_verify_token 4293 EXIST::FUNCTION: +OBJ_bsearch_ex_ 4294 EXIST::FUNCTION: +ASN1_bn_print 4295 EXIST::FUNCTION:BIO +EVP_PKEY_asn1_get_count 4296 EXIST::FUNCTION: +ENGINE_register_pkey_asn1_meths 4297 EXIST::FUNCTION:ENGINE +ASN1_PCTX_set_nm_flags 4298 EXIST::FUNCTION: +EVP_DigestVerifyInit 4299 EXIST::FUNCTION: +ENGINE_set_default_pkey_meths 4300 EXIST::FUNCTION:ENGINE +TS_TST_INFO_get_policy_id 4301 EXIST::FUNCTION: +TS_REQ_get_cert_req 4302 EXIST::FUNCTION: +X509_CRL_set_meth_data 4303 EXIST::FUNCTION: +PKCS8_pkey_set0 4304 EXIST::FUNCTION: +ASN1_STRING_copy 4305 EXIST::FUNCTION: +d2i_TS_TST_INFO_fp 4306 EXIST::FUNCTION: +X509_CRL_match 4307 EXIST::FUNCTION: +EVP_PKEY_asn1_set_private 4308 EXIST::FUNCTION: +TS_TST_INFO_get_ext_d2i 4309 EXIST::FUNCTION: +TS_RESP_CTX_add_policy 4310 EXIST::FUNCTION: +d2i_TS_RESP 4311 EXIST::FUNCTION: +TS_CONF_load_certs 4312 EXIST::FUNCTION: +TS_TST_INFO_get_msg_imprint 4313 EXIST::FUNCTION: +ERR_load_TS_strings 4314 EXIST::FUNCTION: +TS_TST_INFO_get_version 4315 EXIST::FUNCTION: +EVP_PKEY_CTX_dup 4316 EXIST::FUNCTION: +EVP_PKEY_meth_set_verify 4317 EXIST::FUNCTION: +i2b_PublicKey_bio 4318 EXIST::FUNCTION: +TS_CONF_set_certs 4319 EXIST::FUNCTION: +EVP_PKEY_asn1_get0_info 4320 EXIST::FUNCTION: +TS_VERIFY_CTX_free 4321 EXIST::FUNCTION: +TS_REQ_get_ext_by_critical 4322 EXIST::FUNCTION: +TS_RESP_CTX_set_serial_cb 4323 EXIST::FUNCTION: +X509_CRL_get_meth_data 4324 EXIST::FUNCTION: +TS_RESP_CTX_set_time_cb 4325 EXIST::FUNCTION: +TS_MSG_IMPRINT_get_msg 4326 EXIST::FUNCTION: +TS_TST_INFO_ext_free 4327 EXIST::FUNCTION: +TS_REQ_get_version 4328 EXIST::FUNCTION: +TS_REQ_add_ext 4329 EXIST::FUNCTION: +EVP_PKEY_CTX_set_app_data 4330 EXIST::FUNCTION: +OBJ_bsearch_ 4331 EXIST::FUNCTION: +EVP_PKEY_meth_set_verifyctx 4332 EXIST::FUNCTION: +i2d_PKCS7_bio_stream 4333 EXIST::FUNCTION: +CRYPTO_THREADID_set_numeric 4334 EXIST::FUNCTION: +PKCS7_sign_add_signer 4335 EXIST::FUNCTION: +d2i_TS_TST_INFO_bio 4336 EXIST::FUNCTION: +TS_TST_INFO_get_ordering 4337 EXIST::FUNCTION: +TS_RESP_print_bio 4338 EXIST::FUNCTION: +TS_TST_INFO_get_exts 4339 EXIST::FUNCTION: +HMAC_CTX_copy 4340 EXIST::FUNCTION:HMAC +PKCS5_pbe2_set_iv 4341 EXIST::FUNCTION: +ENGINE_get_pkey_asn1_meths 4342 EXIST::FUNCTION:ENGINE +b2i_PrivateKey 4343 EXIST::FUNCTION: +EVP_PKEY_CTX_get_app_data 4344 EXIST::FUNCTION: +TS_REQ_set_cert_req 4345 EXIST::FUNCTION: +CRYPTO_THREADID_set_callback 4346 EXIST::FUNCTION: +TS_CONF_set_serial 4347 EXIST::FUNCTION: +TS_TST_INFO_free 4348 EXIST::FUNCTION: +d2i_TS_REQ_fp 4349 EXIST::FUNCTION: +TS_RESP_verify_response 4350 EXIST::FUNCTION: +i2d_ESS_ISSUER_SERIAL 4351 EXIST::FUNCTION: +TS_ACCURACY_get_seconds 4352 EXIST::FUNCTION: +EVP_CIPHER_do_all 4353 EXIST::FUNCTION: +b2i_PrivateKey_bio 4354 EXIST::FUNCTION: +OCSP_CERTID_dup 4355 EXIST::FUNCTION: +X509_PUBKEY_get0_param 4356 EXIST::FUNCTION: +TS_MSG_IMPRINT_dup 4357 EXIST::FUNCTION: +PKCS7_print_ctx 4358 EXIST::FUNCTION: +i2d_TS_REQ_bio 4359 EXIST::FUNCTION: +EVP_whirlpool 4360 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +EVP_PKEY_asn1_set_param 4361 EXIST::FUNCTION: +EVP_PKEY_meth_set_encrypt 4362 EXIST::FUNCTION: +ASN1_PCTX_set_flags 4363 EXIST::FUNCTION: +i2d_ESS_CERT_ID 4364 EXIST::FUNCTION: +TS_VERIFY_CTX_new 4365 EXIST::FUNCTION: +TS_RESP_CTX_set_extension_cb 4366 EXIST::FUNCTION: +ENGINE_register_all_pkey_meths 4367 EXIST::FUNCTION:ENGINE +TS_RESP_CTX_set_status_info_cond 4368 EXIST:!VMS:FUNCTION: +TS_RESP_CTX_set_stat_info_cond 4368 EXIST:VMS:FUNCTION: +EVP_PKEY_verify 4369 EXIST::FUNCTION: +WHIRLPOOL_Final 4370 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +X509_CRL_METHOD_new 4371 EXIST::FUNCTION: +EVP_DigestSignFinal 4372 EXIST::FUNCTION: +TS_RESP_CTX_set_def_policy 4373 EXIST::FUNCTION: +NETSCAPE_X509_it 4374 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +NETSCAPE_X509_it 4374 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +TS_RESP_create_response 4375 EXIST::FUNCTION: +PKCS7_SIGNER_INFO_get0_algs 4376 EXIST::FUNCTION: +TS_TST_INFO_get_nonce 4377 EXIST::FUNCTION: +EVP_PKEY_decrypt_old 4378 EXIST::FUNCTION: +TS_TST_INFO_set_policy_id 4379 EXIST::FUNCTION: +TS_CONF_set_ess_cert_id_chain 4380 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_pkey 4381 EXIST::FUNCTION: +d2i_TS_REQ 4382 EXIST::FUNCTION: +EVP_PKEY_asn1_find_str 4383 EXIST::FUNCTION: +BIO_f_asn1 4384 EXIST::FUNCTION: +ESS_SIGNING_CERT_new 4385 EXIST::FUNCTION: +EVP_PBE_find 4386 EXIST::FUNCTION: +X509_CRL_get0_by_cert 4387 EXIST::FUNCTION: +EVP_PKEY_derive 4388 EXIST::FUNCTION: +i2d_TS_REQ 4389 EXIST::FUNCTION: +TS_TST_INFO_delete_ext 4390 EXIST::FUNCTION: +ESS_ISSUER_SERIAL_free 4391 EXIST::FUNCTION: +ASN1_PCTX_set_str_flags 4392 EXIST::FUNCTION: +ENGINE_get_pkey_asn1_meth_str 4393 EXIST::FUNCTION:ENGINE +TS_CONF_set_signer_key 4394 EXIST::FUNCTION: +TS_ACCURACY_get_millis 4395 EXIST::FUNCTION: +TS_RESP_get_token 4396 EXIST::FUNCTION: +TS_ACCURACY_dup 4397 EXIST::FUNCTION: +ENGINE_register_all_pkey_asn1_meths 4398 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_reg_all_pkey_asn1_meths 4398 EXIST:VMS:FUNCTION:ENGINE +X509_CRL_set_default_method 4399 EXIST::FUNCTION: +CRYPTO_THREADID_hash 4400 EXIST::FUNCTION: +CMS_ContentInfo_print_ctx 4401 EXIST::FUNCTION:CMS +TS_RESP_free 4402 EXIST::FUNCTION: +ISSUING_DIST_POINT_free 4403 EXIST::FUNCTION: +ESS_ISSUER_SERIAL_new 4404 EXIST::FUNCTION: +CMS_add1_crl 4405 EXIST::FUNCTION:CMS +PKCS7_add1_attrib_digest 4406 EXIST::FUNCTION: +TS_RESP_CTX_add_md 4407 EXIST::FUNCTION: +TS_TST_INFO_dup 4408 EXIST::FUNCTION: +ENGINE_set_pkey_asn1_meths 4409 EXIST::FUNCTION:ENGINE +PEM_write_bio_Parameters 4410 EXIST::FUNCTION: +TS_TST_INFO_get_accuracy 4411 EXIST::FUNCTION: +X509_CRL_get0_by_serial 4412 EXIST::FUNCTION: +TS_TST_INFO_set_version 4413 EXIST::FUNCTION: +TS_RESP_CTX_get_tst_info 4414 EXIST::FUNCTION: +TS_RESP_verify_signature 4415 EXIST::FUNCTION: +CRYPTO_THREADID_get_callback 4416 EXIST::FUNCTION: +TS_TST_INFO_get_tsa 4417 EXIST::FUNCTION: +TS_STATUS_INFO_new 4418 EXIST::FUNCTION: +EVP_PKEY_CTX_get_cb 4419 EXIST::FUNCTION: +TS_REQ_get_ext_d2i 4420 EXIST::FUNCTION: +GENERAL_NAME_set0_othername 4421 EXIST::FUNCTION: +TS_TST_INFO_get_ext_count 4422 EXIST::FUNCTION: +TS_RESP_CTX_get_request 4423 EXIST::FUNCTION: +i2d_NETSCAPE_X509 4424 EXIST::FUNCTION: +ENGINE_get_pkey_meth_engine 4425 EXIST::FUNCTION:ENGINE +EVP_PKEY_meth_set_signctx 4426 EXIST::FUNCTION: +EVP_PKEY_asn1_copy 4427 EXIST::FUNCTION: +ASN1_TYPE_cmp 4428 EXIST::FUNCTION: +EVP_CIPHER_do_all_sorted 4429 EXIST::FUNCTION: +EVP_PKEY_CTX_free 4430 EXIST::FUNCTION: +ISSUING_DIST_POINT_it 4431 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: +ISSUING_DIST_POINT_it 4431 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +d2i_TS_MSG_IMPRINT_fp 4432 EXIST::FUNCTION: +X509_STORE_get1_certs 4433 EXIST::FUNCTION: +EVP_PKEY_CTX_get_operation 4434 EXIST::FUNCTION: +d2i_ESS_SIGNING_CERT 4435 EXIST::FUNCTION: +TS_CONF_set_ordering 4436 EXIST::FUNCTION: +EVP_PBE_alg_add_type 4437 EXIST::FUNCTION: +TS_REQ_set_version 4438 EXIST::FUNCTION: +EVP_PKEY_get0 4439 EXIST::FUNCTION: +BIO_asn1_set_suffix 4440 EXIST::FUNCTION: +i2d_TS_STATUS_INFO 4441 EXIST::FUNCTION: +EVP_MD_do_all 4442 EXIST::FUNCTION: +TS_TST_INFO_set_accuracy 4443 EXIST::FUNCTION: +PKCS7_add_attrib_content_type 4444 EXIST::FUNCTION: +ERR_remove_thread_state 4445 EXIST::FUNCTION: +EVP_PKEY_meth_add0 4446 EXIST::FUNCTION: +TS_TST_INFO_set_tsa 4447 EXIST::FUNCTION: +EVP_PKEY_meth_new 4448 EXIST::FUNCTION: +WHIRLPOOL_Update 4449 EXIST:!VMSVAX:FUNCTION:WHIRLPOOL +TS_CONF_set_accuracy 4450 EXIST::FUNCTION: +ASN1_PCTX_set_oid_flags 4451 EXIST::FUNCTION: +ESS_SIGNING_CERT_dup 4452 EXIST::FUNCTION: +d2i_TS_REQ_bio 4453 EXIST::FUNCTION: +X509_time_adj_ex 4454 EXIST::FUNCTION: +TS_RESP_CTX_add_flags 4455 EXIST::FUNCTION: +d2i_TS_STATUS_INFO 4456 EXIST::FUNCTION: +TS_MSG_IMPRINT_set_msg 4457 EXIST::FUNCTION: +BIO_asn1_get_suffix 4458 EXIST::FUNCTION: +TS_REQ_free 4459 EXIST::FUNCTION: +EVP_PKEY_meth_free 4460 EXIST::FUNCTION: +TS_REQ_get_exts 4461 EXIST::FUNCTION: +TS_RESP_CTX_set_clock_precision_digits 4462 EXIST:!VMS:FUNCTION: +TS_RESP_CTX_set_clk_prec_digits 4462 EXIST:VMS:FUNCTION: +TS_RESP_CTX_add_failure_info 4463 EXIST::FUNCTION: +i2d_TS_RESP_bio 4464 EXIST::FUNCTION: +EVP_PKEY_CTX_get0_peerkey 4465 EXIST::FUNCTION: +PEM_write_bio_CMS_stream 4466 EXIST::FUNCTION:CMS +TS_REQ_new 4467 EXIST::FUNCTION: +TS_MSG_IMPRINT_new 4468 EXIST::FUNCTION: +EVP_PKEY_meth_find 4469 EXIST::FUNCTION: +EVP_PKEY_id 4470 EXIST::FUNCTION: +TS_TST_INFO_set_serial 4471 EXIST::FUNCTION: +a2i_GENERAL_NAME 4472 EXIST::FUNCTION: +TS_CONF_set_crypto_device 4473 EXIST::FUNCTION: +EVP_PKEY_verify_init 4474 EXIST::FUNCTION: +TS_CONF_set_policies 4475 EXIST::FUNCTION: +ASN1_PCTX_new 4476 EXIST::FUNCTION: +ESS_CERT_ID_free 4477 EXIST::FUNCTION: +ENGINE_unregister_pkey_meths 4478 EXIST::FUNCTION:ENGINE +TS_MSG_IMPRINT_free 4479 EXIST::FUNCTION: +TS_VERIFY_CTX_init 4480 EXIST::FUNCTION: +PKCS7_stream 4481 EXIST::FUNCTION: +TS_RESP_CTX_set_certs 4482 EXIST::FUNCTION: +TS_CONF_set_def_policy 4483 EXIST::FUNCTION: +ASN1_GENERALIZEDTIME_adj 4484 EXIST::FUNCTION: +NETSCAPE_X509_new 4485 EXIST::FUNCTION: +TS_ACCURACY_free 4486 EXIST::FUNCTION: +TS_RESP_get_tst_info 4487 EXIST::FUNCTION: +EVP_PKEY_derive_set_peer 4488 EXIST::FUNCTION: +PEM_read_bio_Parameters 4489 EXIST::FUNCTION: +TS_CONF_set_clock_precision_digits 4490 EXIST:!VMS:FUNCTION: +TS_CONF_set_clk_prec_digits 4490 EXIST:VMS:FUNCTION: +ESS_ISSUER_SERIAL_dup 4491 EXIST::FUNCTION: +TS_ACCURACY_get_micros 4492 EXIST::FUNCTION: +ASN1_PCTX_get_str_flags 4493 EXIST::FUNCTION: +NAME_CONSTRAINTS_check 4494 EXIST::FUNCTION: +ASN1_BIT_STRING_check 4495 EXIST::FUNCTION: +X509_check_akid 4496 EXIST::FUNCTION: +ENGINE_unregister_pkey_asn1_meths 4497 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_unreg_pkey_asn1_meths 4497 EXIST:VMS:FUNCTION:ENGINE +ASN1_PCTX_free 4498 EXIST::FUNCTION: +PEM_write_bio_ASN1_stream 4499 EXIST::FUNCTION: +i2d_ASN1_bio_stream 4500 EXIST::FUNCTION: +TS_X509_ALGOR_print_bio 4501 EXIST::FUNCTION: +EVP_PKEY_meth_set_cleanup 4502 EXIST::FUNCTION: +EVP_PKEY_asn1_free 4503 EXIST::FUNCTION: +ESS_SIGNING_CERT_free 4504 EXIST::FUNCTION: +TS_TST_INFO_set_msg_imprint 4505 EXIST::FUNCTION: +GENERAL_NAME_cmp 4506 EXIST::FUNCTION: +d2i_ASN1_SET_ANY 4507 EXIST::FUNCTION: +ENGINE_set_pkey_meths 4508 EXIST::FUNCTION:ENGINE +i2d_TS_REQ_fp 4509 EXIST::FUNCTION: +d2i_ASN1_SEQUENCE_ANY 4510 EXIST::FUNCTION: +GENERAL_NAME_get0_otherName 4511 EXIST::FUNCTION: +d2i_ESS_CERT_ID 4512 EXIST::FUNCTION: +OBJ_find_sigid_algs 4513 EXIST::FUNCTION: +EVP_PKEY_meth_set_keygen 4514 EXIST::FUNCTION: +PKCS5_PBKDF2_HMAC 4515 EXIST::FUNCTION: +EVP_PKEY_paramgen 4516 EXIST::FUNCTION: +EVP_PKEY_meth_set_paramgen 4517 EXIST::FUNCTION: +BIO_new_PKCS7 4518 EXIST::FUNCTION: +EVP_PKEY_verify_recover 4519 EXIST::FUNCTION: +TS_ext_print_bio 4520 EXIST::FUNCTION: +TS_ASN1_INTEGER_print_bio 4521 EXIST::FUNCTION: +check_defer 4522 EXIST::FUNCTION: +DSO_pathbyaddr 4523 EXIST::FUNCTION: +EVP_PKEY_set_type 4524 EXIST::FUNCTION: +TS_ACCURACY_set_micros 4525 EXIST::FUNCTION: +TS_REQ_to_TS_VERIFY_CTX 4526 EXIST::FUNCTION: +EVP_PKEY_meth_set_copy 4527 EXIST::FUNCTION: +ASN1_PCTX_set_cert_flags 4528 EXIST::FUNCTION: +TS_TST_INFO_get_ext 4529 EXIST::FUNCTION: +EVP_PKEY_asn1_set_ctrl 4530 EXIST::FUNCTION: +TS_TST_INFO_get_ext_by_critical 4531 EXIST::FUNCTION: +EVP_PKEY_CTX_new_id 4532 EXIST::FUNCTION: +TS_REQ_get_ext_by_OBJ 4533 EXIST::FUNCTION: +TS_CONF_set_signer_cert 4534 EXIST::FUNCTION: +X509_NAME_hash_old 4535 EXIST::FUNCTION: +ASN1_TIME_set_string 4536 EXIST::FUNCTION: +EVP_MD_flags 4537 EXIST::FUNCTION: +TS_RESP_CTX_free 4538 EXIST::FUNCTION: +DSAparams_dup 4539 EXIST::FUNCTION:DSA +DHparams_dup 4540 EXIST::FUNCTION:DH +OCSP_REQ_CTX_add1_header 4541 EXIST::FUNCTION: +OCSP_REQ_CTX_set1_req 4542 EXIST::FUNCTION: +X509_STORE_set_verify_cb 4543 EXIST::FUNCTION: +X509_STORE_CTX_get0_current_crl 4544 EXIST::FUNCTION: +X509_STORE_CTX_get0_parent_ctx 4545 EXIST::FUNCTION: +X509_STORE_CTX_get0_current_issuer 4546 EXIST:!VMS:FUNCTION: +X509_STORE_CTX_get0_cur_issuer 4546 EXIST:VMS:FUNCTION: +X509_issuer_name_hash_old 4547 EXIST::FUNCTION:MD5 +X509_subject_name_hash_old 4548 EXIST::FUNCTION:MD5 +EVP_CIPHER_CTX_copy 4549 EXIST::FUNCTION: +UI_method_get_prompt_constructor 4550 EXIST:!VMS:FUNCTION: +UI_method_get_prompt_constructr 4550 EXIST:VMS:FUNCTION: +UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: +UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: +EVP_read_pw_string_min 4552 EXIST::FUNCTION: diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl index f2b92b2b25..280e9de1ad 100644 --- a/src/lib/libcrypto/util/mk1mf.pl +++ b/src/lib/libcrypto/util/mk1mf.pl @@ -6,36 +6,56 @@ # $INSTALLTOP="/usr/local/ssl"; +$OPENSSLDIR="/usr/local/ssl"; $OPTIONS=""; $ssl_version=""; $banner="\t\@echo Building OpenSSL"; -my $no_static_engine = 0; +my $no_static_engine = 1; my $engines = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; +local $perl_asm = 0; # 1 to autobuild asm files from perl scripts + +# Options to import from top level Makefile + +my %mf_import = ( + VERSION => \$ssl_version, + OPTIONS => \$OPTIONS, + INSTALLTOP => \$INSTALLTOP, + OPENSSLDIR => \$OPENSSLDIR, + PLATFORM => \$mf_platform, + CFLAG => \$mf_cflag, + DEPFLAG => \$mf_depflag, + CPUID_OBJ => \$mf_cpuid_asm, + BN_ASM => \$mf_bn_asm, + DES_ENC => \$mf_des_asm, + AES_ENC => \$mf_aes_asm, + BF_ENC => \$mf_bf_asm, + CAST_ENC => \$mf_cast_asm, + RC4_ENC => \$mf_rc4_asm, + RC5_ENC => \$mf_rc5_asm, + MD5_ASM_OBJ => \$mf_md5_asm, + SHA1_ASM_OBJ => \$mf_sha_asm, + RMD160_ASM_OBJ => \$mf_rmd_asm, + WP_ASM_OBJ => \$mf_wp_asm, + CMLL_ENC => \$mf_cm_asm +); -local $fips_canister_path = ""; -my $fips_premain_dso_exe_path = ""; -my $fips_premain_c_path = ""; -my $fips_sha1_exe_path = ""; - -local $fipscanisterbuild = 0; -local $fipsdso = 0; - -my $fipslibdir = ""; -my $baseaddr = ""; - -my $ex_l_libs = ""; open(IN,") { - $ssl_version=$1 if (/^VERSION=(.*)$/); - $OPTIONS=$1 if (/^OPTIONS=(.*)$/); - $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/); + my ($mf_opt, $mf_ref); + while (($mf_opt, $mf_ref) = each %mf_import) { + if (/^$mf_opt\s*=\s*(.*)$/) { + $$mf_ref = $1; + } + } } close(IN); +$debug = 1 if $mf_platform =~ /^debug-/; + die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq ""; $infile="MINFO"; @@ -58,6 +78,7 @@ $infile="MINFO"; "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets", "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets", "default","cc under unix", + "auto", "auto detect from top level Makefile" ); $platform=""; @@ -144,6 +165,12 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:''; $NT=0; push(@INC,"util/pl","pl"); + +if ($platform eq "auto") { + $platform = $mf_platform; + print STDERR "Imported platform $mf_platform\n"; +} + if (($platform =~ /VC-(.+)/)) { $FLAVOR=$1; @@ -228,13 +255,12 @@ $cflags.=" -DOPENSSL_NO_DES" if $no_des; $cflags.=" -DOPENSSL_NO_RSA" if $no_rsa; $cflags.=" -DOPENSSL_NO_DSA" if $no_dsa; $cflags.=" -DOPENSSL_NO_DH" if $no_dh; +$cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; -$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; -$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; @@ -242,7 +268,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; -$cflags.=" -DOPENSSL_FIPS" if $fips; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -264,9 +290,9 @@ else $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); + %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", - "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); + "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); if ($msdos) { @@ -280,6 +306,7 @@ if ($msdos) $link="$bin_dir$link" if ($link !~ /^\$/); $INSTALLTOP =~ s|/|$o|g; +$OPENSSLDIR =~ s|/|$o|g; ############################################# # We parse in input file and 'store' info for later printing. @@ -294,21 +321,11 @@ for (;;) { if ($lib ne "") { - if ($fips && $dir =~ /^fips/) - { - $uc = "FIPS"; - } - else - { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - } - if (($uc ne "FIPS") || $fipscanisterbuild) - { - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; - } + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; } last if ($val eq "FINISHED"); $lib=""; @@ -351,130 +368,11 @@ for (;;) if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } - if ($key eq "FIPS_EX_OBJ") - { - $fips_ex_obj=&var_add("crypto",$val,0); - } - - if ($key eq "FIPSLIBDIR") - { - $fipslibdir=$val; - $fipslibdir =~ s/\/$//; - $fipslibdir =~ s/\//$o/g; - } - - if ($key eq "BASEADDR") - { $baseaddr=$val;} - if (!($_=)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); -if ($fips) - { - - foreach (split " ", $fips_ex_obj) - { - $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); - } - - $fips_exclude_obj{"cpu_win32"} = 1; - $fips_exclude_obj{"bn_asm"} = 1; - $fips_exclude_obj{"des_enc"} = 1; - $fips_exclude_obj{"fcrypt_b"} = 1; - $fips_exclude_obj{"aes_core"} = 1; - $fips_exclude_obj{"aes_cbc"} = 1; - - my @ltmp = split " ", $lib_obj{"CRYPTO"}; - - - $lib_obj{"CRYPTO"} = ""; - - foreach(@ltmp) - { - if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) - { - if ($fipscanisterbuild) - { - $lib_obj{"FIPS"} .= "$_ "; - } - } - else - { - $lib_obj{"CRYPTO"} .= "$_ "; - } - } - - } - -if ($fipscanisterbuild) - { - $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; - $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; - } -else - { - if ($fips_canister_path eq "") - { - $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; - } - - if ($fips_premain_c_path eq "") - { - $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; - } - } - -if ($fips) - { - if ($fips_sha1_exe_path eq "") - { - $fips_sha1_exe_path = - "\$(BIN_D)${o}fips_standalone_sha1$exep"; - } - } - else - { - $fips_sha1_exe_path = ""; - } - -if ($fips_premain_dso_exe_path eq "") - { - $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; - } - -# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); - -#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; - -if ($fips) - { - if (!$shlib) - { - $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; - $ex_l_libs .= " \$(O_FIPSCANISTER)"; - $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; - } - if ($fipscanisterbuild) - { - $fipslibdir = "\$(LIB_D)"; - } - else - { - if ($fipslibdir eq "") - { - open (IN, "util/fipslib_path.txt") || fipslib_error(); - $fipslibdir = ; - chomp $fipslibdir; - close IN; - } - fips_check_files($fipslibdir, - "fipscanister.lib", "fipscanister.lib.sha1", - "fips_premain.c", "fips_premain.c.sha1"); - } - } - if ($shlib) { $extra_install= <<"EOF"; @@ -520,6 +418,7 @@ $defs .= $preamble if defined $preamble; $defs.= <<"EOF"; INSTALLTOP=$INSTALLTOP +OPENSSLDIR=$OPENSSLDIR # Set your compiler options PLATFORM=$platform @@ -540,32 +439,6 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc -FIPSLINK=\$(PERL) util${o}fipslink.pl - -AES_ASM_OBJ=$aes_asm_obj -AES_ASM_SRC=$aes_asm_src -BN_ASM_OBJ=$bn_asm_obj -BN_ASM_SRC=$bn_asm_src -BNCO_ASM_OBJ=$bnco_asm_obj -BNCO_ASM_SRC=$bnco_asm_src -DES_ENC_OBJ=$des_enc_obj -DES_ENC_SRC=$des_enc_src -BF_ENC_OBJ=$bf_enc_obj -BF_ENC_SRC=$bf_enc_src -CAST_ENC_OBJ=$cast_enc_obj -CAST_ENC_SRC=$cast_enc_src -RC4_ENC_OBJ=$rc4_enc_obj -RC4_ENC_SRC=$rc4_enc_src -RC5_ENC_OBJ=$rc5_enc_obj -RC5_ENC_SRC=$rc5_enc_src -MD5_ASM_OBJ=$md5_asm_obj -MD5_ASM_SRC=$md5_asm_src -SHA1_ASM_OBJ=$sha1_asm_obj -SHA1_ASM_SRC=$sha1_asm_src -RMD160_ASM_OBJ=$rmd160_asm_obj -RMD160_ASM_SRC=$rmd160_asm_src -CPUID_ASM_OBJ=$cpuid_asm_obj -CPUID_ASM_SRC=$cpuid_asm_src # The output directory for everything intersting OUT_D=$out_dir @@ -584,17 +457,6 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm -# FIPS validated module and support file locations - -E_PREMAIN_DSO=fips_premain_dso - -FIPSLIB_D=$fipslibdir -BASEADDR=$baseaddr -FIPS_PREMAIN_SRC=$fips_premain_c_path -O_FIPSCANISTER=$fips_canister_path -FIPS_SHA1_EXE=$fips_sha1_exe_path -PREMAIN_DSO_EXE=$fips_premain_dso_exe_path - ###################################################### # You should not need to touch anything below this point ###################################################### @@ -602,7 +464,6 @@ PREMAIN_DSO_EXE=$fips_premain_dso_exe_path E_EXE=openssl SSL=$ssl CRYPTO=$crypto -LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -623,14 +484,12 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp -O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp -L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs +L_LIBS= \$(L_SSL) \$(L_CRYPTO) ###################################################### # Don't touch anything below this point @@ -640,13 +499,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe banner: $banner @@ -683,8 +542,9 @@ install: all \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\" \$(MKDIR) \"\$(INSTALLTOP)${o}lib\" \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\" - \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\" - \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\" + \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin\" + \$(MKDIR) \"\$(OPENSSLDIR)\" + \$(CP) apps${o}openssl.cnf \"\$(OPENSSLDIR)\" $extra_install @@ -761,26 +621,6 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); -# Special case rules for fips_start and fips_end fips_premain_dso - -if ($fips) - { - if ($fipscanisterbuild) - { - $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", - "fips${o}fips_canister.c", - "-DFIPS_START \$(SHLIB_CFLAGS)"); - $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", - "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); - } - $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", - "fips${o}sha${o}fips_standalone_sha1.c", - "\$(SHLIB_CFLAGS)"); - $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", - "fips${o}fips_premain.c", - "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); - } - foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -792,78 +632,14 @@ foreach (values %lib_nam) next; } - if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) - { - if ($cpuid_asm_obj ne "") - { - $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; - $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); - } - if ($aes_asm_obj ne "") - { - $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; - $lib_obj =~ s/\s\S*\/aes_cbc\S*//; - $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); - } - if ($sha1_asm_obj ne "") - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } - if ($bn_asm_obj ne "") - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if ($bnco_asm_obj ne "") - { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if ($des_enc_obj ne "") - { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); - } - } - if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/; - $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src); - } - if (($cast_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/; - $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src); - } - if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/; - $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src); - } - if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/; - $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src); - } - if (($md5_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; - $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); - } - if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; - $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); - } $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); } # hack to add version info on MSVC -if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { +if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A") + || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) { $rules.= <<"EOF"; \$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc @@ -871,43 +647,15 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc -\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc - \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc - EOF } $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { - my $t_libs; $t=&bname($_); - my $ltype; - # Check to see if test program is FIPS - if ($fips && /fips/) - { - # If fipsdso link to libosslfips.dll - # otherwise perform static link to - # $(O_FIPSCANISTER) - if ($fipsdso) - { - $t_libs = "\$(L_FIPS)"; - $ltype = 0; - } - else - { - $t_libs = "\$(O_FIPSCANISTER)"; - $ltype = 2; - } - } - else - { - $t_libs = "\$(L_LIBS)"; - $ltype = 0; - } - $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); } $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); @@ -921,69 +669,9 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); +$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -if ($fips) - { - if ($shlib) - { - if ($fipsdso) - { - $rules.= &do_lib_rule("\$(CRYPTOOBJ)", - "\$(O_CRYPTO)", "$crypto", - $shlib, "", ""); - $rules.= &do_lib_rule( - "\$(O_FIPSCANISTER)", - "\$(O_FIPS)", "\$(LIBFIPS)", - $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); - $rules.= &do_sdef_rule(); - } - else - { - $rules.= &do_lib_rule( - "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", - "\$(O_CRYPTO)", "$crypto", - $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); - } - } - else - { - $rules.= &do_lib_rule("\$(CRYPTOOBJ)", - "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); - $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", - "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); - } - } - else - { - $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, - "\$(SO_CRYPTO)"); - } - -if ($fips) - { - if ($fipscanisterbuild) - { - $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", - "\$(OBJ_D)${o}fips_start$obj", - "\$(FIPSOBJ)", - "\$(OBJ_D)${o}fips_end$obj", - "\$(FIPS_SHA1_EXE)", ""); - $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", - "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", - "","\$(EX_LIBS)", 1); - } - else - { - $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", - "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", - "","", 1); - - } - $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); - - } - -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); print $defs; @@ -1022,7 +710,6 @@ sub var_add return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; return("") if $no_jpake && $dir =~ /\/jpake/; - return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1034,6 +721,7 @@ sub var_add return("") if $no_sock && $dir =~ /\/proxy/; return("") if $no_bf && $dir =~ /\/bf/; return("") if $no_cast && $dir =~ /\/cast/; + return("") if $no_whirlpool && $dir =~ /\/whrlpool/; $val =~ s/^\s*(.*)\s*$/$1/; @a=split(/\s+/,$val); @@ -1051,8 +739,8 @@ sub var_add @a=grep(!/^e_camellia$/,@a) if $no_camellia; @a=grep(!/^e_seed$/,@a) if $no_seed; - @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; - @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; + #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; + #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; @@ -1126,6 +814,7 @@ sub do_defs else { $pf=$postfix; } if ($_ =~ /BN_ASM/) { $t="$_ "; } elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; } + elsif ($_ =~ /AES_ASM/){ $t="$_ "; } elsif ($_ =~ /DES_ENC/) { $t="$_ "; } elsif ($_ =~ /BF_ENC/) { $t="$_ "; } elsif ($_ =~ /CAST_ENC/){ $t="$_ "; } @@ -1133,8 +822,8 @@ sub do_defs elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } - elsif ($_ =~ /AES_ASM/){ $t="$_ "; } elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } + elsif ($_ =~ /WHIRLPOOL_ASM/){ $t="$_ "; } elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; } else { $t="$location${o}$_$pf "; } @@ -1142,7 +831,7 @@ sub do_defs $ret.=$t; } # hack to add version info on MSVC - if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))) + if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT"))) { if ($var eq "CRYPTOOBJ") { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; } @@ -1162,6 +851,13 @@ sub bname return($ret); } +# return the leading path +sub dname + { + my $ret=shift; + $ret =~ s/(^.*)[\\\/][^\\\/]+$/$1/; + return($ret); + } ############################################################## # do a rule for each file that says 'compile' to new direcory @@ -1169,19 +865,61 @@ sub bname sub do_compile_rule { local($to,$files,$ex)=@_; - local($ret,$_,$n); - + local($ret,$_,$n,$d,$s); + $files =~ s/\//$o/g if $o ne '/'; foreach (split(/\s+/,$files)) { $n=&bname($_); - $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex) + $d=&dname($_); + if (-f "${_}.c") + { + $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex) + } + elsif (-f ($s="${d}${o}asm${o}${n}.pl") or + ($s=~s/sha256/sha512/ and -f $s) or + -f ($s="${d}${o}${n}.pl")) + { + $ret.=&perlasm_compile_target("$to${o}$n$obj",$s,$n); + } + elsif (-f ($s="${d}${o}asm${o}${n}.S") or + -f ($s="${d}${o}${n}.S")) + { + $ret.=&Sasm_compile_target("$to${o}$n$obj",$s,$n); + } + else { die "no rule for $_"; } } return($ret); } ############################################################## # do a rule for each file that says 'compile' to new direcory +sub perlasm_compile_target + { + my($target,$source,$bname)=@_; + my($ret); + + $bname =~ s/(.*)\.[^\.]$/$1/; + $ret ="\$(TMP_D)$o$bname.asm: $source\n"; + $ret.="\t\$(PERL) $source $asmtype \$(CFLAG) >\$\@\n\n"; + $ret.="$target: \$(TMP_D)$o$bname.asm\n"; + $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; + return($ret); + } + +sub Sasm_compile_target + { + my($target,$source,$bname)=@_; + my($ret); + + $bname =~ s/(.*)\.[^\.]$/$1/; + $ret ="\$(TMP_D)$o$bname.asm: $source\n"; + $ret.="\t\$(CC) -E \$(CFLAG) $source >\$\@\n\n"; + $ret.="$target: \$(TMP_D)$o$bname.asm\n"; + $ret.="\t\$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm\n\n"; + return($ret); + } + sub cc_compile_target { local($target,$source,$ex_flags)=@_; @@ -1204,13 +942,25 @@ sub do_asm_rule $target =~ s/\//$o/g if $o ne "/"; $src =~ s/\//$o/g if $o ne "/"; - @s=split(/\s+/,$src); @t=split(/\s+/,$target); + @s=split(/\s+/,$src); + for ($i=0; $i<=$#s; $i++) { - $ret.="$t[$i]: $s[$i]\n"; - $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n"; + my $objfile = $t[$i]; + my $srcfile = $s[$i]; + + if ($perl_asm == 1) + { + my $plasm = $objfile; + $plasm =~ s/${obj}/.pl/; + $ret.="$srcfile: $plasm\n"; + $ret.="\t\$(PERL) $plasm $asmtype \$(CFLAG) >$srcfile\n\n"; + } + + $ret.="$objfile: $srcfile\n"; + $ret.="\t\$(ASM) $afile$objfile \$(SRC_D)$o$srcfile\n\n"; } return($ret); } @@ -1274,6 +1024,7 @@ sub read_options "no-sha1" => \$no_sha1, "no-ripemd" => \$no_ripemd, "no-mdc2" => \$no_mdc2, + "no-whirlpool" => \$no_whirlpool, "no-patents" => [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa], "no-rsa" => \$no_rsa, @@ -1282,7 +1033,6 @@ sub read_options "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, - "ml64" => \$ml64, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, @@ -1291,7 +1041,6 @@ sub read_options "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, - "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, @@ -1316,11 +1065,9 @@ sub read_options "no-rfc3779" => 0, "no-montasm" => 0, "no-shared" => 0, + "no-store" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, - "fips" => \$fips, - "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], - "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], ); if (exists $valid_options{$_}) @@ -1397,31 +1144,3 @@ sub read_options else { return(0); } return(1); } - -sub fipslib_error - { - print STDERR "***FIPS module directory sanity check failed***\n"; - print STDERR "FIPS module build failed, or was deleted\n"; - print STDERR "Please rebuild FIPS module.\n"; - exit 1; - } - -sub fips_check_files - { - my $dir = shift @_; - my $ret = 1; - if (!-d $dir) - { - print STDERR "FIPS module directory $dir does not exist\n"; - fipslib_error(); - } - foreach (@_) - { - if (!-f "$dir${o}$_") - { - print STDERR "FIPS module file $_ does not exist!\n"; - $ret = 0; - } - } - fipslib_error() if ($ret == 0); - } diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl index 5ae9ebb619..a4a17e3ae9 100644 --- a/src/lib/libcrypto/util/mkdef.pl +++ b/src/lib/libcrypto/util/mkdef.pl @@ -69,7 +69,7 @@ my $do_ctestall = 0; my $do_checkexist = 0; my $VMSVAX=0; -my $VMSAlpha=0; +my $VMSNonVAX=0; my $VMS=0; my $W32=0; my $W16=0; @@ -79,12 +79,13 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); + "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA", "SEED", + "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", + "HMAC", "AES", "CAMELLIA", "SEED", "GOST", # Envelope "algorithms" "EVP", "X509", "ASN1_TYPEDEFS", # Helper "algorithms" @@ -94,14 +95,16 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", - # RFC3779 support + # RFC3779 "RFC3779", - # TLS extension support - "TLSEXT", + # TLS + "TLSEXT", "PSK", # CMS "CMS", # CryptoAPI Engine "CAPIENG", + # SSL v2 + "SSL2", # JPAKE "JPAKE", # Deprecated functions @@ -118,14 +121,15 @@ close(IN); # defined with ifndef(NO_XXX) are not included in the .def file, and everything # in directory xxx is ignored. my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; -my $no_cast; +my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; -my $no_seed; -my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; -my $fips; +my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; +my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; +my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_jpake; my $no_ssl2; + +my $zlib; foreach (@ARGV, split(/ /, $options)) @@ -141,17 +145,15 @@ foreach (@ARGV, split(/ /, $options)) $VMS=1; $VMSVAX=1; } - if ($_ eq "VMS-Alpha") { + if ($_ eq "VMS-NonVAX") { $VMS=1; - $VMSAlpha=1; + $VMSNonVAX=1; } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; - $fips=1 if /^fips/; - - if ($_ eq "zlib" || $_ eq "zlib-dynamic" - || $_ eq "enable-zlib-dynamic") { - $zlib = 1; + if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic" + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; } $do_ssl=1 if $_ eq "ssleay"; @@ -180,6 +182,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; } elsif (/^no-bf$/) { $no_bf=1; } elsif (/^no-cast$/) { $no_cast=1; } + elsif (/^no-whirlpool$/) { $no_whirlpool=1; } elsif (/^no-md2$/) { $no_md2=1; } elsif (/^no-md4$/) { $no_md4=1; } elsif (/^no-md5$/) { $no_md5=1; } @@ -212,6 +215,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } + elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-capieng$/) { $no_capieng=1; } elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -260,6 +264,7 @@ $crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5; $crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2; $crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf; $crypto.=" crypto/cast/cast.h" ; # unless $no_cast; +$crypto.=" crypto/whrlpool/whrlpool.h" ; $crypto.=" crypto/md2/md2.h" ; # unless $no_md2; $crypto.=" crypto/md4/md4.h" ; # unless $no_md4; $crypto.=" crypto/md5/md5.h" ; # unless $no_md5; @@ -301,17 +306,16 @@ $crypto.=" crypto/pkcs12/pkcs12.h"; $crypto.=" crypto/x509/x509.h"; $crypto.=" crypto/x509/x509_vfy.h"; $crypto.=" crypto/x509v3/x509v3.h"; +$crypto.=" crypto/ts/ts.h"; $crypto.=" crypto/rand/rand.h"; $crypto.=" crypto/comp/comp.h" ; # unless $no_comp; $crypto.=" crypto/ocsp/ocsp.h"; $crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; $crypto.=" crypto/krb5/krb5_asn.h"; -$crypto.=" crypto/tmdiff.h"; -$crypto.=" crypto/store/store.h"; +#$crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; $crypto.=" crypto/jpake/jpake.h"; -$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -885,6 +889,7 @@ sub do_defs s/\{\}/\(\)/gs; s/STACK_OF\(\)/void/gs; + s/LHASH_OF\(\)/void/gs; print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug; if (/^\#INFO:([^:]*):(.*)$/) { @@ -961,6 +966,25 @@ sub do_defs $platform{"PEM_write_NS_CERT_SEQ"} = "VMS"; $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS"; $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS"; + $platform{"EVP_sha384"} = "!VMSVAX"; + $platform{"EVP_sha512"} = "!VMSVAX"; + $platform{"SHA384_Init"} = "!VMSVAX"; + $platform{"SHA384_Transform"} = "!VMSVAX"; + $platform{"SHA384_Update"} = "!VMSVAX"; + $platform{"SHA384_Final"} = "!VMSVAX"; + $platform{"SHA384"} = "!VMSVAX"; + $platform{"SHA512_Init"} = "!VMSVAX"; + $platform{"SHA512_Transform"} = "!VMSVAX"; + $platform{"SHA512_Update"} = "!VMSVAX"; + $platform{"SHA512_Final"} = "!VMSVAX"; + $platform{"SHA512"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Init"} = "!VMSVAX"; + $platform{"WHIRLPOOL"} = "!VMSVAX"; + $platform{"WHIRLPOOL_BitUpdate"} = "!VMSVAX"; + $platform{"EVP_whirlpool"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Final"} = "!VMSVAX"; + $platform{"WHIRLPOOL_Update"} = "!VMSVAX"; + # Info we know about @@ -1085,6 +1109,8 @@ sub is_valid if ($platforms) { # platforms + if ($keyword eq "VMSVAX" && $VMSVAX) { return 1; } + if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; } if ($keyword eq "VMS" && $VMS) { return 1; } if ($keyword eq "WIN32" && $W32) { return 1; } if ($keyword eq "WIN16" && $W16) { return 1; } @@ -1097,9 +1123,6 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } - if ($keyword eq "OPENSSL_FIPS" && $fips) { - return 1; - } if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { @@ -1117,6 +1140,7 @@ sub is_valid if ($keyword eq "SHA" && $no_sha) { return 0; } if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; } if ($keyword eq "MDC2" && $no_mdc2) { return 0; } + if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; } if ($keyword eq "RSA" && $no_rsa) { return 0; } if ($keyword eq "DSA" && $no_dsa) { return 0; } if ($keyword eq "DH" && $no_dh) { return 0; } @@ -1143,7 +1167,9 @@ sub is_valid if ($keyword eq "GMP" && $no_gmp) { return 0; } if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } + if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } + if ($keyword eq "SSL2" && $no_ssl2) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl index 67fb8694c8..6d15831450 100644 --- a/src/lib/libcrypto/util/mkfiles.pl +++ b/src/lib/libcrypto/util/mkfiles.pl @@ -26,6 +26,7 @@ my @dirs = ( "crypto/aes", "crypto/camellia", "crypto/seed", +"crypto/modes", "crypto/bn", "crypto/rsa", "crypto/dsa", @@ -46,6 +47,7 @@ my @dirs = ( "crypto/pem", "crypto/x509", "crypto/x509v3", +"crypto/cms", "crypto/conf", "crypto/jpake", "crypto/txt_db", @@ -56,25 +58,20 @@ my @dirs = ( "crypto/ocsp", "crypto/ui", "crypto/krb5", -"crypto/store", +#"crypto/store", "crypto/pqueue", -"crypto/cms", -"fips", -"fips/aes", -"fips/des", -"fips/dsa", -"fips/dh", -"fips/hmac", -"fips/rand", -"fips/rsa", -"fips/sha", +"crypto/whrlpool", +"crypto/ts", "ssl", "apps", "engines", +"engines/ccgost", "test", "tools" ); +%top; + foreach (@dirs) { &files_dir ($_, "Makefile"); } @@ -118,8 +115,8 @@ while () $o =~ s/\s+$//; $o =~ s/\s+/ /g; - $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g; - $sym{$s}=$o; + $o =~ s/\$[({]([^)}]+)[)}]/$top{$1} or $sym{$1}/ge; + $sym{$s}=($top{$s} or $o); } } @@ -129,6 +126,15 @@ foreach (sort keys %sym) { print "$_=$sym{$_}\n"; } +if ($dir eq "." && defined($sym{"BUILDENV"})) + { + foreach (split(' ',$sym{"BUILDENV"})) + { + /^(.+)=/; + $top{$1}=$sym{$1}; + } + } + print "RELATIVE_DIRECTORY=\n"; close (IN); diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl index eacc327882..61db12c68f 100644 --- a/src/lib/libcrypto/util/mklink.pl +++ b/src/lib/libcrypto/util/mklink.pl @@ -15,21 +15,13 @@ # Apart from this, this script should be able to handle even the most # pathological cases. -my $pwd; -eval 'use Cwd;'; -if ($@) - { - $pwd = `pwd`; - } -else - { - $pwd = getcwd(); - } +use Cwd; my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); +my $pwd = getcwd(); chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); @@ -59,6 +51,7 @@ my $to = join('/', @to_path); my $file; $symlink_exists=eval {symlink("",""); 1}; +if ($^O eq "msys") { $symlink_exists=0 }; foreach $file (@files) { my $err = ""; if ($symlink_exists) { diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl index 99b8c058d2..1f1e13fb40 100644 --- a/src/lib/libcrypto/util/pl/BC-32.pl +++ b/src/lib/libcrypto/util/pl/BC-32.pl @@ -117,7 +117,7 @@ ___ else { local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; - $ex.=' wsock32.lib gdi32.lib'; + $ex.=' ws2_32.lib gdi32.lib'; $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; } $ret.="\n"; diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl index 8f0483fb93..fe3fb27a78 100644 --- a/src/lib/libcrypto/util/pl/Mingw32.pl +++ b/src/lib/libcrypto/util/pl/Mingw32.pl @@ -19,7 +19,7 @@ $cc='gcc'; if ($debug) { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486 -Wall"; } + { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; } if ($gaswin and !$no_asm) { @@ -43,8 +43,6 @@ if ($gaswin and !$no_asm) $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; $sha1_asm_obj='$(OBJ_D)\s1-win32.o'; $sha1_asm_src='crypto/sha/asm/s1-win32.s'; - $cpuid_asm_obj='$(OBJ_D)\cpu-win32.o'; - $cpuid_asm_src='crypto/cpu-win32.s'; $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS"; } @@ -57,7 +55,7 @@ $link='${CC}'; $lflags='${CFLAGS}'; $efile='-o '; $exep=''; -$ex_libs="-lwsock32 -lgdi32"; +$ex_libs="-lws2_32 -lgdi32"; # static library stuff $mklib='ar r'; diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl index 85121c8ed1..c3e29fda96 100644 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ b/src/lib/libcrypto/util/pl/VC-32.pl @@ -4,21 +4,7 @@ # $ssl= "ssleay32"; - -if ($fips && !$shlib) - { - $crypto="libeayfips32"; - $crypto_compat = "libeaycompat32.lib"; - } -else - { - $crypto="libeay32"; - } - -if ($fipscanisterbuild) - { - $fips_canister_path = "\$(LIB_D)\\fipscanister.lib"; - } +$crypto="libeay32"; $o='\\'; $cp='$(PERL) util/copy.pl'; @@ -27,6 +13,10 @@ $rm='del /Q'; $zlib_lib="zlib1.lib"; +# Santize -L options for ms link +$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g; +$l_flags =~ s/-L(\S+)/\/libpath:$1/g; + # C compiler stuff $cc='cl'; if ($FLAVOR =~ /WIN64/) @@ -42,14 +32,28 @@ if ($FLAVOR =~ /WIN64/) # per 0.9.8 release remaining warnings were explicitly examined and # considered safe to ignore. # - $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE'; - $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 - $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 + $base_cflags= " $mf_cflag"; my $f = $shlib?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /subsystem:console /opt:ref"; + + *::perlasm_compile_target = sub { + my ($target,$source,$bname)=@_; + my $ret; + + $bname =~ s/(.*)\.[^\.]$/$1/; + $ret=<<___; +\$(TMP_D)$o$bname.asm: $source + set ASM=\$(ASM) + \$(PERL) $source \$\@ + +$target: \$(TMP_D)$o$bname.asm + \$(ASM) $afile\$\@ \$(TMP_D)$o$bname.asm + +___ + } } elsif ($FLAVOR =~ /CE/) { @@ -99,18 +103,18 @@ elsif ($FLAVOR =~ /CE/) } $cc='$(CC)'; - $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT'; + $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT'; $base_cflags.=" $wcecdefs"; + $base_cflags.=' -I$(WCECOMPAT)/include' if (defined($ENV{'WCECOMPAT'})); + $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'})); $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics... $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG'; $lflags="/nologo /opt:ref $wcelflag"; } else # Win32 { - $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; - $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 - $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - my $f = $shlib || $fips ?' /MD':' /MT'; + $base_cflags= " $mf_cflag"; + my $f = $shlib?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox /O2 /Ob2'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; @@ -118,22 +122,28 @@ else # Win32 } $mlflags=''; -$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); -$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); +$out_def ="out32"; $out_def.="dll" if ($shlib); + $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); +$tmp_def ="tmp32"; $tmp_def.="dll" if ($shlib); + $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/); $inc_def="inc32"; if ($debug) { $cflags=$dbg_cflags.$base_cflags; - $lflags.=" /debug"; - $mlflags.=' /debug'; } else { $cflags=$opt_cflags.$base_cflags; } +# generate symbols.pdb unconditionally +$app_cflag.=" /Zi /Fd$tmp_def/app"; +$lib_cflag.=" /Zi /Fd$tmp_def/lib"; +$lflags.=" /debug"; + $obj='.obj'; +$asm_suffix='.asm'; $ofile="/Fo"; # EXE linking stuff @@ -143,26 +153,23 @@ $efile="/out:"; $exep='.exe'; if ($no_sock) { $ex_libs=''; } elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; } -else { $ex_libs='wsock32.lib'; } +else { $ex_libs='ws2_32.lib'; } if ($FLAVOR =~ /CE/) { - $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib'; + $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib' if (defined($ENV{'WCECOMPAT'})); + $ex_libs.=' $(PORTSDK_LIBPATH)/portlib.lib' if (defined($ENV{'PORTSDK_LIBPATH'})); $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86"); } else { - $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib'; - $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); + $ex_libs.=' gdi32.lib advapi32.lib crypt32.lib user32.lib'; + $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/ and `cl 2>&1` =~ /14\.00\.4[0-9]{4}\./); + # WIN32 UNICODE build gets linked with unicows.lib for + # backward compatibility with Win9x. + $ex_libs="unicows.lib $ex_libs" if ($FLAVOR =~ /WIN32/ and $cflags =~ /\-DUNICODE/); } -# As native NT API is pure UNICODE, our WIN-NT build defaults to UNICODE, -# but gets linked with unicows.lib to ensure backward compatibility. -if ($FLAVOR =~ /NT/) - { - $cflags.=" -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE"; - $ex_libs="unicows.lib $ex_libs"; - } # static library stuff $mklib='lib /nologo'; $ranlib=''; @@ -173,23 +180,30 @@ $lfile='/out:'; $shlib_ex_obj=""; $app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/); -if ($nasm) { +if ($FLAVOR =~ /WIN64A/) { + if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { + $asm='nasm -f win64 -DNEAR -Ox -g'; + $afile='-o '; + } else { + $asm='ml64 /c /Cp /Cx /Zi'; + $afile='/Fo'; + } +} elsif ($FLAVOR =~ /WIN64I/) { + $asm='ias -d debug'; + $afile="-o "; +} elsif ($nasm) { my $ver=`nasm -v 2>NUL`; my $vew=`nasmw -v 2>NUL`; # pick newest version $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; + $asmtype="win32n"; $afile='-o '; -} elsif ($ml64) { - $asm='ml64 /c /Cp /Cx'; - $asm.=' /Zi' if $debug; - $afile='/Fo'; } else { - $asm='ml /nologo /Cp /coff /c /Cx'; - $asm.=" /Zi" if $debug; + $asm='ml /nologo /Cp /coff /c /Cx /Zi'; $afile='/Fo'; + $asmtype="win32"; } -$aes_asm_obj=''; $bn_asm_obj=''; $bn_asm_src=''; $des_enc_obj=''; @@ -198,56 +212,26 @@ $bf_enc_obj=''; $bf_enc_src=''; if (!$no_asm) - { - if ($FLAVOR =~ "WIN32") - { - $aes_asm_obj='crypto\aes\asm\a_win32.obj'; - $aes_asm_src='crypto\aes\asm\a_win32.asm'; - $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; - $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; - $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; - $bnco_asm_src='crypto\bn\asm\co_win32.asm'; - $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; - $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm'; - $bf_enc_obj='crypto\bf\asm\b_win32.obj'; - $bf_enc_src='crypto\bf\asm\b_win32.asm'; - $cast_enc_obj='crypto\cast\asm\c_win32.obj'; - $cast_enc_src='crypto\cast\asm\c_win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4_win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5_win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5_win32.obj'; - $md5_asm_src='crypto\md5\asm\m5_win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1_win32.obj crypto\sha\asm\sha512-sse2.obj'; - $sha1_asm_src='crypto\sha\asm\s1_win32.asm crypto\sha\asm\sha512-sse2.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; - $cpuid_asm_obj='crypto\cpu_win32.obj'; - $cpuid_asm_src='crypto\cpu_win32.asm'; - $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; - } - elsif ($FLAVOR =~ "WIN64A") { - $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; - $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; - $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; - $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; - $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; - $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm'; - $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj'; - $cpuid_asm_src='crypto\cpuid-x86_64.asm'; - $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; + win32_import_asm($mf_bn_asm, "bn", \$bn_asm_obj, \$bn_asm_src); + win32_import_asm($mf_aes_asm, "aes", \$aes_asm_obj, \$aes_asm_src); + win32_import_asm($mf_des_asm, "des", \$des_enc_obj, \$des_enc_src); + win32_import_asm($mf_bf_asm, "bf", \$bf_enc_obj, \$bf_enc_src); + win32_import_asm($mf_cast_asm, "cast", \$cast_enc_obj, \$cast_enc_src); + win32_import_asm($mf_rc4_asm, "rc4", \$rc4_enc_obj, \$rc4_enc_src); + win32_import_asm($mf_rc5_asm, "rc5", \$rc5_enc_obj, \$rc5_enc_src); + win32_import_asm($mf_md5_asm, "md5", \$md5_asm_obj, \$md5_asm_src); + win32_import_asm($mf_sha_asm, "sha", \$sha1_asm_obj, \$sha1_asm_src); + win32_import_asm($mf_rmd_asm, "ripemd", \$rmd160_asm_obj, \$rmd160_asm_src); + win32_import_asm($mf_wp_asm, "whrlpool", \$whirlpool_asm_obj, \$whirlpool_asm_src); + win32_import_asm($mf_cpuid_asm, "", \$cpuid_asm_obj, \$cpuid_asm_src); + $perl_asm = 1; } - } if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; -# $cflags =~ s| /MD| /MT|; - $lib_cflag=" -D_WINDLL"; - $out_def="out32dll"; - $tmp_def="tmp32dll"; + $lib_cflag.=" -D_WINDLL"; # # Engage Applink... # @@ -267,8 +251,8 @@ $(INCO_D)\applink.c: ms\applink.c EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj +CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) ___ -$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n"; $banner.=<<'___' if ($FLAVOR =~ /WIN64/); CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) ___ @@ -276,120 +260,35 @@ ___ elsif ($shlib && $FLAVOR =~ /CE/) { $mlflags.=" $lflags /dll"; - $lib_cflag=" -D_WINDLL -D_DLL"; - $out_def='out32dll_$(TARGETCPU)'; - $tmp_def='tmp32dll_$(TARGETCPU)'; + $lflags.=' /entry:mainCRTstartup' if(defined($ENV{'PORTSDK_LIBPATH'})); + $lib_cflag.=" -D_WINDLL -D_DLL"; } -$cflags.=" /Fd$out_def"; - sub do_lib_rule { - my($objs,$target,$name,$shlib,$ign,$base_addr) = @_; + local($objs,$target,$name,$shlib)=@_; local($ret); $taget =~ s/\//$o/g if $o ne '/'; - my $base_arg; - if ($base_addr ne "") - { - $base_arg= " /base:$base_addr"; - } - else - { - $base_arg = ""; - } - if ($target =~ /O_CRYPTO/ && $fipsdso) - { - $name = "/def:ms/libeayfips.def"; - } - elsif ($name ne "") + if ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } # $target="\$(LIB_D)$o$target"; -# $ret.="$target: $objs\n"; + $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; - $ex =' '; - $ret.="$target: $objs\n"; - $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs\n<<\n"; } else { - my $ex = ""; - if ($target =~ /O_SSL/) - { - $ex .= " \$(L_CRYPTO)"; - #$ex .= " \$(L_FIPS)" if $fipsdso; - } - my $fipstarget; - if ($fipsdso) - { - $fipstarget = "O_FIPS"; - } - else - { - $fipstarget = "O_CRYPTO"; - } - - - if ($name eq "") - { - $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); - if ($target =~ /capi/) - { - $ex.=' crypt32.lib advapi32.lib'; - } - } - elsif ($FLAVOR =~ /CE/) - { - $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib'; - } - else - { - $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); - $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; - $ex.=' crypt32.lib'; - $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); - } + local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; - - if ($fips && $target =~ /$fipstarget/) - { - $ex.= $mwex unless $fipscanisterbuild; - $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; - if ($fipsdso) - { - $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res"; - $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res"; - $ret.=" ms/\$(LIBFIPS).def"; - } - $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; - $ret.="\tSET FIPS_CC=\$(CC)\n"; - $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; - $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; - $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; - $ret.="\tSET FIPS_TARGET=$target\n"; - $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; - $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; - $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs "; - $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; - } - else - { - $ret.="$target: $objs"; - if ($target =~ /O_CRYPTO/ && $fipsdso) - { - $ret .= " \$(O_FIPS)"; - $ex .= " \$(L_FIPS)"; - } - $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - } - - $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; + $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; return($ret); @@ -397,64 +296,43 @@ sub do_lib_rule sub do_link_rule { - my($target,$files,$dep_libs,$libs,$standalone)=@_; + local($target,$files,$dep_libs,$libs)=@_; local($ret,$_); + $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - if ($standalone == 1) - { - $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; - $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); - $ret.="$files $libs\n<<\n"; - } - elsif ($standalone == 2) + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; + return($ret); + } + +sub win32_import_asm + { + my ($mf_var, $asm_name, $oref, $sref) = @_; + my $asm_dir; + if ($asm_name eq "") { - $ret.="\tSET FIPS_LINK=\$(LINK)\n"; - $ret.="\tSET FIPS_CC=\$(CC)\n"; - $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; - $ret.="\tSET PREMAIN_DSO_EXE=\n"; - $ret.="\tSET FIPS_TARGET=$target\n"; - $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; - $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; - $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; - $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; + $asm_dir = "crypto\\"; } else { - $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; + $asm_dir = "crypto\\$asm_name\\asm\\"; } - $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; - return($ret); - } -sub do_rlink_rule - { - local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_; - local($ret,$_); - my $files = "$rl_start $rl_mid $rl_end"; + $$oref = ""; + $mf_var =~ s/\.o$/.obj/g; - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); - $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; - $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; - $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; - $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n"; - $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n"; - $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n"; - $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n"; - $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n"; - $ret.="\n"; - return($ret); - } + foreach (split(/ /, $mf_var)) + { + $$oref .= $asm_dir . $_ . " "; + } + $$oref =~ s/ $//; + $$sref = $$oref; + $$sref =~ s/\.obj/.asm/g; -sub do_sdef_rule - { - my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; - $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; - $ret.="\n"; - return $ret; } + 1; diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl index 546d1ec186..025d914f2e 100644 --- a/src/lib/libcrypto/util/pod2man.pl +++ b/src/lib/libcrypto/util/pod2man.pl @@ -425,7 +425,7 @@ if ($name ne 'something') { } next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME next if /^=pod\b/; # It is OK to have =pod before NAME - next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME + next if /^=(for|begin|end)\s+comment\b/; # It is OK to have =for =begin or =end comment before NAME die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; } die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh index 4790e08f8a..da39899cb1 100644 --- a/src/lib/libcrypto/util/point.sh +++ b/src/lib/libcrypto/util/point.sh @@ -1,7 +1,7 @@ #!/bin/sh rm -f "$2" -if test "$OSTYPE" = msdosdjgpp; then +if test "$OSTYPE" = msdosdjgpp || test "x$PLATFORM" = xmingw ; then cp "$1" "$2" else ln -s "$1" "$2" diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl index 4778c5ab01..7b32e9f4ff 100644 --- a/src/lib/libcrypto/util/selftest.pl +++ b/src/lib/libcrypto/util/selftest.pl @@ -78,7 +78,7 @@ print OUT "\n"; print "Checking compiler...\n"; if (open(TEST,">cctest.c")) { - print TEST "#include \n#include \nmain(){printf(\"Hello world\\n\");}\n"; + print TEST "#include \n#include \n#include \nmain(){printf(\"Hello world\\n\");}\n"; close(TEST); system("$cc -o cctest cctest.c"); if (`./cctest` !~ /Hello world/) { @@ -96,7 +96,7 @@ if (open(TEST,">cctest.c")) { print OUT "Can't create cctest.c\n"; } if (open(TEST,">cctest.c")) { - print TEST "#include \nmain(){printf(OPENSSL_VERSION_TEXT);}\n"; + print TEST "#include \n#include \n#include \nmain(){printf(OPENSSL_VERSION_TEXT);}\n"; close(TEST); system("$cc -o cctest -Iinclude cctest.c"); $cctest = `./cctest`; diff --git a/src/lib/libcrypto/util/shlib_wrap.sh b/src/lib/libcrypto/util/shlib_wrap.sh index a2f62d696f..9416d593d2 100755 --- a/src/lib/libcrypto/util/shlib_wrap.sh +++ b/src/lib/libcrypto/util/shlib_wrap.sh @@ -80,7 +80,7 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then # it into a script makes it possible to do so on multi-ABI # platforms. case "$SYSNAME" in - *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD + *BSD|QNX) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD, QNX *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX esac _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX @@ -88,4 +88,6 @@ if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES fi -exec "$@" +cmd="$1${EXE_EXT}" +shift +exec "$cmd" "$@" diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num index 2055cc1597..15a58e7b13 100644 --- a/src/lib/libcrypto/util/ssleay.num +++ b/src/lib/libcrypto/util/ssleay.num @@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION: SSLv23_client_method 110 EXIST::FUNCTION:RSA SSLv23_method 111 EXIST::FUNCTION:RSA SSLv23_server_method 112 EXIST::FUNCTION:RSA -SSLv2_client_method 113 EXIST::FUNCTION:RSA -SSLv2_method 114 EXIST::FUNCTION:RSA -SSLv2_server_method 115 EXIST::FUNCTION:RSA +SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2 +SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2 +SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2 SSLv3_client_method 116 EXIST::FUNCTION: SSLv3_method 117 EXIST::FUNCTION: SSLv3_server_method 118 EXIST::FUNCTION: @@ -117,8 +117,8 @@ SSL_CIPHER_get_bits 128 EXIST::FUNCTION: SSL_CIPHER_get_version 129 EXIST::FUNCTION: SSL_CIPHER_get_name 130 EXIST::FUNCTION: BIO_ssl_shutdown 131 EXIST::FUNCTION:BIO -SSL_SESSION_cmp 132 EXIST::FUNCTION: -SSL_SESSION_hash 133 EXIST::FUNCTION: +SSL_SESSION_cmp 132 NOEXIST::FUNCTION: +SSL_SESSION_hash 133 NOEXIST::FUNCTION: SSL_SESSION_get_time 134 EXIST::FUNCTION: SSL_SESSION_set_time 135 EXIST::FUNCTION: SSL_SESSION_get_timeout 136 EXIST::FUNCTION: @@ -242,3 +242,20 @@ SSL_set_SSL_CTX 290 EXIST::FUNCTION: SSL_get_servername 291 EXIST::FUNCTION:TLSEXT SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE +SSL_CTX_use_psk_identity_hint 294 EXIST::FUNCTION:PSK +SSL_CTX_set_psk_client_callback 295 EXIST::FUNCTION:PSK +PEM_write_bio_SSL_SESSION 296 EXIST::FUNCTION: +SSL_get_psk_identity_hint 297 EXIST::FUNCTION:PSK +SSL_set_psk_server_callback 298 EXIST::FUNCTION:PSK +SSL_use_psk_identity_hint 299 EXIST::FUNCTION:PSK +SSL_set_psk_client_callback 300 EXIST::FUNCTION:PSK +PEM_read_SSL_SESSION 301 EXIST:!WIN16:FUNCTION: +PEM_read_bio_SSL_SESSION 302 EXIST::FUNCTION: +SSL_CTX_set_psk_server_callback 303 EXIST::FUNCTION:PSK +SSL_get_psk_identity 304 EXIST::FUNCTION:PSK +PEM_write_SSL_SESSION 305 EXIST:!WIN16:FUNCTION: +SSL_set_session_ticket_ext 306 EXIST::FUNCTION: +SSL_set_session_secret_cb 307 EXIST::FUNCTION: +SSL_set_session_ticket_ext_cb 308 EXIST::FUNCTION: +SSL_set1_param 309 EXIST::FUNCTION: +SSL_CTX_set1_param 310 EXIST::FUNCTION: diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile index 464752b159..72c82278f4 100644 --- a/src/lib/libcrypto/x509/Makefile +++ b/src/lib/libcrypto/x509/Makefile @@ -43,12 +43,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c +by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c by_file.o: ../../e_os.h ../../include/openssl/asn1.h by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c +by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h by_file.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_att.o: ../../include/openssl/opensslconf.h +x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_cmp.o: ../../include/openssl/opensslconf.h +x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c +x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_d2.c x509_def.o: ../../e_os.h ../../include/openssl/asn1.h x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_err.o: ../../include/openssl/opensslconf.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_ext.o: ../../include/openssl/opensslconf.h +x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c +x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_lu.o: ../cryptlib.h x509_lu.c x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c x509_req.o: ../../e_os.h ../../include/openssl/asn1.h -x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_trs.o: ../../include/openssl/opensslconf.h +x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c +x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_v3.o: ../cryptlib.h x509_v3.c x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vfy.o: ../../include/openssl/opensslconf.h +x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vpm.o: ../../include/openssl/opensslconf.h +x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509cset.o: ../../include/openssl/opensslconf.h x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c +x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile index e71dc42f9f..556ef351bf 100644 --- a/src/lib/libcrypto/x509v3/Makefile +++ b/src/lib/libcrypto/x509v3/Makefile @@ -43,7 +43,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_cache.o: ../../include/openssl/objects.h pcy_cache.o: ../../include/openssl/opensslconf.h pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_data.o: ../../include/openssl/opensslconf.h +pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c +pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c +pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_node.o: ../../include/openssl/opensslconf.h +pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_tree.o: ../../include/openssl/opensslconf.h +pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_addr.o: ../cryptlib.h v3_addr.c +v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c +v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akeya.o: ../../include/openssl/opensslconf.h v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c +v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_asid.o: ../cryptlib.h v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_bcons.o: ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_bitst.o: ../../include/openssl/opensslconf.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_conf.o: ../cryptlib.h v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_cpols.o: ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c +v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_enum.o: ../cryptlib.h v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_extku.o: ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c +v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c +v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ncons.o: ../../include/openssl/opensslconf.h v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c +v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pci.o: ../cryptlib.h v3_pci.c +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcia.o: v3_pcia.c +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcons.o: ../../include/openssl/opensslconf.h v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pku.o: ../cryptlib.h v3_pku.c +v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pmaps.o: ../../include/openssl/opensslconf.h v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_purp.o: ../cryptlib.h v3_purp.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_skey.o: ../cryptlib.h v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_sxnet.o: ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_utl.o: ../cryptlib.h v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c +v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h v3err.c diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES index 04d332e338..b139cf6244 100644 --- a/src/lib/libssl/src/CHANGES +++ b/src/lib/libssl/src/CHANGES @@ -2,6 +2,1049 @@ OpenSSL CHANGES _______________ + Changes between 1.0.0 and 1.0.0a [01 Jun 2010] + + *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover + (CVE-2010-1633) + [Steve Henson, Peter-Michael Hager ] + + Changes between 0.9.8n and 1.0.0 [29 Mar 2010] + + *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher + context. The operation can be customised via the ctrl mechanism in + case ENGINEs want to include additional functionality. + [Steve Henson] + + *) Tolerate yet another broken PKCS#8 key format: private key value negative. + [Steve Henson] + + *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to + output hashes compatible with older versions of OpenSSL. + [Willy Weisz ] + + *) Fix compression algorithm handling: if resuming a session use the + compression algorithm of the resumed session instead of determining + it from client hello again. Don't allow server to change algorithm. + [Steve Henson] + + *) Add load_crls() function to apps tidying load_certs() too. Add option + to verify utility to allow additional CRLs to be included. + [Steve Henson] + + *) Update OCSP request code to permit adding custom headers to the request: + some responders need this. + [Steve Henson] + + *) The function EVP_PKEY_sign() returns <=0 on error: check return code + correctly. + [Julia Lawall ] + + *) Update verify callback code in apps/s_cb.c and apps/verify.c, it + needlessly dereferenced structures, used obsolete functions and + didn't handle all updated verify codes correctly. + [Steve Henson] + + *) Disable MD2 in the default configuration. + [Steve Henson] + + *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to + indicate the initial BIO being pushed or popped. This makes it possible + to determine whether the BIO is the one explicitly called or as a result + of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so + it handles reference counts correctly and doesn't zero out the I/O bio + when it is not being explicitly popped. WARNING: applications which + included workarounds for the old buggy behaviour will need to be modified + or they could free up already freed BIOs. + [Steve Henson] + + *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni + renaming to all platforms (within the 0.9.8 branch, this was + done conditionally on Netware platforms to avoid a name clash). + [Guenter ] + + *) Add ECDHE and PSK support to DTLS. + [Michael Tuexen ] + + *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't + be used on C++. + [Steve Henson] + + *) Add "missing" function EVP_MD_flags() (without this the only way to + retrieve a digest flags is by accessing the structure directly. Update + EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest + or cipher is registered as in the "from" argument. Print out all + registered digests in the dgst usage message instead of manually + attempting to work them out. + [Steve Henson] + + *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello: + this allows the use of compression and extensions. Change default cipher + string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2 + by default unless an application cipher string requests it. + [Steve Henson] + + *) Alter match criteria in PKCS12_parse(). It used to try to use local + key ids to find matching certificates and keys but some PKCS#12 files + don't follow the (somewhat unwritten) rules and this strategy fails. + Now just gather all certificates together and the first private key + then look for the first certificate that matches the key. + [Steve Henson] + + *) Support use of registered digest and cipher names for dgst and cipher + commands instead of having to add each one as a special case. So now + you can do: + + openssl sha256 foo + + as well as: + + openssl dgst -sha256 foo + + and this works for ENGINE based algorithms too. + + [Steve Henson] + + *) Update Gost ENGINE to support parameter files. + [Victor B. Wagner ] + + *) Support GeneralizedTime in ca utility. + [Oliver Martin , Steve Henson] + + *) Enhance the hash format used for certificate directory links. The new + form uses the canonical encoding (meaning equivalent names will work + even if they aren't identical) and uses SHA1 instead of MD5. This form + is incompatible with the older format and as a result c_rehash should + be used to rebuild symbolic links. + [Steve Henson] + + *) Make PKCS#8 the default write format for private keys, replacing the + traditional format. This form is standardised, more secure and doesn't + include an implicit MD5 dependency. + [Steve Henson] + + *) Add a $gcc_devteam_warn option to Configure. The idea is that any code + committed to OpenSSL should pass this lot as a minimum. + [Steve Henson] + + *) Add session ticket override functionality for use by EAP-FAST. + [Jouni Malinen ] + + *) Modify HMAC functions to return a value. Since these can be implemented + in an ENGINE errors can occur. + [Steve Henson] + + *) Type-checked OBJ_bsearch_ex. + [Ben Laurie] + + *) Type-checked OBJ_bsearch. Also some constification necessitated + by type-checking. Still to come: TXT_DB, bsearch(?), + OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING, + CONF_VALUE. + [Ben Laurie] + + *) New function OPENSSL_gmtime_adj() to add a specific number of days and + seconds to a tm structure directly, instead of going through OS + specific date routines. This avoids any issues with OS routines such + as the year 2038 bug. New *_adj() functions for ASN1 time structures + and X509_time_adj_ex() to cover the extended range. The existing + X509_time_adj() is still usable and will no longer have any date issues. + [Steve Henson] + + *) Delta CRL support. New use deltas option which will attempt to locate + and search any appropriate delta CRLs available. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for CRLs partitioned by reason code. Reorganise CRL processing + code and add additional score elements. Validate alternate CRL paths + as part of the CRL checking and indicate a new error "CRL path validation + error" in this case. Applications wanting additional details can use + the verify callback and check the new "parent" field. If this is not + NULL CRL path validation is taking place. Existing applications wont + see this because it requires extended CRL support which is off by + default. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for freshest CRL extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Initial indirect CRL support. Currently only supported in the CRLs + passed directly and not via lookup. Process certificate issuer + CRL entry extension and lookup CRL entries by bother issuer name + and serial number. Check and process CRL issuer entry in IDP extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Add support for distinct certificate and CRL paths. The CRL issuer + certificate is validated separately in this case. Only enabled if + an extended CRL support flag is set: this flag will enable additional + CRL functionality in future. + + This work was sponsored by Google. + [Steve Henson] + + *) Add support for policy mappings extension. + + This work was sponsored by Google. + [Steve Henson] + + *) Fixes to pathlength constraint, self issued certificate handling, + policy processing to align with RFC3280 and PKITS tests. + + This work was sponsored by Google. + [Steve Henson] + + *) Support for name constraints certificate extension. DN, email, DNS + and URI types are currently supported. + + This work was sponsored by Google. + [Steve Henson] + + *) To cater for systems that provide a pointer-based thread ID rather + than numeric, deprecate the current numeric thread ID mechanism and + replace it with a structure and associated callback type. This + mechanism allows a numeric "hash" to be extracted from a thread ID in + either case, and on platforms where pointers are larger than 'long', + mixing is done to help ensure the numeric 'hash' is usable even if it + can't be guaranteed unique. The default mechanism is to use "&errno" + as a pointer-based thread ID to distinguish between threads. + + Applications that want to provide their own thread IDs should now use + CRYPTO_THREADID_set_callback() to register a callback that will call + either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer(). + + Note that ERR_remove_state() is now deprecated, because it is tied + to the assumption that thread IDs are numeric. ERR_remove_state(0) + to free the current thread's error state should be replaced by + ERR_remove_thread_state(NULL). + + (This new approach replaces the functions CRYPTO_set_idptr_callback(), + CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in + OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an + application was previously providing a numeric thread callback that + was inappropriate for distinguishing threads, then uniqueness might + have been obtained with &errno that happened immediately in the + intermediate development versions of OpenSSL; this is no longer the + case, the numeric thread callback will now override the automatic use + of &errno.) + [Geoff Thorpe, with help from Bodo Moeller] + + *) Initial support for different CRL issuing certificates. This covers a + simple case where the self issued certificates in the chain exist and + the real CRL issuer is higher in the existing chain. + + This work was sponsored by Google. + [Steve Henson] + + *) Removed effectively defunct crypto/store from the build. + [Ben Laurie] + + *) Revamp of STACK to provide stronger type-checking. Still to come: + TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE, + ASN1_STRING, CONF_VALUE. + [Ben Laurie] + + *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer + RAM on SSL connections. This option can save about 34k per idle SSL. + [Nick Mathewson] + + *) Revamp of LHASH to provide stronger type-checking. Still to come: + STACK, TXT_DB, bsearch, qsort. + [Ben Laurie] + + *) Initial support for Cryptographic Message Syntax (aka CMS) based + on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility, + support for data, signedData, compressedData, digestedData and + encryptedData, envelopedData types included. Scripts to check against + RFC4134 examples draft and interop and consistency checks of many + content types and variants. + [Steve Henson] + + *) Add options to enc utility to support use of zlib compression BIO. + [Steve Henson] + + *) Extend mk1mf to support importing of options and assembly language + files from Configure script, currently only included in VC-WIN32. + The assembly language rules can now optionally generate the source + files from the associated perl scripts. + [Steve Henson] + + *) Implement remaining functionality needed to support GOST ciphersuites. + Interop testing has been performed using CryptoPro implementations. + [Victor B. Wagner ] + + *) s390x assembler pack. + [Andy Polyakov] + + *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU + "family." + [Andy Polyakov] + + *) Implement Opaque PRF Input TLS extension as specified in + draft-rescorla-tls-opaque-prf-input-00.txt. Since this is not an + official specification yet and no extension type assignment by + IANA exists, this extension (for now) will have to be explicitly + enabled when building OpenSSL by providing the extension number + to use. For example, specify an option + + -DTLSEXT_TYPE_opaque_prf_input=0x9527 + + to the "config" or "Configure" script to enable the extension, + assuming extension number 0x9527 (which is a completely arbitrary + and unofficial assignment based on the MD5 hash of the Internet + Draft). Note that by doing so, you potentially lose + interoperability with other TLS implementations since these might + be using the same extension number for other purposes. + + SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the + opaque PRF input value to use in the handshake. This will create + an interal copy of the length-'len' string at 'src', and will + return non-zero for success. + + To get more control and flexibility, provide a callback function + by using + + SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) + + where + + int (*cb)(SSL *, void *peerinput, size_t len, void *arg); + void *arg; + + Callback function 'cb' will be called in handshakes, and is + expected to use SSL_set_tlsext_opaque_prf_input() as appropriate. + Argument 'arg' is for application purposes (the value as given to + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly + be provided to the callback function). The callback function + has to return non-zero to report success: usually 1 to use opaque + PRF input just if possible, or 2 to enforce use of the opaque PRF + input. In the latter case, the library will abort the handshake + if opaque PRF input is not successfully negotiated. + + Arguments 'peerinput' and 'len' given to the callback function + will always be NULL and 0 in the case of a client. A server will + see the client's opaque PRF input through these variables if + available (NULL and 0 otherwise). Note that if the server + provides an opaque PRF input, the length must be the same as the + length of the client's opaque PRF input. + + Note that the callback function will only be called when creating + a new session (session resumption can resume whatever was + previously negotiated), and will not be called in SSL 2.0 + handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or + SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended + for applications that need to enforce opaque PRF input. + + [Bodo Moeller] + + *) Update ssl code to support digests other than SHA1+MD5 for handshake + MAC. + + [Victor B. Wagner ] + + *) Add RFC4507 support to OpenSSL. This includes the corrections in + RFC4507bis. The encrypted ticket format is an encrypted encoded + SSL_SESSION structure, that way new session features are automatically + supported. + + If a client application caches session in an SSL_SESSION structure + support is transparent because tickets are now stored in the encoded + SSL_SESSION. + + The SSL_CTX structure automatically generates keys for ticket + protection in servers so again support should be possible + with no application modification. + + If a client or server wishes to disable RFC4507 support then the option + SSL_OP_NO_TICKET can be set. + + Add a TLS extension debugging callback to allow the contents of any client + or server extensions to be examined. + + This work was sponsored by Google. + [Steve Henson] + + *) Final changes to avoid use of pointer pointer casts in OpenSSL. + OpenSSL should now compile cleanly on gcc 4.2 + [Peter Hartley , Steve Henson] + + *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC + support including streaming MAC support: this is required for GOST + ciphersuite support. + [Victor B. Wagner , Steve Henson] + + *) Add option -stream to use PKCS#7 streaming in smime utility. New + function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream() + to output in BER and PEM format. + [Steve Henson] + + *) Experimental support for use of HMAC via EVP_PKEY interface. This + allows HMAC to be handled via the EVP_DigestSign*() interface. The + EVP_PKEY "key" in this case is the HMAC key, potentially allowing + ENGINE support for HMAC keys which are unextractable. New -mac and + -macopt options to dgst utility. + [Steve Henson] + + *) New option -sigopt to dgst utility. Update dgst to use + EVP_Digest{Sign,Verify}*. These two changes make it possible to use + alternative signing paramaters such as X9.31 or PSS in the dgst + utility. + [Steve Henson] + + *) Change ssl_cipher_apply_rule(), the internal function that does + the work each time a ciphersuite string requests enabling + ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or + removing ("!foo+bar") a class of ciphersuites: Now it maintains + the order of disabled ciphersuites such that those ciphersuites + that most recently went from enabled to disabled not only stay + in order with respect to each other, but also have higher priority + than other disabled ciphersuites the next time ciphersuites are + enabled again. + + This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable + the same ciphersuites as with "HIGH" alone, but in a specific + order where the PSK ciphersuites come first (since they are the + most recently disabled ciphersuites when "HIGH" is parsed). + + Also, change ssl_create_cipher_list() (using this new + funcionality) such that between otherwise identical + cihpersuites, ephemeral ECDH is preferred over ephemeral DH in + the default order. + [Bodo Moeller] + + *) Change ssl_create_cipher_list() so that it automatically + arranges the ciphersuites in reasonable order before starting + to process the rule string. Thus, the definition for "DEFAULT" + (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but + remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH". + This makes it much easier to arrive at a reasonable default order + in applications for which anonymous ciphers are OK (meaning + that you can't actually use DEFAULT). + [Bodo Moeller; suggested by Victor Duchovni] + + *) Split the SSL/TLS algorithm mask (as used for ciphersuite string + processing) into multiple integers instead of setting + "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK", + "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer. + (These masks as well as the individual bit definitions are hidden + away into the non-exported interface ssl/ssl_locl.h, so this + change to the definition of the SSL_CIPHER structure shouldn't + affect applications.) This give us more bits for each of these + categories, so there is no longer a need to coagulate AES128 and + AES256 into a single algorithm bit, and to coagulate Camellia128 + and Camellia256 into a single algorithm bit, which has led to all + kinds of kludges. + + Thus, among other things, the kludge introduced in 0.9.7m and + 0.9.8e for masking out AES256 independently of AES128 or masking + out Camellia256 independently of AES256 is not needed here in 0.9.9. + + With the change, we also introduce new ciphersuite aliases that + so far were missing: "AES128", "AES256", "CAMELLIA128", and + "CAMELLIA256". + [Bodo Moeller] + + *) Add support for dsa-with-SHA224 and dsa-with-SHA256. + Use the leftmost N bytes of the signature input if the input is + larger than the prime q (with N being the size in bytes of q). + [Nils Larsch] + + *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses + it yet and it is largely untested. + [Steve Henson] + + *) Add support for the ecdsa-with-SHA224/256/384/512 signature types. + [Nils Larsch] + + *) Initial incomplete changes to avoid need for function casts in OpenSSL + some compilers (gcc 4.2 and later) reject their use. Safestack is + reimplemented. Update ASN1 to avoid use of legacy functions. + [Steve Henson] + + *) Win32/64 targets are linked with Winsock2. + [Andy Polyakov] + + *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected + to external functions. This can be used to increase CRL handling + efficiency especially when CRLs are very large by (for example) storing + the CRL revoked certificates in a database. + [Steve Henson] + + *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so + new CRLs added to a directory can be used. New command line option + -verify_return_error to s_client and s_server. This causes real errors + to be returned by the verify callback instead of carrying on no matter + what. This reflects the way a "real world" verify callback would behave. + [Steve Henson] + + *) GOST engine, supporting several GOST algorithms and public key formats. + Kindly donated by Cryptocom. + [Cryptocom] + + *) Partial support for Issuing Distribution Point CRL extension. CRLs + partitioned by DP are handled but no indirect CRL or reason partitioning + (yet). Complete overhaul of CRL handling: now the most suitable CRL is + selected via a scoring technique which handles IDP and AKID in CRLs. + [Steve Henson] + + *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which + will ultimately be used for all verify operations: this will remove the + X509_STORE dependency on certificate verification and allow alternative + lookup methods. X509_STORE based implementations of these two callbacks. + [Steve Henson] + + *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names. + Modify get_crl() to find a valid (unexpired) CRL if possible. + [Steve Henson] + + *) New function X509_CRL_match() to check if two CRLs are identical. Normally + this would be called X509_CRL_cmp() but that name is already used by + a function that just compares CRL issuer names. Cache several CRL + extensions in X509_CRL structure and cache CRLDP in X509. + [Steve Henson] + + *) Store a "canonical" representation of X509_NAME structure (ASN1 Name) + this maps equivalent X509_NAME structures into a consistent structure. + Name comparison can then be performed rapidly using memcmp(). + [Steve Henson] + + *) Non-blocking OCSP request processing. Add -timeout option to ocsp + utility. + [Steve Henson] + + *) Allow digests to supply their own micalg string for S/MIME type using + the ctrl EVP_MD_CTRL_MICALG. + [Steve Henson] + + *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the + EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN + ctrl. It can then customise the structure before and/or after signing + if necessary. + [Steve Henson] + + *) New function OBJ_add_sigid() to allow application defined signature OIDs + to be added to OpenSSLs internal tables. New function OBJ_sigid_free() + to free up any added signature OIDs. + [Steve Henson] + + *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(), + EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal + digest and cipher tables. New options added to openssl utility: + list-message-digest-algorithms and list-cipher-algorithms. + [Steve Henson] + + *) Change the array representation of binary polynomials: the list + of degrees of non-zero coefficients is now terminated with -1. + Previously it was terminated with 0, which was also part of the + value; thus, the array representation was not applicable to + polynomials where t^0 has coefficient zero. This change makes + the array representation useful in a more general context. + [Douglas Stebila] + + *) Various modifications and fixes to SSL/TLS cipher string + handling. For ECC, the code now distinguishes between fixed ECDH + with RSA certificates on the one hand and with ECDSA certificates + on the other hand, since these are separate ciphersuites. The + unused code for Fortezza ciphersuites has been removed. + + For consistency with EDH, ephemeral ECDH is now called "EECDH" + (not "ECDHE"). For consistency with the code for DH + certificates, use of ECDH certificates is now considered ECDH + authentication, not RSA or ECDSA authentication (the latter is + merely the CA's signing algorithm and not actively used in the + protocol). + + The temporary ciphersuite alias "ECCdraft" is no longer + available, and ECC ciphersuites are no longer excluded from "ALL" + and "DEFAULT". The following aliases now exist for RFC 4492 + ciphersuites, most of these by analogy with the DH case: + + kECDHr - ECDH cert, signed with RSA + kECDHe - ECDH cert, signed with ECDSA + kECDH - ECDH cert (signed with either RSA or ECDSA) + kEECDH - ephemeral ECDH + ECDH - ECDH cert or ephemeral ECDH + + aECDH - ECDH cert + aECDSA - ECDSA cert + ECDSA - ECDSA cert + + AECDH - anonymous ECDH + EECDH - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH") + + [Bodo Moeller] + + *) Add additional S/MIME capabilities for AES and GOST ciphers if supported. + Use correct micalg parameters depending on digest(s) in signed message. + [Steve Henson] + + *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process + an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code. + [Steve Henson] + + *) Initial engine support for EVP_PKEY_METHOD. New functions to permit + an engine to register a method. Add ENGINE lookups for methods and + functional reference processing. + [Steve Henson] + + *) New functions EVP_Digest{Sign,Verify)*. These are enchance versions of + EVP_{Sign,Verify}* which allow an application to customise the signature + process. + [Steve Henson] + + *) New -resign option to smime utility. This adds one or more signers + to an existing PKCS#7 signedData structure. Also -md option to use an + alternative message digest algorithm for signing. + [Steve Henson] + + *) Tidy up PKCS#7 routines and add new functions to make it easier to + create PKCS7 structures containing multiple signers. Update smime + application to support multiple signers. + [Steve Henson] + + *) New -macalg option to pkcs12 utility to allow setting of an alternative + digest MAC. + [Steve Henson] + + *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC. + Reorganize PBE internals to lookup from a static table using NIDs, + add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl: + EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative + PRF which will be automatically used with PBES2. + [Steve Henson] + + *) Replace the algorithm specific calls to generate keys in "req" with the + new API. + [Steve Henson] + + *) Update PKCS#7 enveloped data routines to use new API. This is now + supported by any public key method supporting the encrypt operation. A + ctrl is added to allow the public key algorithm to examine or modify + the PKCS#7 RecipientInfo structure if it needs to: for RSA this is + a no op. + [Steve Henson] + + *) Add a ctrl to asn1 method to allow a public key algorithm to express + a default digest type to use. In most cases this will be SHA1 but some + algorithms (such as GOST) need to specify an alternative digest. The + return value indicates how strong the prefernce is 1 means optional and + 2 is mandatory (that is it is the only supported type). Modify + ASN1_item_sign() to accept a NULL digest argument to indicate it should + use the default md. Update openssl utilities to use the default digest + type for signing if it is not explicitly indicated. + [Steve Henson] + + *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New + EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant + signing method from the key type. This effectively removes the link + between digests and public key types. + [Steve Henson] + + *) Add an OID cross reference table and utility functions. Its purpose is to + translate between signature OIDs such as SHA1WithrsaEncryption and SHA1, + rsaEncryption. This will allow some of the algorithm specific hackery + needed to use the correct OID to be removed. + [Steve Henson] + + *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO + structures for PKCS7_sign(). They are now set up by the relevant public + key ASN1 method. + [Steve Henson] + + *) Add provisional EC pkey method with support for ECDSA and ECDH. + [Steve Henson] + + *) Add support for key derivation (agreement) in the API, DH method and + pkeyutl. + [Steve Henson] + + *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support + public and private key formats. As a side effect these add additional + command line functionality not previously available: DSA signatures can be + generated and verified using pkeyutl and DH key support and generation in + pkey, genpkey. + [Steve Henson] + + *) BeOS support. + [Oliver Tappe ] + + *) New make target "install_html_docs" installs HTML renditions of the + manual pages. + [Oliver Tappe ] + + *) New utility "genpkey" this is analagous to "genrsa" etc except it can + generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to + support key and parameter generation and add initial key generation + functionality for RSA. + [Steve Henson] + + *) Add functions for main EVP_PKEY_method operations. The undocumented + functions EVP_PKEY_{encrypt,decrypt} have been renamed to + EVP_PKEY_{encrypt,decrypt}_old. + [Steve Henson] + + *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public + key API, doesn't do much yet. + [Steve Henson] + + *) New function EVP_PKEY_asn1_get0_info() to retrieve information about + public key algorithms. New option to openssl utility: + "list-public-key-algorithms" to print out info. + [Steve Henson] + + *) Implement the Supported Elliptic Curves Extension for + ECC ciphersuites from draft-ietf-tls-ecc-12.txt. + [Douglas Stebila] + + *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or + EVP_CIPHER structures to avoid later problems in EVP_cleanup(). + [Steve Henson] + + *) New utilities pkey and pkeyparam. These are similar to algorithm specific + utilities such as rsa, dsa, dsaparam etc except they process any key + type. + [Steve Henson] + + *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New + functions EVP_PKEY_print_public(), EVP_PKEY_print_private(), + EVP_PKEY_print_param() to print public key data from an EVP_PKEY + structure. + [Steve Henson] + + *) Initial support for pluggable public key ASN1. + De-spaghettify the public key ASN1 handling. Move public and private + key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate + algorithm specific handling to a single module within the relevant + algorithm directory. Add functions to allow (near) opaque processing + of public and private key structures. + [Steve Henson] + + *) Implement the Supported Point Formats Extension for + ECC ciphersuites from draft-ietf-tls-ecc-12.txt. + [Douglas Stebila] + + *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members + for the psk identity [hint] and the psk callback functions to the + SSL_SESSION, SSL and SSL_CTX structure. + + New ciphersuites: + PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA, + PSK-AES256-CBC-SHA + + New functions: + SSL_CTX_use_psk_identity_hint + SSL_get_psk_identity_hint + SSL_get_psk_identity + SSL_use_psk_identity_hint + + [Mika Kousa and Pasi Eronen of Nokia Corporation] + + *) Add RFC 3161 compliant time stamp request creation, response generation + and response verification functionality. + [Zoltán Glózik , The OpenTSA Project] + + *) Add initial support for TLS extensions, specifically for the server_name + extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now + have new members for a host name. The SSL data structure has an + additional member SSL_CTX *initial_ctx so that new sessions can be + stored in that context to allow for session resumption, even after the + SSL has been switched to a new SSL_CTX in reaction to a client's + server_name extension. + + New functions (subject to change): + + SSL_get_servername() + SSL_get_servername_type() + SSL_set_SSL_CTX() + + New CTRL codes and macros (subject to change): + + SSL_CTRL_SET_TLSEXT_SERVERNAME_CB + - SSL_CTX_set_tlsext_servername_callback() + SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG + - SSL_CTX_set_tlsext_servername_arg() + SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name() + + openssl s_client has a new '-servername ...' option. + + openssl s_server has new options '-servername_host ...', '-cert2 ...', + '-key2 ...', '-servername_fatal' (subject to change). This allows + testing the HostName extension for a specific single host name ('-cert' + and '-key' remain fallbacks for handshakes without HostName + negotiation). If the unrecogninzed_name alert has to be sent, this by + default is a warning; it becomes fatal with the '-servername_fatal' + option. + + [Peter Sylvester, Remy Allais, Christophe Renou] + + *) Whirlpool hash implementation is added. + [Andy Polyakov] + + *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to + bn(64,32). Because of instruction set limitations it doesn't have + any negative impact on performance. This was done mostly in order + to make it possible to share assembler modules, such as bn_mul_mont + implementations, between 32- and 64-bit builds without hassle. + [Andy Polyakov] + + *) Move code previously exiled into file crypto/ec/ec2_smpt.c + to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP + macro. + [Bodo Moeller] + + *) New candidate for BIGNUM assembler implementation, bn_mul_mont, + dedicated Montgomery multiplication procedure, is introduced. + BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher + "64-bit" performance on certain 32-bit targets. + [Andy Polyakov] + + *) New option SSL_OP_NO_COMP to disable use of compression selectively + in SSL structures. New SSL ctrl to set maximum send fragment size. + Save memory by seeting the I/O buffer sizes dynamically instead of + using the maximum available value. + [Steve Henson] + + *) New option -V for 'openssl ciphers'. This prints the ciphersuite code + in addition to the text details. + [Bodo Moeller] + + *) Very, very preliminary EXPERIMENTAL support for printing of general + ASN1 structures. This currently produces rather ugly output and doesn't + handle several customised structures at all. + [Steve Henson] + + *) Integrated support for PVK file format and some related formats such + as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support + these in the 'rsa' and 'dsa' utilities. + [Steve Henson] + + *) Support for PKCS#1 RSAPublicKey format on rsa utility command line. + [Steve Henson] + + *) Remove the ancient ASN1_METHOD code. This was only ever used in one + place for the (very old) "NETSCAPE" format certificates which are now + handled using new ASN1 code equivalents. + [Steve Henson] + + *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD + pointer and make the SSL_METHOD parameter in SSL_CTX_new, + SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'. + [Nils Larsch] + + *) Modify CRL distribution points extension code to print out previously + unsupported fields. Enhance extension setting code to allow setting of + all fields. + [Steve Henson] + + *) Add print and set support for Issuing Distribution Point CRL extension. + [Steve Henson] + + *) Change 'Configure' script to enable Camellia by default. + [NTT] + + Changes between 0.9.8n and 0.9.8o [xx XXX xxxx] + + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen ] + + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more + common in certificates and some applications which only call + SSL_library_init and not OpenSSL_add_all_algorithms() will fail. + [Steve Henson] + + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] + + *) When rejecting SSL/TLS records due to an incorrect version number, never + update s->server with a new major version number. As of + - OpenSSL 0.9.8m if 'short' is a 16-bit type, + - OpenSSL 0.9.8f if 'short' is longer than 16 bits, + the previous behavior could result in a read attempt at NULL when + receiving specific incorrect SSL/TLS records once record payload + protection is active. (CVE-2010-####) + [Bodo Moeller, Adam Langley] + + *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL + could be crashed if the relevant tables were not present (e.g. chrooted). + [Tomas Hoger ] + + Changes between 0.9.8l and 0.9.8m [25 Feb 2010] + + *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) + [Martin Olsson, Neel Mehta] + + *) Fix X509_STORE locking: Every 'objs' access requires a lock (to + accommodate for stack sorting, always a write lock!). + [Bodo Moeller] + + *) On some versions of WIN32 Heap32Next is very slow. This can cause + excessive delays in the RAND_poll(): over a minute. As a workaround + include a time check in the inner Heap32Next loop too. + [Steve Henson] + + *) The code that handled flushing of data in SSL/TLS originally used the + BIO_CTRL_INFO ctrl to see if any data was pending first. This caused + the problem outlined in PR#1949. The fix suggested there however can + trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions + of Apache). So instead simplify the code to flush unconditionally. + This should be fine since flushing with no data to flush is a no op. + [Steve Henson] + + *) Handle TLS versions 2.0 and later properly and correctly use the + highest version of TLS/SSL supported. Although TLS >= 2.0 is some way + off ancient servers have a habit of sticking around for a while... + [Steve Henson] + + *) Modify compression code so it frees up structures without using the + ex_data callbacks. This works around a problem where some applications + call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when + restarting) then use compression (e.g. SSL with compression) later. + This results in significant per-connection memory leaks and + has caused some security issues including CVE-2008-1678 and + CVE-2009-4355. + [Steve Henson] + + *) Constify crypto/cast (i.e., ): a CAST_KEY doesn't + change when encrypting or decrypting. + [Bodo Moeller] + + *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to + connect and renegotiate with servers which do not support RI. + Until RI is more widely deployed this option is enabled by default. + [Steve Henson] + + *) Add "missing" ssl ctrls to clear options and mode. + [Steve Henson] + + *) If client attempts to renegotiate and doesn't support RI respond with + a no_renegotiation alert as required by RFC5746. Some renegotiating + TLS clients will continue a connection gracefully when they receive + the alert. Unfortunately OpenSSL mishandled this alert and would hang + waiting for a server hello which it will never receive. Now we treat a + received no_renegotiation alert as a fatal error. This is because + applications requesting a renegotiation might well expect it to succeed + and would have no code in place to handle the server denying it so the + only safe thing to do is to terminate the connection. + [Steve Henson] + + *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if + peer supports secure renegotiation and 0 otherwise. Print out peer + renegotiation support in s_client/s_server. + [Steve Henson] + + *) Replace the highly broken and deprecated SPKAC certification method with + the updated NID creation version. This should correctly handle UTF8. + [Steve Henson] + + *) Implement RFC5746. Re-enable renegotiation but require the extension + as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + turns out to be a bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla , Ben Laurie, Steve Henson] + + *) Fixes to stateless session resumption handling. Use initial_ctx when + issuing and attempting to decrypt tickets in case it has changed during + servername handling. Use a non-zero length session ID when attempting + stateless session resumption: this makes it possible to determine if + a resumption has occurred immediately after receiving server hello + (several places in OpenSSL subtly assume this) instead of later in + the handshake. + [Steve Henson] + + *) The functions ENGINE_ctrl(), OPENSSL_isservice(), + CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error + fixes for a few places where the return code is not checked + correctly. + [Julia Lawall ] + + *) Add --strict-warnings option to Configure script to include devteam + warnings in other configurations. + [Steve Henson] + + *) Add support for --libdir option and LIBDIR variable in makefiles. This + makes it possible to install openssl libraries in locations which + have names other than "lib", for example "/usr/lib64" which some + systems need. + [Steve Henson, based on patch from Jeremy Utley] + + *) Don't allow the use of leading 0x80 in OIDs. This is a violation of + X690 8.9.12 and can produce some misleading textual output of OIDs. + [Steve Henson, reported by Dan Kaminsky] + + *) Delete MD2 from algorithm tables. This follows the recommendation in + several standards that it is not used in new applications due to + several cryptographic weaknesses. For binary compatibility reasons + the MD2 API is still compiled in by default. + [Steve Henson] + + *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved + and restored. + [Steve Henson] + + *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and + OPENSSL_asc2uni conditionally on Netware platforms to avoid a name + clash. + [Guenter ] + + *) Fix the server certificate chain building code to use X509_verify_cert(), + it used to have an ad-hoc builder which was unable to cope with anything + other than a simple chain. + [David Woodhouse , Steve Henson] + + *) Don't check self signed certificate signatures in X509_verify_cert() + by default (a flag can override this): it just wastes time without + adding any security. As a useful side effect self signed root CAs + with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + + *) In dtls1_process_out_of_seq_message() the check if the current message + is already buffered was missing. For every new message was memory + allocated, allowing an attacker to perform an denial of service attack + with sending out of seq handshake messages until there is no memory + left. Additionally every future messege was buffered, even if the + sequence number made no sense and would be part of another handshake. + So only messages with sequence numbers less than 10 in advance will be + buffered. (CVE-2009-1378) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Records are buffered if they arrive with a future epoch to be + processed after finishing the corresponding handshake. There is + currently no limitation to this buffer allowing an attacker to perform + a DOS attack with sending records with future epochs until there is no + memory left. This patch adds the pqueue_size() function to detemine + the size of a buffer and limits the record buffer to 100 entries. + (CVE-2009-1377) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Keep a copy of frag->msg_header.frag_len so it can be used after the + parent structure is freed. (CVE-2009-1379) + [Daniel Mentz] + + *) Handle non-blocking I/O properly in SSL_shutdown() call. + [Darryl Miles ] + + *) Add 2.5.4.* OIDs + [Ilya O. ] + + Changes between 0.9.8k and 0.9.8l [5 Nov 2009] + + *) Disable renegotiation completely - this fixes a severe security + problem (CVE-2009-3555) at the cost of breaking all + renegotiation. Renegotiation can be re-enabled by setting + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at + run-time. This is really not recommended unless you know what + you're doing. + [Ben Laurie] + Changes between 0.9.8j and 0.9.8k [25 Mar 2009] *) Don't set val to NULL when freeing up structures, it is freed up by @@ -86,6 +1129,10 @@ Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + *) Fix NULL pointer dereference if a DTLS server received + ChangeCipherSpec as first record (CVE-2009-1386). + [PR #1679] + *) Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). [Nagendra Modadugu] @@ -1489,19 +2536,6 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] - - *) In the SSL/TLS server implementation, be strict about session ID - context matching (which matters if an application uses a single - external cache for different purposes). Previously, - out-of-context reuse was forbidden only if SSL_VERIFY_PEER was - set. This did ensure strict client verification, but meant that, - with applications using a single external cache for quite - different requirements, clients could circumvent ciphersuite - restrictions for a given session ID context by starting a session - in a different context. - [Bodo Moeller] - Changes between 0.9.7l and 0.9.7m [23 Feb 2007] *) Cleanse PEM buffers before freeing them since they may contain diff --git a/src/lib/libssl/src/CHANGES.SSLeay b/src/lib/libssl/src/CHANGES.SSLeay index dbb80b003d..ca5cd72976 100644 --- a/src/lib/libssl/src/CHANGES.SSLeay +++ b/src/lib/libssl/src/CHANGES.SSLeay @@ -148,7 +148,7 @@ eric (about to go bushwalking for the 4 day easter break :-) This would tend to cause memory overwrites since SSLv3 has a maximum packet size of 16k. If your program uses buffers <= 16k, you would probably never see this problem. - - Fixed a new errors that were cause by malloc() not returning + - Fixed a few errors that were cause by malloc() not returning 0 initialised memory.. - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure index c6dbfae482..e3b13b9d43 100644 --- a/src/lib/libssl/src/Configure +++ b/src/lib/libssl/src/Configure @@ -6,13 +6,11 @@ eval 'exec perl -S $0 ${1+"$@"}' ## require 5.000; -eval 'use strict;'; - -print STDERR "Warning: perl module strict not found.\n" if ($@); +use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -40,6 +38,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# --cross-compile-prefix Add specified prefix to binutils components. +# # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -56,8 +56,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. -# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport -# from 0.9.9 # 386 generate 80386 code # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) @@ -106,6 +104,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $strict_warnings = 0; + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros @@ -123,14 +123,21 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; -my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; -my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; +my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o"; -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; -my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; +my $x86_elf_asm="$x86_asm:elf"; -my $no_asm="::::::::::"; +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; +my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void"; +my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void"; +my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void"; +my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void"; +my $mips3_asm=":bn-mips3.o::::::::::::void"; +my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void"; +my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void"; +my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::"; +my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::"; +my $no_asm=":::::::::::::void"; # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, @@ -141,7 +148,7 @@ my $no_asm="::::::::::"; # seems to be sufficient? my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; -#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags +#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib my %table=( # File 'TABLE' (created by 'make TABLE') contains the data from this list, @@ -156,28 +163,32 @@ my %table=( # Our development configs "purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", "debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", +"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", -"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -185,8 +196,8 @@ my %table=( "cc", "cc:-O::(unknown)::::::", ####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", #### Solaris x86 with GNU C setups # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it @@ -203,33 +214,33 @@ my %table=( # actually recommend to consider using gcc shared build even with vendor # compiler:-) # -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 # SC5.0 note: Compiler common patch 107357-01 or later is required! "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", +"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", #### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", @@ -242,11 +253,11 @@ my %table=( #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Unified HP-UX ANSI C configs. # Special notes: @@ -279,8 +290,8 @@ my %table=( # Since there is mention of this in shlib/hpux10-cc.sh "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::::void:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", # More attempts at unified 10.X and 11.X targets for HP C compiler. # @@ -288,17 +299,17 @@ my %table=( # Kevin Steves "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::::void:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", # HP/UX IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", # Frank Geurts has patiently assisted with # with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", # GCC builds... -"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", +"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", # Legacy HPUX 9.X configs... "hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -316,9 +327,9 @@ my %table=( # # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version # -"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", -"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", -"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", +"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", +"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", #### #### Variety of LINUX:-) @@ -326,27 +337,31 @@ my %table=( # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# It's believed that majority of ARM toolchains predefine appropriate -march. +# If you compiler does not, do complement config command line with one! +"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IA-32 targets... "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", +"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", #### "linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -360,25 +375,25 @@ my %table=( # # # -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}", +"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -390,7 +405,12 @@ my %table=( # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", +"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# BeOS +"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", +"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so", #### SCO/Caldera targets. # @@ -414,12 +434,12 @@ my %table=( #### IBM's AIX. "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -467,28 +487,39 @@ my %table=( # "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", -# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", -"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32", - # Visual C targets -"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", +# +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", +"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", +# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement +# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' +"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +# Unified CE target +"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", -"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", # MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a", +"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", +# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll +# compiled with one compiler with application compiled with another +# compiler. It's possible to engage Applink support in mingw64 build, +# but it's not done, because till mingw64 supports structured exception +# handling, one can't seriously consider its binaries for using with +# non-mingw64 run-time environment. And as mingw64 is always consistent +# with itself, Applink is never engaged and can as well be omitted. +"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", # UWIN "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward@novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv @@ -506,7 +537,7 @@ my %table=( "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", +"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", # Ultrix from Bernhard Simon "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", @@ -516,12 +547,12 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", @@ -538,18 +569,22 @@ my %table=( ##### VxWorks for various targets "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", +"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:", ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", +# uClinux +"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", + ); my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A - VC-NT VC-CE VC-WIN32 - BC-32 OS2-EMX + VC-NT VC-CE VC-WIN32 debug-VC-WIN32 + BC-32 netware-clib netware-clib-bsdsock netware-libc netware-libc-bsdsock); @@ -572,6 +607,9 @@ my $idx_cast_obj = $idx++; my $idx_rc4_obj = $idx++; my $idx_rmd160_obj = $idx++; my $idx_rc5_obj = $idx++; +my $idx_wp_obj = $idx++; +my $idx_cmll_obj = $idx++; +my $idx_perlasm_scheme = $idx++; my $idx_dso_scheme = $idx++; my $idx_shared_target = $idx++; my $idx_shared_cflag = $idx++; @@ -579,23 +617,20 @@ my $idx_shared_ldflag = $idx++; my $idx_shared_extension = $idx++; my $idx_ranlib = $idx++; my $idx_arflags = $idx++; +my $idx_multilib = $idx++; my $prefix=""; +my $libdir=""; my $openssldir=""; my $exe_ext=""; -my $install_prefix=""; -my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; -my $nofipscanistercheck=0; -my $fipsdso=0; -my $fipscanisterinternal="n"; -my $baseaddr="0xFB00000"; +my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; +my $cross_compile_prefix=""; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default -my $montasm=1; # but "no-montasm" is default my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -612,7 +647,6 @@ my $rc2 ="crypto/rc2/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; -my $fips_des_enc="fips_des_enc.o"; my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; @@ -621,26 +655,22 @@ my $rc5_enc="rc5_enc.o"; my $md5_obj=""; my $sha1_obj=""; my $rmd160_obj=""; +my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; my $processor=""; my $default_ranlib; my $perl; -my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] - "camellia" => "default", - "capieng" => "default", - "cms" => "default", - "gmp" => "default", + "gmp" => "default", "jpake" => "experimental", - "mdc2" => "default", - "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) + "md2" => "default", "rc5" => "default", - "rfc3779" => "default", - "seed" => "default", + "rfc3779" => "default", "shared" => "default", + "store" => "experimental", "zlib" => "default", "zlib-dynamic" => "default" ); @@ -648,8 +678,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; - +my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -728,8 +757,8 @@ PROCESS_ARGS: { $disabled{$1} = "option"; } - } - } + } + } elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) { my $algo = $1; @@ -747,6 +776,10 @@ PROCESS_ARGS: { exit(&test_sanity()); } + elsif (/^--strict-warnings/) + { + $strict_warnings = 1; + } elsif (/^reconfigure/ || /^reconf/) { if (open(IN,"<$Makefile")) @@ -772,39 +805,15 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } - elsif (/^fips$/) - { - $fips=1; - } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } - elsif (/^nofipscanistercheck$/) - { - $fips = 1; - $nofipscanistercheck = 1; - } - elsif (/^fipscanisterbuild$/) - { - $fips = 1; - $nofipscanistercheck = 1; - $fipslibdir=""; - $fipscanisterinternal="y"; - } - elsif (/^fipsdso$/) - { - $fips = 1; - $nofipscanistercheck = 1; - $fipslibdir=""; - $fipscanisterinternal="y"; - $fipsdso = 1; - } elsif (/^[-+]/) { - if (/^-[lL](.*)$/) + if (/^-[lL](.*)$/ or /^-Wl,/) { $libs.=$_." "; } @@ -816,6 +825,10 @@ PROCESS_ARGS: { $prefix=$1; } + elsif (/^--libdir=(.*)$/) + { + $libdir=$1; + } elsif (/^--openssldir=(.*)$/) { $openssldir=$1; @@ -836,13 +849,9 @@ PROCESS_ARGS: { $withargs{"zlib-include"}="-I$1"; } - elsif (/^--with-fipslibdir=(.*)$/) - { - $fipslibdir="$1/"; - } - elsif (/^--with-baseaddr=(.*)$/) + elsif (/^--cross-compile-prefix=(.*)$/) { - $baseaddr="$1"; + $cross_compile_prefix=$1; } else { @@ -928,6 +937,12 @@ if (defined($disabled{"tls1"})) $disabled{"tlsext"} = "forced"; } +if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) + || defined($disabled{"dh"})) + { + $disabled{"gost"} = "forced"; + } + if ($target eq "TABLE") { foreach $target (sort keys %table) { print_table_entry($target); @@ -951,54 +966,6 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -# Allow environment CC to override compiler... -if($ENV{CC}) { - $cc = $ENV{CC}; -} -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; -my $arflags = $fields[$idx_arflags]; - -if ($fips) - { - delete $disabled{"shared"} if ($disabled{"shared"} eq "default"); - $disabled{"asm"}="forced" - if ($target !~ "VC\-.*" && - "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::"); - } - -foreach (sort @experimental) - { - my $ALGO; - ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; - - # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined - $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; - $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; - } foreach (sort (keys %disabled)) { @@ -1014,8 +981,6 @@ foreach (sort (keys %disabled)) { $no_shared = 1; } elsif (/^zlib$/) { $zlib = 0; } - elsif (/^montasm$/) - { $montasm = 0; } elsif (/^static-engine$/) { } elsif (/^zlib-dynamic$/) @@ -1057,31 +1022,31 @@ foreach (sort (keys %disabled)) print "\n"; } -my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; +my $exp_cflags = ""; +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; -$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } -$no_shared = 0 if ($fipsdso && !$IsMK1MF); +my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; -$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); +$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -if ($openssldir eq "" and $prefix eq "") - { - if ($fips) - { - $openssldir="/usr/local/ssl/fips"; - } - else - { - $openssldir="/usr/local/ssl"; - } - } +$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; +my $make = $ENV{'MAKE'} || "make"; + +$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; chop $openssldir if $openssldir =~ /\/$/; chop $prefix if $prefix =~ /.\/$/; @@ -1092,10 +1057,50 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] print "IsMK1MF=$IsMK1MF\n"; +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +# Allow environment CC to override compiler... +if($ENV{CC}) { + $cc = $ENV{CC}; +} +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $wp_obj = $fields[$idx_wp_obj]; +my $cmll_obj = $fields[$idx_cmll_obj]; +my $perlasm_scheme = $fields[$idx_perlasm_scheme]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; +my $ar = $ENV{'AR'} || "ar"; +my $arflags = $fields[$idx_arflags]; +my $multilib = $fields[$idx_multilib]; + +$libdir="lib$multilib" if $libdir eq ""; + +$cflags = "$cflags$exp_cflags"; + # '%' in $lflags is used to split flags to "pre-" and post-flags my ($prelflags,$postlflags)=split('%',$lflags); -if (defined($postlflags)) { $lflags=$postlflags; } -else { $lflags=$prelflags; undef $prelflags; } +if (defined($postlflags)) { $lflags=$postlflags; } +else { $lflags=$prelflags; undef $prelflags; } my $no_shared_warn=0; my $no_user_cflags=0; @@ -1223,18 +1228,9 @@ $lflags="$libs$lflags" if ($libs ne ""); if ($no_asm) { - $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; - $sha1_obj=$md5_obj=$rmd160_obj=""; - $cflags=~s/\-D[BL]_ENDIAN// if ($fips); - $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); - } -if ($montasm) - { - $bn_obj =~ s/MAYBE-MO86-/mo86-/; - } -else - { - $bn_obj =~ s/MAYBE-MO86-[a-z.]*//; + $cpuid_obj=$bn_obj= + $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= + $sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=""; } if (!$no_shared) @@ -1253,7 +1249,14 @@ if ($zlib) $cflags = "-DZLIB $cflags"; if (defined($disabled{"zlib-dynamic"})) { - $lflags = "$lflags -lz"; + if (defined($withargs{"zlib-lib"})) + { + $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz"; + } + else + { + $lflags = "$lflags -lz"; + } } else { @@ -1265,7 +1268,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { - $no_shared_warn = 1 if !$no_shared && !$fips; + $no_shared_warn = 1 if !$no_shared; $no_shared = 1; } if (!$no_shared) @@ -1278,13 +1281,16 @@ if (!$no_shared) if (!$IsMK1MF) { + # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments if ($no_shared) { $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; + $options.=" static-engine"; } else { $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; + $options.=" no-static-engine"; } } @@ -1351,17 +1357,13 @@ if ($ranlib eq "") $cpuid_obj="" if ($processor eq "386"); $bn_obj = $bn_asm unless $bn_obj ne ""; -# bn86* is the only one implementing bn_*_part_words -$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); -$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); +# bn-586 is the only one implementing bn_*_part_words +$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/); +$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); -$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); - -if ($fips) - { - $openssl_other_defines.="#define OPENSSL_FIPS\n"; - } +$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); +$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); @@ -1397,6 +1399,15 @@ if ($aes_obj =~ /\.o$/) else { $aes_obj=$aes_enc; } +$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386"); +if ($wp_obj =~ /\.o$/) + { + $cflags.=" -DWHIRLPOOL_ASM"; + } +else { + $wp_obj="wp_block.o"; + } +$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/); # "Stringify" the C flags string. This permits it to be made part of a string # and works as well on command lines. @@ -1434,6 +1445,16 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } +if ($strict_warnings) + { + my $wopt; + die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + foreach $wopt (split /\s+/, $gcc_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } + open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; @@ -1446,13 +1467,13 @@ while () if ($sdirs) { my $dir; foreach $dir (@skip) { - s/(\s)$dir\s/$1/; + s/(\s)$dir /$1/; s/\s$dir$//; } } $sdirs = 0 unless /\\$/; - s/fips // if (/^DIRS=/ && !$fips); s/engines // if (/^DIRS=/ && $disabled{"engine"}); + s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -1462,13 +1483,27 @@ while () s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; + s/^MULTILIB=.*$/MULTILIB=$multilib/; s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^LIBDIR=.*$/LIBDIR=$libdir/; s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; s/^PLATFORM=.*$/PLATFORM=$target/; s/^OPTIONS=.*$/OPTIONS=$options/; s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; - s/^CC=.*$/CC= $cc/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + if ($cross_compile_prefix) + { + s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/; + s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; + s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; + s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + } + else { + s/^CC=.*$/CC= $cc/; + s/^AR=\s*ar/AR= $ar/; + s/^RANLIB=.*/RANLIB= $ranlib/; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; + } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; @@ -1477,7 +1512,7 @@ while () s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; s/^BN_ASM=.*$/BN_ASM= $bn_obj/; s/^DES_ENC=.*$/DES_ENC= $des_obj/; - s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/; + s/^AES_ENC=.*$/AES_ENC= $aes_obj/; s/^BF_ENC=.*$/BF_ENC= $bf_obj/; s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; @@ -1485,32 +1520,19 @@ while () s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; + s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; + s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; + s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; s/^PROCESSOR=.*/PROCESSOR= $processor/; - s/^RANLIB=.*/RANLIB= $ranlib/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; - s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; - if ($fipsdso) - { - s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; - s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; - s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; - } - else - { - s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; - s/^SHARED_FIPS=.*/SHARED_FIPS=/; - s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; - } - s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; - s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) { my $sotmp = $1; @@ -1543,7 +1565,7 @@ print "EX_LIBS =$lflags\n"; print "CPUID_OBJ =$cpuid_obj\n"; print "BN_ASM =$bn_obj\n"; print "DES_ENC =$des_obj\n"; -print "AES_ASM_OBJ =$aes_obj\n"; +print "AES_ENC =$aes_obj\n"; print "BF_ENC =$bf_obj\n"; print "CAST_ENC =$cast_obj\n"; print "RC4_ENC =$rc4_obj\n"; @@ -1551,6 +1573,7 @@ print "RC5_ENC =$rc5_obj\n"; print "MD5_OBJ_ASM =$md5_obj\n"; print "SHA1_OBJ_ASM =$sha1_obj\n"; print "RMD160_OBJ_ASM=$rmd160_obj\n"; +print "CMLL_ENC= =$cmll_obj\n"; print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; @@ -1638,14 +1661,22 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; print OUT $openssl_algorithm_defines_trans; print OUT "#endif\n\n"; -print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj); +print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o"); while () { if (/^#define\s+OPENSSLDIR/) - { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + { + my $foo = $openssldir; + $foo =~ s/\\/\\\\/g; + print OUT "#define OPENSSLDIR \"$foo\"\n"; + } elsif (/^#define\s+ENGINESDIR/) - { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } + { + my $foo = "$prefix/$libdir/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" if $export_var_as_fn; @@ -1750,7 +1781,7 @@ if($IsMK1MF) { EOF close(OUT); } else { - my $make_command = "make PERL=\'$perl\'"; + my $make_command = "$make PERL=\'$perl\'"; my $make_targets = ""; $make_targets .= " links" if $symlink; $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; @@ -1758,11 +1789,11 @@ EOF (system $make_command.$make_targets) == 0 or exit $? if $make_targets ne ""; if ( $perl =~ m@^/@) { - &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); } else { # No path for Perl known ... - &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";'); + &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); } if ($depflags ne $default_depflags && !$make_depend) { @@ -1808,16 +1839,9 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN -#if defined(FIPS) - VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" -#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" -#if defined(FIPS) - VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" -#else VALUE "FileDescription", "OpenSSL Shared Library\\0" -#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -1825,15 +1849,12 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" -#elif defined(FIPS) - VALUE "InternalName", "libosslfips\\0" - VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -1870,21 +1891,6 @@ libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). EOF -print <<\EOF if ($fipscanisterinternal eq "y"); - -WARNING: OpenSSL has been configured using unsupported option(s) to internally -generate a fipscanister.o object module for TESTING PURPOSES ONLY; that -compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the -OpenSSL FIPS Object Module as identified by the CMVP -(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS -140-2 validated software. - -This is an OpenSSL 0.9.8 test version. - -See the file README.FIPS for details of how to build a test library. - -EOF - exit(0); sub usage @@ -1960,8 +1966,8 @@ sub print_table_entry (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj, my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, - my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, - my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)= + my $rc5_obj,my $wp_obj,my $cmll_obj,my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag, + my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)= split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); print <. -OpenSSL 0.9.8k was released on Mar 25th, 2009. +OpenSSL 1.0.0a was released on Jun 1st, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at . +. Note that the online documents refer +to the very latest development versions of OpenSSL and may include features +not present in released versions. If in doubt refer to the documentation +that came with the version of OpenSSL you are using. For information on parts of libcrypto that are not yet documented, you might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's @@ -717,8 +721,10 @@ file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(). This is described in the threads(3) -manpage. +CRYPTO_set_id_callback(), for all versions of OpenSSL up to and +including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() +and associated APIs are deprecated by CRYPTO_THREADID_set_callback() +and friends. This is described in the threads(3) manpage. * I've compiled a program under Windows and it crashes: why? @@ -962,4 +968,15 @@ is needed. This must be done by calling: See the manual pages for more details. +* Where are the declarations and implementations of d2i_X509() etc? + +These are defined and implemented by macros of the form: + + + DECLARE_ASN1_FUNCTIONS(X509) and IMPLEMENT_ASN1_FUNCTIONS(X509) + +The implementation passes an ASN1 "template" defining the structure into an +ASN1 interpreter using generalised functions such as ASN1_item_d2i(). + + =============================================================================== diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL index c72cc1dcee..1325079f2a 100644 --- a/src/lib/libssl/src/INSTALL +++ b/src/lib/libssl/src/INSTALL @@ -98,11 +98,17 @@ The crypto/ directory can be removed after running "make depend". - -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will + -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will be passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library directories or other compiler options. + -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using + BSD. Useful if you are running ocf-linux or something + similar. Once enabled you can also enable the use of + cryptodev digests, which is usually slower unless you have + large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force + it. Installation in Detail ---------------------- @@ -206,6 +212,10 @@ compile programs with libcrypto or libssl. lib Contains the OpenSSL library files themselves. + Use "make install_sw" to install the software without documentation, + and "install_docs_html" to install HTML renditions of the manual + pages. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32 index 3dd7832f4e..77441f1ef3 100644 --- a/src/lib/libssl/src/INSTALL.W32 +++ b/src/lib/libssl/src/INSTALL.W32 @@ -5,19 +5,30 @@ [Instructions for building for Windows CE can be found in INSTALL.WCE] [Instructions for building for Win64 can be found in INSTALL.W64] - Heres a few comments about building OpenSSL in Windows environments. Most - of this is tested on Win32 but it may also work in Win 3.1 with some - modification. + Here are a few comments about building OpenSSL for Win32 environments, + such as Windows NT and Windows 9x. It should be noted though that + Windows 9x are not ordinarily tested. Its mention merely means that we + attempt to maintain certain programming discipline and pay attention + to backward compatibility issues, in other words it's kind of expected + to work on Windows 9x, but no regression tests are actually performed. - You need Perl for Win32. Unless you will build on Cygwin, you will need - ActiveState Perl, available from http://www.activestate.com/ActivePerl. + On additional note newer OpenSSL versions are compiled and linked with + Winsock 2. This means that minimum OS requirement was elevated to NT 4 + and Windows 98 [there is Winsock 2 update for Windows 95 though]. - and one of the following C compilers: + - you need Perl for Win32. Unless you will build on Cygwin, you will need + ActiveState Perl, available from http://www.activestate.com/ActivePerl. + + - one of the following C compilers: * Visual C++ * Borland C * GNU C (Cygwin or MinGW) +- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ + is required if you intend to utilize assembler modules. Note that NASM + is now the only supported assembler. + If you are compiling from a tarball or a CVS snapshot then the Win32 files may well be not up to date. This may mean that some "tweaking" is required to get it all to work. See the trouble shooting section later on for if (when?) @@ -26,39 +37,18 @@ Visual C++ ---------- - If you want to compile in the assembly language routines with Visual C++ then - you will need an assembler. This is worth doing because it will result in - faster code: for example it will typically result in a 2 times speedup in the - RSA routines. Currently the following assemblers are supported: - - * Microsoft MASM (aka "ml") - * Free Netwide Assembler NASM. - - MASM is distributed with most versions of VC++. For the versions where it is - not included in VC++, it is also distributed with some Microsoft DDKs, for - example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have - either of these DDKs then you can just download the binaries for the Windows - 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to - ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be - downloaded from the Microsoft developers site www.msdn.com. - - NASM is freely available. Version 0.98 was used during testing: other versions - may also work. It is available from many places, see for example: - http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ - The NASM binary nasmw.exe needs to be installed anywhere on your PATH. + If you want to compile in the assembly language routines with Visual + C++, then you will need already mentioned Netwide Assembler binary, + nasmw.exe or nasm.exe, to be available on your %PATH%. - Firstly you should run Configure: + Firstly you should run Configure with platform VC-WIN32: - > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir + > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir -Where the prefix argument specifies where OpenSSL will be installed to. + Where the prefix argument specifies where OpenSSL will be installed to. - Next you need to build the Makefiles and optionally the assembly language - files: - - - If you are using MASM then run: - - > ms\do_masm + Next you need to build the Makefiles and optionally the assembly + language files: - If you are using NASM then run: @@ -66,6 +56,7 @@ Where the prefix argument specifies where OpenSSL will be installed to. - If you don't want to use the assembly language files at all then run: + > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir > ms\do_ms If you get errors about things not having numbers assigned then check the @@ -76,42 +67,39 @@ Where the prefix argument specifies where OpenSSL will be installed to. > nmake -f ms\ntdll.mak - If all is well it should compile and you will have some DLLs and executables - in out32dll. If you want to try the tests then do: + If all is well it should compile and you will have some DLLs and + executables in out32dll. If you want to try the tests then do: > nmake -f ms\ntdll.mak test -To install OpenSSL to the specified location do: + To install OpenSSL to the specified location do: -> nmake -f ms\ntdll.mak install + > nmake -f ms\ntdll.mak install Tweaks: - There are various changes you can make to the Win32 compile environment. By - default the library is not compiled with debugging symbols. If you add 'debug' - to the mk1mf.pl lines in the do_* batch file then debugging symbols will be - compiled in. Note that mk1mf.pl expects the platform to be the last argument - on the command line, so 'debug' must appear before that, as all other options. - + There are various changes you can make to the Win32 compile + environment. By default the library is not compiled with debugging + symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32 + then debugging symbols will be compiled in. - By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll - shared library. If you specify the "no-static-engine" option on the command - line to Configure the shared library build (ms\ntdll.mak) will compile the - engines as separate DLLs. + By default in 1.0.0 OpenSSL will compile builtin ENGINES into the + separate shared librariesy. If you specify the "enable-static-engine" + option on the command line to Configure the shared library build + (ms\ntdll.mak) will compile the engines into libeay32.dll instead. The default Win32 environment is to leave out any Windows NT specific features. - If you want to enable the NT specific features of OpenSSL (currently only the - logging BIO) follow the instructions above but call the batch file do_nt.bat - instead of do_ms.bat. + If you want to enable the NT specific features of OpenSSL (currently + only the logging BIO) follow the instructions above but call the batch + file do_nt.bat instead of do_ms.bat. You can also build a static version of the library using the Makefile ms\nt.mak - Borland C++ builder 5 --------------------- @@ -137,17 +125,13 @@ To install OpenSSL to the specified location do: GNU C (Cygwin) -------------- - Cygwin provides a bash shell and GNU tools environment running - on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. - Consequently, a make of OpenSSL with Cygwin is closer to a GNU - bash environment such as Linux than to other the other Win32 - makes. - - Cygwin implements a Posix/Unix runtime system (cygwin1.dll). - It is also possible to create Win32 binaries that only use the - Microsoft C runtime system (msvcrt.dll or crtdll.dll) using - MinGW. MinGW can be used in the Cygwin development environment - or in a standalone setup as described in the following section. + Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of + Win32 subsystem and provides a bash shell and GNU tools environment. + Consequently, a make of OpenSSL with Cygwin is virtually identical to + Unix procedure. It is also possible to create Win32 binaries that only + use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using + MinGW. MinGW can be used in the Cygwin development environment or in a + standalone setup as described in the following section. To build OpenSSL using Cygwin: @@ -192,35 +176,35 @@ To install OpenSSL to the specified location do: non-fatal error in "make test" but is otherwise harmless. If desired and needed, GNU bc can be built with Cygwin without change. - GNU C (MinGW) + GNU C (MinGW/MSYS) ------------- - * Compiler installation: + * Compiler and shell environment installation: - MinGW is available from http://www.mingw.org. Run the installer and - set the MinGW bin directory to the PATH in "System Properties" or - autoexec.bat. + MinGW and MSYS are available from http://www.mingw.org/, both are + required. Run the installers and do whatever magic they say it takes + to start MSYS bash shell with GNU tools on its PATH. * Compile OpenSSL: - > ms\mingw32 + $ ./config + [...] + $ make + [...] + $ make test - This will create the library and binaries in out. In case any problems - occur, try - > ms\mingw32 no-asm - instead. + This will create the library and binaries in root source directory + and openssl.exe application in apps directory. + + It is also possible to cross-compile it on Linux by configuring + with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'. + 'make test' is naturally not applicable then. libcrypto.a and libssl.a are the static libraries. To use the DLLs, link with libeay32.a and libssl32.a instead. - See troubleshooting if you get error messages about functions not having - a number assigned. - - * You can now try the tests: - - > cd out - > ..\ms\test - + See troubleshooting if you get error messages about functions not + having a number assigned. Installation ------------ @@ -307,13 +291,13 @@ To install OpenSSL to the specified location do: If you link with static OpenSSL libraries [those built with ms/nt.mak], then you're expected to additionally link your application with - WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing + WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing non-interactive service applications might feel concerned about linking - with latter two, as they are justly associated with interactive desktop, - which is not available to service processes. The toolkit is designed - to detect in which context it's currently executed, GUI, console app - or service, and act accordingly, namely whether or not to actually make - GUI calls. + with the latter two, as they are justly associated with interactive + desktop, which is not available to service processes. The toolkit is + designed to detect in which context it's currently executed, GUI, + console app or service, and act accordingly, namely whether or not to + actually make GUI calls. If you link with OpenSSL .DLLs, then you're expected to include into your application code small "shim" snippet, which provides glue between diff --git a/src/lib/libssl/src/INSTALL.WCE b/src/lib/libssl/src/INSTALL.WCE index adc03f41d4..d78c61afa8 100644 --- a/src/lib/libssl/src/INSTALL.WCE +++ b/src/lib/libssl/src/INSTALL.WCE @@ -4,27 +4,36 @@ Building OpenSSL for Windows CE requires the following external tools: - * Microsoft eMbedded Visual C++ 3.0 - * wcecompat compatibility library (www.essemer.com.au) - * Optionally ceutils for running automated tests (www.essemer.com.au) - - You also need Perl for Win32. You will need ActiveState Perl, available - from http://www.activestate.com/ActivePerl. - - Windows CE support in OpenSSL relies on wcecompat and therefore it's - appropriate to check http://www.essemer.com.au/windowsce/ for updates in - case of compilation problems. As for the moment of this writing version - 1.1 is available and actually required for WCE 4.2 and newer platforms. - All Windows CE specific issues should be directed to www.essemer.com.au. - - The C Runtime Library implementation for Windows CE that is included with - Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places - incorrect. wcecompat plugs the holes and tries to bring the Windows CE - CRT to a level that is more compatible with ANSI C. wcecompat goes further - and provides low-level IO and stream IO support for stdin/stdout/stderr - (which Windows CE does not provide). This IO functionality is not needed - by the OpenSSL library itself but is used for the tests and openssl.exe. - More information is available at www.essemer.com.au. + * Microsoft eMbedded Visual C++ 3.0 or later + * Appropriate SDK might be required + * Perl for Win32 [commonly recommended ActiveState Perl is available + from http://www.activestate.com/Products/ActivePerl/] + + * wcecompat compatibility library available at + http://www.essemer.com.au/windowsce/ + * Optionally ceutils for running automated tests (same location) + + _or_ + + * PocketConsole driver and PortSDK available at + http://www.symbolictools.de/public/pocketconsole/ + * CMD command interpreter (same location) + + As Windows CE support in OpenSSL relies on 3rd party compatibility + library, it's appropriate to check corresponding URL for updates. For + example if you choose wcecompat, note that as for the moment of this + writing version 1.2 is available and actually required for WCE 4.2 + and newer platforms. All wcecompat issues should be directed to + www.essemer.com.au. + + Why compatibility library at all? The C Runtime Library implementation + for Windows CE that is included with Microsoft eMbedded Visual C++ is + incomplete and in some places incorrect. Compatibility library plugs + the holes and tries to bring the Windows CE CRT to [more] usable level. + Most gaping hole in CRT is support for stdin/stdout/stderr IO, which + proposed compatibility libraries solve in two different ways: wcecompat + redirects IO to active sync link, while PortSDK - to NT-like console + driver on the handheld itself. Building -------- @@ -34,9 +43,21 @@ > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT" - Next indicate where wcecompat is located: + Next pick compatibility library according to your preferences. - > set WCECOMPAT=C:\wcecompat + 1. To choose wcecompat set up WCECOMPAT environment variable pointing + at the location of wcecompat tree "root": + + > set WCECOMPAT=C:\wcecompat + > set PORTSDK_LIBPATH= + + 2. To choose PortSDK set up PORTSDK_LIBPATH to point at hardware- + specific location where your portlib.lib is installed: + + > set PORTSDK_LIBPATH=C:\PortSDK\lib\ARM + > set WCECOMPAT= + + Note that you may not set both variables. Next you should run Configure: @@ -52,16 +73,16 @@ Then from the VC++ environment at a prompt do: - - to build static libraries: + > nmake -f ms\cedll.mak - > nmake -f ms\ce.mak + [note that static builds are not supported under CE] - - or to build DLLs: + If all is well it should compile and you will have some DLLs and executables + in out32dll*. - > nmake -f ms\cedll.mak + <<< everyting below needs revision in respect to wcecompat vs. PortSDK >>> - If all is well it should compile and you will have some static libraries and - executables in out32, or some DLLs and executables in out32dll. If you want + If you want to try the tests then make sure the ceutils are in the path and do: > cd out32 diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile index 57d742e4d4..47bb99c40b 100644 --- a/src/lib/libssl/src/Makefile +++ b/src/lib/libssl/src/Makefile @@ -4,16 +4,16 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8k -MAJOR=0 -MINOR=9.8 -SHLIB_VERSION_NUMBER=0.9.8 +VERSION=1.0.0a +MAJOR=1 +MINOR=0.0 +SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= -SHLIB_MAJOR=0 -SHLIB_MINOR=9.8 +SHLIB_MAJOR=1 +SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic +OPTIONS= no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-shared no-store no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,18 +61,19 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED +DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE PEX_LIBS= EX_LIBS= EXE_EXT= ARFLAGS= -AR=ar $(ARFLAGS) r -ARD=ar $(ARFLAGS) d +AR= ar $(ARFLAGS) r RANLIB= /usr/bin/ranlib +NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in # order to be excused from maintaining a separate set of architecture @@ -87,10 +88,10 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= +CPUID_OBJ= mem_clr.o BN_ASM= bn_asm.o DES_ENC= des_enc.o fcrypt_b.o -AES_ASM_OBJ= aes_core.o aes_cbc.o +AES_ENC= aes_core.o aes_cbc.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o rc4_skey.o @@ -98,6 +99,9 @@ RC5_ENC= rc5_enc.o MD5_ASM_OBJ= SHA1_ASM_OBJ= RMD160_ASM_OBJ= +WP_ASM_OBJ= wp_block.o +CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o +PERLASM_SCHEME= # KRB5 stuff KRB5_INCLUDES= @@ -107,44 +111,19 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= -# This is the location of fipscanister.o and friends. -# The FIPS module build will place it $(INSTALLTOP)/lib -# but since $(INSTALLTOP) can only take the default value -# when the module is built it will be in /usr/local/ssl/lib -# $(INSTALLTOP) for this build make be different so hard -# code the path. - -FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/ - -# This is set to "y" if fipscanister.o is compiled internally as -# opposed to coming from an external validated location. - -FIPSCANISTERINTERNAL=n - -# The location of the library which contains fipscanister.o -# normally it will be libcrypto unless fipsdso is set in which -# case it will be libfips. If not compiling in FIPS mode at all -# this is empty making it a useful test for a FIPS compile. - -FIPSCANLIB= - -# Shared library base address. Currently only used on Windows. -# - -BASEADDR=0xFB00000 - DIRS= crypto ssl engines apps test tools +ENGDIRS= ccgost SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ - md2 md4 md5 sha hmac ripemd \ - des aes rc2 rc4 idea bf cast \ + md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - store pqueue + cms pqueue ts # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -158,6 +137,8 @@ MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 MANSUFFIX= +HTMLSUFFIX=html +HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh TOP= . @@ -167,7 +148,6 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) -SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -198,33 +178,35 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} -BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ - CC='${CC}' CFLAG='${CFLAG}' \ - AS='${CC}' ASFLAG='${CFLAG} -c' \ - AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ - SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ - INSTALL_PREFIX='${INSTALL_PREFIX}' \ - INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ - MAKEDEPPROG='${MAKEDEPPROG}' \ - SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ - KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ - EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ - SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ - PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ - CPUID_OBJ='${CPUID_OBJ}' \ - BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ - AES_ASM_OBJ='${AES_ASM_OBJ}' \ - BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ - RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ - SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ - MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ - RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ - FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ +BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ + CC='$(CC)' CFLAG='$(CFLAG)' \ + AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ + CROSS_COMPILE='$(CROSS_COMPILE)' \ + PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ + SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ + INSTALL_PREFIX='$(INSTALL_PREFIX)' \ + INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ + LIBDIR='$(LIBDIR)' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ + MAKEDEPPROG='$(MAKEDEPPROG)' \ + SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ + KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ + ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ + EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ + SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ + PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ + CPUID_OBJ='$(CPUID_OBJ)' \ + BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \ + AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ + BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ + RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ + SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ + MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ + RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ + WP_ASM_OBJ='$(WP_ASM_OBJ)' \ + PERLASM_SCHEME='$(PERLASM_SCHEME)' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -243,98 +225,26 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ - cd $$dir && echo "making $$target in $$dir..." && \ + ( cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done BUILD_ONE_CMD=\ - if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \ + if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ $(BUILD_CMD); \ fi reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ - ../crypto/aes/aes_ecb.o \ - ../crypto/aes/aes_ofb.o \ - ../crypto/bn/bn_add.o \ - ../crypto/bn/bn_blind.o \ - ../crypto/bn/bn_ctx.o \ - ../crypto/bn/bn_div.o \ - ../crypto/bn/bn_exp2.o \ - ../crypto/bn/bn_exp.o \ - ../crypto/bn/bn_gcd.o \ - ../crypto/bn/bn_lib.o \ - ../crypto/bn/bn_mod.o \ - ../crypto/bn/bn_mont.o \ - ../crypto/bn/bn_mul.o \ - ../crypto/bn/bn_prime.o \ - ../crypto/bn/bn_rand.o \ - ../crypto/bn/bn_recp.o \ - ../crypto/bn/bn_shift.o \ - ../crypto/bn/bn_sqr.o \ - ../crypto/bn/bn_word.o \ - ../crypto/bn/bn_x931p.o \ - ../crypto/buffer/buf_str.o \ - ../crypto/cryptlib.o \ - ../crypto/des/cfb64ede.o \ - ../crypto/des/cfb64enc.o \ - ../crypto/des/cfb_enc.o \ - ../crypto/des/ecb3_enc.o \ - ../crypto/des/ecb_enc.o \ - ../crypto/des/ofb64ede.o \ - ../crypto/des/ofb64enc.o \ - ../crypto/des/fcrypt.o \ - ../crypto/des/set_key.o \ - ../crypto/dsa/dsa_utl.o \ - ../crypto/dsa/dsa_sign.o \ - ../crypto/dsa/dsa_vrf.o \ - ../crypto/err/err.o \ - ../crypto/evp/digest.o \ - ../crypto/evp/enc_min.o \ - ../crypto/evp/e_aes.o \ - ../crypto/evp/e_des3.o \ - ../crypto/evp/p_sign.o \ - ../crypto/evp/p_verify.o \ - ../crypto/mem_clr.o \ - ../crypto/mem.o \ - ../crypto/rand/md_rand.o \ - ../crypto/rand/rand_egd.o \ - ../crypto/rand/randfile.o \ - ../crypto/rand/rand_lib.o \ - ../crypto/rand/rand_os2.o \ - ../crypto/rand/rand_unix.o \ - ../crypto/rand/rand_win.o \ - ../crypto/rsa/rsa_lib.o \ - ../crypto/rsa/rsa_none.o \ - ../crypto/rsa/rsa_oaep.o \ - ../crypto/rsa/rsa_pk1.o \ - ../crypto/rsa/rsa_pss.o \ - ../crypto/rsa/rsa_ssl.o \ - ../crypto/rsa/rsa_x931.o \ - ../crypto/sha/sha1dgst.o \ - ../crypto/sha/sha256.o \ - ../crypto/sha/sha512.o \ - ../crypto/uid.o - sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_fips build_ssl build_shared build_engines +build_libs: build_crypto build_ssl build_engines build_crypto: - if [ -n "$(FIPSCANLIB)" ]; then \ - EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ - ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ - else \ - ARX='${AR}' ; \ - fi ; export ARX ; \ - dir=crypto; target=all; $(BUILD_ONE_CMD) -build_fips: - @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) + @dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: @@ -350,20 +260,9 @@ all_testapps: build_libs build_testapps build_testapps: @dir=crypto; target=testapps; $(BUILD_ONE_CMD) -build_shared: $(SHARED_LIBS) -libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) +libcrypto$(SHLIB_EXT): libcrypto.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - if [ "$(FIPSCANLIB)" = "libfips" ]; then \ - $(ARD) libcrypto.a fipscanister.o ; \ - $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ - $(AR) libcrypto.a fips/fipscanister.o ; \ - else \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; \ - export CC FIPSLD_CC; \ - fi; \ - $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ - fi \ + $(MAKE) SHLIBDIRS=crypto build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ @@ -371,32 +270,12 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - shlibdeps=-lcrypto; \ - [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2 ; \ - exit 1; \ - fi - -fips/fipscanister.o: build_fips -libfips$(SHLIB_EXT): fips/fipscanister.o - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ - $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - CC=$${CC} LIBNAME=fips THIS=$@ \ - LIBEXTRAS=fips/fipscanister.o \ - LIBDEPS="$(EX_LIBS)" \ - LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ fi -libfips.a: - dir=fips; target=all; $(BUILD_ONE_CMD) - clean-shared: @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ @@ -412,10 +291,10 @@ clean-shared: done link-shared: - @ set -e; for i in ${SHLIBDIRS}; do \ + @ set -e; for i in $(SHLIBDIRS); do \ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ symlink.$(SHLIB_TARGET); \ libs="$$libs -l$$i"; \ done @@ -423,13 +302,13 @@ link-shared: build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): - @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ + if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ LIBDEPS="$$libs $(EX_LIBS)" \ link_a.$(SHLIB_TARGET); \ libs="-l$$i $$libs"; \ @@ -438,7 +317,7 @@ do_$(SHLIB_TARGET): libcrypto.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ @@ -451,7 +330,7 @@ libcrypto.pc: Makefile libssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -464,7 +343,7 @@ libssl.pc: Makefile openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -506,32 +385,32 @@ links: @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) @set -e; target=links; $(RECURSIVE_BUILD_CMD) - @if [ -z "$(FIPSCANLIB)" ]; then \ - set -e; target=links; dir=fips ; $(BUILD_CMD) ; \ - fi gentests: @(cd test && echo "generating dummy tests (if needed)..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); dclean: - rm -f *.bak + rm -rf *.bak include/openssl certs/.0 @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time -rehash.time: certs - @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) - touch rehash.time +rehash.time: certs apps + @if [ -z "$(CROSS_COMPILE)" ]; then \ + (OPENSSL="`pwd`/util/opensslwrap.sh"; \ + [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) && \ + touch rehash.time; \ + else :; fi test: tests tests: rehash @(cd test && echo "testing..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - util/opensslwrap.sh version -a + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); + OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a report: @$(PERL) util/selftest.pl @@ -564,6 +443,8 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h +crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num + $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h apps/openssl-vms.cnf: apps/openssl.cnf $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf @@ -576,7 +457,7 @@ TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend +update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar @@ -607,8 +488,8 @@ tar-snap: dist: $(PERL) Configure dist @$(MAKE) dist_pem_h - @$(MAKE) SDIRS='${SDIRS}' clean - @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar + @$(MAKE) SDIRS='$(SDIRS)' clean + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -617,9 +498,9 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ @@ -634,10 +515,10 @@ install_sw: do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ fi; \ done; @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ @@ -647,22 +528,32 @@ install_sw: if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ else \ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ fi ); \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + ( case $$i in \ + *crypto*) i=libeay32.dll;; \ + *ssl*) i=ssleay32.dll;; \ + esac; \ + echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + fi; \ fi; \ done; \ ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ @@ -671,12 +562,33 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + +install_html_docs: + here="`pwd`"; \ + for subdir in apps crypto ssl; do \ + mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + for i in doc/$$subdir/*.pod; do \ + fn=`basename $$i .pod`; \ + echo "installing html/$$fn.$(HTMLSUFFIX)"; \ + cat $$i \ + | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ + | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ + | sed -r 's/ $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + grep -v $$filecase "^$$fn\$$" | \ + (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + while read n; do \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ + done); \ + done; \ + done install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ -684,7 +596,7 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ @@ -704,7 +616,7 @@ install_docs: (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ @@ -721,7 +633,7 @@ install_docs: (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org index d1b56b2f58..fb0af7ecc2 100644 --- a/src/lib/libssl/src/Makefile.org +++ b/src/lib/libssl/src/Makefile.org @@ -65,12 +65,13 @@ EX_LIBS= EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r -ARD=ar $(ARFLAGS) d RANLIB= ranlib +NM= nm PERL= perl TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in # order to be excused from maintaining a separate set of architecture @@ -88,7 +89,7 @@ PROCESSOR= CPUID_OBJ= BN_ASM= bn_asm.o DES_ENC= des_enc.o fcrypt_b.o -AES_ASM_OBJ=aes_core.o aes_cbc.o +AES_ENC= aes_core.o aes_cbc.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o @@ -96,6 +97,9 @@ RC5_ENC= rc5_enc.o MD5_ASM_OBJ= SHA1_ASM_OBJ= RMD160_ASM_OBJ= +WP_ASM_OBJ= +CMLL_ENC= +PERLASM_SCHEME= # KRB5 stuff KRB5_INCLUDES= @@ -105,44 +109,19 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= -# This is the location of fipscanister.o and friends. -# The FIPS module build will place it $(INSTALLTOP)/lib -# but since $(INSTALLTOP) can only take the default value -# when the module is built it will be in /usr/local/ssl/lib -# $(INSTALLTOP) for this build make be different so hard -# code the path. - -FIPSLIBDIR=/usr/local/ssl/lib/ - -# This is set to "y" if fipscanister.o is compiled internally as -# opposed to coming from an external validated location. - -FIPSCANISTERINTERNAL=n - -# The location of the library which contains fipscanister.o -# normally it will be libcrypto unless fipsdso is set in which -# case it will be libfips. If not compiling in FIPS mode at all -# this is empty making it a useful test for a FIPS compile. - -FIPSCANLIB= - -# Shared library base address. Currently only used on Windows. -# - -BASEADDR= - -DIRS= crypto fips ssl engines apps test tools -SHLIBDIRS= crypto ssl fips +DIRS= crypto ssl engines apps test tools +ENGDIRS= ccgost +SHLIBDIRS= crypto ssl # dirs in crypto to build SDIRS= \ objects \ - md2 md4 md5 sha mdc2 hmac ripemd \ - des aes rc2 rc4 rc5 idea bf cast camellia seed \ + md2 md4 md5 sha mdc2 hmac ripemd whrlpool \ + des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - store cms pqueue jpake + cms pqueue ts jpake store # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -156,6 +135,8 @@ MANDIR=$(OPENSSLDIR)/man MAN1=1 MAN3=3 MANSUFFIX= +HTMLSUFFIX=html +HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh TOP= . @@ -165,7 +146,6 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) -SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -196,33 +176,35 @@ CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} -BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ - CC='${CC}' CFLAG='${CFLAG}' \ - AS='${CC}' ASFLAG='${CFLAG} -c' \ - AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ - SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ - INSTALL_PREFIX='${INSTALL_PREFIX}' \ - INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ - DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ - MAKEDEPPROG='${MAKEDEPPROG}' \ - SHARED_LDFLAGS='${SHARED_LDFLAGS}' \ - KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \ - EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \ - SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \ - PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \ - CPUID_OBJ='${CPUID_OBJ}' \ - BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \ - AES_ASM_OBJ='${AES_ASM_OBJ}' \ - BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \ - RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \ - SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ - MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ - RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ - FIPSLIBDIR='${FIPSLIBDIR}' \ - FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ - FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ - FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ +BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ + CC='$(CC)' CFLAG='$(CFLAG)' \ + AS='$(CC)' ASFLAG='$(CFLAG) -c' \ + AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \ + CROSS_COMPILE='$(CROSS_COMPILE)' \ + PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \ + SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \ + INSTALL_PREFIX='$(INSTALL_PREFIX)' \ + INSTALLTOP='$(INSTALLTOP)' OPENSSLDIR='$(OPENSSLDIR)' \ + LIBDIR='$(LIBDIR)' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \ + DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ + MAKEDEPPROG='$(MAKEDEPPROG)' \ + SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ + KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ + ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ + EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ + SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ + PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ + CPUID_OBJ='$(CPUID_OBJ)' \ + BN_ASM='$(BN_ASM)' DES_ENC='$(DES_ENC)' \ + AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ + BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ + RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ + SHA1_ASM_OBJ='$(SHA1_ASM_OBJ)' \ + MD5_ASM_OBJ='$(MD5_ASM_OBJ)' \ + RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)' \ + WP_ASM_OBJ='$(WP_ASM_OBJ)' \ + PERLASM_SCHEME='$(PERLASM_SCHEME)' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -241,98 +223,26 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ - cd $$dir && echo "making $$target in $$dir..." && \ + ( cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done BUILD_ONE_CMD=\ - if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \ + if expr " $(DIRS) " : ".* $$dir " >/dev/null 2>&1; then \ $(BUILD_CMD); \ fi reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) -FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ - ../crypto/aes/aes_ecb.o \ - ../crypto/aes/aes_ofb.o \ - ../crypto/bn/bn_add.o \ - ../crypto/bn/bn_blind.o \ - ../crypto/bn/bn_ctx.o \ - ../crypto/bn/bn_div.o \ - ../crypto/bn/bn_exp2.o \ - ../crypto/bn/bn_exp.o \ - ../crypto/bn/bn_gcd.o \ - ../crypto/bn/bn_lib.o \ - ../crypto/bn/bn_mod.o \ - ../crypto/bn/bn_mont.o \ - ../crypto/bn/bn_mul.o \ - ../crypto/bn/bn_prime.o \ - ../crypto/bn/bn_rand.o \ - ../crypto/bn/bn_recp.o \ - ../crypto/bn/bn_shift.o \ - ../crypto/bn/bn_sqr.o \ - ../crypto/bn/bn_word.o \ - ../crypto/bn/bn_x931p.o \ - ../crypto/buffer/buf_str.o \ - ../crypto/cryptlib.o \ - ../crypto/des/cfb64ede.o \ - ../crypto/des/cfb64enc.o \ - ../crypto/des/cfb_enc.o \ - ../crypto/des/ecb3_enc.o \ - ../crypto/des/ecb_enc.o \ - ../crypto/des/ofb64ede.o \ - ../crypto/des/ofb64enc.o \ - ../crypto/des/fcrypt.o \ - ../crypto/des/set_key.o \ - ../crypto/dsa/dsa_utl.o \ - ../crypto/dsa/dsa_sign.o \ - ../crypto/dsa/dsa_vrf.o \ - ../crypto/err/err.o \ - ../crypto/evp/digest.o \ - ../crypto/evp/enc_min.o \ - ../crypto/evp/e_aes.o \ - ../crypto/evp/e_des3.o \ - ../crypto/evp/p_sign.o \ - ../crypto/evp/p_verify.o \ - ../crypto/mem_clr.o \ - ../crypto/mem.o \ - ../crypto/rand/md_rand.o \ - ../crypto/rand/rand_egd.o \ - ../crypto/rand/randfile.o \ - ../crypto/rand/rand_lib.o \ - ../crypto/rand/rand_os2.o \ - ../crypto/rand/rand_unix.o \ - ../crypto/rand/rand_win.o \ - ../crypto/rsa/rsa_lib.o \ - ../crypto/rsa/rsa_none.o \ - ../crypto/rsa/rsa_oaep.o \ - ../crypto/rsa/rsa_pk1.o \ - ../crypto/rsa/rsa_pss.o \ - ../crypto/rsa/rsa_ssl.o \ - ../crypto/rsa/rsa_x931.o \ - ../crypto/sha/sha1dgst.o \ - ../crypto/sha/sha256.o \ - ../crypto/sha/sha512.o \ - ../crypto/uid.o - sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_fips build_ssl build_shared build_engines +build_libs: build_crypto build_ssl build_engines build_crypto: - if [ -n "$(FIPSCANLIB)" ]; then \ - EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ - ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ - else \ - ARX='${AR}' ; \ - fi ; export ARX ; \ - dir=crypto; target=all; $(BUILD_ONE_CMD) -build_fips: - @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) + @dir=crypto; target=all; $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: @@ -348,20 +258,9 @@ all_testapps: build_libs build_testapps build_testapps: @dir=crypto; target=testapps; $(BUILD_ONE_CMD) -build_shared: $(SHARED_LIBS) -libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) +libcrypto$(SHLIB_EXT): libcrypto.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - if [ "$(FIPSCANLIB)" = "libfips" ]; then \ - $(ARD) libcrypto.a fipscanister.o ; \ - $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ - $(AR) libcrypto.a fips/fipscanister.o ; \ - else \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; \ - export CC FIPSLD_CC; \ - fi; \ - $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ - fi \ + $(MAKE) SHLIBDIRS=crypto build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ @@ -369,32 +268,12 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - shlibdeps=-lcrypto; \ - [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2 ; \ - exit 1; \ - fi - -fips/fipscanister.o: build_fips -libfips$(SHLIB_EXT): fips/fipscanister.o - @if [ "$(SHLIB_TARGET)" != "" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ - $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - CC=$${CC} LIBNAME=fips THIS=$@ \ - LIBEXTRAS=fips/fipscanister.o \ - LIBDEPS="$(EX_LIBS)" \ - LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ fi -libfips.a: - dir=fips; target=all; $(BUILD_ONE_CMD) - clean-shared: @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ @@ -410,10 +289,10 @@ clean-shared: done link-shared: - @ set -e; for i in ${SHLIBDIRS}; do \ + @ set -e; for i in $(SHLIBDIRS); do \ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ symlink.$(SHLIB_TARGET); \ libs="$$libs -l$$i"; \ done @@ -421,13 +300,13 @@ link-shared: build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): - @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ + if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ libs="$(LIBKRB5) $$libs"; \ fi; \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ - LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ - LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \ + LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ LIBDEPS="$$libs $(EX_LIBS)" \ link_a.$(SHLIB_TARGET); \ libs="-l$$i $$libs"; \ @@ -436,7 +315,7 @@ do_$(SHLIB_TARGET): libcrypto.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ @@ -449,7 +328,7 @@ libcrypto.pc: Makefile libssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -462,7 +341,7 @@ libssl.pc: Makefile openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -504,32 +383,32 @@ links: @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) @set -e; target=links; $(RECURSIVE_BUILD_CMD) - @if [ -z "$(FIPSCANLIB)" ]; then \ - set -e; target=links; dir=fips ; $(BUILD_CMD) ; \ - fi gentests: @(cd test && echo "generating dummy tests (if needed)..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate ); + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on generate ); dclean: - rm -f *.bak + rm -rf *.bak include/openssl certs/.0 @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time -rehash.time: certs - @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) - touch rehash.time +rehash.time: certs apps + @if [ -z "$(CROSS_COMPILE)" ]; then \ + (OPENSSL="`pwd`/util/opensslwrap.sh"; \ + [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) && \ + touch rehash.time; \ + else :; fi test: tests tests: rehash @(cd test && echo "testing..." && \ - $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - util/opensslwrap.sh version -a + $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests ); + OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a report: @$(PERL) util/selftest.pl @@ -562,6 +441,8 @@ crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h +crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num + $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h apps/openssl-vms.cnf: apps/openssl.cnf $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf @@ -574,7 +455,7 @@ TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend +update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar @@ -605,8 +486,8 @@ tar-snap: dist: $(PERL) Configure dist @$(MAKE) dist_pem_h - @$(MAKE) SDIRS='${SDIRS}' clean - @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar + @$(MAKE) SDIRS='$(SDIRS)' clean + @$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -615,9 +496,9 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ @@ -632,10 +513,10 @@ install_sw: do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ fi; \ done; @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ @@ -645,22 +526,32 @@ install_sw: if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ else \ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ fi ); \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + ( case $$i in \ + *crypto*) i=libeay32.dll;; \ + *ssl*) i=ssleay32.dll;; \ + esac; \ + echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + fi; \ fi; \ done; \ ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ @@ -669,12 +560,33 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + +install_html_docs: + here="`pwd`"; \ + for subdir in apps crypto ssl; do \ + mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + for i in doc/$$subdir/*.pod; do \ + fn=`basename $$i .pod`; \ + echo "installing html/$$fn.$(HTMLSUFFIX)"; \ + cat $$i \ + | sed -r 's/L<([^)]*)(\([0-9]\))?\|([^)]*)(\([0-9]\))?>/L<\1|\3>/g' \ + | pod2html --podroot=doc --htmlroot=.. --podpath=apps:crypto:ssl \ + | sed -r 's/ $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + grep -v $$filecase "^$$fn\$$" | \ + (cd $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + while read n; do \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$(HTMLSUFFIX) "$$n".$(HTMLSUFFIX); \ + done); \ + done; \ + done install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ -682,7 +594,7 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ @@ -702,7 +614,7 @@ install_docs: (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done; \ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ @@ -719,7 +631,7 @@ install_docs: (grep -v "[ ]"; true) | \ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \ while read n; do \ - $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ + PLATFORM=$(PLATFORM) $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \ done); \ done diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS index 37156fc593..3a787ea06c 100644 --- a/src/lib/libssl/src/NEWS +++ b/src/lib/libssl/src/NEWS @@ -5,6 +5,63 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: + + o Fix for security issue CVE-2010-1633. + o GOST MAC and CFB fixes. + + Major changes between OpenSSL 0.9.8n and OpenSSL 1.0: + + o RFC3280 path validation: sufficient to process PKITS tests. + o Integrated support for PVK files and keyblobs. + o Change default private key format to PKCS#8. + o CMS support: able to process all examples in RFC4134 + o Streaming ASN1 encode support for PKCS#7 and CMS. + o Multiple signer and signer add support for PKCS#7 and CMS. + o ASN1 printing support. + o Whirlpool hash algorithm added. + o RFC3161 time stamp support. + o New generalised public key API supporting ENGINE based algorithms. + o New generalised public key API utilities. + o New ENGINE supporting GOST algorithms. + o SSL/TLS GOST ciphersuite support. + o PKCS#7 and CMS GOST support. + o RFC4279 PSK ciphersuite support. + o Supported points format extension for ECC ciphersuites. + o ecdsa-with-SHA224/256/384/512 signature types. + o dsa-with-SHA224 and dsa-with-SHA256 signature types. + o Opaque PRF Input TLS extension support. + o Updated time routines to avoid OS limitations. + + Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: + + o Fix for security issue CVE-2010-0742. + o Various DTLS fixes. + o Recognise SHA2 certificates if only SSL algorithms added. + o Fix for no-rc4 compilation. + o Chil ENGINE unload workaround. + + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + + o CFB cipher definition fixes. + o Fix security issues CVE-2010-0740 and CVE-2010-0433. + + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + + o Cipher definition fixes. + o Workaround for slow RAND_poll() on some WIN32 versions. + o Remove MD2 from algorithm tables. + o SPKAC handling fixes. + o Support for RFC5746 TLS renegotiation extension. + o Compression memory leak fixed. + o Compression session resumption fixed. + o Ticket and SNI coexistence fixes. + o Many fixes to DTLS handling. + + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + + o Temporary work around for CVE-2009-3555: disable renegotiation. + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: o Fix various build issues. @@ -143,6 +200,11 @@ o Added initial support for Win64. o Added alternate pkg-config files. + Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m: + + o FIPS 1.1.1 module linking. + o Various ciphersuite selection fixes. + Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l: o Introduce limits to prevent malicious key DoS (CVE-2006-2940) diff --git a/src/lib/libssl/src/Netware/build.bat b/src/lib/libssl/src/Netware/build.bat index 823134bda1..3125c2a487 100644 --- a/src/lib/libssl/src/Netware/build.bat +++ b/src/lib/libssl/src/Netware/build.bat @@ -159,6 +159,8 @@ cd ..\..\.. echo SHA1 cd crypto\sha\asm perl sha1-586.pl %ASM_MODE% > s1-nw.asm +perl sha256-586.pl %ASM_MODE% > sha256-nw.asm +perl sha512-586.pl %ASM_MODE% > sha512-nw.asm cd ..\..\.. echo RIPEMD160 @@ -171,6 +173,11 @@ cd crypto\rc5\asm perl rc5-586.pl %ASM_MODE% > r5-nw.asm cd ..\..\.. +echo WHIRLPOOL +cd crypto\whrlpool\asm +perl wp-mmx.pl %ASM_MODE% > wp-nw.asm +cd ..\..\.. + echo CPUID cd crypto perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README index 99a6a7b4bf..c1d0a5fd52 100644 --- a/src/lib/libssl/src/README +++ b/src/lib/libssl/src/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.8k + OpenSSL 1.0.0a 1 Jun 2010 - Copyright (c) 1998-2008 The OpenSSL Project + Copyright (c) 1998-2010 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -112,8 +112,6 @@ should be contacted if that algorithm is to be used; their web page is http://www.ascom.ch/. - The MDC2 algorithm is patented by IBM. - NTT and Mitsubishi have patents and pending patents on the Camellia algorithm, but allow use at no charge without requiring an explicit licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html @@ -139,6 +137,9 @@ SUPPORT ------- + See the OpenSSL website www.openssl.org for details of how to obtain + commercial technical support. + If you have any problems with OpenSSL then please take the following steps first: @@ -165,6 +166,10 @@ openssl-bugs@openssl.org + Note that the request tracker should NOT be used for general assistance + or support queries. Just because something doesn't work the way you expect + does not mean it is necessarily a bug in OpenSSL. + Note that mail to openssl-bugs@openssl.org is recorded in the publicly readable request tracker database and is forwarded to a public mailing list. Confidential mail may be sent to openssl-security@openssl.org @@ -175,10 +180,22 @@ Development is coordinated on the openssl-dev mailing list (see http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-dev@openssl.org with + would like to submit a patch, send it to openssl-bugs@openssl.org with the string "[PATCH]" in the subject. Please be sure to include a textual explanation of what your patch does. + If you are unsure as to whether a feature will be useful for the general + OpenSSL community please discuss it on the openssl-dev mailing list first. + Someone may be already working on the same thing or there may be a good + reason as to why that feature isn't implemented. + + Patches should be as up to date as possible, preferably relative to the + current CVS or the last snapshot. They should follow the coding style of + OpenSSL and compile without warnings. Some of the core team developer targets + can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL + compiles on many varied platforms: try to ensure you only use portable + features. + Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov (formerly BXA) with a copy to the ENC Encryption Request Coordinator; diff --git a/src/lib/libssl/src/VMS/install.com b/src/lib/libssl/src/VMS/install.com index f62635f24d..9c9c0e1e27 100644 --- a/src/lib/libssl/src/VMS/install.com +++ b/src/lib/libssl/src/VMS/install.com @@ -12,6 +12,14 @@ $ WRITE SYS$OUTPUT "Should be the directory where you want things installed. $ EXIT $ ENDIF $ +$ IF (F$GETSYI("CPU").LT.128) +$ THEN +$ ARCH := VAX +$ ELSE +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" +$ ENDIF +$ $ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - @@ -19,13 +27,7 @@ $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - $ ROOT = ROOT_DEV + "[" + ROOT_DIR $ $ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] -$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB] $ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] -$ DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE] -$ DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE] -$ DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS] -$ DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[000000] @@ -39,7 +41,7 @@ $ IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN - $ $ OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM $ WRITE SYS$OUTPUT "%OPEN-I-CREATED, ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created." -$ WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999" +$ WRITE SF "$! Startup file for Openssl" $ WRITE SF "$!" $ WRITE SF "$! Do not edit this file, as it will be regenerated during next installation." $ WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM" @@ -47,8 +49,13 @@ $ WRITE SF "$!" $ WRITE SF "$! P1 a qualifier to DEFINE. For example ""/SYSTEM"" to get the logical names" $ WRITE SF "$! defined in the system logical name table." $ WRITE SF "$!" -$ WRITE SF "$ ARCH = ""VAX""" -$ WRITE SF "$ IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA""" +$ WRITE SF "$ IF (F$GETSYI(""CPU"").LT.128)" +$ WRITE SF "$ THEN" +$ WRITE SF "$ ARCH := VAX" +$ WRITE SF "$ ELSE" +$ WRITE SF "$ ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")" +$ WRITE SF "$ IF (ARCH .EQS. """") THEN ARCH = ""UNK""" +$ WRITE SF "$ ENDIF" $ WRITE SF "$ DEFINE/NOLOG'P1 SSLROOT ",ROOT,".] /TRANS=CONC" $ WRITE SF "$ DEFINE/NOLOG'P1 SSLLIB SSLROOT:['ARCH'_LIB]" $ WRITE SF "$ DEFINE/NOLOG'P1 SSLINCLUDE SSLROOT:[INCLUDE]" diff --git a/src/lib/libssl/src/VMS/mkshared.com b/src/lib/libssl/src/VMS/mkshared.com index 1356fb9dd7..c8acd2adeb 100644 --- a/src/lib/libssl/src/VMS/mkshared.com +++ b/src/lib/libssl/src/VMS/mkshared.com @@ -3,10 +3,10 @@ $! $! No command line parameters. This should be run at the start of the source $! tree (the same directory where one finds INSTALL.VMS). $! -$! Input: [.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB -$! [.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB -$! Output: [.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE -$! [.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE +$! Input: [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB +$! [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB +$! Output: [.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE +$! [.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE $! $! So far, tests have only been made on VMS for Alpha. VAX will come in time. $! =========================================================================== @@ -19,31 +19,41 @@ $ write sys$error "ERROR: Couldn't find any library version info..." $ exit $ endif $ -$ if f$getsyi("CPU") .ge. 128 +$ if (f$getsyi("cpu").lt.128) $ then +$ arch := VAX +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$ +$ if arch .nes. "VAX" +$ then +$ arch_vax = 0 $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" -$ libdir = "[.AXP.EXE.CRYPTO]" +$ libdir = "[.''ARCH'.EXE.CRYPTO]" $ libolb = "''libdir'LIBCRYPTO.OLB" $ libopt = "''libdir'LIBCRYPTO.OPT" $ libmap = "''libdir'LIBCRYPTO.MAP" $ libgoal= "''libdir'LIBCRYPTO.EXE" $ libref = "" -$ gosub create_axp_shr +$ gosub create_nonvax_shr $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" -$ libdir = "[.AXP.EXE.SSL]" +$ libdir = "[.''ARCH'.EXE.SSL]" $ libolb = "''libdir'LIBSSL.OLB" $ libopt = "''libdir'LIBSSL.OPT" $ libmap = "''libdir'LIBSSL.MAP" $ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE" -$ gosub create_axp_shr +$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" +$ gosub create_nonvax_shr $ else +$ arch_vax = 1 $ libtit = "CRYPTO_TRANSFER_VECTOR" $ libid = "Crypto" $ libnum = "[.UTIL]LIBEAY.NUM" -$ libdir = "[.VAX.EXE.CRYPTO]" +$ libdir = "[.''ARCH'.EXE.CRYPTO]" $ libmar = "''libdir'LIBCRYPTO.MAR" $ libolb = "''libdir'LIBCRYPTO.OLB" $ libopt = "''libdir'LIBCRYPTO.OPT" @@ -56,22 +66,22 @@ $ gosub create_vax_shr $ libtit = "SSL_TRANSFER_VECTOR" $ libid = "SSL" $ libnum = "[.UTIL]SSLEAY.NUM" -$ libdir = "[.VAX.EXE.SSL]" +$ libdir = "[.''ARCH'.EXE.SSL]" $ libmar = "''libdir'LIBSSL.MAR" $ libolb = "''libdir'LIBSSL.OLB" $ libopt = "''libdir'LIBSSL.OPT" $ libobj = "''libdir'LIBSSL.OBJ" $ libmap = "''libdir'LIBSSL.MAP" $ libgoal= "''libdir'LIBSSL.EXE" -$ libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE" +$ libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE" $ libvec = "LIBSSL" $ gosub create_vax_shr $ endif $ exit $ -$! ----- Soubroutines to actually build the shareable libraries -$! The way things work, there's a main shareable library creator for each -$! supported architecture, which is called from the main code above. +$! ----- Soubroutines to build the shareable libraries +$! For each supported architecture, there's a main shareable library +$! creator, which is called from the main code above. $! The creator will define a number of variables to tell the next levels of $! subroutines what routines to use to write to the option files, call the $! main processor, read_func_num, and when that is done, it will write version @@ -97,10 +107,10 @@ $! read_func_num depends on the following variables from the creator: $! libwriter The name of the writer routine to call for each .num file line $! ----- $ -$! ----- Subroutines for AXP +$! ----- Subroutines for non-VAX $! ----- $! The creator routine -$ create_axp_shr: +$ create_nonvax_shr: $ open/write opt 'libopt' $ write opt "identification=""",libid," ",libverstr,"""" $ write opt libolb,"/lib" @@ -108,7 +118,7 @@ $ if libref .nes. "" then write opt libref,"/SHARE" $ write opt "SYMBOL_VECTOR=(-" $ libfirstentry := true $ libwrch := opt -$ libwriter := write_axp_transfer_entry +$ libwriter := write_nonvax_transfer_entry $ textcount = 0 $ gosub read_func_num $ write opt ")" @@ -118,7 +128,7 @@ $ link/map='libmap'/full/share='libgoal' 'libopt'/option $ return $ $! The record writer routine -$ write_axp_transfer_entry: +$ write_nonvax_transfer_entry: $ if libentry .eqs. ".dummy" then return $ if info_kind .eqs. "VARIABLE" $ then @@ -144,7 +154,7 @@ $ libfirstentry := false $ textcount = textcount + textcount_this $ return $ -$! ----- Subroutines for AXP +$! ----- Subroutines for VAX $! ----- $! The creator routine $ create_vax_shr: @@ -264,8 +274,15 @@ $ truesum = truesum + 1 $ if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then - $ falsesum = falsesum + 1 $ endif -$ if plat_entry .eqs. "VMS" then truesum = truesum + 1 -$ if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1 +$! +$ if ((plat_entry .eqs. "VMS") .or. - + (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then - + truesum = truesum + 1 +$! +$ if ((plat_entry .eqs. "!VMS") .or. - + (arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then - + falsesum = falsesum + 1 +$! $ goto loop1 $ endif $ endloop1: diff --git a/src/lib/libssl/src/VMS/openssl_utils.com b/src/lib/libssl/src/VMS/openssl_utils.com index ddc107394f..64f4915104 100644 --- a/src/lib/libssl/src/VMS/openssl_utils.com +++ b/src/lib/libssl/src/VMS/openssl_utils.com @@ -8,31 +8,39 @@ $! $! $! Slightly modified by Richard Levitte $! +$! +$! Always define OPENSSL. Others are optional (non-null P1). +$! $ OPENSSL :== $SSLEXE:OPENSSL -$ VERIFY :== $SSLEXE:OPENSSL VERIFY -$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS -$ REQ :== $SSLEXE:OPENSSL REQ -$ DGST :== $SSLEXE:OPENSSL DGST -$ DH :== $SSLEXE:OPENSSL DH -$ ENC :== $SSLEXE:OPENSSL ENC -$ GENDH :== $SSLEXE:OPENSSL GENDH -$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR -$ CA :== $SSLEXE:OPENSSL CA -$ CRL :== $SSLEXE:OPENSSL CRL -$ RSA :== $SSLEXE:OPENSSL RSA -$ DSA :== $SSLEXE:OPENSSL DSA -$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM -$ X509 :== $SSLEXE:OPENSSL X509 -$ GENRSA :== $SSLEXE:OPENSSL GENRSA -$ GENDSA :== $SSLEXE:OPENSSL GENDSA -$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER -$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT -$ SPEED :== $SSLEXE:OPENSSL SPEED -$ S_TIME :== $SSLEXE:OPENSSL S_TIME -$ VERSION :== $SSLEXE:OPENSSL VERSION -$ PKCS7 :== $SSLEXE:OPENSSL PKCS7 -$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7 -$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID -$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS -$ NSEQ :== $SSLEXE:OPENSSL NSEQ -$ PKCS12 :== $SSLEXE:OPENSSL PKCS12 +$ +$ IF (P1 .NES. "") +$ THEN +$ VERIFY :== $SSLEXE:OPENSSL VERIFY +$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS +$! REQ could conflict with REQUEST. +$ OREQ :== $SSLEXE:OPENSSL REQ +$ DGST :== $SSLEXE:OPENSSL DGST +$ DH :== $SSLEXE:OPENSSL DH +$ ENC :== $SSLEXE:OPENSSL ENC +$ GENDH :== $SSLEXE:OPENSSL GENDH +$ ERRSTR :== $SSLEXE:OPENSSL ERRSTR +$ CA :== $SSLEXE:OPENSSL CA +$ CRL :== $SSLEXE:OPENSSL CRL +$ RSA :== $SSLEXE:OPENSSL RSA +$ DSA :== $SSLEXE:OPENSSL DSA +$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM +$ X509 :== $SSLEXE:OPENSSL X509 +$ GENRSA :== $SSLEXE:OPENSSL GENRSA +$ GENDSA :== $SSLEXE:OPENSSL GENDSA +$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER +$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT +$ SPEED :== $SSLEXE:OPENSSL SPEED +$ S_TIME :== $SSLEXE:OPENSSL S_TIME +$ VERSION :== $SSLEXE:OPENSSL VERSION +$ PKCS7 :== $SSLEXE:OPENSSL PKCS7 +$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7 +$ SESS_ID :== $SSLEXE:OPENSSL SESS_ID +$ CIPHERS :== $SSLEXE:OPENSSL CIPHERS +$ NSEQ :== $SSLEXE:OPENSSL NSEQ +$ PKCS12 :== $SSLEXE:OPENSSL PKCS12 +$ ENDIF diff --git a/src/lib/libssl/src/apps/CA.com b/src/lib/libssl/src/apps/CA.com index 02682e424a..69b7bb3fd8 100644 --- a/src/lib/libssl/src/apps/CA.com +++ b/src/lib/libssl/src/apps/CA.com @@ -114,8 +114,8 @@ $! $ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" $ THEN $ READ '__INPUT' FILE - - /PROMT="CA certificate filename (or enter to create)" -$ IF F$SEARCH(FILE) .NES. "" + /PROMPT="CA certificate filename (or enter to create)" +$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") $ THEN $ COPY 'FILE' 'CATOP'.private'CAKEY' $ RET=$STATUS diff --git a/src/lib/libssl/src/apps/CA.sh b/src/lib/libssl/src/apps/CA.sh index a0b20d85a9..7ad6b8c52e 100644 --- a/src/lib/libssl/src/apps/CA.sh +++ b/src/lib/libssl/src/apps/CA.sh @@ -5,10 +5,10 @@ # things easier between now and when Eric is convinced to fix it :-) # # CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request -# CA -sign ... will sign the generated request and output +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output # -# At the end of that grab newreq.pem and newcert.pem (one has the key +# At the end of that grab newreq.pem and newcert.pem (one has the key # and the other the certificate) and cat them together and that is what # you want/need ... I'll make even this a little cleaner later. # @@ -16,8 +16,8 @@ # 12-Jan-96 tjh Added more things ... including CA -signcert which # converts a certificate to a request and then signs it. # 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG -# environment variable so this can be driven from -# a script. +# environment variable so this can be driven from +# a script. # 25-Jul-96 eay Cleaned up filenames some more. # 11-Jun-96 eay Fixed a few filename missmatches. # 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. @@ -29,52 +29,87 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +cp_pem() { + infile=$1 + outfile=$2 + bound=$3 + flag=0 + exec <$infile; + while read line; do + if [ $flag -eq 1 ]; then + echo $line|grep "^-----END.*$bound" 2>/dev/null 1>/dev/null + if [ $? -eq 0 ] ; then + echo $line >>$outfile + break + else + echo $line >>$outfile + fi + fi + + echo $line|grep "^-----BEGIN.*$bound" 2>/dev/null 1>/dev/null + if [ $? -eq 0 ]; then + echo $line >$outfile + flag=1 + fi + done +} + +usage() { + echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2 +} if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi -DAYS="-days 365" # 1 year +if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi # 1 year CADAYS="-days 1095" # 3 years REQ="$OPENSSL req $SSLEAY_CONFIG" CA="$OPENSSL ca $SSLEAY_CONFIG" VERIFY="$OPENSSL verify" X509="$OPENSSL x509" +PKCS12="openssl pkcs12" -CATOP=./demoCA +if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi CAKEY=./cakey.pem CAREQ=./careq.pem CACERT=./cacert.pem -for i -do -case $i in +RET=0 + +while [ "$1" != "" ] ; do +case $1 in -\?|-h|-help) - echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2 + usage exit 0 ;; --newcert) +-newcert) # create a certificate $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS RET=$? echo "Certificate is in newcert.pem, private key is in newkey.pem" ;; --newreq) +-newreq) # create a certificate request $REQ -new -keyout newkey.pem -out newreq.pem $DAYS RET=$? echo "Request is in newreq.pem, private key is in newkey.pem" ;; --newca) +-newreq-nodes) + # create a certificate request + $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS + RET=$? + echo "Request (and private key) is in newreq.pem" + ;; +-newca) # if explicitly asked for or it doesn't exist then setup the directory - # structure that Eric likes to manage things + # structure that Eric likes to manage things NEW="1" if [ "$NEW" -o ! -f ${CATOP}/serial ]; then # create the directory hierarchy - mkdir ${CATOP} - mkdir ${CATOP}/certs - mkdir ${CATOP}/crl - mkdir ${CATOP}/newcerts - mkdir ${CATOP}/private - echo "00" > ${CATOP}/serial + mkdir -p ${CATOP} + mkdir -p ${CATOP}/certs + mkdir -p ${CATOP}/crl + mkdir -p ${CATOP}/newcerts + mkdir -p ${CATOP}/private touch ${CATOP}/index.txt fi if [ ! -f ${CATOP}/private/$CAKEY ]; then @@ -83,37 +118,60 @@ case $i in # ask user for existing CA certificate if [ "$FILE" ]; then - cp $FILE ${CATOP}/private/$CAKEY + cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE + cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE RET=$? + if [ ! -f "${CATOP}/serial" ]; then + $X509 -in ${CATOP}/$CACERT -noout -next_serial \ + -out ${CATOP}/serial + fi else echo "Making CA certificate ..." $REQ -new -keyout ${CATOP}/private/$CAKEY \ -out ${CATOP}/$CAREQ - $CA -out ${CATOP}/$CACERT $CADAYS -batch \ + $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \ -keyfile ${CATOP}/private/$CAKEY -selfsign \ - -infiles ${CATOP}/$CAREQ + -extensions v3_ca \ + -infiles ${CATOP}/$CAREQ RET=$? fi fi ;; -xsign) - $CA -policy policy_anything -infiles newreq.pem + $CA -policy policy_anything -infiles newreq.pem RET=$? ;; --sign|-signreq) +-pkcs12) + if [ -z "$2" ] ; then + CNAME="My Certificate" + else + CNAME="$2" + fi + $PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \ + -out newcert.p12 -export -name "$CNAME" + RET=$? + exit $RET + ;; +-sign|-signreq) $CA -policy policy_anything -out newcert.pem -infiles newreq.pem RET=$? cat newcert.pem echo "Signed certificate is in newcert.pem" ;; --signcert) +-signCA) + $CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem + RET=$? + echo "Signed CA certificate is in newcert.pem" + ;; +-signcert) echo "Cert passphrase will be requested twice - bug?" $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem $CA -policy policy_anything -out newcert.pem -infiles tmp.pem + RET=$? cat newcert.pem echo "Signed certificate is in newcert.pem" ;; --verify) +-verify) shift if [ -z "$1" ]; then $VERIFY -CAfile $CATOP/$CACERT newcert.pem @@ -127,13 +185,14 @@ case $i in fi done fi - exit 0 + exit $RET ;; *) - echo "Unknown arg $i"; + echo "Unknown arg $i" >&2 + usage exit 1 ;; esac +shift done exit $RET - diff --git a/src/lib/libssl/src/apps/Makefile b/src/lib/libssl/src/apps/Makefile index 402981aede..fa32d2d7e7 100644 --- a/src/lib/libssl/src/apps/Makefile +++ b/src/lib/libssl/src/apps/Makefile @@ -31,15 +31,15 @@ LIBSSL=-L.. -lssl PROGRAM= openssl -SCRIPTS=CA.sh CA.pl +SCRIPTS=CA.sh CA.pl tsget EXE= $(PROGRAM)$(EXE_EXT) E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \ ca crl rsa rsautl dsa dsaparam ec ecparam \ - x509 genrsa gendsa s_server s_client speed \ + x509 genrsa gendsa genpkey s_server s_client speed \ s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \ - pkcs8 spkac smime rand engine ocsp prime + pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts PROGS= $(PROGRAM).c @@ -53,18 +53,18 @@ RAND_SRC=app_rand.c E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \ ca.o pkcs7.o crl2p7.o crl.o \ rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \ - x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ + x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ - ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \ - ocsp.o prime.o cms.o + ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \ + spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \ pkcs7.c crl2p7.c crl.c \ rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \ - x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ + x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ - ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \ - ocsp.c prime.c cms.c + ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \ + spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c SRC=$(E_SRC) @@ -137,9 +137,10 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f CA.pl clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + rm -f *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) rm -f req $(DLIBSSL): @@ -152,18 +153,13 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ - elif [ -n "$(FIPSCANLIB)" ]; then \ - FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ fi; \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ - [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ - CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ link_app.$${shlib_target} - -(cd ..; \ - OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \ - $(PERL) tools/c_rehash certs) + @(cd ..; $(MAKE) rehash) progs.h: progs.pl $(PERL) progs.pl $(E_EXE) >progs.h @@ -176,150 +172,149 @@ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h -app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h -app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h +app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h +app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +app_rand.o: app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h -apps.o: ../include/openssl/evp.h ../include/openssl/fips.h -apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h -apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -apps.o: ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h +apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h +apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +apps.o: ../include/openssl/sha.h ../include/openssl/stack.h +apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +apps.o: ../include/openssl/ui.h ../include/openssl/x509.h +apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h -asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h -asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h -asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h -asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c +asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h +asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +asn1pars.o: asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ca.o: ../include/openssl/engine.h ../include/openssl/err.h -ca.o: ../include/openssl/evp.h ../include/openssl/fips.h -ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ca.o: ../include/openssl/sha.h ../include/openssl/stack.h +ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ca.o: ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h -ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h -ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h -ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h +ciphers.o: ../include/openssl/buffer.h ../include/openssl/comp.h +ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c +ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +ciphers.o: ciphers.c cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h -cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -cms.o: ../include/openssl/evp.h ../include/openssl/fips.h -cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h -cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c +cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h +cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h +cms.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +cms.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +cms.o: ../include/openssl/engine.h ../include/openssl/err.h +cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h +cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +cms.o: ../include/openssl/pem.h ../include/openssl/pem2.h +cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +cms.o: ../include/openssl/sha.h ../include/openssl/stack.h +cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +cms.o: ../include/openssl/x509v3.h apps.h cms.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl.o: ../include/openssl/err.h ../include/openssl/evp.h -crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h -crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -crl.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl.o: ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h -crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h -crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h -crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c +crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h +crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +crl2p7.o: crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dgst.o: ../include/openssl/err.h ../include/openssl/evp.h -dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h -dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c +dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h +dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dgst.o: ../include/openssl/x509v3.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -327,16 +322,15 @@ dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dh.o: ../include/openssl/err.h ../include/openssl/evp.h -dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h -dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -dh.o: ../include/openssl/sha.h ../include/openssl/stack.h -dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dh.o: ../include/openssl/x509v3.h apps.h dh.c +dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -344,16 +338,15 @@ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dsa.o: ../include/openssl/err.h ../include/openssl/evp.h -dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h -dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dsa.o: ../include/openssl/x509v3.h apps.h dsa.c +dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -361,15 +354,14 @@ dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h -dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h -dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h -dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h +dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h @@ -380,40 +372,38 @@ ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ec.o: ../include/openssl/err.h ../include/openssl/evp.h -ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h -ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ec.o: ../include/openssl/sha.h ../include/openssl/stack.h -ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ec.o: ../include/openssl/x509v3.h apps.h ec.c +ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h -ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h -ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -ecparam.o: ecparam.c +ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h -enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -enc.o: ../include/openssl/err.h ../include/openssl/evp.h -enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h +enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h +enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h +enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +enc.o: ../include/openssl/engine.h ../include/openssl/err.h +enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h @@ -424,49 +414,47 @@ enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h -engine.o: ../include/openssl/comp.h ../include/openssl/conf.h -engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -engine.o: ../include/openssl/engine.h ../include/openssl/err.h -engine.o: ../include/openssl/evp.h ../include/openssl/fips.h +engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h +engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h +engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +engine.o: ../include/openssl/err.h ../include/openssl/evp.h engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h -engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -engine.o: ../include/openssl/x509v3.h apps.h engine.c +engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h +engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +engine.o: engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h -errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -errstr.o: ../include/openssl/engine.h ../include/openssl/err.h -errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h +errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h +errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h +errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +errstr.o: ../include/openssl/err.h ../include/openssl/evp.h errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -errstr.o: ../include/openssl/x509v3.h apps.h errstr.c +errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +errstr.o: errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -474,15 +462,14 @@ gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h gendh.o: ../include/openssl/engine.h ../include/openssl/err.h -gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h -gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h -gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendh.o: ../include/openssl/stack.h ../include/openssl/store.h +gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h +gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h +gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h @@ -494,16 +481,32 @@ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h -gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h -gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c +gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +gendsa.o: gendsa.c +genpkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +genpkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h +genpkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +genpkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +genpkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +genpkey.o: ../include/openssl/err.h ../include/openssl/evp.h +genpkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +genpkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +genpkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +genpkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +genpkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genpkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genpkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +genpkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +genpkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +genpkey.o: genpkey.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -511,15 +514,14 @@ genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h -genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h -genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h -genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h +genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h @@ -530,16 +532,15 @@ nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h nseq.o: ../include/openssl/err.h ../include/openssl/evp.h -nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h -nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h -nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h -nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -nseq.o: ../include/openssl/x509v3.h apps.h nseq.c +nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h +nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -547,14 +548,13 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h -ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h -ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h +ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h @@ -563,27 +563,26 @@ ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h -openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h -openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -openssl.o: ../include/openssl/engine.h ../include/openssl/err.h -openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h +openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h +openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +openssl.o: ../include/openssl/err.h ../include/openssl/evp.h openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h @@ -591,97 +590,142 @@ passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h passwd.o: ../include/openssl/err.h ../include/openssl/evp.h -passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h -passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h -passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h -passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -passwd.o: ../include/openssl/x509v3.h apps.h passwd.c +passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h +passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h +passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +passwd.o: passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h -pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -pkcs12.o: pkcs12.c +pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h -pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c +pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkcs7.o: pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h -pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h -pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -pkcs8.o: pkcs8.c +pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c +pkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkey.o: ../include/openssl/err.h ../include/openssl/evp.h +pkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h pkey.c +pkeyparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkeyparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkeyparam.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkeyparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkeyparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkeyparam.o: ../include/openssl/err.h ../include/openssl/evp.h +pkeyparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkeyparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkeyparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkeyparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkeyparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkeyparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkeyparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkeyparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkeyparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkeyparam.o: pkeyparam.c +pkeyutl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +pkeyutl.o: ../include/openssl/buffer.h ../include/openssl/conf.h +pkeyutl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +pkeyutl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +pkeyutl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +pkeyutl.o: ../include/openssl/err.h ../include/openssl/evp.h +pkeyutl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +pkeyutl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +pkeyutl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +pkeyutl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +pkeyutl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +pkeyutl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkeyutl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkeyutl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkeyutl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkeyutl.o: pkeyutl.c prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h prime.o: ../include/openssl/engine.h ../include/openssl/evp.h -prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h -prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -prime.o: ../include/openssl/sha.h ../include/openssl/stack.h -prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -prime.o: ../include/openssl/x509v3.h apps.h prime.c +prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h +prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +prime.o: prime.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rand.o: ../include/openssl/err.h ../include/openssl/evp.h -rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h -rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c +rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h +rand.o: ../include/openssl/sha.h ../include/openssl/stack.h +rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rand.o: ../include/openssl/x509v3.h apps.h rand.c req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h req.o: ../include/openssl/bn.h ../include/openssl/buffer.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -689,15 +733,14 @@ req.o: ../include/openssl/dh.h ../include/openssl/dsa.h req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h req.o: ../include/openssl/engine.h ../include/openssl/err.h -req.o: ../include/openssl/evp.h ../include/openssl/fips.h -req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -req.o: ../include/openssl/rand.h ../include/openssl/rsa.h -req.o: ../include/openssl/safestack.h ../include/openssl/sha.h -req.o: ../include/openssl/stack.h ../include/openssl/store.h +req.o: ../include/openssl/evp.h ../include/openssl/lhash.h +req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +req.o: ../include/openssl/pem.h ../include/openssl/pem2.h +req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +req.o: ../include/openssl/sha.h ../include/openssl/stack.h req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h req.o: ../include/openssl/ui.h ../include/openssl/x509.h req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c @@ -707,49 +750,46 @@ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h rsa.o: ../include/openssl/engine.h ../include/openssl/err.h -rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h -rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rsa.o: ../include/openssl/x509v3.h apps.h rsa.c +rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h +rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h -rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h -rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -rsautl.o: rsautl.c +rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h +rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h -s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_cb.o: ../include/openssl/pqueue.h ../include/openssl/rand.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h @@ -764,14 +804,13 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h -s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h -s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h @@ -788,37 +827,35 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_server.o: ../include/openssl/engine.h ../include/openssl/err.h -s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h -s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/store.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h -s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_server.o: s_apps.h s_server.c timeouts.h +s_socket.o: ../e_os.h ../e_os2.h ../include/openssl/asn1.h +s_socket.o: ../include/openssl/bio.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h -s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h @@ -828,88 +865,87 @@ s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h s_socket.o: s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h -s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s_time.o: ../include/openssl/engine.h ../include/openssl/err.h -s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h +s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +s_time.o: ../include/openssl/err.h ../include/openssl/evp.h s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c +s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_time.o: s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h -sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h -sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h -sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h +sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h +sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h +sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c +sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h +sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +sess_id.o: sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h smime.o: ../include/openssl/err.h ../include/openssl/evp.h -smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h -smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h -smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -smime.o: ../include/openssl/sha.h ../include/openssl/stack.h -smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -smime.o: ../include/openssl/x509v3.h apps.h smime.c +smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h +smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +smime.o: smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h -speed.o: ../include/openssl/cast.h ../include/openssl/conf.h -speed.o: ../include/openssl/crypto.h ../include/openssl/des.h -speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h -speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -speed.o: ../include/openssl/engine.h ../include/openssl/err.h -speed.o: ../include/openssl/evp.h ../include/openssl/fips.h +speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h +speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h +speed.o: ../include/openssl/des.h ../include/openssl/des_old.h +speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +speed.o: ../include/openssl/err.h ../include/openssl/evp.h speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h -speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h -speed.o: ../include/openssl/md4.h ../include/openssl/md5.h +speed.o: ../include/openssl/lhash.h ../include/openssl/md4.h +speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h -speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h -speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h +speed.o: ../include/openssl/sha.h ../include/openssl/stack.h +speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h speed.o: speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h @@ -918,32 +954,50 @@ spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h spkac.o: ../include/openssl/err.h ../include/openssl/evp.h -spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h -spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h -spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h -spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -spkac.o: ../include/openssl/x509v3.h apps.h spkac.c +spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h +spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +spkac.o: spkac.c +ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ts.o: ../include/openssl/bn.h ../include/openssl/buffer.h +ts.o: ../include/openssl/conf.h ../include/openssl/crypto.h +ts.o: ../include/openssl/dh.h ../include/openssl/dsa.h +ts.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +ts.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +ts.o: ../include/openssl/engine.h ../include/openssl/err.h +ts.o: ../include/openssl/evp.h ../include/openssl/lhash.h +ts.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ts.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ts.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ts.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ts.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +ts.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ts.o: ../include/openssl/sha.h ../include/openssl/stack.h +ts.o: ../include/openssl/symhacks.h ../include/openssl/ts.h +ts.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ts.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h verify.o: ../include/openssl/err.h ../include/openssl/evp.h -verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h -verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h -verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -verify.o: ../include/openssl/sha.h ../include/openssl/stack.h -verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -verify.o: ../include/openssl/x509v3.h apps.h verify.c +verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h +verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +verify.o: verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -951,9 +1005,8 @@ version.o: ../include/openssl/crypto.h ../include/openssl/des.h version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -version.o: ../include/openssl/evp.h ../include/openssl/fips.h -version.o: ../include/openssl/idea.h ../include/openssl/lhash.h -version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h +version.o: ../include/openssl/evp.h ../include/openssl/idea.h +version.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h @@ -970,13 +1023,13 @@ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h x509.o: ../include/openssl/err.h ../include/openssl/evp.h -x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h -x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h -x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h -x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +x509.o: ../include/openssl/sha.h ../include/openssl/stack.h +x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +x509.o: ../include/openssl/x509v3.h apps.h x509.c diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index 498722a5a2..acc50df04e 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c @@ -109,12 +109,21 @@ * */ +#ifndef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 2 /* On VMS, you need to define this to get + the declaration of fileno(). The value + 2 is to make sure no function defined + in POSIX-2 is left undefined. */ +#endif #include #include #include +#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB) +#include +#endif #include -#include #include +#include #include #include #include @@ -138,6 +147,11 @@ #include "apps.h" #undef NON_MAIN +#ifdef _WIN32 +static int WIN32_rename(const char *from, const char *to); +#define rename(from,to) WIN32_rename((from),(to)) +#endif + typedef struct { const char *name; unsigned long flag; @@ -166,18 +180,23 @@ int args_from_file(char *file, int *argc, char **argv[]) static char *buf=NULL; static char **arg=NULL; char *p; - struct stat stbuf; - - if (stat(file,&stbuf) < 0) return(0); fp=fopen(file,"r"); if (fp == NULL) return(0); + if (fseek(fp,0,SEEK_END)==0) + len=ftell(fp), rewind(fp); + else len=-1; + if (len<=0) + { + fclose(fp); + return(0); + } + *argc=0; *argv=NULL; - len=(unsigned int)stbuf.st_size; if (buf != NULL) OPENSSL_free(buf); buf=(char *)OPENSSL_malloc(len+1); if (buf == NULL) return(0); @@ -242,18 +261,25 @@ int str2fmt(char *s) return(FORMAT_ASN1); else if ((*s == 'T') || (*s == 't')) return(FORMAT_TEXT); - else if ((*s == 'P') || (*s == 'p')) - return(FORMAT_PEM); - else if ((*s == 'N') || (*s == 'n')) - return(FORMAT_NETSCAPE); - else if ((*s == 'S') || (*s == 's')) - return(FORMAT_SMIME); + else if ((*s == 'N') || (*s == 'n')) + return(FORMAT_NETSCAPE); + else if ((*s == 'S') || (*s == 's')) + return(FORMAT_SMIME); + else if ((*s == 'M') || (*s == 'm')) + return(FORMAT_MSBLOB); else if ((*s == '1') || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0) || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0)) return(FORMAT_PKCS12); else if ((*s == 'E') || (*s == 'e')) return(FORMAT_ENGINE); + else if ((*s == 'P') || (*s == 'p')) + { + if (s[1] == 'V' || s[1] == 'v') + return FORMAT_PVK; + else + return(FORMAT_PEM); + } else return(FORMAT_UNDEF); } @@ -639,6 +665,15 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) BIO_printf(err, "Can't open file %s\n", arg + 5); return NULL; } +#if !defined(_WIN32) + /* + * Under _WIN32, which covers even Win64 and CE, file + * descriptors referenced by BIO_s_fd are not inherited + * by child process and therefore below is not an option. + * It could have been an option if bss_fd.c was operating + * on real Windows descriptors, such as those obtained + * with CreateFile. + */ } else if(!strncmp(arg, "fd:", 3)) { BIO *btmp; i = atoi(arg + 3); @@ -650,6 +685,7 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) /* Can't do BIO_gets on an fd BIO so add a buffering BIO */ btmp = BIO_new(BIO_f_buffer()); pwdbio = BIO_push(btmp, pwdbio); +#endif } else if(!strcmp(arg, "stdin")) { pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE); if(!pwdbio) { @@ -749,8 +785,6 @@ static int load_pkcs12(BIO *err, BIO *in, const char *desc, X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip) { - ASN1_HEADER *ah=NULL; - BUF_MEM *buf=NULL; X509 *x=NULL; BIO *cert; @@ -762,7 +796,9 @@ X509 *load_cert(BIO *err, const char *file, int format, if (file == NULL) { +#ifdef _IONBF setvbuf(stdin, NULL, _IONBF, 0); +#endif BIO_set_fp(cert,stdin,BIO_NOCLOSE); } else @@ -780,46 +816,21 @@ X509 *load_cert(BIO *err, const char *file, int format, x=d2i_X509_bio(cert,NULL); else if (format == FORMAT_NETSCAPE) { - const unsigned char *p,*op; - int size=0,i; - - /* We sort of have to do it this way because it is sort of nice - * to read the header first and check it, then - * try to read the certificate */ - buf=BUF_MEM_new(); - for (;;) - { - if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10))) - goto end; - i=BIO_read(cert,&(buf->data[size]),1024*10); - size+=i; - if (i == 0) break; - if (i < 0) - { - perror("reading certificate"); + NETSCAPE_X509 *nx; + nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL); + if (nx == NULL) goto end; - } - } - p=(unsigned char *)buf->data; - op=p; - /* First load the header */ - if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL) - goto end; - if ((ah->header == NULL) || (ah->header->data == NULL) || - (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data, - ah->header->length) != 0)) + if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data, + nx->header->length) != 0)) { + NETSCAPE_X509_free(nx); BIO_printf(err,"Error reading header on certificate\n"); goto end; } - /* header is ok, so now read the object */ - p=op; - ah->meth=X509_asn1_meth(); - if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL) - goto end; - x=(X509 *)ah->data; - ah->data=NULL; + x=nx->cert; + nx->cert = NULL; + NETSCAPE_X509_free(nx); } else if (format == FORMAT_PEM) x=PEM_read_bio_X509_AUX(cert,NULL, @@ -841,9 +852,7 @@ end: BIO_printf(err,"unable to load certificate\n"); ERR_print_errors(err); } - if (ah != NULL) ASN1_HEADER_free(ah); if (cert != NULL) BIO_free(cert); - if (buf != NULL) BUF_MEM_free(buf); return(x); } @@ -866,10 +875,17 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, if (format == FORMAT_ENGINE) { if (!e) - BIO_printf(bio_err,"no engine specified\n"); + BIO_printf(err,"no engine specified\n"); else + { pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); + if (!pkey) + { + BIO_printf(err,"cannot load %s from engine\n",key_descrip); + ERR_print_errors(err); + } + } goto end; } #endif @@ -881,7 +897,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, } if (file == NULL && maybe_stdin) { +#ifdef _IONBF setvbuf(stdin, NULL, _IONBF, 0); +#endif BIO_set_fp(key,stdin,BIO_NOCLOSE); } else @@ -912,6 +930,13 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, &pkey, NULL, NULL)) goto end; } +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4) + else if (format == FORMAT_MSBLOB) + pkey = b2i_PrivateKey_bio(key); + else if (format == FORMAT_PVK) + pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback, + &cb_data); +#endif else { BIO_printf(err,"bad input format specified for key file\n"); @@ -919,8 +944,11 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, } end: if (key != NULL) BIO_free(key); - if (pkey == NULL) + if (pkey == NULL) + { BIO_printf(err,"unable to load %s\n", key_descrip); + ERR_print_errors(err); + } return(pkey); } @@ -958,7 +986,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, } if (file == NULL && maybe_stdin) { +#ifdef _IONBF setvbuf(stdin, NULL, _IONBF, 0); +#endif BIO_set_fp(key,stdin,BIO_NOCLOSE); } else @@ -973,6 +1003,37 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, { pkey=d2i_PUBKEY_bio(key, NULL); } +#ifndef OPENSSL_NO_RSA + else if (format == FORMAT_ASN1RSA) + { + RSA *rsa; + rsa = d2i_RSAPublicKey_bio(key, NULL); + if (rsa) + { + pkey = EVP_PKEY_new(); + if (pkey) + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + else + pkey = NULL; + } + else if (format == FORMAT_PEMRSA) + { + RSA *rsa; + rsa = PEM_read_bio_RSAPublicKey(key, NULL, + (pem_password_cb *)password_callback, &cb_data); + if (rsa) + { + pkey = EVP_PKEY_new(); + if (pkey) + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + else + pkey = NULL; + } +#endif else if (format == FORMAT_PEM) { pkey=PEM_read_bio_PUBKEY(key,NULL, @@ -981,6 +1042,10 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC) pkey = load_netscape_key(err, key, file, key_descrip, format); +#endif +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) + else if (format == FORMAT_MSBLOB) + pkey = b2i_PublicKey_bio(key); #endif else { @@ -1040,76 +1105,120 @@ error: } #endif /* ndef OPENSSL_NO_RC4 */ -STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip) +static int load_certs_crls(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *desc, + STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls) { - BIO *certs; int i; - STACK_OF(X509) *othercerts = NULL; - STACK_OF(X509_INFO) *allcerts = NULL; + BIO *bio; + STACK_OF(X509_INFO) *xis = NULL; X509_INFO *xi; PW_CB_DATA cb_data; + int rv = 0; cb_data.password = pass; cb_data.prompt_info = file; - if((certs = BIO_new(BIO_s_file())) == NULL) + if (format != FORMAT_PEM) { - ERR_print_errors(err); - goto end; + BIO_printf(err,"bad input format specified for %s\n", desc); + return 0; } if (file == NULL) - BIO_set_fp(certs,stdin,BIO_NOCLOSE); + bio = BIO_new_fp(stdin,BIO_NOCLOSE); else + bio = BIO_new_file(file, "r"); + + if (bio == NULL) { - if (BIO_read_filename(certs,file) <= 0) - { - BIO_printf(err, "Error opening %s %s\n", - cert_descrip, file); - ERR_print_errors(err); + BIO_printf(err, "Error opening %s %s\n", + desc, file ? file : "stdin"); + ERR_print_errors(err); + return 0; + } + + xis = PEM_X509_INFO_read_bio(bio, NULL, + (pem_password_cb *)password_callback, &cb_data); + + BIO_free(bio); + + if (pcerts) + { + *pcerts = sk_X509_new_null(); + if (!*pcerts) goto end; - } } - if (format == FORMAT_PEM) + if (pcrls) { - othercerts = sk_X509_new_null(); - if(!othercerts) - { - sk_X509_free(othercerts); - othercerts = NULL; + *pcrls = sk_X509_CRL_new_null(); + if (!*pcrls) goto end; + } + + for(i = 0; i < sk_X509_INFO_num(xis); i++) + { + xi = sk_X509_INFO_value (xis, i); + if (xi->x509 && pcerts) + { + if (!sk_X509_push(*pcerts, xi->x509)) + goto end; + xi->x509 = NULL; } - allcerts = PEM_X509_INFO_read_bio(certs, NULL, - (pem_password_cb *)password_callback, &cb_data); - for(i = 0; i < sk_X509_INFO_num(allcerts); i++) + if (xi->crl && pcrls) { - xi = sk_X509_INFO_value (allcerts, i); - if (xi->x509) - { - sk_X509_push(othercerts, xi->x509); - xi->x509 = NULL; - } + if (!sk_X509_CRL_push(*pcrls, xi->crl)) + goto end; + xi->crl = NULL; } - goto end; } - else { - BIO_printf(err,"bad input format specified for %s\n", - cert_descrip); - goto end; - } -end: - if (othercerts == NULL) + + if (pcerts && sk_X509_num(*pcerts) > 0) + rv = 1; + + if (pcrls && sk_X509_CRL_num(*pcrls) > 0) + rv = 1; + + end: + + if (xis) + sk_X509_INFO_pop_free(xis, X509_INFO_free); + + if (rv == 0) { - BIO_printf(err,"unable to load certificates\n"); + if (pcerts) + { + sk_X509_pop_free(*pcerts, X509_free); + *pcerts = NULL; + } + if (pcrls) + { + sk_X509_CRL_pop_free(*pcrls, X509_CRL_free); + *pcrls = NULL; + } + BIO_printf(err,"unable to load %s\n", + pcerts ? "certificates" : "CRLs"); ERR_print_errors(err); } - if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free); - if (certs != NULL) BIO_free(certs); - return(othercerts); + return rv; } +STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *desc) + { + STACK_OF(X509) *certs; + load_certs_crls(err, file, format, pass, e, desc, &certs, NULL); + return certs; + } + +STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *desc) + { + STACK_OF(X509_CRL) *crls; + load_certs_crls(err, file, format, pass, e, desc, NULL, &crls); + return crls; + } #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) /* Return error for unknown extensions */ @@ -1396,6 +1505,10 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) int load_config(BIO *err, CONF *cnf) { + static int load_config_called = 0; + if (load_config_called) + return 1; + load_config_called = 1; if (!cnf) cnf = config; if (!cnf) @@ -1429,7 +1542,7 @@ char *make_config_name() return p; } -static unsigned long index_serial_hash(const char **a) +static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) { const char *n; @@ -1438,7 +1551,7 @@ static unsigned long index_serial_hash(const char **a) return(lh_strhash(n)); } -static int index_serial_cmp(const char **a, const char **b) +static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) { const char *aa,*bb; @@ -1450,17 +1563,16 @@ static int index_serial_cmp(const char **a, const char **b) static int index_name_qual(char **a) { return(a[0][0] == 'V'); } -static unsigned long index_name_hash(const char **a) +static unsigned long index_name_hash(const OPENSSL_CSTRING *a) { return(lh_strhash(a[DB_name])); } -int index_name_cmp(const char **a, const char **b) - { return(strcmp(a[DB_name], - b[DB_name])); } +int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) + { return(strcmp(a[DB_name], b[DB_name])); } -static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) -static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **) -static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **) +static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) +static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) +static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) +static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 @@ -1588,7 +1700,6 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) { char buf[5][BSIZE]; int i,j; - struct stat sb; i = strlen(serialfile) + strlen(old_suffix); j = strlen(serialfile) + strlen(new_suffix); @@ -1613,30 +1724,21 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); #endif - if (stat(serialfile,&sb) < 0) - { - if (errno != ENOENT +#ifdef RL_DEBUG + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + serialfile, buf[1]); +#endif + if (rename(serialfile,buf[1]) < 0 && errno != ENOENT #ifdef ENOTDIR && errno != ENOTDIR #endif - ) - goto err; - } - else - { -#ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", - serialfile, buf[1]); -#endif - if (rename(serialfile,buf[1]) < 0) - { + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", serialfile, buf[1]); perror("reason"); goto err; } - } #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0],serialfile); @@ -1703,10 +1805,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; } if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL) - { - if (tmpdb != NULL) TXT_DB_free(tmpdb); goto err; - } #ifndef OPENSSL_SYS_VMS BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); @@ -1767,8 +1866,8 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) int index_index(CA_DB *db) { if (!TXT_DB_create_index(db->db, DB_serial, NULL, - LHASH_HASH_FN(index_serial_hash), - LHASH_COMP_FN(index_serial_cmp))) + LHASH_HASH_FN(index_serial), + LHASH_COMP_FN(index_serial))) { BIO_printf(bio_err, "error creating serial number index:(%ld,%ld,%ld)\n", @@ -1778,8 +1877,8 @@ int index_index(CA_DB *db) if (db->attributes.unique_subject && !TXT_DB_create_index(db->db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name_hash), - LHASH_COMP_FN(index_name_cmp))) + LHASH_HASH_FN(index_name), + LHASH_COMP_FN(index_name))) { BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n", db->db->error,db->db->arg1,db->db->arg2); @@ -1859,7 +1958,6 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf { char buf[5][BSIZE]; int i,j; - struct stat sb; i = strlen(dbfile) + strlen(old_suffix); j = strlen(dbfile) + strlen(new_suffix); @@ -1903,30 +2001,21 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); #endif - if (stat(dbfile,&sb) < 0) - { - if (errno != ENOENT -#ifdef ENOTDIR - && errno != ENOTDIR -#endif - ) - goto err; - } - else - { #ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", - dbfile, buf[1]); + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + dbfile, buf[1]); #endif - if (rename(dbfile,buf[1]) < 0) - { + if (rename(dbfile,buf[1]) < 0 && errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR +#endif + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]); perror("reason"); goto err; } - } #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0],dbfile); @@ -1940,23 +2029,15 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf rename(buf[1],dbfile); goto err; } - if (stat(buf[4],&sb) < 0) - { - if (errno != ENOENT -#ifdef ENOTDIR - && errno != ENOTDIR -#endif - ) - goto err; - } - else - { #ifdef RL_DEBUG - BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", - buf[4],buf[3]); + BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", + buf[4],buf[3]); #endif - if (rename(buf[4],buf[3]) < 0) - { + if (rename(buf[4],buf[3]) < 0 && errno != ENOENT +#ifdef ENOTDIR + && errno != ENOTDIR +#endif + ) { BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]); @@ -1965,7 +2046,6 @@ int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suf rename(buf[1],dbfile); goto err; } - } #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2],buf[4]); @@ -2160,52 +2240,13 @@ error: return NULL; } -/* This code MUST COME AFTER anything that uses rename() */ -#ifdef OPENSSL_SYS_WIN32 -int WIN32_rename(const char *from, const char *to) - { -#ifndef OPENSSL_SYS_WINCE - /* Windows rename gives an error if 'to' exists, so delete it - * first and ignore file not found errror - */ - if((remove(to) != 0) && (errno != ENOENT)) - return -1; -#undef rename - return rename(from, to); -#else - /* convert strings to UNICODE */ - { - BOOL result = FALSE; - WCHAR* wfrom; - WCHAR* wto; - int i; - wfrom = malloc((strlen(from)+1)*2); - wto = malloc((strlen(to)+1)*2); - if (wfrom != NULL && wto != NULL) - { - for (i=0; i<(int)strlen(from)+1; i++) - wfrom[i] = (short)from[i]; - for (i=0; i<(int)strlen(to)+1; i++) - wto[i] = (short)to[i]; - result = MoveFile(wfrom, wto); - } - if (wfrom != NULL) - free(wfrom); - if (wto != NULL) - free(wto); - return result; - } -#endif - } -#endif - int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm) { ASN1_OBJECT *otmp = NULL; unsigned long flags = 0; int i; - int purpose = 0; + int purpose = 0, depth = -1; char **oldargs = *pargs; char *arg = **pargs, *argn = (*pargs)[1]; if (!strcmp(arg, "-policy")) @@ -2245,6 +2286,21 @@ int args_verify(char ***pargs, int *pargc, } (*pargs)++; } + else if (strcmp(arg,"-verify_depth") == 0) + { + if (!argn) + *badarg = 1; + else + { + depth = atoi(argn); + if(depth < 0) + { + BIO_printf(err, "invalid depth\n"); + *badarg = 1; + } + } + (*pargs)++; + } else if (!strcmp(arg, "-ignore_critical")) flags |= X509_V_FLAG_IGNORE_CRITICAL; else if (!strcmp(arg, "-issuer_checks")) @@ -2257,10 +2313,20 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_POLICY_CHECK; else if (!strcmp(arg, "-explicit_policy")) flags |= X509_V_FLAG_EXPLICIT_POLICY; + else if (!strcmp(arg, "-inhibit_any")) + flags |= X509_V_FLAG_INHIBIT_ANY; + else if (!strcmp(arg, "-inhibit_map")) + flags |= X509_V_FLAG_INHIBIT_MAP; else if (!strcmp(arg, "-x509_strict")) flags |= X509_V_FLAG_X509_STRICT; + else if (!strcmp(arg, "-extended_crl")) + flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT; + else if (!strcmp(arg, "-use_deltas")) + flags |= X509_V_FLAG_USE_DELTAS; else if (!strcmp(arg, "-policy_print")) flags |= X509_V_FLAG_NOTIFY_POLICY; + else if (!strcmp(arg, "-check_ss_sig")) + flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; else return 0; @@ -2286,6 +2352,9 @@ int args_verify(char ***pargs, int *pargc, if (purpose) X509_VERIFY_PARAM_set_purpose(*pm, purpose); + if (depth >= 0) + X509_VERIFY_PARAM_set_depth(*pm, depth); + end: (*pargs)++; @@ -2297,6 +2366,61 @@ int args_verify(char ***pargs, int *pargc, } +/* Read whole contents of a BIO into an allocated memory buffer and + * return it. + */ + +int bio_to_mem(unsigned char **out, int maxlen, BIO *in) + { + BIO *mem; + int len, ret; + unsigned char tbuf[1024]; + mem = BIO_new(BIO_s_mem()); + if (!mem) + return -1; + for(;;) + { + if ((maxlen != -1) && maxlen < 1024) + len = maxlen; + else + len = 1024; + len = BIO_read(in, tbuf, len); + if (len <= 0) + break; + if (BIO_write(mem, tbuf, len) != len) + { + BIO_free(mem); + return -1; + } + maxlen -= len; + + if (maxlen == 0) + break; + } + ret = BIO_get_mem_data(mem, (char **)out); + BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); + BIO_free(mem); + return ret; + } + +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value) + { + int rv; + char *stmp, *vtmp = NULL; + stmp = BUF_strdup(value); + if (!stmp) + return -1; + vtmp = strchr(stmp, ':'); + if (vtmp) + { + *vtmp = 0; + vtmp++; + } + rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); + OPENSSL_free(stmp); + return rv; + } + static void nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes) { @@ -2338,7 +2462,7 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) BIO_free(out); } -#ifndef OPENSSL_NO_JPAKE +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) static JPAKE_CTX *jpake_init(const char *us, const char *them, const char *secret) @@ -2521,17 +2645,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret) jpake_send_step3a(bconn, ctx); jpake_receive_step3b(ctx, bconn); - /* - * The problem is that you must use the derived key in the - * session key or you are subject to man-in-the-middle - * attacks. - */ - BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" - " be MitMed. See the version in HEAD for how to do it" - " properly)\n"); + BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); + + psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); BIO_free(bconn); + + JPAKE_CTX_free(ctx); } void jpake_server_auth(BIO *out, BIO *conn, const char *secret) @@ -2553,17 +2674,340 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) jpake_receive_step3a(ctx, bconn); jpake_send_step3b(bconn, ctx); - /* - * The problem is that you must use the derived key in the - * session key or you are subject to man-in-the-middle - * attacks. - */ - BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" - " be MitMed. See the version in HEAD for how to do it" - " properly)\n"); + BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); + + psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); BIO_free(bconn); + + JPAKE_CTX_free(ctx); + } + +#endif + +/* + * Platform-specific sections + */ +#if defined(_WIN32) +# ifdef fileno +# undef fileno +# define fileno(a) (int)_fileno(a) +# endif + +# include +# include + +static int WIN32_rename(const char *from, const char *to) + { + TCHAR *tfrom=NULL,*tto; + DWORD err; + int ret=0; + + if (sizeof(TCHAR) == 1) + { + tfrom = (TCHAR *)from; + tto = (TCHAR *)to; + } + else /* UNICODE path */ + { + size_t i,flen=strlen(from)+1,tlen=strlen(to)+1; + tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen)); + if (tfrom==NULL) goto err; + tto=tfrom+flen; +#if !defined(_WIN32_WCE) || _WIN32_WCE>=101 + if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen)) +#endif + for (i=0;i=101 + if (!MultiByteToWideChar(CP_ACP,0,to, tlen,(WCHAR *)tto, tlen)) +#endif + for (i=0;i + +double app_tminterval(int stop,int usertime) + { + double ret=0; + static clock_t tmstart; + static int warning=1; + + if (usertime && warning) + { + BIO_printf(bio_err,"To get meaningful results, run " + "this program on idle system.\n"); + warning=0; + } + + if (stop==TM_START) tmstart = clock(); + else ret = (clock()-tmstart)/(double)CLOCKS_PER_SEC; + + return (ret); + } + +#elif defined(OPENSSL_SYSTEM_VXWORKS) +#include + +double app_tminterval(int stop,int usertime) + { + double ret=0; +#ifdef CLOCK_REALTIME + static struct timespec tmstart; + struct timespec now; +#else + static unsigned long tmstart; + unsigned long now; +#endif + static int warning=1; + + if (usertime && warning) + { + BIO_printf(bio_err,"To get meaningful results, run " + "this program on idle system.\n"); + warning=0; + } + +#ifdef CLOCK_REALTIME + clock_gettime(CLOCK_REALTIME,&now); + if (stop==TM_START) tmstart = now; + else ret = ( (now.tv_sec+now.tv_nsec*1e-9) + - (tmstart.tv_sec+tmstart.tv_nsec*1e-9) ); +#else + now = tickGet(); + if (stop==TM_START) tmstart = now; + else ret = (now - tmstart)/(double)sysClkRateGet(); +#endif + return (ret); + } + +#elif defined(OPENSSL_SYSTEM_VMS) +#include +#include + +double app_tminterval(int stop,int usertime) + { + static clock_t tmstart; + double ret = 0; + clock_t now; +#ifdef __TMS + struct tms rus; + + now = times(&rus); + if (usertime) now = rus.tms_utime; +#else + if (usertime) + now = clock(); /* sum of user and kernel times */ + else { + struct timeval tv; + gettimeofday(&tv,NULL); + now = (clock_t)( + (unsigned long long)tv.tv_sec*CLK_TCK + + (unsigned long long)tv.tv_usec*(1000000/CLK_TCK) + ); + } +#endif + if (stop==TM_START) tmstart = now; + else ret = (now - tmstart)/(double)(CLK_TCK); + + return (ret); + } + +#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ +#include + +double app_tminterval(int stop,int usertime) + { + double ret = 0; + struct tms rus; + clock_t now = times(&rus); + static clock_t tmstart; + + if (usertime) now = rus.tms_utime; + + if (stop==TM_START) tmstart = now; + else + { + long int tck = sysconf(_SC_CLK_TCK); + ret = (now - tmstart)/(double)tck; + } + + return (ret); + } + +#else +#include +#include + +double app_tminterval(int stop,int usertime) + { + double ret = 0; + struct rusage rus; + struct timeval now; + static struct timeval tmstart; + + if (usertime) getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime; + else gettimeofday(&now,NULL); + + if (stop==TM_START) tmstart = now; + else ret = ( (now.tv_sec+now.tv_usec*1e-6) + - (tmstart.tv_sec+tmstart.tv_usec*1e-6) ); + + return ret; } +#endif + +/* app_isdir section */ +#ifdef _WIN32 +int app_isdir(const char *name) + { + HANDLE hList; + WIN32_FIND_DATA FileData; +#if defined(UNICODE) || defined(_UNICODE) + size_t i, len_0 = strlen(name)+1; + if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0])) + return -1; + +#if !defined(_WIN32_WCE) || _WIN32_WCE>=101 + if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0)) +#endif + for (i=0;i +#ifndef S_ISDIR +# if defined(_S_IFMT) && defined(_S_IFDIR) +# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +# else +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +# endif +#endif + +int app_isdir(const char *name) + { +#if defined(S_ISDIR) + struct stat st; + + if (stat(name,&st)==0) return S_ISDIR(st.st_mode); + else return -1; +#else + return -1; +#endif + } +#endif + +/* raw_read|write section */ +#if defined(_WIN32) && defined(STD_INPUT_HANDLE) +int raw_read_stdin(void *buf,int siz) + { + DWORD n; + if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL)) + return (n); + else return (-1); + } +#else +int raw_read_stdin(void *buf,int siz) + { return read(fileno(stdin),buf,siz); } +#endif + +#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE) +int raw_write_stdout(const void *buf,int siz) + { + DWORD n; + if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL)) + return (n); + else return (-1); + } +#else +int raw_write_stdout(const void *buf,int siz) + { return write(fileno(stdout),buf,siz); } #endif diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index 88579094b1..596a39aceb 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h @@ -137,11 +137,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, * (see e_os.h). The string is * destroyed! */ -#ifdef OPENSSL_SYS_WIN32 -#define rename(from,to) WIN32_rename((from),(to)) -int WIN32_rename(const char *oldname,const char *newname); -#endif - #ifndef MONOLITH #define MAIN(a,v) main(a,v) @@ -149,11 +144,9 @@ int WIN32_rename(const char *oldname,const char *newname); #ifndef NON_MAIN CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #else extern CONF *config; extern BIO *bio_err; -extern int in_FIPS_mode; #endif #else @@ -162,7 +155,6 @@ extern int in_FIPS_mode; extern CONF *config; extern char *default_config_file; extern BIO *bio_err; -extern int in_FIPS_mode; #endif @@ -176,61 +168,37 @@ extern int in_FIPS_mode; #define do_pipe_sig() #endif +#ifdef OPENSSL_NO_COMP +#define zlib_cleanup() +#else +#define zlib_cleanup() COMP_zlib_cleanup() +#endif + #if defined(MONOLITH) && !defined(OPENSSL_C) # define apps_startup() \ do_pipe_sig() # define apps_shutdown() #else # ifndef OPENSSL_NO_ENGINE -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) -# else -# define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ +# define apps_startup() \ + do { do_pipe_sig(); CRYPTO_malloc_init(); \ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) -# endif -# else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) -# endif # define apps_shutdown() \ do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) + OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ + ERR_free_strings(); zlib_cleanup();} while(0) # else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ +# define apps_startup() \ + do { do_pipe_sig(); CRYPTO_malloc_init(); \ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ setup_ui_method(); } while(0) -# else -# define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - setup_ui_method(); } while(0) -# endif -# else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); \ - setup_ui_method(); } while(0) -# endif # define apps_shutdown() \ do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) + OBJ_cleanup(); EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \ + ERR_free_strings(); zlib_cleanup(); } while(0) # endif #endif @@ -240,6 +208,7 @@ extern int in_FIPS_mode; # define openssl_fdset(a,b) FD_SET(a, b) #endif + typedef struct args_st { char **data; @@ -282,6 +251,8 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); +STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format, + const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); #ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); @@ -290,6 +261,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug); #ifndef OPENSSL_NO_OCSP OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, char *host, char *path, char *port, int use_ssl, + STACK_OF(CONF_VALUE) *headers, int req_timeout); #endif @@ -331,13 +303,23 @@ int index_index(CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db); int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix); void free_index(CA_DB *db); -int index_name_cmp(const char **a, const char **b); +#define index_name_cmp_noconst(a, b) \ + index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ + (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) +int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); int parse_yesno(const char *str, int def); X509_NAME *parse_name(char *str, long chtype, int multirdn); int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); +int bio_to_mem(unsigned char **out, int maxlen, BIO *in); +int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value); +int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, + const char *algname, ENGINE *e, int do_param); +#ifndef OPENSSL_NO_PSK +extern char *psk_key; +#endif #ifndef OPENSSL_NO_JPAKE void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret); @@ -353,6 +335,10 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret); #define FORMAT_ENGINE 7 #define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid * adding yet another param to load_*key() */ +#define FORMAT_PEMRSA 9 /* PEM RSAPubicKey format */ +#define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ +#define FORMAT_MSBLOB 11 /* MS Key blob format */ +#define FORMAT_PVK 12 /* MS PVK file format */ #define EXT_COPY_NONE 0 #define EXT_COPY_ADD 1 @@ -364,4 +350,11 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret); #define SERIAL_RAND_BITS 64 +int app_isdir(const char *); +int raw_read_stdin(void *,int); +int raw_write_stdout(const void *,int); + +#define TM_START 0 +#define TM_STOP 1 +double app_tminterval (int stop,int usertime); #endif diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c index bde61d02d1..b5d65e725b 100644 --- a/src/lib/libssl/src/apps/asn1pars.c +++ b/src/lib/libssl/src/apps/asn1pars.c @@ -96,7 +96,7 @@ int MAIN(int argc, char **argv) unsigned char *tmpbuf; const unsigned char *ctmpbuf; BUF_MEM *buf=NULL; - STACK *osk=NULL; + STACK_OF(OPENSSL_STRING) *osk=NULL; ASN1_TYPE *at=NULL; informat=FORMAT_PEM; @@ -113,7 +113,7 @@ int MAIN(int argc, char **argv) prog=argv[0]; argc--; argv++; - if ((osk=sk_new_null()) == NULL) + if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto end; @@ -169,7 +169,7 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-strparse") == 0) { if (--argc < 1) goto bad; - sk_push(osk,*(++argv)); + sk_OPENSSL_STRING_push(osk,*(++argv)); } else if (strcmp(*argv,"-genstr") == 0) { @@ -302,18 +302,18 @@ bad: /* If any structs to parse go through in sequence */ - if (sk_num(osk)) + if (sk_OPENSSL_STRING_num(osk)) { tmpbuf=(unsigned char *)str; tmplen=num; - for (i=0; i #include #include -#include #include #include #include @@ -83,7 +82,7 @@ # else # include # endif -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) # include # endif #endif @@ -216,7 +215,6 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); -static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, @@ -227,7 +225,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); -static int check_time_format(char *str); +static int check_time_format(const char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, const char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); @@ -259,6 +257,7 @@ int MAIN(int argc, char **argv) int doupdatedb=0; long crldays=0; long crlhours=0; + long crlsec=0; long errorline= -1; char *configfile=NULL; char *md=NULL; @@ -306,7 +305,8 @@ int MAIN(int argc, char **argv) ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; char *f; - const char *p, **pp; + const char *p; + char * const *pp; int i,j; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; @@ -457,6 +457,11 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; crlhours= atol(*(++argv)); } + else if (strcmp(*argv,"-crlsec") == 0) + { + if (--argc < 1) goto bad; + crlsec = atol(*(++argv)); + } else if (strcmp(*argv,"-infiles") == 0) { argc--; @@ -550,8 +555,10 @@ bad: if (badops) { - for (pp=ca_usage; (*pp != NULL); pp++) - BIO_printf(bio_err,"%s",*pp); + const char **pp2; + + for (pp2=ca_usage; (*pp2 != NULL); pp2++) + BIO_printf(bio_err,"%s",*pp2); goto err; } @@ -826,7 +833,6 @@ bad: /* lookup where to write new certificates */ if ((outdir == NULL) && (req)) { - struct stat sb; if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) == NULL) @@ -845,27 +851,23 @@ bad: that to access(). However, time's too short to do that just now. */ +#ifndef _WIN32 if (access(outdir,R_OK|W_OK|X_OK) != 0) +#else + if (_access(outdir,R_OK|W_OK|X_OK) != 0) +#endif { BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); perror(outdir); goto err; } - if (stat(outdir,&sb) != 0) - { - BIO_printf(bio_err,"unable to stat(%s)\n",outdir); - perror(outdir); - goto err; - } -#ifdef S_IFDIR - if (!(sb.st_mode & S_IFDIR)) + if (app_isdir(outdir)<=0) { BIO_printf(bio_err,"%s need to be a directory\n",outdir); perror(outdir); goto err; } -#endif #endif } @@ -880,9 +882,9 @@ bad: if (db == NULL) goto err; /* Lets check some fields */ - for (i=0; idb->data); i++) + for (i=0; idb->data); i++) { - pp=(const char **)sk_value(db->db->data,i); + pp=sk_OPENSSL_PSTRING_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -935,7 +937,7 @@ bad: #endif TXT_DB_write(out,db->db); BIO_printf(bio_err,"%d entries loaded from the database\n", - db->db->data->num); + sk_OPENSSL_PSTRING_num(db->db->data)); BIO_printf(bio_err,"generating index\n"); } @@ -1026,6 +1028,17 @@ bad: goto err; } + if (!strcmp(md, "default")) + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) + { + BIO_puts(bio_err,"no default digest\n"); + goto err; + } + md = (char *)OBJ_nid2sn(def_nid); + } + if ((dgst=EVP_get_digestbyname(md)) == NULL) { BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); @@ -1095,9 +1108,9 @@ bad: if (startdate == NULL) ERR_clear_error(); } - if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) + if (startdate && !ASN1_TIME_set_string(NULL, startdate)) { - BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n"); + BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto err; } if (startdate == NULL) startdate="today"; @@ -1109,9 +1122,9 @@ bad: if (enddate == NULL) ERR_clear_error(); } - if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) + if (enddate && !ASN1_TIME_set_string(NULL, enddate)) { - BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n"); + BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); goto err; } @@ -1249,7 +1262,12 @@ bad: BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); (void)BIO_flush(bio_err); buf[0][0]='\0'; - fgets(buf[0],10,stdin); + if (!fgets(buf[0],10,stdin)) + { + BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); + ret=0; + goto err; + } if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) { BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); @@ -1366,7 +1384,7 @@ bad: goto err; } - if (!crldays && !crlhours) + if (!crldays && !crlhours && !crlsec) { if (!NCONF_get_number(conf,section, ENV_DEFAULT_CRL_DAYS, &crldays)) @@ -1375,7 +1393,7 @@ bad: ENV_DEFAULT_CRL_HOURS, &crlhours)) crlhours = 0; } - if ((crldays == 0) && (crlhours == 0)) + if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) { BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); goto err; @@ -1389,14 +1407,19 @@ bad: if (!tmptm) goto err; X509_gmtime_adj(tmptm,0); X509_CRL_set_lastUpdate(crl, tmptm); - X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60); + if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, + NULL)) + { + BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + goto err; + } X509_CRL_set_nextUpdate(crl, tmptm); ASN1_TIME_free(tmptm); - for (i=0; idb->data); i++) + for (i=0; idb->data); i++) { - pp=(const char **)sk_value(db->db->data,i); + pp=sk_OPENSSL_PSTRING_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1422,15 +1445,6 @@ bad: /* we now have a CRL */ if (verbose) BIO_printf(bio_err,"signing CRL\n"); -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - dgst=EVP_dss1(); - else -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - dgst=EVP_ecdsa(); -#endif /* Add any extensions asked for */ @@ -1463,6 +1477,12 @@ bad: if (crlnumberfile != NULL) /* we have a CRL number that need updating */ if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; + if (crlnumber) + { + BN_free(crlnumber); + crlnumber = NULL; + } + if (!X509_CRL_sign(crl,pkey,dgst)) goto err; PEM_write_bio_X509_CRL(Sout,crl); @@ -1515,6 +1535,7 @@ err: if (free_key && key) OPENSSL_free(key); BN_free(serial); + BN_free(crlnumber); free_index(db); EVP_PKEY_free(pkey); if (x509) X509_free(x509); @@ -1673,7 +1694,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, int ok= -1,i,j,last,nid; const char *p; CONF_VALUE *cv; - char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; + OPENSSL_STRING row[DB_NUMBER]; + OPENSSL_STRING *irow=NULL; + OPENSSL_STRING *rrow=NULL; char buf[25]; tmptm=ASN1_UTCTIME_new(); @@ -1915,7 +1938,9 @@ again2: if (db->attributes.unique_subject) { - rrow=TXT_DB_get_by_index(db->db,DB_name,row); + OPENSSL_STRING *crow=row; + + rrow=TXT_DB_get_by_index(db->db,DB_name,crow); if (rrow != NULL) { BIO_printf(bio_err, @@ -1991,11 +2016,11 @@ again2: if (strcmp(startdate,"today") == 0) X509_gmtime_adj(X509_get_notBefore(ret),0); - else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); + else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); if (enddate == NULL) - X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); - else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); + X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); + else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); if (!X509_set_subject_name(ret,subject)) goto err; @@ -2091,7 +2116,7 @@ again2: } BIO_printf(bio_err,"Certificate is to be certified until "); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); @@ -2101,7 +2126,12 @@ again2: BIO_printf(bio_err,"Sign the certificate? [y/n]:"); (void)BIO_flush(bio_err); buf[0]='\0'; - fgets(buf,sizeof(buf)-1,stdin); + if (!fgets(buf,sizeof(buf)-1,stdin)) + { + BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); + ok=0; + goto err; + } if (!((buf[0] == 'y') || (buf[0] == 'Y'))) { BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); @@ -2110,25 +2140,11 @@ again2: } } - -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); pktmp=X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - dgst = EVP_ecdsa(); - pktmp = X509_get_pubkey(ret); - if (EVP_PKEY_missing_parameters(pktmp) && - !EVP_PKEY_missing_parameters(pkey)) - EVP_PKEY_copy_parameters(pktmp, pkey); - EVP_PKEY_free(pktmp); -#endif - if (!X509_sign(ret,pkey,dgst)) goto err; @@ -2230,7 +2246,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, unsigned long nameopt, int default_op, int ext_copy) { STACK_OF(CONF_VALUE) *sk=NULL; - LHASH *parms=NULL; + LHASH_OF(CONF_VALUE) *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; @@ -2317,25 +2333,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, continue; } - /* - if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0)) - continue; - */ - - j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); - if (fix_data(nid, &j) == 0) - { - BIO_printf(bio_err, - "invalid characters in string %s\n",buf); - goto err; - } - - if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j, - (unsigned char *)buf, - strlen(buf))) == NULL) + if (!X509_NAME_add_entry_by_NID(n, nid, chtype, + (unsigned char *)buf, -1, -1, 0)) goto err; - - if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err; } if (spki == NULL) { @@ -2378,29 +2378,9 @@ err: return(ok); } -static int fix_data(int nid, int *type) +static int check_time_format(const char *str) { - if (nid == NID_pkcs9_emailAddress) - *type=V_ASN1_IA5STRING; - if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING)) - return(0); - if (nid == NID_pkcs9_unstructuredName) - *type=V_ASN1_IA5STRING; - return(1); - } - -static int check_time_format(char *str) - { - ASN1_UTCTIME tm; - - tm.data=(unsigned char *)str; - tm.length=strlen(str); - tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(&tm)); + return ASN1_TIME_set_string(NULL, str); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) @@ -2415,6 +2395,8 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[i]=NULL; row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); + if (!bn) + goto err; if (BN_is_zero(bn)) row[DB_serial]=BUF_strdup("00"); else @@ -2484,7 +2466,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) goto err; } - else if (index_name_cmp((const char **)row,(const char **)rrow)) + else if (index_name_cmp_noconst(row, rrow)) { BIO_printf(bio_err,"ERROR:name does not match %s\n", row[DB_name]); @@ -2633,9 +2615,9 @@ static int do_updatedb (CA_DB *db) else a_y2k = 0; - for (i = 0; i < sk_num(db->db->data); i++) + for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - rrow = (char **) sk_value(db->db->data, i); + rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); if (rrow[DB_type][0] == 'V') { @@ -2882,22 +2864,13 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) p=(char *)str->data; for (j=str->length; j>0; j--) { -#ifdef CHARSET_EBCDIC - if ((*p >= 0x20) && (*p <= 0x7e)) - BIO_printf(bp,"%c",os_toebcdic[*p]); -#else if ((*p >= ' ') && (*p <= '~')) BIO_printf(bp,"%c",*p); -#endif else if (*p & 0x80) BIO_printf(bp,"\\0x%02X",*p); else if ((unsigned char)*p == 0xf7) BIO_printf(bp,"^?"); -#ifdef CHARSET_EBCDIC - else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); -#else else BIO_printf(bp,"^%c",*p+'@'); -#endif p++; } BIO_printf(bp,"'\n"); diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c index 43f0ac594a..3d4c60db9e 100644 --- a/src/lib/libssl/src/apps/ciphers.c +++ b/src/lib/libssl/src/apps/ciphers.c @@ -71,7 +71,8 @@ static const char *ciphers_usage[]={ "usage: ciphers args\n", -" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", +" -V - even more verbose\n", " -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", " -tls1 - TLS1 mode\n", @@ -83,14 +84,14 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int ret=1,i; - int verbose=0; + int verbose=0,Verbose=0; const char **pp; const char *p; int badops=0; SSL_CTX *ctx=NULL; SSL *ssl=NULL; char *ciphers=NULL; - SSL_METHOD *meth=NULL; + const SSL_METHOD *meth=NULL; STACK_OF(SSL_CIPHER) *sk; char buf[512]; BIO *STDout=NULL; @@ -114,6 +115,8 @@ int MAIN(int argc, char **argv) STDout = BIO_push(tmpbio, STDout); } #endif + if (!load_config(bio_err, NULL)) + goto end; argc--; argv++; @@ -121,6 +124,8 @@ int MAIN(int argc, char **argv) { if (strcmp(*argv,"-v") == 0) verbose=1; + else if (strcmp(*argv,"-V") == 0) + verbose=Verbose=1; #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); @@ -179,15 +184,33 @@ int MAIN(int argc, char **argv) } BIO_printf(STDout,"\n"); } - else + else /* verbose */ { sk=SSL_get_ciphers(ssl); for (i=0; iid; + int id0 = (int)(id >> 24); + int id1 = (int)((id >> 16) & 0xffL); + int id2 = (int)((id >> 8) & 0xffL); + int id3 = (int)(id & 0xffL); + + if ((id & 0xff000000L) == 0x02000000L) + BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ + else if ((id & 0xff000000L) == 0x03000000L) + BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ + else + BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ + } + + BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); } } diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c index b2f2d121d5..bbc83774db 100644 --- a/src/lib/libssl/src/apps/crl2p7.c +++ b/src/lib/libssl/src/apps/crl2p7.c @@ -63,7 +63,6 @@ #include #include #include -#include #include "apps.h" #include #include @@ -93,7 +92,7 @@ int MAIN(int argc, char **argv) PKCS7 *p7 = NULL; PKCS7_SIGNED *p7s = NULL; X509_CRL *crl=NULL; - STACK *certflst=NULL; + STACK_OF(OPENSSL_STRING) *certflst=NULL; STACK_OF(X509_CRL) *crl_stack=NULL; STACK_OF(X509) *cert_stack=NULL; int ret=1,nocrl=0; @@ -141,8 +140,8 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-certfile") == 0) { if (--argc < 1) goto bad; - if(!certflst) certflst = sk_new_null(); - sk_push(certflst,*(++argv)); + if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(certflst,*(++argv)); } else { @@ -227,8 +226,8 @@ bad: if ((cert_stack=sk_X509_new_null()) == NULL) goto end; p7s->cert=cert_stack; - if(certflst) for(i = 0; i < sk_num(certflst); i++) { - certfile = sk_value(certflst, i); + if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { + certfile = sk_OPENSSL_STRING_value(certflst, i); if (add_certs_from_file(cert_stack,certfile) < 0) { BIO_printf(bio_err, "error loading certificates\n"); @@ -237,7 +236,7 @@ bad: } } - sk_free(certflst); + sk_OPENSSL_STRING_free(certflst); if (outfile == NULL) { @@ -295,19 +294,12 @@ end: */ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) { - struct stat st; BIO *in=NULL; int count=0; int ret= -1; STACK_OF(X509_INFO) *sk=NULL; X509_INFO *xi; - if ((stat(certfile,&st) != 0)) - { - BIO_printf(bio_err,"unable to load the file, %s\n",certfile); - goto end; - } - in=BIO_new(BIO_s_file()); if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) { diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c index 9ebfc22e79..9bf38ce73b 100644 --- a/src/lib/libssl/src/apps/dgst.c +++ b/src/lib/libssl/src/apps/dgst.c @@ -75,8 +75,29 @@ #define PROG dgst_main int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file,BIO *bmd); + +static void list_md_fn(const EVP_MD *m, + const char *from, const char *to, void *arg) + { + const char *mname; + /* Skip aliases */ + if (!m) + return; + mname = OBJ_nid2ln(EVP_MD_type(m)); + /* Skip shortnames */ + if (strcmp(from, mname)) + return; + /* Skip clones */ + if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) + return; + if (strchr(mname, ' ')) + mname= EVP_MD_name(m); + BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", + mname, mname); + } int MAIN(int, char **); @@ -89,7 +110,6 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*inp; BIO *bmd=NULL; BIO *out = NULL; - const char *name; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; int separator=0; @@ -101,16 +121,16 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; - unsigned int sig_flags = 0; char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif char *hmac_key=NULL; - int non_fips_allow = 0; + char *mac_name=NULL; + STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; apps_startup(); -ERR_load_crypto_strings(); + if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -135,6 +155,8 @@ ERR_load_crypto_strings(); if ((*argv)[0] != '-') break; if (strcmp(*argv,"-c") == 0) separator=1; + else if (strcmp(*argv,"-r") == 0) + separator=2; else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) break; @@ -169,27 +191,6 @@ ERR_load_crypto_strings(); keyfile=*(++argv); do_verify = 1; } - else if (strcmp(*argv,"-x931") == 0) - sig_flags = EVP_MD_CTX_FLAG_PAD_X931; - else if (strcmp(*argv,"-pss_saltlen") == 0) - { - int saltlen; - if (--argc < 1) break; - saltlen=atoi(*(++argv)); - if (saltlen == -1) - sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; - else if (saltlen == -2) - sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; - else if (saltlen < -2 || saltlen >= 0xFFFE) - { - BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen); - goto end; - } - else - sig_flags = saltlen; - sig_flags <<= 16; - sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; - } else if (strcmp(*argv,"-signature") == 0) { if (--argc < 1) break; @@ -205,6 +206,7 @@ ERR_load_crypto_strings(); { if (--argc < 1) break; engine= *(++argv); + e = setup_engine(bio_err, engine, 0); } #endif else if (strcmp(*argv,"-hex") == 0) @@ -213,16 +215,36 @@ ERR_load_crypto_strings(); out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow=1; - else if (!strcmp(*argv,"-fips-fingerprint")) - hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) { if (--argc < 1) break; hmac_key=*++argv; } + else if (!strcmp(*argv,"-mac")) + { + if (--argc < 1) + break; + mac_name=*++argv; + } + else if (strcmp(*argv,"-sigopt") == 0) + { + if (--argc < 1) + break; + if (!sigopts) + sigopts = sk_OPENSSL_STRING_new_null(); + if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) + break; + } + else if (strcmp(*argv,"-macopt") == 0) + { + if (--argc < 1) + break; + if (!macopts) + macopts = sk_OPENSSL_STRING_new_null(); + if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) + break; + } else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL) md=m; else @@ -231,12 +253,9 @@ ERR_load_crypto_strings(); argv++; } - if (md == NULL) - md=EVP_md5(); if(do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); - err = 1; goto end; } @@ -245,6 +264,7 @@ ERR_load_crypto_strings(); BIO_printf(bio_err,"unknown option '%s'\n",*argv); BIO_printf(bio_err,"options are\n"); BIO_printf(bio_err,"-c to output the digest with separating colons\n"); + BIO_printf(bio_err,"-r to output the digest in coreutils format\n"); BIO_printf(bio_err,"-d to output debug info\n"); BIO_printf(bio_err,"-hex output as hex dump\n"); BIO_printf(bio_err,"-binary output in binary form\n"); @@ -252,49 +272,20 @@ ERR_load_crypto_strings(); BIO_printf(bio_err,"-verify file verify a signature using public key in file\n"); BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n"); BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); + BIO_printf(bio_err,"-out filename output to filename rather than stdout\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); - BIO_printf(bio_err,"-binary output in binary form\n"); + BIO_printf(bio_err,"-sigopt nm:v signature parameter\n"); BIO_printf(bio_err,"-hmac key create hashed MAC with key\n"); + BIO_printf(bio_err,"-mac algorithm create MAC (not neccessarily HMAC)\n"); + BIO_printf(bio_err,"-macopt nm:v MAC algorithm parameters or key\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", - LN_md5,LN_md5); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_md4,LN_md4); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_md2,LN_md2); -#ifndef OPENSSL_NO_SHA - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha1,LN_sha1); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha,LN_sha); -#ifndef OPENSSL_NO_SHA256 - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha224,LN_sha224); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha256,LN_sha256); -#endif -#ifndef OPENSSL_NO_SHA512 - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha384,LN_sha384); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_sha512,LN_sha512); -#endif -#endif - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_mdc2,LN_mdc2); - BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", - LN_ripemd160,LN_ripemd160); - err=1; + EVP_MD_do_all_sorted(list_md_fn, bio_err); goto end; } -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); -#endif - in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); if (debug) @@ -317,8 +308,10 @@ ERR_load_crypto_strings(); } if(out_bin == -1) { - if(keyfile) out_bin = 1; - else out_bin = 0; + if(keyfile) + out_bin = 1; + else + out_bin = 0; } if(randfile) @@ -344,6 +337,11 @@ ERR_load_crypto_strings(); ERR_print_errors(bio_err); goto end; } + if ((!!mac_name + !!keyfile + !!hmac_key) > 1) + { + BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); + goto end; + } if(keyfile) { @@ -361,6 +359,101 @@ ERR_load_crypto_strings(); } } + if (mac_name) + { + EVP_PKEY_CTX *mac_ctx = NULL; + int r = 0; + if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0)) + goto mac_end; + if (macopts) + { + char *macopt; + for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) + { + macopt = sk_OPENSSL_STRING_value(macopts, i); + if (pkey_ctrl_string(mac_ctx, macopt) <= 0) + { + BIO_printf(bio_err, + "MAC parameter error \"%s\"\n", + macopt); + ERR_print_errors(bio_err); + goto mac_end; + } + } + } + if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) + { + BIO_puts(bio_err, "Error generating key\n"); + ERR_print_errors(bio_err); + goto mac_end; + } + r = 1; + mac_end: + if (mac_ctx) + EVP_PKEY_CTX_free(mac_ctx); + if (r == 0) + goto end; + } + + if (hmac_key) + { + sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e, + (unsigned char *)hmac_key, -1); + if (!sigkey) + goto end; + } + + if (sigkey) + { + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + int r; + if (!BIO_get_md_ctx(bmd, &mctx)) + { + BIO_printf(bio_err, "Error getting context\n"); + ERR_print_errors(bio_err); + goto end; + } + if (do_verify) + r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); + else + r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); + if (!r) + { + BIO_printf(bio_err, "Error setting context\n"); + ERR_print_errors(bio_err); + goto end; + } + if (sigopts) + { + char *sigopt; + for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) + { + sigopt = sk_OPENSSL_STRING_value(sigopts, i); + if (pkey_ctrl_string(pctx, sigopt) <= 0) + { + BIO_printf(bio_err, + "parameter error \"%s\"\n", + sigopt); + ERR_print_errors(bio_err); + goto end; + } + } + } + } + /* we use md as a filter, reading from 'in' */ + else + { + if (md == NULL) + md = EVP_md5(); + if (!BIO_set_md(bmd,md)) + { + BIO_printf(bio_err, "Error setting digest %s\n", pname); + ERR_print_errors(bio_err); + goto end; + } + } + if(sigfile && sigkey) { BIO *sigbio; sigbio = BIO_new_file(sigfile, "rb"); @@ -381,67 +474,51 @@ ERR_load_crypto_strings(); goto end; } } + inp=BIO_push(bmd,in); - if (non_fips_allow) - { - EVP_MD_CTX *md_ctx; - BIO_get_md_ctx(bmd,&md_ctx); - EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - } - - if (sig_flags) + if (md == NULL) { - EVP_MD_CTX *md_ctx; - BIO_get_md_ctx(bmd,&md_ctx); - EVP_MD_CTX_set_flags(md_ctx, sig_flags); + EVP_MD_CTX *tctx; + BIO_get_md_ctx(bmd, &tctx); + md = EVP_MD_CTX_md(tctx); } - /* we use md as a filter, reading from 'in' */ - if (!BIO_set_md(bmd,md)) - { - BIO_printf(bio_err, "Error setting digest %s\n", pname); - ERR_print_errors(bio_err); - goto end; - } - - inp=BIO_push(bmd,in); - if (argc == 0) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, - siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); + siglen,NULL,NULL,"stdin",bmd); } else { - name=OBJ_nid2sn(md->type); + const char *md_name = NULL, *sig_name = NULL; + if(!out_bin) + { + if (sigkey) + { + const EVP_PKEY_ASN1_METHOD *ameth; + ameth = EVP_PKEY_get0_asn1(sigkey); + if (ameth) + EVP_PKEY_asn1_get0_info(NULL, NULL, + NULL, NULL, &sig_name, ameth); + } + md_name = EVP_MD_name(md); + } err = 0; for (i=0; i 0) BIO_printf(out, "Verified OK\n"); else if(i == 0) @@ -516,25 +586,39 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, { EVP_MD_CTX *ctx; BIO_get_md_ctx(bp, &ctx); - if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) + len = BUFSIZE; + if(!EVP_DigestSignFinal(ctx, buf, &len)) { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); return 1; } } - else if(hmac_key) - { - HMAC_Final(&hmac_ctx,buf,&len); - HMAC_CTX_cleanup(&hmac_ctx); - } else + { len=BIO_gets(bp,(char *)buf,BUFSIZE); + if ((int)len <0) + { + ERR_print_errors(bio_err); + return 1; + } + } if(binout) BIO_write(out, buf, len); + else if (sep == 2) + { + for (i=0; i<(int)len; i++) + BIO_printf(out, "%02x",buf[i]); + BIO_printf(out, " *%s\n", file); + } else { - BIO_write(out,title,strlen(title)); + if (sig_name) + BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file); + else if (md_name) + BIO_printf(out, "%s(%s)= ", md_name, file); + else + BIO_printf(out, "(%s)= ", file); for (i=0; i<(int)len; i++) { if (sep && (i != 0)) @@ -543,10 +627,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } BIO_printf(out, "\n"); } - if (hmac_key) - { - BIO_set_md_ctx(bmd,md_ctx); - } return 0; } diff --git a/src/lib/libssl/src/apps/dh.c b/src/lib/libssl/src/apps/dh.c index c4d891e125..e9609d630d 100644 --- a/src/lib/libssl/src/apps/dh.c +++ b/src/lib/libssl/src/apps/dh.c @@ -349,4 +349,10 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#else /* !OPENSSL_NO_DH */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c index 04bd57c6e8..5fab29eb87 100644 --- a/src/lib/libssl/src/apps/dhparam.c +++ b/src/lib/libssl/src/apps/dhparam.c @@ -554,4 +554,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) return 1; } +#else /* !OPENSSL_NO_DH */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c index cbc1fe3f81..5222487ab9 100644 --- a/src/lib/libssl/src/apps/dsa.c +++ b/src/lib/libssl/src/apps/dsa.c @@ -112,6 +112,8 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; int modulus=0; + int pvk_encr = 2; + apps_startup(); if (bio_err == NULL) @@ -171,6 +173,12 @@ int MAIN(int argc, char **argv) engine= *(++argv); } #endif + else if (strcmp(*argv,"-pvk-strong") == 0) + pvk_encr=2; + else if (strcmp(*argv,"-pvk-weak") == 0) + pvk_encr=1; + else if (strcmp(*argv,"-pvk-none") == 0) + pvk_encr=0; else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -238,16 +246,30 @@ bad: goto end; } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); - if (out == NULL) + if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } + if (infile == NULL) + BIO_set_fp(in,stdin,BIO_NOCLOSE); + else + { + if (BIO_read_filename(in,infile) <= 0) + { + perror(infile); + goto end; + } + } + BIO_printf(bio_err,"read DSA key\n"); - { + + { EVP_PKEY *pkey; + if (pubin) pkey = load_pubkey(bio_err, infile, informat, 1, passin, e, "Public Key"); @@ -255,10 +277,12 @@ bad: pkey = load_key(bio_err, infile, informat, 1, passin, e, "Private Key"); - if (pkey != NULL) - dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - } + if (pkey) + { + dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_free(pkey); + } + } if (dsa == NULL) { BIO_printf(bio_err,"unable to load Key\n"); @@ -310,11 +334,24 @@ bad: i=PEM_write_bio_DSA_PUBKEY(out,dsa); else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc, NULL,0,NULL, passout); +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4) + } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { + EVP_PKEY *pk; + pk = EVP_PKEY_new(); + EVP_PKEY_set1_DSA(pk, dsa); + if (outformat == FORMAT_PVK) + i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); + else if (pubin || pubout) + i = i2b_PublicKey_bio(out, pk); + else + i = i2b_PrivateKey_bio(out, pk); + EVP_PKEY_free(pk); +#endif } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } - if (!i) + if (i <= 0) { BIO_printf(bio_err,"unable to write private key\n"); ERR_print_errors(bio_err); @@ -330,4 +367,10 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#else /* !OPENSSL_NO_DSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c index c301e81af1..4305a739b3 100644 --- a/src/lib/libssl/src/apps/dsaparam.c +++ b/src/lib/libssl/src/apps/dsaparam.c @@ -475,4 +475,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) #endif return 1; } +#else /* !OPENSSL_NO_DSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c index f4f9a4c4a4..3c2c91e920 100644 --- a/src/lib/libssl/src/apps/enc.c +++ b/src/lib/libssl/src/apps/enc.c @@ -67,6 +67,7 @@ #include #include #include +#include #include int set_hex(char *in,unsigned char *out,int size); @@ -116,6 +117,10 @@ int MAIN(int argc, char **argv) char *hkey=NULL,*hiv=NULL,*hsalt = NULL; char *md=NULL; int enc=1,printkey=0,i,base64=0; +#ifdef ZLIB + int do_zlib=0; + BIO *bzl = NULL; +#endif int debug=0,olb64=0,nosalt=0; const EVP_CIPHER *cipher=NULL,*c; EVP_CIPHER_CTX *ctx = NULL; @@ -127,7 +132,6 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif const EVP_MD *dgst=NULL; - int non_fips_allow = 0; apps_startup(); @@ -142,9 +146,18 @@ int MAIN(int argc, char **argv) program_name(argv[0],pname,sizeof pname); if (strcmp(pname,"base64") == 0) base64=1; +#ifdef ZLIB + if (strcmp(pname,"zlib") == 0) + do_zlib=1; +#endif cipher=EVP_get_cipherbyname(pname); +#ifdef ZLIB + if (!do_zlib && !base64 && (cipher == NULL) + && (strcmp(pname,"enc") != 0)) +#else if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0)) +#endif { BIO_printf(bio_err,"%s is an unknown cipher\n",pname); goto bad; @@ -200,6 +213,10 @@ int MAIN(int argc, char **argv) base64=1; else if (strcmp(*argv,"-base64") == 0) base64=1; +#ifdef ZLIB + else if (strcmp(*argv,"-z") == 0) + do_zlib=1; +#endif else if (strcmp(*argv,"-bufsize") == 0) { if (--argc < 1) goto bad; @@ -226,7 +243,12 @@ int MAIN(int argc, char **argv) goto bad; } buf[0]='\0'; - fgets(buf,sizeof buf,infile); + if (!fgets(buf,sizeof buf,infile)) + { + BIO_printf(bio_err,"unable to read key from '%s'\n", + file); + goto bad; + } fclose(infile); i=strlen(buf); if ((i > 0) && @@ -262,8 +284,6 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; md= *(++argv); } - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -286,9 +306,11 @@ bad: BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); + BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize "); + BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); #endif @@ -317,10 +339,7 @@ bad: if (dgst == NULL) { - if (in_FIPS_mode) - dgst = EVP_sha1(); - else - dgst = EVP_md5(); + dgst = EVP_md5(); } if (bufsize != NULL) @@ -452,6 +471,19 @@ bad: rbio=in; wbio=out; +#ifdef ZLIB + + if (do_zlib) + { + if ((bzl=BIO_new(BIO_f_zlib())) == NULL) + goto end; + if (enc) + wbio=BIO_push(bzl,wbio); + else + rbio=BIO_push(bzl,rbio); + } +#endif + if (base64) { if ((b64=BIO_new(BIO_f_base64())) == NULL) @@ -556,11 +588,6 @@ bad: */ BIO_get_cipher_ctx(benc, &ctx); - - if (non_fips_allow) - EVP_CIPHER_CTX_set_flags(ctx, - EVP_CIPH_FLAG_NON_FIPS_ALLOW); - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", @@ -651,6 +678,9 @@ end: if (out != NULL) BIO_free_all(out); if (benc != NULL) BIO_free(benc); if (b64 != NULL) BIO_free(b64); +#ifdef ZLIB + if (bzl != NULL) BIO_free(bzl); +#endif if(pass) OPENSSL_free(pass); apps_shutdown(); OPENSSL_EXIT(ret); diff --git a/src/lib/libssl/src/apps/engine.c b/src/lib/libssl/src/apps/engine.c index 17bd81fb79..9a0294398e 100644 --- a/src/lib/libssl/src/apps/engine.c +++ b/src/lib/libssl/src/apps/engine.c @@ -92,7 +92,7 @@ static const char *engine_usage[]={ NULL }; -static void identity(void *ptr) +static void identity(char *ptr) { return; } @@ -148,11 +148,6 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) if(flags & ENGINE_CMD_FLAG_NUMERIC) { - if(started) - { - BIO_printf(bio_out, "|"); - err = 1; - } BIO_printf(bio_out, "NUMERIC"); started = 1; } @@ -205,7 +200,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent char *desc = NULL; int flags; int xpos = 0; - STACK *cmds = NULL; + STACK_OF(OPENSSL_STRING) *cmds = NULL; if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) @@ -216,7 +211,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent return 1; } - cmds = sk_new_null(); + cmds = sk_OPENSSL_STRING_new_null(); if(!cmds) goto err; @@ -289,15 +284,17 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent BIO_printf(bio_out, "\n"); ret = 1; err: - if(cmds) sk_pop_free(cmds, identity); + if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); if(name) OPENSSL_free(name); if(desc) OPENSSL_free(desc); return ret; } -static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent) +static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, + BIO *bio_out, const char *indent) { - int loop, res, num = sk_num(cmds); + int loop, res, num = sk_OPENSSL_STRING_num(cmds); + if(num < 0) { BIO_printf(bio_out, "[Error]: internal stack error\n"); @@ -307,7 +304,7 @@ static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *inden { char buf[256]; const char *cmd, *arg; - cmd = sk_value(cmds, loop); + cmd = sk_OPENSSL_STRING_value(cmds, loop); res = 1; /* assume success */ /* Check if this command has no ":arg" */ if((arg = strstr(cmd, ":")) == NULL) @@ -347,9 +344,9 @@ int MAIN(int argc, char **argv) const char **pp; int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; - STACK *engines = sk_new_null(); - STACK *pre_cmds = sk_new_null(); - STACK *post_cmds = sk_new_null(); + STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); + STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); + STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); int badops=1; BIO *bio_out=NULL; const char *indent = " "; @@ -396,20 +393,20 @@ int MAIN(int argc, char **argv) argc--; argv++; if (argc == 0) goto skip_arg_loop; - sk_push(pre_cmds,*argv); + sk_OPENSSL_STRING_push(pre_cmds,*argv); } else if (strcmp(*argv,"-post") == 0) { argc--; argv++; if (argc == 0) goto skip_arg_loop; - sk_push(post_cmds,*argv); + sk_OPENSSL_STRING_push(post_cmds,*argv); } else if ((strncmp(*argv,"-h",2) == 0) || (strcmp(*argv,"-?") == 0)) goto skip_arg_loop; else - sk_push(engines,*argv); + sk_OPENSSL_STRING_push(engines,*argv); argc--; argv++; } @@ -424,17 +421,17 @@ skip_arg_loop: goto end; } - if (sk_num(engines) == 0) + if (sk_OPENSSL_STRING_num(engines) == 0) { for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { - sk_push(engines,(char *)ENGINE_get_id(e)); + sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e)); } } - for (i=0; i +$! Zoltan Arpadffy $! $! This command files compiles and creates all the various different $! "application" programs for the different types of encryption for OpenSSL. $! The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes -$! either AXP or VAX depending on your machine architecture. +$! ALPHA, IA64 or VAX, depending on your machine architecture. $! $! It was written so it would try to determine what "C" compiler to $! use or you can specify which "C" compiler to use. @@ -24,7 +25,7 @@ $! VAXC For VAX C. $! DECC For DEC C. $! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P3, if defined, sets a TCP/IP library to use, through one of the following @@ -46,20 +47,21 @@ $ TCPIP_LIB = "" $! $! Check What Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP. +$! The Architecture Is VAX. $! -$ ARCH := AXP +$ ARCH = "VAX" $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! @@ -68,22 +70,6 @@ $! $! Define what programs should be compiled $! $ PROGRAMS := OPENSSL -$!$ PROGRAMS := VERIFY,ASN1PARS,REQ,DGST,DH,ENC,PASSWD,GENDH,ERRSTR,CA,CRL,- -$! RSA,DSA,DSAPARAM,- -$! X509,GENRSA,GENDSA,S_SERVER,S_CLIENT,SPEED,- -$! S_TIME,VERSION,PKCS7,CRL2P7,SESS_ID,CIPHERS,NSEQ, -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Initialise logical names and such -$! -$ GOSUB INITIALISE -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! $! Define The CRYPTO Library. $! @@ -97,6 +83,22 @@ $! Define The OBJ Directory. $! $ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS] $! +$! Define The EXE Directory. +$! +$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS] +$! +$! Check To Make Sure We Have Valid Command Line Parameters. +$! +$ GOSUB CHECK_OPTIONS +$! +$! Initialise logical names and such +$! +$ GOSUB INITIALISE +$! +$! Tell The User What Kind of Machine We Run On. +$! +$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." +$! $! Check To See If The OBJ Directory Exists. $! $ IF (F$PARSE(OBJ_DIR).EQS."") @@ -110,10 +112,6 @@ $! End The OBJ Directory Check. $! $ ENDIF $! -$! Define The EXE Directory. -$! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS] -$! $! Check To See If The EXE Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -136,140 +134,172 @@ $! $ GOSUB CHECK_OPT_FILE $! $! Define The Application Files. -$! -$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- - "CA;PKCS7;CRL2P7;CRL;"+- - "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+- - "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- - "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- - "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME" +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the E_OBJ variable in Makefile as closely as possible, thereby +$! making it fairly easy to verify that the lists are the same. +$! +$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+- + "CA,PKCS7,CRL2P7,CRL,"+- + "RSA,RSAUTL,DSA,DSAPARAM,EC,ECPARAM,"+- + "X509,GENRSA,GENDSA,GENPKEY,S_SERVER,S_CLIENT,SPEED,"+- + "S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+- + "CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ - + "SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS" $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",OPENSSL," $! $! Setup exceptional compilations $! -$ COMPILEWITH_CC2 = ",S_SERVER,S_CLIENT," +$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT," $! $ PHASE := LIB $! $ RESTART: $! -$! Define A File Counter And Set It To "0". +$! Define An App Counter And Set It To "0". +$! +$ APP_COUNTER = 0 $! -$ FILE_COUNTER = 0 +$! Top Of The App Loop. $! -$! Top Of The File Loop. +$ NEXT_APP: $! -$ NEXT_FILE: +$! Make The Application File Name $! -$! O.K, Extract The File Name From The File List. +$ CURRENT_APP = F$EDIT(F$ELEMENT(APP_COUNTER,",",PROGRAMS),"TRIM") $! -$ FILE_NAME0 = F$EDIT(F$ELEMENT(FILE_COUNTER,";",'PHASE'_FILES),"TRIM") -$ FILE_NAME = F$EDIT(F$ELEMENT(0,",",FILE_NAME0),"TRIM") -$ EXTRA_OBJ = FILE_NAME0 - FILE_NAME +$! Create The Executable File Name. $! -$! Check To See If We Are At The End Of The File List. +$ EXE_FILE = EXE_DIR + CURRENT_APP + ".EXE" $! -$ IF (FILE_NAME0.EQS.";") +$! Check To See If We Are At The End Of The File List. +$! +$ IF (CURRENT_APP.EQS.",") $ THEN $ IF (PHASE.EQS."LIB") $ THEN $ PHASE := APP $ GOTO RESTART $ ELSE -$ GOTO FILE_DONE +$ GOTO APP_DONE $ ENDIF $ ENDIF $! -$! Increment The Counter. +$! Increment The Counter. $! -$ FILE_COUNTER = FILE_COUNTER + 1 +$ APP_COUNTER = APP_COUNTER + 1 $! -$! Check to see if this program should actually be compiled +$! Decide if we're building the object files or not. $! -$ IF PHASE .EQS. "APP" .AND. - - ","+PROGRAMS+"," - (","+F$EDIT(FILE_NAME,"UPCASE")+",") .EQS. ","+PROGRAMS+"," +$ IF (PHASE.EQS."LIB") $ THEN -$ GOTO NEXT_FILE -$ ENDIF $! -$! Create The Source File Name. +$! Define A Library File Counter And Set It To "-1". +$! -1 Means The Application File Name Is To Be Used. $! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" +$ LIB_COUNTER = -1 $! -$! Create The Object File Name. +$! Create a .OPT file for the object files $! -$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" +$ OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT $! -$! Create The Executable File Name. +$! Top Of The File Loop. $! -$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE" -$ ON WARNING THEN GOTO NEXT_FILE +$ NEXT_LIB: $! -$! Check To See If The File We Want To Compile Actually Exists. +$! O.K, Extract The File Name From The File List. $! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN +$ IF LIB_COUNTER .GE. 0 +$ THEN +$ FILE_NAME = F$EDIT(F$ELEMENT(LIB_COUNTER,",",LIB_'CURRENT_APP'),"TRIM") +$ ELSE +$ FILE_NAME = CURRENT_APP +$ ENDIF $! -$! Tell The User That The File Dosen't Exist. +$! Check To See If We Are At The End Of The File List. $! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." -$ WRITE SYS$OUTPUT "" +$ IF (FILE_NAME.EQS.",") +$ THEN +$ CLOSE OBJECTS +$ GOTO NEXT_APP +$ ENDIF $! -$! Exit The Build. +$! Increment The Counter. $! -$ GOTO EXIT +$ LIB_COUNTER = LIB_COUNTER + 1 $! -$! End The File Exist Check. +$! Create The Source File Name. $! -$ ENDIF +$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" $! -$! Tell The User What We Are Building. +$! Create The Object File Name. $! -$ IF (PHASE.EQS."LIB") -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File." -$ ELSE -$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program." -$ ENDIF +$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ" +$ ON WARNING THEN GOTO NEXT_LIB $! -$! Compile The File. +$! Check To See If The File We Want To Compile Actually Exists. $! -$ ON ERROR THEN GOTO NEXT_FILE -$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2 -$ THEN -$ CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ENDIF +$ IF (F$SEARCH(SOURCE_FILE).EQS."") +$ THEN +$! +$! Tell The User That The File Dosen't Exist. $! -$ ON WARNING THEN GOTO NEXT_FILE +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." +$ WRITE SYS$OUTPUT "" +$! +$! Exit The Build. +$! +$ GOTO EXIT +$! +$! End The File Exist Check. $! -$ IF (PHASE.EQS."LIB") -$ THEN -$ GOTO NEXT_FILE +$ ENDIF +$! +$! Tell The User What We Are Building. +$! +$ IF (PHASE.EQS."LIB") +$ THEN +$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File." +$ ELSE +$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program." +$ ENDIF +$! +$! Compile The File. +$! +$ ON ERROR THEN GOTO NEXT_LIB +$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2 +$ THEN +$ CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ ELSE +$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' +$ ENDIF +$ WRITE OBJECTS OBJECT_FILE +$! +$ GOTO NEXT_LIB $ ENDIF $! $! Check if this program works well without a TCPIP library $! -$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - FILE_NAME .NES. TCPIP_PROGRAMS +$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - CURRENT_APP .NES. TCPIP_PROGRAMS $ THEN -$ WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library. Can't link. Skipping..." -$ GOTO NEXT_FILE +$ WRITE SYS$OUTPUT CURRENT_APP," needs a TCP/IP library. Can't link. Skipping..." +$ GOTO NEXT_APP $ ENDIF $! $! Link The Program. $! Check To See If We Are To Link With A Specific TCP/IP Library. $! +$ ON WARNING THEN GOTO NEXT_APP +$! $ IF (TCPIP_LIB.NES."") $ THEN $! $! Don't Link With The RSAREF Routines And TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - 'OBJECT_FILE''EXTRA_OBJ', - + 'EXE_DIR''CURRENT_APP'.OPT/OPTION, - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - 'TCPIP_LIB','OPT_FILE'/OPTION $! @@ -280,7 +310,7 @@ $! $! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. $! $ LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' - - 'OBJECT_FILE''EXTRA_OBJ', - + 'EXE_DIR''CURRENT_APP'.OPT/OPTION, - 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, - 'OPT_FILE'/OPTION $! @@ -290,11 +320,11 @@ $ ENDIF $! $! Go Back And Do It Again. $! -$ GOTO NEXT_FILE +$ GOTO NEXT_APP $! $! All Done With This File. $! -$ FILE_DONE: +$ APP_DONE: $ EXIT: $! $! All Done, Time To Clean Up And Exit. @@ -395,19 +425,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -525,7 +555,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -556,7 +586,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -666,7 +696,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -687,9 +717,9 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" @@ -703,7 +733,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -730,7 +760,7 @@ $ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -740,7 +770,7 @@ $! Set up default defines $! $ CCDEFS = """FLAT_INC=1""," + CCDEFS $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -845,7 +875,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c index 251044d77f..01847dfad7 100644 --- a/src/lib/libssl/src/apps/ocsp.c +++ b/src/lib/libssl/src/apps/ocsp.c @@ -56,25 +56,53 @@ * */ #ifndef OPENSSL_NO_OCSP + +#ifdef OPENSSL_SYS_VMS +#define _XOPEN_SOURCE_EXTENDED /* So fd_set and friends get properly defined + on OpenVMS */ +#endif + #define USE_SOCKETS + #include #include #include +#include #include "apps.h" /* needs to be included before the openssl headers! */ #include -#include +#include #include - +#include +#include +#include +#include + +#if defined(NETWARE_CLIB) +# ifdef NETWARE_BSDSOCK +# include +# include +# else +# include +# endif +#elif defined(NETWARE_LIBC) +# ifdef NETWARE_BSDSOCK +# include +# else +# include +# endif +#endif + /* Maximum leeway in validity period: default 5 minutes */ #define MAX_VALIDITY_PERIOD (5 * 60) -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, +static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, STACK_OF(OCSP_CERTID) *ids); -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, +static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer, STACK_OF(OCSP_CERTID) *ids); static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK *names, STACK_OF(OCSP_CERTID) *ids, - long nsec, long maxage); + STACK_OF(OPENSSL_STRING) *names, + STACK_OF(OCSP_CERTID) *ids, long nsec, + long maxage); static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db, X509 *ca, X509 *rcert, EVP_PKEY *rkey, @@ -86,6 +114,7 @@ static BIO *init_responder(char *port); static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port); static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp); static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); #undef PROG @@ -104,6 +133,7 @@ int MAIN(int argc, char **argv) char *rsignfile = NULL, *rkeyfile = NULL; char *outfile = NULL; int add_nonce = 1, noverify = 0, use_ssl = -1; + STACK_OF(CONF_VALUE) *headers = NULL; OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_BASICRESP *bs = NULL; @@ -126,7 +156,7 @@ int MAIN(int argc, char **argv) int badarg = 0; int i; int ignore_err = 0; - STACK *reqnames = NULL; + STACK_OF(OPENSSL_STRING) *reqnames = NULL; STACK_OF(OCSP_CERTID) *ids = NULL; X509 *rca_cert = NULL; @@ -134,6 +164,7 @@ int MAIN(int argc, char **argv) char *rca_filename = NULL; CA_DB *rdb = NULL; int nmin = 0, ndays = -1; + const EVP_MD *cert_id_md = NULL; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); @@ -142,7 +173,7 @@ int MAIN(int argc, char **argv) SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); args = argv + 1; - reqnames = sk_new_null(); + reqnames = sk_OPENSSL_STRING_new_null(); ids = sk_OCSP_CERTID_new_null(); while (!badarg && *args && *args[0] == '-') { @@ -202,6 +233,16 @@ int MAIN(int argc, char **argv) } else badarg = 1; } + else if (!strcmp(*args, "-header")) + { + if (args[1] && args[2]) + { + if (!X509V3_add_value(args[1], args[2], &headers)) + goto end; + args += 2; + } + else badarg = 1; + } else if (!strcmp(*args, "-ignore_err")) ignore_err = 1; else if (!strcmp(*args, "-noverify")) @@ -401,9 +442,10 @@ int MAIN(int argc, char **argv) cert = load_cert(bio_err, *args, FORMAT_PEM, NULL, e, "certificate"); if(!cert) goto end; - if(!add_ocsp_cert(&req, cert, issuer, ids)) + if (!cert_id_md) cert_id_md = EVP_sha1(); + if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) goto end; - if(!sk_push(reqnames, *args)) + if(!sk_OPENSSL_STRING_push(reqnames, *args)) goto end; } else badarg = 1; @@ -413,9 +455,10 @@ int MAIN(int argc, char **argv) if (args[1]) { args++; - if(!add_ocsp_serial(&req, *args, issuer, ids)) + if (!cert_id_md) cert_id_md = EVP_sha1(); + if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids)) goto end; - if(!sk_push(reqnames, *args)) + if(!sk_OPENSSL_STRING_push(reqnames, *args)) goto end; } else badarg = 1; @@ -515,7 +558,10 @@ int MAIN(int argc, char **argv) } else badarg = 1; } - else badarg = 1; + else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL) + { + badarg = 1; + } args++; } @@ -571,6 +617,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-ndays n number of days before next update\n"); BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n"); BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n"); + BIO_printf (bio_err, "- use specified digest in the request"); goto end; } @@ -677,7 +724,8 @@ int MAIN(int argc, char **argv) "signer private key"); if (!key) goto end; - if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags)) + + if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags)) { BIO_printf(bio_err, "Error signing OCSP request\n"); goto end; @@ -721,7 +769,7 @@ int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_SOCK resp = process_responder(bio_err, req, host, path, - port, use_ssl, req_timeout); + port, use_ssl, headers, req_timeout); if (!resp) goto end; #else @@ -866,10 +914,11 @@ end: OCSP_REQUEST_free(req); OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); - sk_free(reqnames); + sk_OPENSSL_STRING_free(reqnames); sk_OCSP_CERTID_free(ids); sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); + sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); if (use_ssl != -1) { @@ -881,7 +930,7 @@ end: OPENSSL_EXIT(ret); } -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, +static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer, STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; @@ -892,7 +941,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, } if(!*req) *req = OCSP_REQUEST_new(); if(!*req) goto err; - id = OCSP_cert_to_id(NULL, cert, issuer); + id = OCSP_cert_to_id(cert_id_md, cert, issuer); if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; if(!OCSP_request_add0_id(*req, id)) goto err; return 1; @@ -902,7 +951,7 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer, return 0; } -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, +static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer, STACK_OF(OCSP_CERTID) *ids) { OCSP_CERTID *id; @@ -924,7 +973,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, BIO_printf(bio_err, "Error converting serial number %s\n", serial); return 0; } - id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno); + id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); ASN1_INTEGER_free(sno); if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err; if(!OCSP_request_add0_id(*req, id)) goto err; @@ -936,8 +985,9 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer, } static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK *names, STACK_OF(OCSP_CERTID) *ids, - long nsec, long maxage) + STACK_OF(OPENSSL_STRING) *names, + STACK_OF(OCSP_CERTID) *ids, long nsec, + long maxage) { OCSP_CERTID *id; char *name; @@ -947,13 +997,13 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; - if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids)) + if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids)) return 1; for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) { id = sk_OCSP_CERTID_value(ids, i); - name = sk_value(names, i); + name = sk_OPENSSL_STRING_value(names, i); BIO_printf(out, "%s: ", name); if(!OCSP_resp_find_status(bs, id, &status, &reason, @@ -1010,7 +1060,6 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db OCSP_BASICRESP *bs = NULL; int i, id_count, ret = 1; - id_count = OCSP_request_onereq_count(req); if (id_count <= 0) @@ -1019,7 +1068,6 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db goto end; } - ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca); bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); @@ -1032,8 +1080,23 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db OCSP_ONEREQ *one; ASN1_INTEGER *serial; char **inf; + ASN1_OBJECT *cert_id_md_oid; + const EVP_MD *cert_id_md; one = OCSP_request_onereq_get0(req, i); cid = OCSP_onereq_get0_id(one); + + OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid); + + cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); + if (! cert_id_md) + { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, + NULL); + goto end; + } + if (ca_id) OCSP_CERTID_free(ca_id); + ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); + /* Is this request about our CA? */ if (OCSP_id_issuer_cmp(ca_id, cid)) { @@ -1078,8 +1141,8 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db } OCSP_copy_nonce(bs, req); - - OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags); + + OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags); *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); @@ -1211,10 +1274,12 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) } static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, + STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout) { int fd; int rv; + int i; OCSP_REQ_CTX *ctx = NULL; OCSP_RESPONSE *rsp = NULL; fd_set confds; @@ -1231,16 +1296,13 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, return NULL; } - if (req_timeout == -1) - return OCSP_sendreq_bio(cbio, path, req); - if (BIO_get_fd(cbio, &fd) <= 0) { BIO_puts(err, "Can't get connection fd\n"); goto err; } - if (rv <= 0) + if (req_timeout != -1 && rv <= 0) { FD_ZERO(&confds); openssl_fdset(fd, &confds); @@ -1255,15 +1317,27 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, } - ctx = OCSP_sendreq_new(cbio, path, req, -1); + ctx = OCSP_sendreq_new(cbio, path, NULL, -1); if (!ctx) return NULL; + + for (i = 0; i < sk_CONF_VALUE_num(headers); i++) + { + CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i); + if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value)) + goto err; + } + + if (!OCSP_REQ_CTX_set1_req(ctx, req)) + goto err; for (;;) { rv = OCSP_sendreq_nbio(&rsp, ctx); if (rv != -1) break; + if (req_timeout == -1) + continue; FD_ZERO(&confds); openssl_fdset(fd, &confds); tv.tv_usec = 0; @@ -1287,7 +1361,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, BIO_puts(err, "Select error\n"); break; } - + } err: if (ctx) @@ -1298,6 +1372,7 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path, OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, char *host, char *path, char *port, int use_ssl, + STACK_OF(CONF_VALUE) *headers, int req_timeout) { BIO *cbio = NULL; @@ -1332,14 +1407,14 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req, sbio = BIO_new_ssl(ctx, 1); cbio = BIO_push(sbio, cbio); } - resp = query_responder(err, cbio, path, req, req_timeout); + resp = query_responder(err, cbio, path, headers, req, req_timeout); if (!resp) BIO_printf(bio_err, "Error querying OCSP responsder\n"); end: - if (ctx) - SSL_CTX_free(ctx); if (cbio) BIO_free_all(cbio); + if (ctx) + SSL_CTX_free(ctx); return resp; } diff --git a/src/lib/libssl/src/apps/openssl-vms.cnf b/src/lib/libssl/src/apps/openssl-vms.cnf index fae82b0d53..20ed61bc3e 100644 --- a/src/lib/libssl/src/apps/openssl-vms.cnf +++ b/src/lib/libssl/src/apps/openssl-vms.cnf @@ -21,12 +21,17 @@ oid_section = new_oids [ new_oids ] -# We can add new OIDs in here for use by 'ca' and 'req'. +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + #################################################################### [ ca ] default_ca = CA_default # The default ca section @@ -67,7 +72,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -110,13 +115,12 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString. -# utf8only: only UTF8Strings. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. -# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings -# so use this option with caution! -string_mask = nombstr +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request @@ -207,6 +211,9 @@ authorityKeyIdentifier=keyid,issuer #nsCaPolicyUrl #nsSslServerName +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + [ v3_req ] # Extensions to add to a certificate request @@ -224,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always,issuer # This is what PKIX recommends but some broken software chokes on critical # extensions. @@ -257,7 +264,7 @@ basicConstraints = CA:true # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate @@ -290,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. @@ -311,3 +318,33 @@ authorityKeyIdentifier=keyid,issuer:always # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = sys\$disk:[.demoCA # TSA root directory +serial = $dir]tsaserial. # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir.cacert.pem] # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c index 7d2b476cf0..851e639735 100644 --- a/src/lib/libssl/src/apps/openssl.c +++ b/src/lib/libssl/src/apps/openssl.c @@ -135,19 +135,17 @@ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper * functions. */ -/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */ -static unsigned long MS_CALLBACK hash(const void *a_void); -/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */ -static int MS_CALLBACK cmp(const void *a_void,const void *b_void); -static LHASH *prog_init(void ); -static int do_cmd(LHASH *prog,int argc,char *argv[]); +static LHASH_OF(FUNCTION) *prog_init(void ); +static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]); +static void list_pkey(BIO *out); +static void list_cipher(BIO *out); +static void list_md(BIO *out); char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ #ifdef MONOLITH CONF *config=NULL; BIO *bio_err=NULL; -int in_FIPS_mode=0; #endif @@ -227,25 +225,12 @@ int main(int Argc, char *Argv[]) int n,i,ret=0; int argc; char **argv,*p; - LHASH *prog=NULL; + LHASH_OF(FUNCTION) *prog=NULL; long errline; arg.data=NULL; arg.count=0; - in_FIPS_mode = 0; - -#ifdef OPENSSL_FIPS - if(getenv("OPENSSL_FIPS")) { - if (!FIPS_mode_set(1)) { - ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); - EXIT(1); - } - in_FIPS_mode = 1; - } -#endif - if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -287,9 +272,21 @@ int main(int Argc, char *Argv[]) i=NCONF_load(config,p,&errline); if (i == 0) { - NCONF_free(config); - config = NULL; - ERR_clear_error(); + if (ERR_GET_REASON(ERR_peek_last_error()) + == CONF_R_NO_SUCH_FILE) + { + BIO_printf(bio_err, + "WARNING: can't open config file: %s\n",p); + ERR_clear_error(); + NCONF_free(config); + config = NULL; + } + else + { + ERR_print_errors(bio_err); + NCONF_free(config); + exit(1); + } } prog=prog_init(); @@ -298,7 +295,7 @@ int main(int Argc, char *Argv[]) program_name(Argv[0],pname,sizeof pname); f.name=pname; - fp=(FUNCTION *)lh_retrieve(prog,&f); + fp=lh_FUNCTION_retrieve(prog,&f); if (fp != NULL) { Argv[0]=pname; @@ -333,7 +330,8 @@ int main(int Argc, char *Argv[]) else prompt="OpenSSL> "; fputs(prompt,stdout); fflush(stdout); - fgets(p,n,stdin); + if (!fgets(p,n,stdin)) + goto end; if (p[0] == '\0') goto end; i=strlen(p); if (i <= 1) break; @@ -364,7 +362,7 @@ end: NCONF_free(config); config=NULL; } - if (prog != NULL) lh_free(prog); + if (prog != NULL) lh_FUNCTION_free(prog); if (arg.data != NULL) OPENSSL_free(arg.data); apps_shutdown(); @@ -380,9 +378,13 @@ end: #define LIST_STANDARD_COMMANDS "list-standard-commands" #define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands" +#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms" #define LIST_CIPHER_COMMANDS "list-cipher-commands" +#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms" +#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms" + -static int do_cmd(LHASH *prog, int argc, char *argv[]) +static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) { FUNCTION f,*fp; int i,ret=1,tp,nl; @@ -390,7 +392,22 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) if ((argc <= 0) || (argv[0] == NULL)) { ret=0; goto end; } f.name=argv[0]; - fp=(FUNCTION *)lh_retrieve(prog,&f); + fp=lh_FUNCTION_retrieve(prog,&f); + if (fp == NULL) + { + if (EVP_get_digestbyname(argv[0])) + { + f.type = FUNC_TYPE_MD; + f.func = dgst_main; + fp = &f; + } + else if (EVP_get_cipherbyname(argv[0])) + { + f.type = FUNC_TYPE_CIPHER; + f.func = enc_main; + fp = &f; + } + } if (fp != NULL) { ret=fp->func(argc,argv); @@ -405,7 +422,7 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) } #endif f.name=argv[0]+3; - ret = (lh_retrieve(prog,&f) != NULL); + ret = (lh_FUNCTION_retrieve(prog,&f) != NULL); if (!ret) BIO_printf(bio_stdout, "%s\n", argv[0]); else @@ -423,7 +440,10 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) } else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) || (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) || - (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0)) + (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) || + (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) || + (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) || + (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)) { int list_type; BIO *bio_stdout; @@ -432,6 +452,12 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) list_type = FUNC_TYPE_GENERAL; else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) list_type = FUNC_TYPE_MD; + else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) + list_type = FUNC_TYPE_MD_ALG; + else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0) + list_type = FUNC_TYPE_PKEY; + else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) + list_type = FUNC_TYPE_CIPHER_ALG; else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */ list_type = FUNC_TYPE_CIPHER; bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE); @@ -441,10 +467,23 @@ static int do_cmd(LHASH *prog, int argc, char *argv[]) bio_stdout = BIO_push(tmpbio, bio_stdout); } #endif - - for (fp=functions; fp->name != NULL; fp++) - if (fp->type == list_type) - BIO_printf(bio_stdout, "%s\n", fp->name); + + if (!load_config(bio_err, NULL)) + goto end; + + if (list_type == FUNC_TYPE_PKEY) + list_pkey(bio_stdout); + if (list_type == FUNC_TYPE_MD_ALG) + list_md(bio_stdout); + if (list_type == FUNC_TYPE_CIPHER_ALG) + list_cipher(bio_stdout); + else + { + for (fp=functions; fp->name != NULL; fp++) + if (fp->type == list_type) + BIO_printf(bio_stdout, "%s\n", + fp->name); + } BIO_free_all(bio_stdout); ret=0; goto end; @@ -507,9 +546,94 @@ static int SortFnByName(const void *_f1,const void *_f2) return strcmp(f1->name,f2->name); } -static LHASH *prog_init(void) +static void list_pkey(BIO *out) + { + int i; + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) + { + const EVP_PKEY_ASN1_METHOD *ameth; + int pkey_id, pkey_base_id, pkey_flags; + const char *pinfo, *pem_str; + ameth = EVP_PKEY_asn1_get0(i); + EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, + &pinfo, &pem_str, ameth); + if (pkey_flags & ASN1_PKEY_ALIAS) + { + BIO_printf(out, "Name: %s\n", + OBJ_nid2ln(pkey_id)); + BIO_printf(out, "\tType: Alias to %s\n", + OBJ_nid2ln(pkey_base_id)); + } + else + { + BIO_printf(out, "Name: %s\n", pinfo); + BIO_printf(out, "\tType: %s Algorithm\n", + pkey_flags & ASN1_PKEY_DYNAMIC ? + "External" : "Builtin"); + BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); + if (pem_str == NULL) + pem_str = "(none)"; + BIO_printf(out, "\tPEM string: %s\n", pem_str); + } + + } + } + +static void list_cipher_fn(const EVP_CIPHER *c, + const char *from, const char *to, void *arg) + { + if (c) + BIO_printf(arg, "%s\n", EVP_CIPHER_name(c)); + else + { + if (!from) + from = ""; + if (!to) + to = ""; + BIO_printf(arg, "%s => %s\n", from, to); + } + } + +static void list_cipher(BIO *out) + { + EVP_CIPHER_do_all_sorted(list_cipher_fn, out); + } + +static void list_md_fn(const EVP_MD *m, + const char *from, const char *to, void *arg) + { + if (m) + BIO_printf(arg, "%s\n", EVP_MD_name(m)); + else + { + if (!from) + from = ""; + if (!to) + to = ""; + BIO_printf(arg, "%s => %s\n", from, to); + } + } + +static void list_md(BIO *out) + { + EVP_MD_do_all_sorted(list_md_fn, out); + } + +static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b) + { + return strncmp(a->name,b->name,8); + } +static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) + +static unsigned long MS_CALLBACK function_hash(const FUNCTION *a) + { + return lh_strhash(a->name); + } +static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION) + +static LHASH_OF(FUNCTION) *prog_init(void) { - LHASH *ret; + LHASH_OF(FUNCTION) *ret; FUNCTION *f; size_t i; @@ -518,23 +642,11 @@ static LHASH *prog_init(void) ; qsort(functions,i,sizeof *functions,SortFnByName); - if ((ret=lh_new(hash, cmp)) == NULL) + if ((ret=lh_FUNCTION_new()) == NULL) return(NULL); for (f=functions; f->name != NULL; f++) - lh_insert(ret,f); + (void)lh_FUNCTION_insert(ret,f); return(ret); } -/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */ -static int MS_CALLBACK cmp(const void *a_void, const void *b_void) - { - return(strncmp(((const FUNCTION *)a_void)->name, - ((const FUNCTION *)b_void)->name,8)); - } - -/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */ -static unsigned long MS_CALLBACK hash(const void *a_void) - { - return(lh_strhash(((const FUNCTION *)a_void)->name)); - } diff --git a/src/lib/libssl/src/apps/openssl.cnf b/src/lib/libssl/src/apps/openssl.cnf index 9e59020c17..9d2cd5bfa5 100644 --- a/src/lib/libssl/src/apps/openssl.cnf +++ b/src/lib/libssl/src/apps/openssl.cnf @@ -21,12 +21,17 @@ oid_section = new_oids [ new_oids ] -# We can add new OIDs in here for use by 'ca' and 'req'. +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + #################################################################### [ ca ] default_ca = CA_default # The default ca section @@ -67,7 +72,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -110,13 +115,12 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString. -# utf8only: only UTF8Strings. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. -# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings -# so use this option with caution! -string_mask = nombstr +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request @@ -207,6 +211,9 @@ authorityKeyIdentifier=keyid,issuer #nsCaPolicyUrl #nsSslServerName +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + [ v3_req ] # Extensions to add to a certificate request @@ -224,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always,issuer # This is what PKIX recommends but some broken software chokes on critical # extensions. @@ -257,7 +264,7 @@ basicConstraints = CA:true # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate @@ -290,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. @@ -311,3 +318,33 @@ authorityKeyIdentifier=keyid,issuer:always # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c index 248bc1154d..514a02e0f1 100644 --- a/src/lib/libssl/src/apps/pkcs12.c +++ b/src/lib/libssl/src/apps/pkcs12.c @@ -88,6 +88,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); int alg_print(BIO *x, X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); +static int set_pbe(BIO *err, int *ppbe, const char *str); int MAIN(int, char **); @@ -111,16 +112,17 @@ int MAIN(int argc, char **argv) int maciter = PKCS12_DEFAULT_ITER; int twopass = 0; int keytype = 0; - int cert_pbe; + int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1; int macver = 1; int noprompt = 0; - STACK *canames = NULL; + STACK_OF(OPENSSL_STRING) *canames = NULL; char *cpass = NULL, *mpass = NULL; char *passargin = NULL, *passargout = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL; char *inrand = NULL; + char *macalg = NULL; char *CApath = NULL, *CAfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; @@ -128,13 +130,6 @@ int MAIN(int argc, char **argv) apps_startup(); -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -#endif - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -185,33 +180,18 @@ int MAIN(int argc, char **argv) maciter = 1; else if (!strcmp (*args, "-nomac")) maciter = -1; + else if (!strcmp (*args, "-macalg")) + if (args[1]) { + args++; + macalg = *args; + } else badarg = 1; else if (!strcmp (*args, "-nodes")) enc=NULL; else if (!strcmp (*args, "-certpbe")) { - if (args[1]) { - args++; - if (!strcmp(*args, "NONE")) - cert_pbe = -1; - else - cert_pbe=OBJ_txt2nid(*args); - if(cert_pbe == NID_undef) { - BIO_printf(bio_err, - "Unknown PBE algorithm %s\n", *args); - badarg = 1; - } - } else badarg = 1; + if (!set_pbe(bio_err, &cert_pbe, *++args)) + badarg = 1; } else if (!strcmp (*args, "-keypbe")) { - if (args[1]) { - args++; - if (!strcmp(*args, "NONE")) - key_pbe = -1; - else - key_pbe=OBJ_txt2nid(*args); - if(key_pbe == NID_undef) { - BIO_printf(bio_err, - "Unknown PBE algorithm %s\n", *args); - badarg = 1; - } - } else badarg = 1; + if (!set_pbe(bio_err, &key_pbe, *++args)) + badarg = 1; } else if (!strcmp (*args, "-rand")) { if (args[1]) { args++; @@ -242,8 +222,8 @@ int MAIN(int argc, char **argv) } else if (!strcmp (*args, "-caname")) { if (args[1]) { args++; - if (!canames) canames = sk_new_null(); - sk_push(canames, *args); + if (!canames) canames = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(canames, *args); } else badarg = 1; } else if (!strcmp (*args, "-in")) { if (args[1]) { @@ -332,11 +312,14 @@ int MAIN(int argc, char **argv) #endif BIO_printf (bio_err, "-nodes don't encrypt private keys\n"); BIO_printf (bio_err, "-noiter don't use encryption iteration\n"); + BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n"); BIO_printf (bio_err, "-maciter use MAC iteration\n"); + BIO_printf (bio_err, "-nomac don't generate MAC\n"); BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n"); BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n"); BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n"); BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n"); + BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n"); BIO_printf (bio_err, "-keyex set MS key exchange type\n"); BIO_printf (bio_err, "-keysig set MS key signature type\n"); BIO_printf (bio_err, "-password p set import/export password source\n"); @@ -348,8 +331,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); - BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); - BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); + BIO_printf(bio_err, "-CSP name Microsoft CSP name\n"); + BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n"); goto end; } @@ -439,6 +422,7 @@ int MAIN(int argc, char **argv) EVP_PKEY *key = NULL; X509 *ucert = NULL, *x = NULL; STACK_OF(X509) *certs=NULL; + const EVP_MD *macmd = NULL; unsigned char *catmp = NULL; int i; @@ -565,9 +549,9 @@ int MAIN(int argc, char **argv) /* Add any CA names */ - for (i = 0; i < sk_num(canames); i++) + for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { - catmp = (unsigned char *)sk_value(canames, i); + catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); X509_alias_set1(sk_X509_value(certs, i), catmp, -1); } @@ -605,8 +589,18 @@ int MAIN(int argc, char **argv) goto export_end; } + if (macalg) + { + macmd = EVP_get_digestbyname(macalg); + if (!macmd) + { + BIO_printf(bio_err, "Unknown digest algorithm %s\n", + macalg); + } + } + if (maciter != -1) - PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL); + PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd); #ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -693,7 +687,7 @@ int MAIN(int argc, char **argv) #endif BIO_free(in); BIO_free_all(out); - if (canames) sk_free(canames); + if (canames) sk_OPENSSL_STRING_free(canames); if(passin) OPENSSL_free(passin); if(passout) OPENSSL_free(passout); apps_shutdown(); @@ -929,7 +923,7 @@ int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name) av = sk_ASN1_TYPE_value(attr->value.set, 0); switch(av->type) { case V_ASN1_BMPSTRING: - value = uni2asc(av->value.bmpstring->data, + value = OPENSSL_uni2asc(av->value.bmpstring->data, av->value.bmpstring->length); BIO_printf(out, "%s\n", value); OPENSSL_free(value); @@ -962,4 +956,22 @@ void hex_prin(BIO *out, unsigned char *buf, int len) for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]); } +static int set_pbe(BIO *err, int *ppbe, const char *str) + { + if (!str) + return 0; + if (!strcmp(str, "NONE")) + { + *ppbe = -1; + return 1; + } + *ppbe=OBJ_txt2nid(str); + if (*ppbe == NID_undef) + { + BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); + return 0; + } + return 1; + } + #endif diff --git a/src/lib/libssl/src/apps/pkcs7.c b/src/lib/libssl/src/apps/pkcs7.c index da4dbe7a07..86d31b99a7 100644 --- a/src/lib/libssl/src/apps/pkcs7.c +++ b/src/lib/libssl/src/apps/pkcs7.c @@ -90,7 +90,7 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat; char *infile,*outfile,*prog; - int print_certs=0,text=0,noout=0; + int print_certs=0,text=0,noout=0,p7_print=0; int ret=1; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; @@ -139,6 +139,8 @@ int MAIN(int argc, char **argv) noout=1; else if (strcmp(*argv,"-text") == 0) text=1; + else if (strcmp(*argv,"-print") == 0) + p7_print=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; #ifndef OPENSSL_NO_ENGINE @@ -238,6 +240,9 @@ bad: } } + if (p7_print) + PKCS7_print_ctx(out, p7, 0, NULL); + if (print_certs) { STACK_OF(X509) *certs=NULL; diff --git a/src/lib/libssl/src/apps/pkcs8.c b/src/lib/libssl/src/apps/pkcs8.c index 9633a149bc..7edeb179dd 100644 --- a/src/lib/libssl/src/apps/pkcs8.c +++ b/src/lib/libssl/src/apps/pkcs8.c @@ -80,11 +80,12 @@ int MAIN(int argc, char **argv) int informat, outformat; int p8_broken = PKCS8_OK; int nocrypt = 0; - X509_SIG *p8; - PKCS8_PRIV_KEY_INFO *p8inf; + X509_SIG *p8 = NULL; + PKCS8_PRIV_KEY_INFO *p8inf = NULL; EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; + int ret = 1; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif @@ -225,7 +226,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif - return 1; + goto end; } #ifndef OPENSSL_NO_ENGINE @@ -235,7 +236,7 @@ int MAIN(int argc, char **argv) if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); - return 1; + goto end; } if ((pbe_nid == -1) && !cipher) @@ -247,7 +248,7 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Can't open input file %s\n", infile); - return (1); + goto end; } } else @@ -259,7 +260,7 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Can't open output file %s\n", outfile); - return (1); + goto end; } } else @@ -274,21 +275,15 @@ int MAIN(int argc, char **argv) } if (topk8) { - BIO_free(in); /* Not needed in this section */ pkey = load_key(bio_err, infile, informat, 1, passin, e, "key"); if (!pkey) - { - BIO_free_all(out); - return 1; - } + goto end; if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); - EVP_PKEY_free(pkey); - BIO_free_all(out); - return 1; + goto end; } if (nocrypt) { @@ -299,10 +294,7 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Bad format specified for key\n"); - PKCS8_PRIV_KEY_INFO_free(p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - return (1); + goto end; } } else @@ -313,12 +305,7 @@ int MAIN(int argc, char **argv) { p8pass = pass; if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1)) - { - PKCS8_PRIV_KEY_INFO_free(p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - return (1); - } + goto end; } app_RAND_load_file(NULL, bio_err, 0); if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, @@ -327,10 +314,7 @@ int MAIN(int argc, char **argv) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); - PKCS8_PRIV_KEY_INFO_free(p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - return (1); + goto end; } app_RAND_write_file(NULL, bio_err); if (outformat == FORMAT_PEM) @@ -340,22 +324,12 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Bad format specified for key\n"); - PKCS8_PRIV_KEY_INFO_free(p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - return (1); + goto end; } - X509_SIG_free(p8); } - PKCS8_PRIV_KEY_INFO_free (p8inf); - EVP_PKEY_free(pkey); - BIO_free_all(out); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); - return (0); + ret = 0; + goto end; } if (nocrypt) @@ -367,7 +341,7 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; } } else @@ -379,14 +353,14 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; } if (!p8) { BIO_printf (bio_err, "Error reading key\n"); ERR_print_errors(bio_err); - return (1); + goto end; } if (passin) p8pass = passin; @@ -396,21 +370,20 @@ int MAIN(int argc, char **argv) EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); - X509_SIG_free(p8); } if (!p8inf) { BIO_printf(bio_err, "Error decrypting key\n"); ERR_print_errors(bio_err); - return (1); + goto end; } if (!(pkey = EVP_PKCS82PKEY(p8inf))) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); - return (1); + goto end; } if (p8inf->broken) @@ -430,13 +403,16 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); break; + case PKCS8_NEG_PRIVKEY: + BIO_printf(bio_err, "DSA private key value is negative\n"); + break; + default: BIO_printf(bio_err, "Unknown broken type\n"); break; } } - PKCS8_PRIV_KEY_INFO_free(p8inf); if (outformat == FORMAT_PEM) PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); else if (outformat == FORMAT_ASN1) @@ -444,10 +420,13 @@ int MAIN(int argc, char **argv) else { BIO_printf(bio_err, "Bad format specified for key\n"); - return (1); + goto end; } + ret = 0; end: + X509_SIG_free(p8); + PKCS8_PRIV_KEY_INFO_free(p8inf); EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); @@ -456,5 +435,5 @@ int MAIN(int argc, char **argv) if (passout) OPENSSL_free(passout); - return (0); + return ret; } diff --git a/src/lib/libssl/src/apps/prime.c b/src/lib/libssl/src/apps/prime.c index af2fed15af..f1aaef8725 100644 --- a/src/lib/libssl/src/apps/prime.c +++ b/src/lib/libssl/src/apps/prime.c @@ -62,6 +62,9 @@ int MAIN(int argc, char **argv) { int hex=0; int checks=20; + int generate=0; + int bits=0; + int safe=0; BIGNUM *bn=NULL; BIO *bio_out; @@ -77,6 +80,15 @@ int MAIN(int argc, char **argv) { if(!strcmp(*argv,"-hex")) hex=1; + else if(!strcmp(*argv,"-generate")) + generate=1; + else if(!strcmp(*argv,"-bits")) + if(--argc < 1) + goto bad; + else + bits=atoi(*++argv); + else if(!strcmp(*argv,"-safe")) + safe=1; else if(!strcmp(*argv,"-checks")) if(--argc < 1) goto bad; @@ -91,13 +103,13 @@ int MAIN(int argc, char **argv) ++argv; } - if (argv[0] == NULL) + if (argv[0] == NULL && !generate) { BIO_printf(bio_err,"No prime specified\n"); goto bad; } - if ((bio_out=BIO_new(BIO_s_file())) != NULL) + if ((bio_out=BIO_new(BIO_s_file())) != NULL) { BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS @@ -108,14 +120,32 @@ int MAIN(int argc, char **argv) #endif } - if(hex) - BN_hex2bn(&bn,argv[0]); + if(generate) + { + char *s; + + if(!bits) + { + BIO_printf(bio_err,"Specifiy the number of bits.\n"); + return 1; + } + bn=BN_new(); + BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL); + s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn); + BIO_printf(bio_out,"%s\n",s); + OPENSSL_free(s); + } else - BN_dec2bn(&bn,argv[0]); + { + if(hex) + BN_hex2bn(&bn,argv[0]); + else + BN_dec2bn(&bn,argv[0]); - BN_print(bio_out,bn); - BIO_printf(bio_out," is %sprime\n", - BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + BN_print(bio_out,bn); + BIO_printf(bio_out," is %sprime\n", + BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not "); + } BN_free(bn); BIO_free_all(bio_out); diff --git a/src/lib/libssl/src/apps/progs.h b/src/lib/libssl/src/apps/progs.h index aafd800bdf..79e479a337 100644 --- a/src/lib/libssl/src/apps/progs.h +++ b/src/lib/libssl/src/apps/progs.h @@ -22,6 +22,7 @@ extern int ecparam_main(int argc,char *argv[]); extern int x509_main(int argc,char *argv[]); extern int genrsa_main(int argc,char *argv[]); extern int gendsa_main(int argc,char *argv[]); +extern int genpkey_main(int argc,char *argv[]); extern int s_server_main(int argc,char *argv[]); extern int s_client_main(int argc,char *argv[]); extern int speed_main(int argc,char *argv[]); @@ -35,22 +36,30 @@ extern int ciphers_main(int argc,char *argv[]); extern int nseq_main(int argc,char *argv[]); extern int pkcs12_main(int argc,char *argv[]); extern int pkcs8_main(int argc,char *argv[]); +extern int pkey_main(int argc,char *argv[]); +extern int pkeyparam_main(int argc,char *argv[]); +extern int pkeyutl_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); extern int engine_main(int argc,char *argv[]); extern int ocsp_main(int argc,char *argv[]); extern int prime_main(int argc,char *argv[]); +extern int ts_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 #define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { int type; const char *name; int (*func)(int argc,char *argv[]); } FUNCTION; +DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"verify",verify_main}, @@ -96,6 +105,7 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_DSA {FUNC_TYPE_GENERAL,"gendsa",gendsa_main}, #endif + {FUNC_TYPE_GENERAL,"genpkey",genpkey_main}, #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_server",s_server_main}, #endif @@ -123,14 +133,20 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main}, #endif {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, + {FUNC_TYPE_GENERAL,"pkey",pkey_main}, + {FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main}, + {FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main}, {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, #ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, #endif +#ifndef OPENSSL_NO_OCSP {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, +#endif {FUNC_TYPE_GENERAL,"prime",prime_main}, + {FUNC_TYPE_GENERAL,"ts",ts_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, #endif @@ -189,6 +205,9 @@ FUNCTION functions[] = { {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main}, #endif {FUNC_TYPE_CIPHER,"base64",enc_main}, +#ifdef ZLIB + {FUNC_TYPE_CIPHER,"zlib",enc_main}, +#endif #ifndef OPENSSL_NO_DES {FUNC_TYPE_CIPHER,"des",enc_main}, #endif diff --git a/src/lib/libssl/src/apps/progs.pl b/src/lib/libssl/src/apps/progs.pl index 645432cfcc..de6fdeabbd 100644 --- a/src/lib/libssl/src/apps/progs.pl +++ b/src/lib/libssl/src/apps/progs.pl @@ -13,12 +13,16 @@ print <<'EOF'; #define FUNC_TYPE_GENERAL 1 #define FUNC_TYPE_MD 2 #define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { int type; const char *name; int (*func)(int argc,char *argv[]); } FUNCTION; +DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { EOF @@ -45,6 +49,8 @@ foreach (@ARGV) { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } elsif ( ($_ =~ /^cms$/)) { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } + elsif ( ($_ =~ /^ocsp$/)) + { print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; } else { print $str; } } @@ -62,7 +68,7 @@ foreach ( "camellia-128-cbc", "camellia-128-ecb", "camellia-192-cbc", "camellia-192-ecb", "camellia-256-cbc", "camellia-256-ecb", - "base64", + "base64", "zlib", "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", "rc2", "bf", "cast", "rc5", "des-ecb", "des-ede", "des-ede3", @@ -89,6 +95,7 @@ foreach ( elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; } elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; } elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; } + elsif ($_ =~ /zlib/) { $t="#ifdef ZLIB\n${t}#endif\n"; } print $t; } diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c index 5ed08960c1..820cd18fc7 100644 --- a/src/lib/libssl/src/apps/req.c +++ b/src/lib/libssl/src/apps/req.c @@ -141,39 +141,33 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, int n_max, unsigned long chtype); static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, int nid,int n_min,int n_max, unsigned long chtype, int mval); -#ifndef OPENSSL_NO_RSA -static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb); -#endif +static int genpkey_cb(EVP_PKEY_CTX *ctx); static int req_check_len(int len,int n_min,int n_max); static int check_end(const char *str, const char *end); +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine); #ifndef MONOLITH static char *default_config_file=NULL; #endif static CONF *req_conf=NULL; static int batch=0; -#define TYPE_RSA 1 -#define TYPE_DSA 2 -#define TYPE_DH 3 -#define TYPE_EC 4 - int MAIN(int, char **); int MAIN(int argc, char **argv) { - ENGINE *e = NULL; -#ifndef OPENSSL_NO_DSA - DSA *dsa_params=NULL; -#endif -#ifndef OPENSSL_NO_ECDSA - EC_KEY *ec_params = NULL; -#endif + ENGINE *e = NULL, *gen_eng = NULL; unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; + EVP_PKEY_CTX *genctx = NULL; + const char *keyalg = NULL; + char *keyalgstr = NULL; + STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; EVP_PKEY *pkey=NULL; - int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA; + int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; @@ -193,7 +187,7 @@ int MAIN(int argc, char **argv) char *p; char *subj = NULL; int multirdn = 0; - const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); + const EVP_MD *md_alg=NULL,*digest=NULL; unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH char *to_free; @@ -236,6 +230,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine= *(++argv); } + else if (strcmp(*argv,"-keygen_engine") == 0) + { + if (--argc < 1) goto bad; + gen_eng = ENGINE_by_id(*(++argv)); + if (gen_eng == NULL) + { + BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); + goto end; + } + } #endif else if (strcmp(*argv,"-key") == 0) { @@ -292,126 +296,20 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-newkey") == 0) { - int is_numeric; - - if (--argc < 1) goto bad; - p= *(++argv); - is_numeric = p[0] >= '0' && p[0] <= '9'; - if (strncmp("rsa:",p,4) == 0 || is_numeric) - { - pkey_type=TYPE_RSA; - if(!is_numeric) - p+=4; - newkey= atoi(p); - } - else -#ifndef OPENSSL_NO_DSA - if (strncmp("dsa:",p,4) == 0) - { - X509 *xtmp=NULL; - EVP_PKEY *dtmp; - - pkey_type=TYPE_DSA; - p+=4; - if ((in=BIO_new_file(p,"r")) == NULL) - { - perror(p); - goto end; - } - if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) - { - ERR_clear_error(); - (void)BIO_reset(in); - if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) - { - BIO_printf(bio_err,"unable to load DSA parameters from file\n"); - goto end; - } - - if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end; - if (dtmp->type == EVP_PKEY_DSA) - dsa_params=DSAparams_dup(dtmp->pkey.dsa); - EVP_PKEY_free(dtmp); - X509_free(xtmp); - if (dsa_params == NULL) - { - BIO_printf(bio_err,"Certificate does not contain DSA parameters\n"); - goto end; - } - } - BIO_free(in); - in=NULL; - newkey=BN_num_bits(dsa_params->p); - } - else -#endif -#ifndef OPENSSL_NO_ECDSA - if (strncmp("ec:",p,3) == 0) - { - X509 *xtmp=NULL; - EVP_PKEY *dtmp; - EC_GROUP *group; - - pkey_type=TYPE_EC; - p+=3; - if ((in=BIO_new_file(p,"r")) == NULL) - { - perror(p); - goto end; - } - if ((ec_params = EC_KEY_new()) == NULL) - goto end; - group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL); - if (group == NULL) - { - EC_KEY_free(ec_params); - ERR_clear_error(); - (void)BIO_reset(in); - if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) - { - BIO_printf(bio_err,"unable to load EC parameters from file\n"); - goto end; - } - - if ((dtmp=X509_get_pubkey(xtmp))==NULL) - goto end; - if (dtmp->type == EVP_PKEY_EC) - ec_params = EC_KEY_dup(dtmp->pkey.ec); - EVP_PKEY_free(dtmp); - X509_free(xtmp); - if (ec_params == NULL) - { - BIO_printf(bio_err,"Certificate does not contain EC parameters\n"); - goto end; - } - } - else - { - if (EC_KEY_set_group(ec_params, group) == 0) - goto end; - EC_GROUP_free(group); - } - - BIO_free(in); - in=NULL; - newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params)); - } - else -#endif -#ifndef OPENSSL_NO_DH - if (strncmp("dh:",p,4) == 0) - { - pkey_type=TYPE_DH; - p+=3; - } - else -#endif - { + if (--argc < 1) goto bad; - } - + keyalg = *(++argv); newreq=1; } + else if (strcmp(*argv,"-pkeyopt") == 0) + { + if (--argc < 1) + goto bad; + if (!pkeyopts) + pkeyopts = sk_OPENSSL_STRING_new_null(); + if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv))) + goto bad; + } else if (strcmp(*argv,"-batch") == 0) batch=1; else if (strcmp(*argv,"-newhdr") == 0) @@ -467,11 +365,6 @@ int MAIN(int argc, char **argv) serial = s2i_ASN1_INTEGER(NULL, *(++argv)); if (!serial) goto bad; } - else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) - { - /* ok */ - digest=md_alg; - } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; @@ -482,6 +375,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; req_exts = *(++argv); } + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -730,15 +628,20 @@ bad: if (newreq && (pkey == NULL)) { -#ifndef OPENSSL_NO_RSA - BN_GENCB cb; -#endif char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); if (inrand) app_RAND_load_files(inrand); + + if (keyalg) + { + genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, + &keyalgstr, gen_eng); + if (!genctx) + goto end; + } if (newkey <= 0) { @@ -746,57 +649,54 @@ bad: newkey=DEFAULT_KEY_LENGTH; } - if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) + if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { BIO_printf(bio_err,"private key length is too short,\n"); BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); goto end; } - BIO_printf(bio_err,"Generating a %ld bit %s private key\n", - newkey,(pkey_type == TYPE_RSA)?"RSA": - (pkey_type == TYPE_DSA)?"DSA":"EC"); - - if ((pkey=EVP_PKEY_new()) == NULL) goto end; -#ifndef OPENSSL_NO_RSA - BN_GENCB_set(&cb, req_cb, bio_err); - if (pkey_type == TYPE_RSA) - { - RSA *rsa = RSA_new(); - BIGNUM *bn = BN_new(); - if(!bn || !rsa || !BN_set_word(bn, 0x10001) || - !RSA_generate_key_ex(rsa, newkey, bn, &cb) || - !EVP_PKEY_assign_RSA(pkey, rsa)) - { - if(bn) BN_free(bn); - if(rsa) RSA_free(rsa); + if (!genctx) + { + genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, + &keyalgstr, gen_eng); + if (!genctx) goto end; - } - BN_free(bn); } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey_type == TYPE_DSA) + + if (pkeyopts) { - if (!DSA_generate_key(dsa_params)) goto end; - if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end; - dsa_params=NULL; + char *genopt; + for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) + { + genopt = sk_OPENSSL_STRING_value(pkeyopts, i); + if (pkey_ctrl_string(genctx, genopt) <= 0) + { + BIO_printf(bio_err, + "parameter error \"%s\"\n", + genopt); + ERR_print_errors(bio_err); + goto end; + } + } } -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey_type == TYPE_EC) + + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", + newkey, keyalgstr); + + EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); + EVP_PKEY_CTX_set_app_data(genctx, bio_err); + + if (EVP_PKEY_keygen(genctx, &pkey) <= 0) { - if (!EC_KEY_generate_key(ec_params)) goto end; - if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) - goto end; - ec_params = NULL; + BIO_puts(bio_err, "Error Generating Key\n"); + goto end; } -#endif - app_RAND_write_file(randfile, bio_err); + EVP_PKEY_CTX_free(genctx); + genctx = NULL; - if (pkey == NULL) goto end; + app_RAND_write_file(randfile, bio_err); if (keyout == NULL) { @@ -895,14 +795,7 @@ loop: BIO_printf(bio_err,"you need to specify a private key\n"); goto end; } -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - digest=EVP_ecdsa(); -#endif + if (req == NULL) { req=X509_REQ_new(); @@ -945,7 +838,7 @@ loop: if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; - if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end; + if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end; if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; tmppkey = X509_REQ_get_pubkey(req); if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end; @@ -967,7 +860,10 @@ loop: } if (!(i=X509_sign(x509ss,pkey,digest))) + { + ERR_print_errors(bio_err); goto end; + } } else { @@ -988,7 +884,10 @@ loop: goto end; } if (!(i=X509_REQ_sign(req,pkey,digest))) + { + ERR_print_errors(bio_err); goto end; + } } } @@ -1125,7 +1024,7 @@ loop: } fprintf(stdout,"Modulus="); #ifndef OPENSSL_NO_RSA - if (tpubkey->type == EVP_PKEY_RSA) + if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) BN_print(out,tpubkey->pkey.rsa->n); else #endif @@ -1181,18 +1080,22 @@ end: BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); + if (genctx) + EVP_PKEY_CTX_free(genctx); + if (pkeyopts) + sk_OPENSSL_STRING_free(pkeyopts); +#ifndef OPENSSL_NO_ENGINE + if (gen_eng) + ENGINE_free(gen_eng); +#endif + if (keyalgstr) + OPENSSL_free(keyalgstr); X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); if(passargin && passin) OPENSSL_free(passin); if(passargout && passout) OPENSSL_free(passout); OBJ_cleanup(); -#ifndef OPENSSL_NO_DSA - if (dsa_params != NULL) DSA_free(dsa_params); -#endif -#ifndef OPENSSL_NO_ECDSA - if (ec_params != NULL) EC_KEY_free(ec_params); -#endif apps_shutdown(); OPENSSL_EXIT(ex); } @@ -1433,11 +1336,17 @@ start2: for (;;) BIO_snprintf(buf,sizeof buf,"%s_min",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) + { + ERR_clear_error(); n_min = -1; + } BIO_snprintf(buf,sizeof buf,"%s_max",type); if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) + { + ERR_clear_error(); n_max = -1; + } if (!add_attribute_object(req, v->value,def,value,nid,n_min,n_max, chtype)) @@ -1538,7 +1447,8 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (!fgets(buf,sizeof buf,stdin)) + return 0; } else { @@ -1596,7 +1506,8 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,sizeof buf,stdin); + if (!fgets(buf,sizeof buf,stdin)) + return 0; } else { @@ -1639,24 +1550,6 @@ err: return(0); } -#ifndef OPENSSL_NO_RSA -static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - BIO_write(cb->arg,&c,1); - (void)BIO_flush(cb->arg); -#ifdef LINT - p=n; -#endif - return 1; - } -#endif - static int req_check_len(int len, int n_min, int n_max) { if ((n_min > 0) && (len < n_min)) @@ -1683,3 +1576,183 @@ static int check_end(const char *str, const char *end) tmp = str + slen - elen; return strcmp(tmp, end); } + +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine) + { + EVP_PKEY_CTX *gctx = NULL; + EVP_PKEY *param = NULL; + long keylen = -1; + BIO *pbio = NULL; + const char *paramfile = NULL; + + if (gstr == NULL) + { + *pkey_type = EVP_PKEY_RSA; + keylen = *pkeylen; + } + else if (gstr[0] >= '0' && gstr[0] <= '9') + { + *pkey_type = EVP_PKEY_RSA; + keylen = atol(gstr); + *pkeylen = keylen; + } + else if (!strncmp(gstr, "param:", 6)) + paramfile = gstr + 6; + else + { + const char *p = strchr(gstr, ':'); + int len; + ENGINE *tmpeng; + const EVP_PKEY_ASN1_METHOD *ameth; + + if (p) + len = p - gstr; + else + len = strlen(gstr); + /* The lookup of a the string will cover all engines so + * keep a note of the implementation. + */ + + ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); + + if (!ameth) + { + BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr); + return NULL; + } + + EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, + ameth); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif + if (*pkey_type == EVP_PKEY_RSA) + { + if (p) + { + keylen = atol(p + 1); + *pkeylen = keylen; + } + } + else if (p) + paramfile = p + 1; + } + + if (paramfile) + { + pbio = BIO_new_file(paramfile, "r"); + if (!pbio) + { + BIO_printf(err, "Can't open parameter file %s\n", + paramfile); + return NULL; + } + param = PEM_read_bio_Parameters(pbio, NULL); + + if (!param) + { + X509 *x; + (void)BIO_reset(pbio); + x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); + if (x) + { + param = X509_get_pubkey(x); + X509_free(x); + } + } + + BIO_free(pbio); + + if (!param) + { + BIO_printf(err, "Error reading parameter file %s\n", + paramfile); + return NULL; + } + if (*pkey_type == -1) + *pkey_type = EVP_PKEY_id(param); + else if (*pkey_type != EVP_PKEY_base_id(param)) + { + BIO_printf(err, "Key Type does not match parameters\n"); + EVP_PKEY_free(param); + return NULL; + } + } + + if (palgnam) + { + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *tmpeng; + const char *anam; + ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); + if (!ameth) + { + BIO_puts(err, "Internal error: can't find key algorithm\n"); + return NULL; + } + EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); + *palgnam = BUF_strdup(anam); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif + } + + if (param) + { + gctx = EVP_PKEY_CTX_new(param, keygen_engine); + *pkeylen = EVP_PKEY_bits(param); + EVP_PKEY_free(param); + } + else + gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); + + if (!gctx) + { + BIO_puts(err, "Error allocating keygen context\n"); + ERR_print_errors(err); + return NULL; + } + + if (EVP_PKEY_keygen_init(gctx) <= 0) + { + BIO_puts(err, "Error initializing keygen context\n"); + ERR_print_errors(err); + return NULL; + } +#ifndef OPENSSL_NO_RSA + if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) + { + if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) + { + BIO_puts(err, "Error setting RSA keysize\n"); + ERR_print_errors(err); + EVP_PKEY_CTX_free(gctx); + return NULL; + } + } +#endif + + return gctx; + } + +static int genpkey_cb(EVP_PKEY_CTX *ctx) + { + char c='*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p; + p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write(b,&c,1); + (void)BIO_flush(b); +#ifdef LINT + p=n; +#endif + return 1; + } diff --git a/src/lib/libssl/src/apps/rsa.c b/src/lib/libssl/src/apps/rsa.c index 930f1f038a..a17708fe9c 100644 --- a/src/lib/libssl/src/apps/rsa.c +++ b/src/lib/libssl/src/apps/rsa.c @@ -115,6 +115,8 @@ int MAIN(int argc, char **argv) #endif int modulus=0; + int pvk_encr = 2; + apps_startup(); if (bio_err == NULL) @@ -177,6 +179,16 @@ int MAIN(int argc, char **argv) pubin=1; else if (strcmp(*argv,"-pubout") == 0) pubout=1; + else if (strcmp(*argv,"-RSAPublicKey_in") == 0) + pubin = 2; + else if (strcmp(*argv,"-RSAPublicKey_out") == 0) + pubout = 2; + else if (strcmp(*argv,"-pvk-strong") == 0) + pvk_encr=2; + else if (strcmp(*argv,"-pvk-weak") == 0) + pvk_encr=1; + else if (strcmp(*argv,"-pvk-none") == 0) + pvk_encr=0; else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -257,10 +269,23 @@ bad: EVP_PKEY *pkey; if (pubin) - pkey = load_pubkey(bio_err, infile, - (informat == FORMAT_NETSCAPE && sgckey ? - FORMAT_IISSGC : informat), 1, + { + int tmpformat=-1; + if (pubin == 2) + { + if (informat == FORMAT_PEM) + tmpformat = FORMAT_PEMRSA; + else if (informat == FORMAT_ASN1) + tmpformat = FORMAT_ASN1RSA; + } + else if (informat == FORMAT_NETSCAPE && sgckey) + tmpformat = FORMAT_IISSGC; + else + tmpformat = informat; + + pkey = load_pubkey(bio_err, infile, tmpformat, 1, passin, e, "Public Key"); + } else pkey = load_key(bio_err, infile, (informat == FORMAT_NETSCAPE && sgckey ? @@ -268,7 +293,7 @@ bad: passin, e, "Private Key"); if (pkey != NULL) - rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey); + rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); } @@ -346,7 +371,13 @@ bad: } BIO_printf(bio_err,"writing RSA key\n"); if (outformat == FORMAT_ASN1) { - if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa); + if(pubout || pubin) + { + if (pubout == 2) + i=i2d_RSAPublicKey_bio(out,rsa); + else + i=i2d_RSA_PUBKEY_bio(out,rsa); + } else i=i2d_RSAPrivateKey_bio(out,rsa); } #ifndef OPENSSL_NO_RC4 @@ -370,14 +401,32 @@ bad: #endif else if (outformat == FORMAT_PEM) { if(pubout || pubin) - i=PEM_write_bio_RSA_PUBKEY(out,rsa); + { + if (pubout == 2) + i=PEM_write_bio_RSAPublicKey(out,rsa); + else + i=PEM_write_bio_RSA_PUBKEY(out,rsa); + } else i=PEM_write_bio_RSAPrivateKey(out,rsa, enc,NULL,0,NULL,passout); +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) + } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { + EVP_PKEY *pk; + pk = EVP_PKEY_new(); + EVP_PKEY_set1_RSA(pk, rsa); + if (outformat == FORMAT_PVK) + i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); + else if (pubin || pubout) + i = i2b_PublicKey_bio(out, pk); + else + i = i2b_PrivateKey_bio(out, pk); + EVP_PKEY_free(pk); +#endif } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } - if (!i) + if (i <= 0) { BIO_printf(bio_err,"unable to write key\n"); ERR_print_errors(bio_err); diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c index 923e2b682f..b01f004eb3 100644 --- a/src/lib/libssl/src/apps/rsautl.c +++ b/src/lib/libssl/src/apps/rsautl.c @@ -342,4 +342,10 @@ static void usage() } +#else /* !OPENSSL_NO_RSA */ + +# if PEDANTIC +static void *dummy=&dummy; +# endif + #endif diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h index 08fbbc2229..820e5c5815 100644 --- a/src/lib/libssl/src/apps/s_apps.h +++ b/src/lib/libssl/src/apps/s_apps.h @@ -117,7 +117,7 @@ #include #endif -#ifdef OPENSSL_SYS_MSDOS +#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) #define _kbhit kbhit #endif @@ -162,7 +162,7 @@ int extract_port(char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret); + int argi, long argl, long ret); #ifdef HEADER_SSL_H void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); @@ -171,3 +171,6 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); #endif + +int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); +int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c index a512589e8c..c4f5512247 100644 --- a/src/lib/libssl/src/apps/s_cb.c +++ b/src/lib/libssl/src/apps/s_cb.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -117,16 +117,21 @@ #undef NON_MAIN #undef USE_SOCKETS #include +#include #include #include #include "s_apps.h" +#define COOKIE_SECRET_LENGTH 16 + int verify_depth=0; int verify_error=X509_V_OK; +int verify_return_error=0; +unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; +int cookie_initialized=0; int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) { - char buf[256]; X509 *err_cert; int err,depth; @@ -134,15 +139,23 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); - BIO_printf(bio_err,"depth=%d %s\n",depth,buf); + BIO_printf(bio_err,"depth=%d ",depth); + if (err_cert) + { + X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); + } + else + BIO_puts(bio_err, "\n"); if (!ok) { BIO_printf(bio_err,"verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); if (verify_depth >= depth) { - ok=1; + if (!verify_return_error) + ok=1; verify_error=X509_V_OK; } else @@ -151,25 +164,33 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; } } - switch (ctx->error) + switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf); - BIO_printf(bio_err,"issuer= %s\n",buf); + BIO_puts(bio_err,"issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, XN_FLAG_ONELINE); + BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err,"notBefore="); - ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); + ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); BIO_printf(bio_err,"\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err,"notAfter="); - ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); + ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); BIO_printf(bio_err,"\n"); break; + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(bio_err, ctx); + break; } + if (err == X509_V_OK && ok == 2) + policies_print(bio_err, ctx); + BIO_printf(bio_err,"verify return:%d\n",ok); return(ok); } @@ -258,7 +279,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) } long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret) + int argi, long argl, long ret) { BIO *out; @@ -267,15 +288,15 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) { - BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", - (void *)bio,argp,argi,ret,ret); + BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", + (void *)bio,argp,(unsigned long)argi,ret,ret); BIO_dump(out,argp,(int)ret); return(ret); } else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) { - BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", - (void *)bio,argp,argi,ret,ret); + BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", + (void *)bio,argp,(unsigned long)argi,ret,ret); BIO_dump(out,argp,(int)ret); } return(ret); @@ -336,6 +357,12 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case TLS1_VERSION: str_version = "TLS 1.0 "; break; + case DTLS1_VERSION: + str_version = "DTLS 1.0 "; + break; + case DTLS1_BAD_VER: + str_version = "DTLS 1.0 (bad) "; + break; default: str_version = "???"; } @@ -401,7 +428,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * } } - if (version == SSL3_VERSION || version == TLS1_VERSION) + if (version == SSL3_VERSION || + version == TLS1_VERSION || + version == DTLS1_VERSION || + version == DTLS1_BAD_VER) { switch (content_type) { @@ -504,6 +534,21 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 100: str_details2 = " no_renegotiation"; break; + case 110: + str_details2 = " unsupported_extension"; + break; + case 111: + str_details2 = " certificate_unobtainable"; + break; + case 112: + str_details2 = " unrecognized_name"; + break; + case 113: + str_details2 = " bad_certificate_status_response"; + break; + case 114: + str_details2 = " bad_certificate_hash_value"; + break; } } } @@ -525,6 +570,9 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * case 2: str_details1 = ", ServerHello"; break; + case 3: + str_details1 = ", HelloVerifyRequest"; + break; case 11: str_details1 = ", Certificate"; break; @@ -621,6 +669,15 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, extname = "server ticket"; break; + case TLSEXT_TYPE_renegotiate: + extname = "renegotiate"; + break; + +#ifdef TLSEXT_TYPE_opaque_prf_input + case TLSEXT_TYPE_opaque_prf_input: + extname = "opaque PRF input"; + break; +#endif default: extname = "unknown"; @@ -634,3 +691,172 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, BIO_dump(bio, (char *)data, len); (void)BIO_flush(bio); } + +int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) + { + unsigned char *buffer, result[EVP_MAX_MD_SIZE]; + unsigned int length, resultlength; + union { + struct sockaddr sa; + struct sockaddr_in s4; +#if OPENSSL_USE_IPV6 + struct sockaddr_in6 s6; +#endif + } peer; + + /* Initialize a random secret */ + if (!cookie_initialized) + { + if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) + { + BIO_printf(bio_err,"error setting random cookie secret\n"); + return 0; + } + cookie_initialized = 1; + } + + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + + /* Create buffer with peer's address and port */ + length = 0; + switch (peer.sa.sa_family) + { + case AF_INET: + length += sizeof(struct in_addr); + length += sizeof(peer.s4.sin_port); + break; +#if OPENSSL_USE_IPV6 + case AF_INET6: + length += sizeof(struct in6_addr); + length += sizeof(peer.s6.sin6_port); + break; +#endif + default: + OPENSSL_assert(0); + break; + } + buffer = OPENSSL_malloc(length); + + if (buffer == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + return 0; + } + + switch (peer.sa.sa_family) + { + case AF_INET: + memcpy(buffer, + &peer.s4.sin_port, + sizeof(peer.s4.sin_port)); + memcpy(buffer + sizeof(peer.s4.sin_port), + &peer.s4.sin_addr, + sizeof(struct in_addr)); + break; +#if OPENSSL_USE_IPV6 + case AF_INET6: + memcpy(buffer, + &peer.s6.sin6_port, + sizeof(peer.s6.sin6_port)); + memcpy(buffer + sizeof(peer.s6.sin6_port), + &peer.s6.sin6_addr, + sizeof(struct in6_addr)); + break; +#endif + default: + OPENSSL_assert(0); + break; + } + + /* Calculate HMAC of buffer using the secret */ + HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength); + OPENSSL_free(buffer); + + memcpy(cookie, result, resultlength); + *cookie_len = resultlength; + + return 1; + } + +int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) + { + unsigned char *buffer, result[EVP_MAX_MD_SIZE]; + unsigned int length, resultlength; + union { + struct sockaddr sa; + struct sockaddr_in s4; +#if OPENSSL_USE_IPV6 + struct sockaddr_in6 s6; +#endif + } peer; + + /* If secret isn't initialized yet, the cookie can't be valid */ + if (!cookie_initialized) + return 0; + + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); + + /* Create buffer with peer's address and port */ + length = 0; + switch (peer.sa.sa_family) + { + case AF_INET: + length += sizeof(struct in_addr); + length += sizeof(peer.s4.sin_port); + break; +#if OPENSSL_USE_IPV6 + case AF_INET6: + length += sizeof(struct in6_addr); + length += sizeof(peer.s6.sin6_port); + break; +#endif + default: + OPENSSL_assert(0); + break; + } + buffer = OPENSSL_malloc(length); + + if (buffer == NULL) + { + BIO_printf(bio_err,"out of memory\n"); + return 0; + } + + switch (peer.sa.sa_family) + { + case AF_INET: + memcpy(buffer, + &peer.s4.sin_port, + sizeof(peer.s4.sin_port)); + memcpy(buffer + sizeof(peer.s4.sin_port), + &peer.s4.sin_addr, + sizeof(struct in_addr)); + break; +#if OPENSSL_USE_IPV6 + case AF_INET6: + memcpy(buffer, + &peer.s6.sin6_port, + sizeof(peer.s6.sin6_port)); + memcpy(buffer + sizeof(peer.s6.sin6_port), + &peer.s6.sin6_addr, + sizeof(struct in6_addr)); + break; +#endif + default: + OPENSSL_assert(0); + break; + } + + /* Calculate HMAC of buffer using the secret */ + HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength); + OPENSSL_free(buffer); + + if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) + return 1; + + return 0; + } diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index 4974f5fc93..34ad2cec78 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -108,8 +108,35 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ #include +#include #include #include #include @@ -135,23 +162,19 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" #include "timeouts.h" -#ifdef OPENSSL_SYS_WINCE -/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ -#ifdef fileno -#undef fileno -#endif -#define fileno(a) (int)_fileno(a) -#endif - - #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif +#if defined(OPENSSL_SYS_BEOS_R5) +#include +#endif + #undef PROG #define PROG s_client_main @@ -166,6 +189,7 @@ typedef unsigned int u_int; extern int verify_depth; extern int verify_error; +extern int verify_return_error; #ifdef FIONBIO static int c_nbio=0; @@ -188,6 +212,69 @@ static BIO *bio_c_out=NULL; static int c_quiet=0; static int c_ign_eof=0; +#ifndef OPENSSL_NO_PSK +/* Default PSK identity and key */ +static char *psk_identity="Client_identity"; +/*char *psk_key=NULL; by default PSK is not used */ + +static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, + unsigned int max_psk_len) + { + unsigned int psk_len = 0; + int ret; + BIGNUM *bn=NULL; + + if (c_debug) + BIO_printf(bio_c_out, "psk_client_cb\n"); + if (!hint) + { + /* no ServerKeyExchange message*/ + if (c_debug) + BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n"); + } + else if (c_debug) + BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); + + /* lookup PSK identity and PSK key based on the given identity hint here */ + ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); + if (ret < 0 || (unsigned int)ret > max_identity_len) + goto out_err; + if (c_debug) + BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret); + ret=BN_hex2bn(&bn, psk_key); + if (!ret) + { + BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); + if (bn) + BN_free(bn); + return 0; + } + + if ((unsigned int)BN_num_bytes(bn) > max_psk_len) + { + BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + + psk_len=BN_bn2bin(bn, psk); + BN_free(bn); + if (psk_len == 0) + goto out_err; + + if (c_debug) + BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len); + + return psk_len; + out_err: + if (c_debug) + BIO_printf(bio_err, "Error in PSK client callback\n"); + return 0; + } +#endif + static void sc_usage(void) { BIO_printf(bio_err,"usage: s_client args\n"); @@ -196,7 +283,7 @@ static void sc_usage(void) BIO_printf(bio_err," -port port - use -connect instead\n"); BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); - BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n"); + BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n"); @@ -222,11 +309,18 @@ static void sc_usage(void) BIO_printf(bio_err," -quiet - no s_client output\n"); BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); +#ifndef OPENSSL_NO_PSK + BIO_printf(bio_err," -psk_identity arg - PSK identity\n"); + BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); +# ifndef OPENSSL_NO_JPAKE + BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); +# endif +#endif BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); - BIO_printf(bio_err," -mtu - set the MTU\n"); + BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); @@ -249,6 +343,7 @@ static void sc_usage(void) BIO_printf(bio_err," -status - request certificate status from server\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); #endif + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); } #ifndef OPENSSL_NO_TLSEXT @@ -272,6 +367,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } #endif + enum { PROTO_OFF = 0, @@ -286,9 +382,8 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - int off=0; - SSL *con=NULL,*con2=NULL; - X509_STORE *store = NULL; + unsigned int off=0, clr=0; + SSL *con=NULL; int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; @@ -309,25 +404,27 @@ int MAIN(int argc, char **argv) SSL_CTX *ctx=NULL; int ret=1,in_init=1,i,nbio_test=0; int starttls_proto = PROTO_OFF; - int prexit = 0, vflags = 0; - SSL_METHOD *meth=NULL; -#ifdef sock_type -#undef sock_type -#endif - int sock_type=SOCK_STREAM; + int prexit = 0; + X509_VERIFY_PARAM *vpm = NULL; + int badarg = 0; + const SSL_METHOD *meth=NULL; + int socket_type=SOCK_STREAM; BIO *sbio; char *inrand=NULL; int mbuf_len=0; + struct timeval timeout, *timeoutp; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; char *ssl_client_engine_id=NULL; ENGINE *ssl_client_engine=NULL; #endif ENGINE *e=NULL; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) struct timeval tv; +#if defined(OPENSSL_SYS_BEOS_R5) + int stdin_set = 0; +#endif #endif - #ifndef OPENSSL_NO_TLSEXT char *servername = NULL; tlsextctx tlsextcbp = @@ -338,7 +435,7 @@ int MAIN(int argc, char **argv) struct sockaddr peer; int peerlen = sizeof(peer); int enable_timeouts = 0 ; - long mtu = 0; + long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE char *jpake_secret = NULL; #endif @@ -427,10 +524,14 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; cert_format = str2fmt(*(++argv)); } - else if (strcmp(*argv,"-crl_check") == 0) - vflags |= X509_V_FLAG_CRL_CHECK; - else if (strcmp(*argv,"-crl_check_all") == 0) - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) + { + if (badarg) + goto bad; + continue; + } + else if (strcmp(*argv,"-verify_return_error") == 0) + verify_return_error = 1; else if (strcmp(*argv,"-prexit") == 0) prexit=1; else if (strcmp(*argv,"-crlf") == 0) @@ -466,6 +567,27 @@ int MAIN(int argc, char **argv) nbio_test=1; else if (strcmp(*argv,"-state") == 0) state=1; +#ifndef OPENSSL_NO_PSK + else if (strcmp(*argv,"-psk_identity") == 0) + { + if (--argc < 1) goto bad; + psk_identity=*(++argv); + } + else if (strcmp(*argv,"-psk") == 0) + { + size_t j; + + if (--argc < 1) goto bad; + psk_key=*(++argv); + for (j = 0; j < strlen(psk_key); j++) + { + if (isxdigit((int)psk_key[j])) + continue; + BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); + goto bad; + } + } +#endif #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); @@ -482,14 +604,14 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-dtls1") == 0) { meth=DTLSv1_client_method(); - sock_type=SOCK_DGRAM; + socket_type=SOCK_DGRAM; } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) { if (--argc < 1) goto bad; - mtu = atol(*(++argv)); + socket_mtu = atol(*(++argv)); } #endif else if (strcmp(*argv,"-bugs") == 0) @@ -529,12 +651,20 @@ int MAIN(int argc, char **argv) off|=SSL_OP_NO_SSLv3; else if (strcmp(*argv,"-no_ssl2") == 0) off|=SSL_OP_NO_SSLv2; + else if (strcmp(*argv,"-no_comp") == 0) + { off|=SSL_OP_NO_COMPRESSION; } #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-no_ticket") == 0) { off|=SSL_OP_NO_TICKET; } #endif else if (strcmp(*argv,"-serverpref") == 0) off|=SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + else if (strcmp(*argv,"-legacy_server_connect") == 0) + { off|=SSL_OP_LEGACY_SERVER_CONNECT; } + else if (strcmp(*argv,"-no_legacy_server_connect") == 0) + { clr|=SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -609,6 +739,26 @@ bad: goto end; } +#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) + if (jpake_secret) + { + if (psk_key) + { + BIO_printf(bio_err, + "Can't use JPAKE and PSK together\n"); + goto end; + } + psk_identity = "JPAKE"; + } + + if (cipher) + { + BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); + goto end; + } + cipher = "PSK"; +#endif + OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); @@ -624,6 +774,7 @@ bad: goto end; } } + #endif if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { @@ -691,6 +842,9 @@ bad: goto end; } + if (vpm) + SSL_CTX_set1_param(ctx, vpm); + #ifndef OPENSSL_NO_ENGINE if (ssl_client_engine) { @@ -705,14 +859,29 @@ bad: } #endif +#ifndef OPENSSL_NO_PSK +#ifdef OPENSSL_NO_JPAKE + if (psk_key != NULL) +#else + if (psk_key != NULL || jpake_secret) +#endif + { + if (c_debug) + BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); + SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); + } +#endif if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL|off); else SSL_CTX_set_options(ctx,off); + + if (clr) + SSL_CTX_clear_options(ctx, clr); /* DTLS: partial reads end up discarding unread UDP bytes :-( * Setting read ahead solves this problem. */ - if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); + if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); if (cipher != NULL) @@ -738,8 +907,6 @@ bad: /* goto end; */ } - store = SSL_CTX_get_cert_store(ctx); - X509_STORE_set_flags(store, vflags); #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { @@ -784,7 +951,6 @@ bad: } } #endif - #ifndef OPENSSL_NO_KRB5 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) { @@ -792,10 +958,15 @@ bad: } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ +#if 0 +#ifdef TLSEXT_TYPE_opaque_prf_input + SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); +#endif +#endif re_start: - if (init_client(&s,host,port,sock_type) == 0) + if (init_client(&s,host,port,socket_type) == 0) { BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); SHUTDOWN(s); @@ -819,7 +990,6 @@ re_start: if ( SSL_version(con) == DTLS1_VERSION) { - struct timeval timeout; sbio=BIO_new_dgram(s,BIO_NOCLOSE); if (getsockname(s, &peer, (void *)&peerlen) < 0) @@ -832,7 +1002,7 @@ re_start: (void)BIO_ctrl_set_connected(sbio, 1, &peer); - if ( enable_timeouts) + if (enable_timeouts) { timeout.tv_sec = 0; timeout.tv_usec = DGRAM_RCV_TIMEOUT; @@ -843,10 +1013,10 @@ re_start: BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); } - if ( mtu > 0) + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, mtu); + SSL_set_mtu(con, socket_mtu - 28); } else /* want to do MTU discovery */ @@ -1036,6 +1206,12 @@ SSL_set_tlsext_status_ids(con, ids); FD_ZERO(&readfds); FD_ZERO(&writefds); + if ((SSL_version(con) == DTLS1_VERSION) && + DTLSv1_get_timeout(con, &timeout)) + timeoutp = &timeout; + else + timeoutp = NULL; + if (SSL_in_init(con) && !SSL_total_renegotiations(con)) { in_init=1; @@ -1047,6 +1223,14 @@ SSL_set_tlsext_status_ids(con, ids); if (in_init) { in_init=0; +#if 0 /* This test doesn't really work as intended (needs to be fixed) */ +#ifndef OPENSSL_NO_TLSEXT + if (servername != NULL && !SSL_session_reused(con)) + { + BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not "); + } +#endif +#endif if (sess_out) { BIO *stmp = BIO_new_file(sess_out, "w"); @@ -1084,22 +1268,22 @@ SSL_set_tlsext_status_ids(con, ids); if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5) if (tty_on) { - if (read_tty) FD_SET(fileno(stdin),&readfds); - if (write_tty) FD_SET(fileno(stdout),&writefds); + if (read_tty) openssl_fdset(fileno(stdin),&readfds); + if (write_tty) openssl_fdset(fileno(stdout),&writefds); } if (read_ssl) - FD_SET(SSL_get_fd(con),&readfds); + openssl_fdset(SSL_get_fd(con),&readfds); if (write_ssl) - FD_SET(SSL_get_fd(con),&writefds); + openssl_fdset(SSL_get_fd(con),&writefds); #else if(!tty_on || !write_tty) { if (read_ssl) - FD_SET(SSL_get_fd(con),&readfds); + openssl_fdset(SSL_get_fd(con),&readfds); if (write_ssl) - FD_SET(SSL_get_fd(con),&writefds); + openssl_fdset(SSL_get_fd(con),&writefds); } #endif /* printf("mode tty(%d %d%d) ssl(%d%d)\n", @@ -1132,7 +1316,7 @@ SSL_set_tlsext_status_ids(con, ids); if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue; #endif } else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); } #elif defined(OPENSSL_SYS_NETWARE) if(!write_tty) { @@ -1142,11 +1326,30 @@ SSL_set_tlsext_status_ids(con, ids); i=select(width,(void *)&readfds,(void *)&writefds, NULL,&tv); } else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); + } +#elif defined(OPENSSL_SYS_BEOS_R5) + /* Under BeOS-R5 the situation is similar to DOS */ + i=0; + stdin_set = 0; + (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); + if(!write_tty) { + if(read_tty) { + tv.tv_sec = 1; + tv.tv_usec = 0; + i=select(width,(void *)&readfds,(void *)&writefds, + NULL,&tv); + if (read(fileno(stdin), sbuf, 0) >= 0) + stdin_set = 1; + if (!i && (stdin_set != 1 || !read_tty)) + continue; + } else i=select(width,(void *)&readfds,(void *)&writefds, + NULL,timeoutp); } + (void)fcntl(fileno(stdin), F_SETFL, 0); #else i=select(width,(void *)&readfds,(void *)&writefds, - NULL,NULL); + NULL,timeoutp); #endif if ( i < 0) { @@ -1157,6 +1360,11 @@ SSL_set_tlsext_status_ids(con, ids); } } + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) + { + BIO_printf(bio_err,"TIMEOUT occured\n"); + } + if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds)) { k=SSL_write(con,&(cbuf[cbuf_off]), @@ -1197,6 +1405,7 @@ SSL_set_tlsext_status_ids(con, ids); if (cbuf_len != 0) { BIO_printf(bio_c_out,"shutdown\n"); + ret = 0; goto shut; } else @@ -1224,8 +1433,8 @@ SSL_set_tlsext_status_ids(con, ids); goto shut; } } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) - /* Assume Windows/DOS can always write */ +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) + /* Assume Windows/DOS/BeOS can always write */ else if (!ssl_pending && write_tty) #else else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds)) @@ -1234,11 +1443,12 @@ SSL_set_tlsext_status_ids(con, ids); #ifdef CHARSET_EBCDIC ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len); #endif - i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len); + i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len); if (i <= 0) { BIO_printf(bio_c_out,"DONE\n"); + ret = 0; goto shut; /* goto end; */ } @@ -1293,10 +1503,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 BIO_printf(bio_c_out,"read X BLOCK\n"); break; case SSL_ERROR_SYSCALL: - BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error()); + ret=get_last_socket_error(); + BIO_printf(bio_err,"read:errno=%d\n",ret); goto shut; case SSL_ERROR_ZERO_RETURN: BIO_printf(bio_c_out,"closed\n"); + ret=0; goto shut; case SSL_ERROR_SSL: ERR_print_errors(bio_err); @@ -1312,7 +1524,9 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) #endif #elif defined (OPENSSL_SYS_NETWARE) - else if (_kbhit()) + else if (_kbhit()) +#elif defined(OPENSSL_SYS_BEOS_R5) + else if (stdin_set) #else else if (FD_ISSET(fileno(stdin),&readfds)) #endif @@ -1321,7 +1535,7 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 { int j, lf_num; - i=read(fileno(stdin),cbuf,BUFSIZZ/2); + i=raw_read_stdin(cbuf,BUFSIZZ/2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) @@ -1340,11 +1554,12 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 assert(lf_num == 0); } else - i=read(fileno(stdin),cbuf,BUFSIZZ); + i=raw_read_stdin(cbuf,BUFSIZZ); if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) { BIO_printf(bio_err,"DONE\n"); + ret=0; goto shut; } @@ -1367,14 +1582,20 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240 read_tty=0; } } + + ret=0; shut: + if (in_init) + print_stuff(bio_c_out,con,full_log); SSL_shutdown(con); SHUTDOWN(SSL_get_fd(con)); - ret=0; end: - if(prexit) print_stuff(bio_c_out,con,1); - if (con != NULL) SSL_free(con); - if (con2 != NULL) SSL_free(con2); + if (con != NULL) + { + if (prexit != 0) + print_stuff(bio_c_out,con,1); + SSL_free(con); + } if (ctx != NULL) SSL_CTX_free(ctx); if (cert) X509_free(cert); @@ -1403,7 +1624,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; - SSL_CIPHER *c; + const SSL_CIPHER *c; X509_NAME *xn; int j,i; #ifndef OPENSSL_NO_COMP @@ -1511,6 +1732,8 @@ static void print_stuff(BIO *bio, SSL *s, int full) EVP_PKEY_bits(pktmp)); EVP_PKEY_free(pktmp); } + BIO_printf(bio, "Secure Renegotiation IS%s supported\n", + SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); #ifndef OPENSSL_NO_COMP comp=SSL_get_current_compression(s); expansion=SSL_get_current_expansion(s); @@ -1554,4 +1777,5 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } -#endif /* ndef OPENSSL_NO_TLSEXT */ + +#endif diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index 84b1b28461..1a06d19bb1 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -113,6 +113,32 @@ * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ /* Until the key-gen callbacks are modified to use newer prototypes, we allow * deprecated functions for openssl-internal code */ @@ -121,11 +147,11 @@ #endif #include +#include #include #include #include -#include #include #ifdef OPENSSL_NO_STDIO #define APPS_WIN16 @@ -163,19 +189,15 @@ typedef unsigned int u_int; #include "s_apps.h" #include "timeouts.h" -#ifdef OPENSSL_SYS_WINCE -/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */ -#ifdef fileno -#undef fileno -#endif -#define fileno(a) (int)_fileno(a) -#endif - #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif +#if defined(OPENSSL_SYS_BEOS_R5) +#include +#endif + #ifndef OPENSSL_NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif @@ -196,14 +218,6 @@ static DH *get_dh512(void); static void s_server_init(void); #endif -#ifndef S_ISDIR -# if defined(_S_IFMT) && defined(_S_IFDIR) -# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) -# else -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif -#endif - #ifndef OPENSSL_NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, @@ -245,7 +259,7 @@ static int accept_socket= -1; #undef PROG #define PROG s_server_main -extern int verify_depth; +extern int verify_depth, verify_return_error; static char *cipher=NULL; static int s_server_verify=SSL_VERIFY_NONE; @@ -283,12 +297,77 @@ static char *engine_id=NULL; static const char *session_id_prefix=NULL; static int enable_timeouts = 0; -#ifdef mtu -#undef mtu -#endif -static long mtu; +static long socket_mtu; +#ifndef OPENSSL_NO_DTLS1 static int cert_chain = 0; +#endif + +#ifndef OPENSSL_NO_PSK +static char *psk_identity="Client_identity"; +char *psk_key=NULL; /* by default PSK is not used */ + +static unsigned int psk_server_cb(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len) + { + unsigned int psk_len = 0; + int ret; + BIGNUM *bn = NULL; + if (s_debug) + BIO_printf(bio_s_out,"psk_server_cb\n"); + if (!identity) + { + BIO_printf(bio_err,"Error: client did not send PSK identity\n"); + goto out_err; + } + if (s_debug) + BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", + identity ? (int)strlen(identity) : 0, identity); + + /* here we could lookup the given identity e.g. from a database */ + if (strcmp(identity, psk_identity) != 0) + { + BIO_printf(bio_s_out, "PSK error: client identity not found" + " (got '%s' expected '%s')\n", identity, + psk_identity); + goto out_err; + } + if (s_debug) + BIO_printf(bio_s_out, "PSK client identity found\n"); + + /* convert the PSK key to binary */ + ret = BN_hex2bn(&bn, psk_key); + if (!ret) + { + BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); + if (bn) + BN_free(bn); + return 0; + } + if (BN_num_bytes(bn) > (int)max_psk_len) + { + BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + + ret = BN_bn2bin(bn, psk); + BN_free(bn); + + if (ret < 0) + goto out_err; + psk_len = (unsigned int)ret; + + if (s_debug) + BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); + return psk_len; + out_err: + if (s_debug) + BIO_printf(bio_err, "Error in PSK server callback\n"); + return 0; + } +#endif #ifdef MONOLITH static void s_server_init(void) @@ -353,7 +432,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_ECDH BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ " Use \"openssl ecparam -list_curves\" for all names\n" \ - " (default is sect163r2).\n"); + " (default is nistp256).\n"); #endif #ifdef FIONBIO BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); @@ -370,12 +449,19 @@ static void sv_usage(void) BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); +#ifndef OPENSSL_NO_PSK + BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); + BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); +# ifndef OPENSSL_NO_JPAKE + BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); +# endif +#endif BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); BIO_printf(bio_err," -timeout - Enable timeouts\n"); - BIO_printf(bio_err," -mtu - Set MTU\n"); + BIO_printf(bio_err," -mtu - Set link layer MTU\n"); BIO_printf(bio_err," -chain - Read a certificate chain\n"); BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); @@ -405,6 +491,7 @@ static void sv_usage(void) BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #endif } @@ -587,7 +674,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) return p->extension_error; if (ctx2) { - BIO_printf(p->biodebug,"Swiching server context.\n"); + BIO_printf(p->biodebug,"Switching server context.\n"); SSL_set_SSL_CTX(s,ctx2); } } @@ -626,7 +713,7 @@ static int cert_status_cb(SSL *s, void *arg) int use_ssl; unsigned char *rspder = NULL; int rspderlen; - STACK *aia = NULL; + STACK_OF(OPENSSL_STRING) *aia = NULL; X509 *x = NULL; X509_STORE_CTX inctx; X509_OBJECT obj; @@ -648,7 +735,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); aia = X509_get1_ocsp(x); if (aia) { - if (!OCSP_parse_url(sk_value(aia, 0), + if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &host, &port, &path, &use_ssl)) { BIO_puts(err, "cert_status: can't parse AIA URL\n"); @@ -656,7 +743,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); } if (srctx->verbose) BIO_printf(err, "cert_status: AIA URL: %s\n", - sk_value(aia, 0)); + sk_OPENSSL_STRING_value(aia, 0)); } else { @@ -701,7 +788,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); if (!OCSP_REQUEST_add_ext(req, ext, -1)) goto err; } - resp = process_responder(err, req, host, path, port, use_ssl, + resp = process_responder(err, req, host, path, port, use_ssl, NULL, srctx->timeout); if (!resp) { @@ -740,6 +827,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); goto done; } #endif + int MAIN(int, char **); #ifndef OPENSSL_NO_JPAKE @@ -748,8 +836,8 @@ static char *jpake_secret = NULL; int MAIN(int argc, char *argv[]) { - X509_STORE *store = NULL; - int vflags = 0; + X509_VERIFY_PARAM *vpm = NULL; + int badarg = 0; short port=PORT; char *CApath=NULL,*CAfile=NULL; unsigned char *context = NULL; @@ -762,8 +850,8 @@ int MAIN(int argc, char *argv[]) int off=0; int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; int state=0; - SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; + const SSL_METHOD *meth=NULL; + int socket_type=SOCK_STREAM; ENGINE *e=NULL; char *inrand=NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; @@ -772,6 +860,7 @@ int MAIN(int argc, char *argv[]) int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; X509 *s_cert = NULL, *s_dcert = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; + int no_cache = 0; #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; @@ -779,7 +868,10 @@ int MAIN(int argc, char *argv[]) #ifndef OPENSSL_NO_TLSEXT tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; #endif - +#ifndef OPENSSL_NO_PSK + /* by default do not send a PSK identity hint */ + static char *psk_identity_hint=NULL; +#endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_server_method(); #elif !defined(OPENSSL_NO_SSL3) @@ -911,16 +1003,20 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } - else if (strcmp(*argv,"-crl_check") == 0) - { - vflags |= X509_V_FLAG_CRL_CHECK; - } - else if (strcmp(*argv,"-crl_check_all") == 0) + else if (strcmp(*argv,"-no_cache") == 0) + no_cache = 1; + else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) { - vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + if (badarg) + goto bad; + continue; } + else if (strcmp(*argv,"-verify_return_error") == 0) + verify_return_error = 1; else if (strcmp(*argv,"-serverpref") == 0) { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } + else if (strcmp(*argv,"-legacy_renegotiation") == 0) + off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -993,6 +1089,27 @@ int MAIN(int argc, char *argv[]) { no_dhe=1; } else if (strcmp(*argv,"-no_ecdhe") == 0) { no_ecdhe=1; } +#ifndef OPENSSL_NO_PSK + else if (strcmp(*argv,"-psk_hint") == 0) + { + if (--argc < 1) goto bad; + psk_identity_hint= *(++argv); + } + else if (strcmp(*argv,"-psk") == 0) + { + size_t i; + + if (--argc < 1) goto bad; + psk_key=*(++argv); + for (i=0; i 0) + if (socket_mtu > 28) { SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(con, mtu); + SSL_set_mtu(con, socket_mtu - 28); } else /* want to do MTU discovery */ @@ -1722,10 +1902,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) - FD_SET(fileno(stdin),&readfds); +#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5) + openssl_fdset(fileno(stdin),&readfds); #endif - FD_SET(s,&readfds); + openssl_fdset(s,&readfds); /* Note: under VMS with SOCKETSHR the second parameter is * currently of type (int *) whereas under other systems * it is (void *) if you don't have a cast it will choke @@ -1744,8 +1924,31 @@ static int sv_body(char *hostname, int s, unsigned char *context) if((i < 0) || (!i && !_kbhit() ) )continue; if(_kbhit()) read_from_terminal = 1; +#elif defined(OPENSSL_SYS_BEOS_R5) + /* Under BeOS-R5 the situation is similar to DOS */ + tv.tv_sec = 1; + tv.tv_usec = 0; + (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); + i=select(width,(void *)&readfds,NULL,NULL,&tv); + if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0)) + continue; + if (read(fileno(stdin), buf, 0) >= 0) + read_from_terminal = 1; + (void)fcntl(fileno(stdin), F_SETFL, 0); #else - i=select(width,(void *)&readfds,NULL,NULL,NULL); + if ((SSL_version(con) == DTLS1_VERSION) && + DTLSv1_get_timeout(con, &timeout)) + timeoutp = &timeout; + else + timeoutp = NULL; + + i=select(width,(void *)&readfds,NULL,NULL,timeoutp); + + if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) + { + BIO_printf(bio_err,"TIMEOUT occured\n"); + } + if (i <= 0) continue; if (FD_ISSET(fileno(stdin),&readfds)) read_from_terminal = 1; @@ -1759,7 +1962,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) { int j, lf_num; - i=read(fileno(stdin), buf, bufsize/2); + i=raw_read_stdin(buf, bufsize/2); lf_num = 0; /* both loops are skipped when i <= 0 */ for (j = 0; j < i; j++) @@ -1778,7 +1981,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) assert(lf_num == 0); } else - i=read(fileno(stdin),buf,bufsize); + i=raw_read_stdin(buf,bufsize); if (!s_quiet) { if ((i <= 0) || (buf[0] == 'Q')) @@ -1798,6 +2001,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret= -11;*/ goto err; } + if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { @@ -1894,7 +2098,7 @@ again: #ifdef CHARSET_EBCDIC ascii2ebcdic(buf,buf,i); #endif - write(fileno(stdout),buf, + raw_write_stdout(buf, (unsigned int)i); if (SSL_pending(con)) goto again; break; @@ -1918,13 +2122,16 @@ again: } } err: - BIO_printf(bio_s_out,"shutting down SSL\n"); + if (con != NULL) + { + BIO_printf(bio_s_out,"shutting down SSL\n"); #if 1 - SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); #else - SSL_shutdown(con); + SSL_shutdown(con); #endif - if (con != NULL) SSL_free(con); + SSL_free(con); + } BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); if (buf != NULL) { @@ -2002,6 +2209,8 @@ static int init_ssl_connection(SSL *con) con->kssl_ctx->client_princ); } #endif /* OPENSSL_NO_KRB5 */ + BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", + SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); return(1); } @@ -2046,9 +2255,8 @@ static int www_body(char *hostname, int s, unsigned char *context) char *buf=NULL; int ret=1; int i,j,k,blank,dot; - struct stat st_buf; SSL *con; - SSL_CIPHER *c; + const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; long total_bytes; @@ -2318,14 +2526,7 @@ static int www_body(char *hostname, int s, unsigned char *context) #endif /* if a directory, do the index thang */ - if (stat(p,&st_buf) < 0) - { - BIO_puts(io,text); - BIO_printf(io,"Error accessing '%s'\r\n",p); - ERR_print_errors(io); - break; - } - if (S_ISDIR(st_buf.st_mode)) + if (app_isdir(p)>0) { #if 0 /* must check buffer size */ strcat(p,"/index.html"); diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c index 4a922e16a0..6b8713de60 100644 --- a/src/lib/libssl/src/apps/s_socket.c +++ b/src/lib/libssl/src/apps/s_socket.c @@ -62,6 +62,12 @@ #include #include +#ifdef FLAT_INC +#include "e_os2.h" +#else +#include "../e_os2.h" +#endif + /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -231,13 +237,11 @@ static int ssl_sock_init(void) int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; - short p=0; if (!host_ip(host,&(ip[0]))) { return(0); } - if (p != 0) port=p; return(init_client_ip(sock,ip,port,type)); } @@ -266,7 +270,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) if (s == INVALID_SOCKET) { perror("socket"); return(0); } -#ifndef OPENSSL_SYS_MPE +#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) if (type == SOCK_STREAM) { i=0; @@ -276,7 +280,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) #endif if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) - { close(s); perror("connect"); return(0); } + { closesocket(s); perror("connect"); return(0); } *sock=s; return(1); } @@ -285,7 +289,7 @@ int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, uns { int sock; char *name = NULL; - int accept_socket; + int accept_socket = 0; int i; if (!init_server(&accept_socket,port,type)) return(0); diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c index 904945e1a8..b823c33c58 100644 --- a/src/lib/libssl/src/apps/s_time.c +++ b/src/lib/libssl/src/apps/s_time.c @@ -85,54 +85,6 @@ #include OPENSSL_UNISTD #endif -#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) -#define TIMES -#endif - -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -/* The following if from times(3) man page. It may need to be changed -*/ -#ifndef HZ -# ifdef _SC_CLK_TCK -# define HZ ((double)sysconf(_SC_CLK_TCK)) -# else -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -# endif -#endif - #undef PROG #define PROG s_time_main @@ -177,7 +129,7 @@ static char *tm_cipher=NULL; static int tm_verify = SSL_VERIFY_NONE; static int maxTime = SECONDS; static SSL_CTX *tm_ctx=NULL; -static SSL_METHOD *s_time_meth=NULL; +static const SSL_METHOD *s_time_meth=NULL; static char *s_www_path=NULL; static long bytes_read=0; static int st_bugs=0; @@ -372,63 +324,8 @@ bad: static double tm_Time_F(int s) { - static double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if(s == START) { - times(&tstart); - return(0); - } else { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); + return app_tminterval(s,1); } -#elif defined(OPENSSL_SYS_NETWARE) - static clock_t tstart,tend; - - if (s == START) - { - tstart=clock(); - return(0); - } - else - { - tend=clock(); - ret=(double)((double)(tend)-(double)(tstart)); - return((ret < 0.001)?0.001:ret); - } -#elif defined(OPENSSL_SYS_VXWORKS) - { - static unsigned long tick_start, tick_end; - - if( s == START ) - { - tick_start = tickGet(); - return 0; - } - else - { - tick_end = tickGet(); - ret = (double)(tick_end - tick_start) / (double)sysClkRateGet(); - return((ret == 0.0)?1e-6:ret); - } - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if(s == START) { - ftime(&tstart); - return(0); - } else { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret == 0.0)?1e-6:ret); - } -#endif -} /*********************************************************************** * MAIN - main processing area for client @@ -704,7 +601,7 @@ static SSL *doConnection(SSL *scon) i=SSL_get_fd(serverCon); width=i+1; FD_ZERO(&readfds); - FD_SET(i,&readfds); + openssl_fdset(i,&readfds); /* Note: under VMS with SOCKETSHR the 2nd parameter * is currently of type (int *) whereas under other * systems it is (void *) if you don't have a cast it diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c index 75804b8d7b..c583f8a0e1 100644 --- a/src/lib/libssl/src/apps/smime.c +++ b/src/lib/libssl/src/apps/smime.c @@ -73,11 +73,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_OP 0x10 +#define SMIME_IP 0x20 +#define SMIME_SIGNERS 0x40 #define SMIME_ENCRYPT (1 | SMIME_OP) -#define SMIME_DECRYPT 2 -#define SMIME_SIGN (3 | SMIME_OP) -#define SMIME_VERIFY 4 -#define SMIME_PK7OUT 5 +#define SMIME_DECRYPT (2 | SMIME_IP) +#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) +#define SMIME_VERIFY (4 | SMIME_IP) +#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) +#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) int MAIN(int, char **); @@ -90,6 +93,7 @@ int MAIN(int argc, char **argv) const char *inmode = "r", *outmode = "w"; char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; + STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; @@ -105,6 +109,8 @@ int MAIN(int argc, char **argv) char *passargin = NULL, *passin = NULL; char *inrand = NULL; int need_rand = 0; + int indef = 0; + const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; #ifndef OPENSSL_NO_ENGINE @@ -135,6 +141,8 @@ int MAIN(int argc, char **argv) operation = SMIME_DECRYPT; else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; + else if (!strcmp (*args, "-resign")) + operation = SMIME_RESIGN; else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; else if (!strcmp (*args, "-pk7out")) @@ -193,205 +201,209 @@ int MAIN(int argc, char **argv) flags |= PKCS7_BINARY; else if (!strcmp (*args, "-nosigs")) flags |= PKCS7_NOSIGS; + else if (!strcmp (*args, "-stream")) + indef = 1; + else if (!strcmp (*args, "-indef")) + indef = 1; + else if (!strcmp (*args, "-noindef")) + indef = 0; else if (!strcmp (*args, "-nooldmime")) flags |= PKCS7_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) flags |= PKCS7_CRLFEOL; else if (!strcmp(*args,"-rand")) { - if (args[1]) - { - args++; - inrand = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + args++; + inrand = *args; need_rand = 1; } #ifndef OPENSSL_NO_ENGINE else if (!strcmp(*args,"-engine")) { - if (args[1]) - { - args++; - engine = *args; - } - else badarg = 1; + if (!args[1]) + goto argerr; + engine = *++args; } #endif else if (!strcmp(*args,"-passin")) { - if (args[1]) - { - args++; - passargin = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + passargin = *++args; } else if (!strcmp (*args, "-to")) { - if (args[1]) - { - args++; - to = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + to = *++args; } else if (!strcmp (*args, "-from")) { - if (args[1]) - { - args++; - from = *args; - } - else badarg = 1; + if (!args[1]) + goto argerr; + from = *++args; } else if (!strcmp (*args, "-subject")) { - if (args[1]) - { - args++; - subject = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + subject = *++args; } else if (!strcmp (*args, "-signer")) { - if (args[1]) + if (!args[1]) + goto argerr; + /* If previous -signer argument add signer to list */ + + if (signerfile) { - args++; - signerfile = *args; + if (!sksigners) + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); + if (!keyfile) + keyfile = signerfile; + if (!skkeys) + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); + keyfile = NULL; } - else - badarg = 1; + signerfile = *++args; } else if (!strcmp (*args, "-recip")) { - if (args[1]) + if (!args[1]) + goto argerr; + recipfile = *++args; + } + else if (!strcmp (*args, "-md")) + { + if (!args[1]) + goto argerr; + sign_md = EVP_get_digestbyname(*++args); + if (sign_md == NULL) { - args++; - recipfile = *args; + BIO_printf(bio_err, "Unknown digest %s\n", + *args); + goto argerr; } - else badarg = 1; } else if (!strcmp (*args, "-inkey")) { - if (args[1]) + if (!args[1]) + goto argerr; + /* If previous -inkey arument add signer to list */ + if (keyfile) { - args++; - keyfile = *args; + if (!signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + if (!sksigners) + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); + signerfile = NULL; + if (!skkeys) + skkeys = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(skkeys, keyfile); } - else - badarg = 1; - } + keyfile = *++args; + } else if (!strcmp (*args, "-keyform")) { - if (args[1]) - { - args++; - keyform = str2fmt(*args); - } - else - badarg = 1; + if (!args[1]) + goto argerr; + keyform = str2fmt(*++args); } else if (!strcmp (*args, "-certfile")) { - if (args[1]) - { - args++; - certfile = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + certfile = *++args; } else if (!strcmp (*args, "-CAfile")) { - if (args[1]) - { - args++; - CAfile = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + CAfile = *++args; } else if (!strcmp (*args, "-CApath")) { - if (args[1]) - { - args++; - CApath = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + CApath = *++args; } else if (!strcmp (*args, "-in")) { - if (args[1]) - { - args++; - infile = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + infile = *++args; } else if (!strcmp (*args, "-inform")) { - if (args[1]) - { - args++; - informat = str2fmt(*args); - } - else - badarg = 1; + if (!args[1]) + goto argerr; + informat = str2fmt(*++args); } else if (!strcmp (*args, "-outform")) { - if (args[1]) - { - args++; - outformat = str2fmt(*args); - } - else - badarg = 1; + if (!args[1]) + goto argerr; + outformat = str2fmt(*++args); } else if (!strcmp (*args, "-out")) { - if (args[1]) - { - args++; - outfile = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + outfile = *++args; } else if (!strcmp (*args, "-content")) { - if (args[1]) - { - args++; - contfile = *args; - } - else - badarg = 1; + if (!args[1]) + goto argerr; + contfile = *++args; } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) continue; - else + else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) badarg = 1; args++; } + if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) + { + BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); + goto argerr; + } - if (operation == SMIME_SIGN) + if (operation & SMIME_SIGNERS) { - if (!signerfile) + /* Check to see if any final signer needs to be appended */ + if (keyfile && !signerfile) + { + BIO_puts(bio_err, "Illegal -inkey without -signer\n"); + goto argerr; + } + if (signerfile) + { + if (!sksigners) + sksigners = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(sksigners, signerfile); + if (!skkeys) + skkeys = sk_OPENSSL_STRING_new_null(); + if (!keyfile) + keyfile = signerfile; + sk_OPENSSL_STRING_push(skkeys, keyfile); + } + if (!sksigners) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; } + signerfile = NULL; + keyfile = NULL; need_rand = 1; } else if (operation == SMIME_DECRYPT) @@ -416,6 +428,7 @@ int MAIN(int argc, char **argv) if (badarg) { + argerr: BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); BIO_printf (bio_err, "where options are\n"); BIO_printf (bio_err, "-encrypt encrypt message\n"); @@ -499,13 +512,11 @@ int MAIN(int argc, char **argv) ret = 2; - if (operation != SMIME_SIGN) + if (!(operation & SMIME_SIGNERS)) flags &= ~PKCS7_DETACHED; if (operation & SMIME_OP) { - if (flags & PKCS7_BINARY) - inmode = "rb"; if (outformat == FORMAT_ASN1) outmode = "wb"; } @@ -513,9 +524,18 @@ int MAIN(int argc, char **argv) { if (flags & PKCS7_BINARY) outmode = "wb"; + } + + if (operation & SMIME_IP) + { if (informat == FORMAT_ASN1) inmode = "rb"; } + else + { + if (flags & PKCS7_BINARY) + inmode = "rb"; + } if (operation == SMIME_ENCRYPT) { @@ -545,26 +565,11 @@ int MAIN(int argc, char **argv) } } - if (signerfile && (operation == SMIME_SIGN)) - { - if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, - e, "signer certificate"))) - { -#if 0 /* An appropri message has already been printed */ - BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); -#endif - goto end; - } - } - if (certfile) { if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, e, "certificate file"))) { -#if 0 /* An appropriate message has already been printed */ - BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); -#endif ERR_print_errors(bio_err); goto end; } @@ -575,9 +580,6 @@ int MAIN(int argc, char **argv) if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, e, "recipient certificate file"))) { -#if 0 /* An appropriate message has alrady been printed */ - BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); -#endif ERR_print_errors(bio_err); goto end; } @@ -615,6 +617,36 @@ int MAIN(int argc, char **argv) else in = BIO_new_fp(stdin, BIO_NOCLOSE); + if (operation & SMIME_IP) + { + if (informat == FORMAT_SMIME) + p7 = SMIME_read_PKCS7(in, &indata); + else if (informat == FORMAT_PEM) + p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); + else if (informat == FORMAT_ASN1) + p7 = d2i_PKCS7_bio(in, NULL); + else + { + BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); + goto end; + } + + if (!p7) + { + BIO_printf(bio_err, "Error reading S/MIME message\n"); + goto end; + } + if (contfile) + { + BIO_free(indata); + if (!(indata = BIO_new_file(contfile, "rb"))) + { + BIO_printf(bio_err, "Can't read content file %s\n", contfile); + goto end; + } + } + } + if (outfile) { if (!(out = BIO_new_file(outfile, outmode))) @@ -639,7 +671,7 @@ int MAIN(int argc, char **argv) { if (!(store = setup_verify(bio_err, CAfile, CApath))) goto end; - X509_STORE_set_verify_cb_func(store, smime_cb); + X509_STORE_set_verify_cb(store, smime_cb); if (vpm) X509_STORE_set1_param(store, vpm); } @@ -648,43 +680,58 @@ int MAIN(int argc, char **argv) ret = 3; if (operation == SMIME_ENCRYPT) - p7 = PKCS7_encrypt(encerts, in, cipher, flags); - else if (operation == SMIME_SIGN) { - /* If detached data and SMIME output enable partial - * signing. - */ - if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) + if (indef) flags |= PKCS7_STREAM; - p7 = PKCS7_sign(signer, key, other, in, flags); + p7 = PKCS7_encrypt(encerts, in, cipher, flags); } - else + else if (operation & SMIME_SIGNERS) { - if (informat == FORMAT_SMIME) - p7 = SMIME_read_PKCS7(in, &indata); - else if (informat == FORMAT_PEM) - p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) - p7 = d2i_PKCS7_bio(in, NULL); - else + int i; + /* If detached data content we only enable streaming if + * S/MIME output format. + */ + if (operation == SMIME_SIGN) { - BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); - goto end; + if (flags & PKCS7_DETACHED) + { + if (outformat == FORMAT_SMIME) + flags |= PKCS7_STREAM; + } + else if (indef) + flags |= PKCS7_STREAM; + flags |= PKCS7_PARTIAL; + p7 = PKCS7_sign(NULL, NULL, other, in, flags); + if (!p7) + goto end; } - - if (!p7) - { - BIO_printf(bio_err, "Error reading S/MIME message\n"); - goto end; + else + flags |= PKCS7_REUSE_DIGEST; + for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) + { + signerfile = sk_OPENSSL_STRING_value(sksigners, i); + keyfile = sk_OPENSSL_STRING_value(skkeys, i); + signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, + e, "signer certificate"); + if (!signer) + goto end; + key = load_key(bio_err, keyfile, keyform, 0, passin, e, + "signing key file"); + if (!key) + goto end; + if (!PKCS7_sign_add_signer(p7, signer, key, + sign_md, flags)) + goto end; + X509_free(signer); + signer = NULL; + EVP_PKEY_free(key); + key = NULL; } - if (contfile) + /* If not streaming or resigning finalize structure */ + if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) { - BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) - { - BIO_printf(bio_err, "Can't read content file %s\n", contfile); + if (!PKCS7_final(p7, in, flags)) goto end; - } } } @@ -734,11 +781,16 @@ int MAIN(int argc, char **argv) if (subject) BIO_printf(out, "Subject: %s\n", subject); if (outformat == FORMAT_SMIME) - SMIME_write_PKCS7(out, p7, in, flags); + { + if (operation == SMIME_RESIGN) + SMIME_write_PKCS7(out, p7, indata, flags); + else + SMIME_write_PKCS7(out, p7, in, flags); + } else if (outformat == FORMAT_PEM) - PEM_write_bio_PKCS7(out,p7); + PEM_write_bio_PKCS7_stream(out, p7, in, flags); else if (outformat == FORMAT_ASN1) - i2d_PKCS7_bio(out,p7); + i2d_PKCS7_bio_stream(out,p7, in, flags); else { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); @@ -754,6 +806,10 @@ end: sk_X509_pop_free(other, X509_free); if (vpm) X509_VERIFY_PARAM_free(vpm); + if (sksigners) + sk_OPENSSL_STRING_free(sksigners); + if (skkeys) + sk_OPENSSL_STRING_free(skkeys); X509_STORE_free(store); X509_free(cert); X509_free(recip); diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c index af077b54a8..539bfff220 100644 --- a/src/lib/libssl/src/apps/speed.c +++ b/src/lib/libssl/src/apps/speed.c @@ -108,53 +108,8 @@ #include #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) -# define USE_TOD -#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) -# define TIMES -#endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */ -# define TIMEB -#endif - -#if defined(OPENSSL_SYS_NETWARE) -#undef TIMES -#undef TIMEB -#include -#endif - -#ifndef _IRIX -# include -#endif -#ifdef TIMES -# include -# include -#endif -#ifdef USE_TOD -# include -# include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifdef TIMEB -#include -#endif - -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE) -#error "It seems neither struct tms nor struct timeb is supported in this platform!" -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include +#ifdef _WIN32 +#include #endif #include @@ -189,6 +144,9 @@ #ifndef OPENSSL_NO_RIPEMD #include #endif +#ifndef OPENSSL_NO_WHIRLPOOL +#include +#endif #ifndef OPENSSL_NO_RC4 #include #endif @@ -226,43 +184,24 @@ #include #endif -/* - * The following "HZ" timing stuff should be sync'd up with the code in - * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think - * this code is more up to date than libcrypto's so there may be features to - * migrate over first. This is used in two places further down AFAICS. - * The point is that nothing in openssl actually *uses* that tmdiff stuff, so - * either speed.c should be using it or it should go because it's obviously not - * useful enough. Anyone want to do a janitorial job on this? - */ - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# if defined(_SC_CLK_TCK) \ - && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) -# define HZ sysconf(_SC_CLK_TCK) +#ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) +# define HAVE_FORK 0 # else -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif +# define HAVE_FORK 1 # endif #endif -#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE) -# define HAVE_FORK 1 +#if HAVE_FORK +#undef NO_FORK +#else +#define NO_FORK #endif #undef BUFSIZE #define BUFSIZE ((long)1024*8+1) int run=0; -static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0; static int mr=0; static int usertime=1; @@ -271,11 +210,11 @@ static void print_message(const char *s,long num,int length); static void pkey_print_message(const char *str, const char *str2, long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); -#ifdef HAVE_FORK +#ifndef NO_FORK static int do_multi(int multi); #endif -#define ALGOR_NUM 28 +#define ALGOR_NUM 29 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -289,12 +228,16 @@ static const char *names[ALGOR_NUM]={ "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", - "evp","sha256","sha512", + "evp","sha256","sha512","whirlpool", "aes-128 ige","aes-192 ige","aes-256 ige"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; +#ifndef OPENSSL_NO_RSA static double rsa_results[RSA_NUM][2]; +#endif +#ifndef OPENSSL_NO_DSA static double dsa_results[DSA_NUM][2]; +#endif #ifndef OPENSSL_NO_ECDSA static double ecdsa_results[EC_NUM][2]; #endif @@ -328,141 +271,46 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 -#if defined(OPENSSL_SYS_NETWARE) +#if defined(_WIN32) - /* for NetWare the best we can do is use clock() which returns the - * time, in hundredths of a second, since the NLM began executing - */ -static double Time_F(int s) - { - double ret; - - static clock_t tstart,tend; - - if (s == START) - { - tstart=clock(); - return(0); - } - else - { - tend=clock(); - ret=(double)((double)(tend)-(double)(tstart)); - return((ret < 0.001)?0.001:ret); - } - } +#define SIGALRM +static unsigned int lapse,schlock; +static void alarm(unsigned int secs) { lapse = secs*1000; } -#else +static DWORD WINAPI sleepy(VOID *arg) + { + schlock = 1; + Sleep(lapse); + run = 0; + return 0; + } static double Time_F(int s) { - double ret; - -#ifdef USE_TOD - if(usertime) - { - static struct rusage tstart,tend; - - getrusage_used = 1; - if (s == START) - { - getrusage(RUSAGE_SELF,&tstart); - return(0); - } - else - { - long i; - - getrusage(RUSAGE_SELF,&tend); - i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec; - ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec)) - +((double)i)/1000000.0; - return((ret < 0.001)?0.001:ret); - } - } - else + if (s == START) { - static struct timeval tstart,tend; - long i; - - gettimeofday_used = 1; - if (s == START) - { - gettimeofday(&tstart,NULL); - return(0); - } - else + HANDLE thr; + schlock = 0; + thr = CreateThread(NULL,4096,sleepy,NULL,0,NULL); + if (thr==NULL) { - gettimeofday(&tend,NULL); - i=(long)tend.tv_usec-(long)tstart.tv_usec; - ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0; - return((ret < 0.001)?0.001:ret); + DWORD ret=GetLastError(); + BIO_printf(bio_err,"unable to CreateThread (%d)",ret); + ExitProcess(ret); } + CloseHandle(thr); /* detach the thread */ + while (!schlock) Sleep(0); /* scheduler spinlock */ } -#else /* ndef USE_TOD */ - -# ifdef TIMES - if (usertime) - { - static struct tms tstart,tend; - times_used = 1; - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret = HZ; - ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; - return((ret < 1e-3)?1e-3:ret); - } - } -# endif /* times() */ -# if defined(TIMES) && defined(TIMEB) - else -# endif -# ifdef OPENSSL_SYS_VXWORKS - { - static unsigned long tick_start, tick_end; - - if( s == START ) - { - tick_start = tickGet(); - return 0; - } - else - { - tick_end = tickGet(); - ret = (double)(tick_end - tick_start) / (double)sysClkRateGet(); - return((ret < 0.001)?0.001:ret); - } - } -# elif defined(TIMEB) - { - static struct timeb tstart,tend; - long i; + return app_tminterval(s,usertime); + } +#else - ftime_used = 1; - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); - } - } -# endif -#endif +static double Time_F(int s) + { + return app_tminterval(s,usertime); } -#endif /* if defined(OPENSSL_SYS_NETWARE) */ +#endif #ifndef OPENSSL_NO_ECDH @@ -522,6 +370,9 @@ int MAIN(int argc, char **argv) unsigned char sha512[SHA512_DIGEST_LENGTH]; #endif #endif +#ifndef OPENSSL_NO_WHIRLPOOL + unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; +#endif #ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif @@ -618,9 +469,10 @@ int MAIN(int argc, char **argv) #define D_EVP 22 #define D_SHA256 23 #define D_SHA512 24 -#define D_IGE_128_AES 25 -#define D_IGE_192_AES 26 -#define D_IGE_256_AES 27 +#define D_WHIRLPOOL 25 +#define D_IGE_128_AES 26 +#define D_IGE_192_AES 27 +#define D_IGE_256_AES 28 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -749,7 +601,7 @@ int MAIN(int argc, char **argv) const EVP_CIPHER *evp_cipher=NULL; const EVP_MD *evp_md=NULL; int decrypt=0; -#ifdef HAVE_FORK +#ifndef NO_FORK int multi=0; #endif @@ -877,7 +729,7 @@ int MAIN(int argc, char **argv) j--; } #endif -#ifdef HAVE_FORK +#ifndef NO_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { argc--; @@ -940,6 +792,10 @@ int MAIN(int argc, char **argv) else #endif #endif +#ifndef OPENSSL_NO_WHIRLPOOL + if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1; + else +#endif #ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else @@ -1151,12 +1007,16 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_SHA512 BIO_printf(bio_err,"sha512 "); #endif +#ifndef OPENSSL_NO_WHIRLPOOL + BIO_printf(bio_err,"whirlpool"); +#endif #ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); #endif #if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ - !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) + !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \ + !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err,"\n"); #endif @@ -1257,7 +1117,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); -#ifdef HAVE_FORK +#ifndef NO_FORK BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n"); #endif goto end; @@ -1267,7 +1127,7 @@ int MAIN(int argc, char **argv) j++; } -#ifdef HAVE_FORK +#ifndef NO_FORK if(multi && do_multi(multi)) goto show_res; #endif @@ -1283,17 +1143,20 @@ int MAIN(int argc, char **argv) rsa_doit[i]=1; for (i=0; i 1 ? "," : ""), - (times_used ? "times" : ""), - (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""), - (gettimeofday_used ? "gettimeofday" : ""), - (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""), - (getrusage_used ? "getrusage" : "")); } if (pr_header) @@ -2717,7 +2572,7 @@ static void print_result(int alg,int run_no,int count,double time_used) results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } -#ifdef HAVE_FORK +#ifndef NO_FORK static char *sstrsep(char **string, const char *delim) { char isdelim[256]; @@ -2775,6 +2630,7 @@ static int do_multi(int multi) close(fd[1]); mr=1; usertime=0; + free(fds); return 0; } printf("Forked child %d\n",n); @@ -2923,7 +2779,10 @@ static int do_multi(int multi) else fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n); } + + fclose(f); } + free(fds); return 1; } #endif diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c index 20cc9e354c..9163997e93 100644 --- a/src/lib/libssl/src/apps/verify.c +++ b/src/lib/libssl/src/apps/verify.c @@ -70,8 +70,9 @@ #define PROG verify_main static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e); -static STACK_OF(X509) *load_untrusted(char *file); +static int check(X509_STORE *ctx, char *file, + STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, + STACK_OF(X509_CRL) *crls, ENGINE *e); static int v_verbose=0, vflags = 0; int MAIN(int, char **); @@ -80,10 +81,10 @@ int MAIN(int argc, char **argv) { ENGINE *e = NULL; int i,ret=1, badarg = 0; - int purpose = -1; char *CApath=NULL,*CAfile=NULL; - char *untfile = NULL, *trustfile = NULL; + char *untfile = NULL, *trustfile = NULL, *crlfile = NULL; STACK_OF(X509) *untrusted = NULL, *trusted = NULL; + STACK_OF(X509_CRL) *crls = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; X509_VERIFY_PARAM *vpm = NULL; @@ -93,7 +94,7 @@ int MAIN(int argc, char **argv) cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; - X509_STORE_set_verify_cb_func(cert_ctx,cb); + X509_STORE_set_verify_cb(cert_ctx,cb); ERR_load_crypto_strings(); @@ -139,6 +140,11 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } + else if (strcmp(*argv,"-CRLfile") == 0) + { + if (argc-- < 1) goto end; + crlfile= *(++argv); + } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { @@ -192,26 +198,34 @@ int MAIN(int argc, char **argv) ERR_clear_error(); - if(untfile) { - if(!(untrusted = load_untrusted(untfile))) { - BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile); - ERR_print_errors(bio_err); + if(untfile) + { + untrusted = load_certs(bio_err, untfile, FORMAT_PEM, + NULL, e, "untrusted certificates"); + if(!untrusted) goto end; } - } - if(trustfile) { - if(!(trusted = load_untrusted(trustfile))) { - BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile); - ERR_print_errors(bio_err); + if(trustfile) + { + trusted = load_certs(bio_err, trustfile, FORMAT_PEM, + NULL, e, "trusted certificates"); + if(!trusted) goto end; } - } - if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e); + if(crlfile) + { + crls = load_crls(bio_err, crlfile, FORMAT_PEM, + NULL, e, "other CRLs"); + if(!crls) + goto end; + } + + if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e); else for (i=0; i= 0) X509_STORE_CTX_set_purpose(csc, purpose); + if (crls) + X509_STORE_CTX_set0_crls(csc, crls); i=X509_verify_cert(csc); X509_STORE_CTX_free(csc); @@ -278,90 +296,53 @@ end: return(ret); } -static STACK_OF(X509) *load_untrusted(char *certfile) -{ - STACK_OF(X509_INFO) *sk=NULL; - STACK_OF(X509) *stack=NULL, *ret=NULL; - BIO *in=NULL; - X509_INFO *xi; - - if(!(stack = sk_X509_new_null())) { - BIO_printf(bio_err,"memory allocation failure\n"); - goto end; - } - - if(!(in=BIO_new_file(certfile, "r"))) { - BIO_printf(bio_err,"error opening the file, %s\n",certfile); - goto end; - } - - /* This loads from a file, a stack of x509/crl/pkey sets */ - if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) { - BIO_printf(bio_err,"error reading the file, %s\n",certfile); - goto end; - } - - /* scan over it and pull out the certs */ - while (sk_X509_INFO_num(sk)) - { - xi=sk_X509_INFO_shift(sk); - if (xi->x509 != NULL) - { - sk_X509_push(stack,xi->x509); - xi->x509=NULL; - } - X509_INFO_free(xi); - } - if(!sk_X509_num(stack)) { - BIO_printf(bio_err,"no certificates in file, %s\n",certfile); - sk_X509_free(stack); - goto end; - } - ret=stack; -end: - BIO_free(in); - sk_X509_INFO_free(sk); - return(ret); - } - static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) { - char buf[256]; + int cert_error = X509_STORE_CTX_get_error(ctx); + X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); if (!ok) { - if (ctx->current_cert) + if (current_cert) + { + X509_NAME_print_ex_fp(stdout, + X509_get_subject_name(current_cert), + 0, XN_FLAG_ONELINE); + printf("\n"); + } + printf("%serror %d at %d depth lookup:%s\n", + X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "", + cert_error, + X509_STORE_CTX_get_error_depth(ctx), + X509_verify_cert_error_string(cert_error)); + switch(cert_error) { - X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),buf, - sizeof buf); - printf("%s\n",buf); + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(NULL, ctx); + case X509_V_ERR_CERT_HAS_EXPIRED: + + /* since we are just checking the certificates, it is + * ok if they are self signed. But we should still warn + * the user. + */ + + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + /* Continue after extension errors too */ + case X509_V_ERR_INVALID_CA: + case X509_V_ERR_INVALID_NON_CA: + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + case X509_V_ERR_INVALID_PURPOSE: + case X509_V_ERR_CRL_HAS_EXPIRED: + case X509_V_ERR_CRL_NOT_YET_VALID: + case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: + ok = 1; + } - printf("error %d at %d depth lookup:%s\n",ctx->error, - ctx->error_depth, - X509_verify_cert_error_string(ctx->error)); - if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1; - /* since we are just checking the certificates, it is - * ok if they are self signed. But we should still warn - * the user. - */ - if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; - /* Continue after extension errors too */ - if (ctx->error == X509_V_ERR_INVALID_CA) ok=1; - if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1; - if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; - if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; - if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; - if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1; - if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1; - if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1; - if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY) - policies_print(NULL, ctx); return ok; } - if ((ctx->error == X509_V_OK) && (ok == 2)) + if (cert_error == X509_V_OK && ok == 2) policies_print(NULL, ctx); if (!v_verbose) ERR_clear_error(); diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c index 6debce4419..e7e46d7b63 100644 --- a/src/lib/libssl/src/apps/x509.c +++ b/src/lib/libssl/src/apps/x509.c @@ -99,7 +99,13 @@ static const char *x509_usage[]={ " -passin arg - private key password source\n", " -serial - print serial number value\n", " -subject_hash - print subject hash value\n", +#ifndef OPENSSL_NO_MD5 +" -subject_hash_old - print old-style (MD5) subject hash value\n", +#endif " -issuer_hash - print issuer hash value\n", +#ifndef OPENSSL_NO_MD5 +" -issuer_hash_old - print old-style (MD5) issuer hash value\n", +#endif " -hash - synonym for -subject_hash\n", " -subject - print subject DN\n", " -issuer - print issuer DN\n", @@ -179,6 +185,9 @@ int MAIN(int argc, char **argv) int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; int next_serial=0; int subject_hash=0,issuer_hash=0,ocspid=0; +#ifndef OPENSSL_NO_MD5 + int subject_hash_old=0,issuer_hash_old=0; +#endif int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int ocsp_uri=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; @@ -190,7 +199,7 @@ int MAIN(int argc, char **argv) X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - const EVP_MD *md_alg,*digest=EVP_sha1(); + const EVP_MD *md_alg,*digest=NULL; CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; @@ -225,7 +234,7 @@ int MAIN(int argc, char **argv) ctx=X509_STORE_new(); if (ctx == NULL) goto end; - X509_STORE_set_verify_cb_func(ctx,callb); + X509_STORE_set_verify_cb(ctx,callb); argc--; argv++; @@ -397,8 +406,16 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-hash") == 0 || strcmp(*argv,"-subject_hash") == 0) subject_hash= ++num; +#ifndef OPENSSL_NO_MD5 + else if (strcmp(*argv,"-subject_hash_old") == 0) + subject_hash_old= ++num; +#endif else if (strcmp(*argv,"-issuer_hash") == 0) issuer_hash= ++num; +#ifndef OPENSSL_NO_MD5 + else if (strcmp(*argv,"-issuer_hash_old") == 0) + issuer_hash_old= ++num; +#endif else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) @@ -626,7 +643,7 @@ bad: if (!X509_set_subject_name(x,req->req_info->subject)) goto end; X509_gmtime_adj(X509_get_notBefore(x),0); - X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days); + X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x,pkey); @@ -738,13 +755,14 @@ bad: else if ((email == i) || (ocsp_uri == i)) { int j; - STACK *emlst; + STACK_OF(OPENSSL_STRING) *emlst; if (email == i) emlst = X509_get1_email(x); else emlst = X509_get1_ocsp(x); - for (j = 0; j < sk_num(emlst); j++) - BIO_printf(STDout, "%s\n", sk_value(emlst, j)); + for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) + BIO_printf(STDout, "%s\n", + sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } else if (aliasout == i) @@ -758,10 +776,22 @@ bad: { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } +#ifndef OPENSSL_NO_MD5 + else if (subject_hash_old == i) + { + BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x)); + } +#endif else if (issuer_hash == i) { BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); } +#ifndef OPENSSL_NO_MD5 + else if (issuer_hash_old == i) + { + BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x)); + } +#endif else if (pprint == i) { X509_PURPOSE *ptmp; @@ -892,14 +922,18 @@ bad: int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; + const EVP_MD *fdig = digest; + + if (!fdig) + fdig = EVP_sha1(); - if (!X509_digest(x,digest,md,&n)) + if (!X509_digest(x,fdig,md,&n)) { BIO_printf(bio_err,"out of memory\n"); goto end; } BIO_printf(STDout,"%s Fingerprint=", - OBJ_nid2sn(EVP_MD_type(digest))); + OBJ_nid2sn(EVP_MD_type(fdig))); for (j=0; j<(int)n; j++) { BIO_printf(STDout,"%02X%c",md[j], @@ -919,14 +953,6 @@ bad: passin, e, "Private key"); if (Upkey == NULL) goto end; } -#ifndef OPENSSL_NO_DSA - if (Upkey->type == EVP_PKEY_DSA) - digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (Upkey->type == EVP_PKEY_EC) - digest=EVP_ecdsa(); -#endif assert(need_rand); if (!sign(x,Upkey,days,clrext,digest, @@ -943,14 +969,6 @@ bad: "CA Private Key"); if (CApkey == NULL) goto end; } -#ifndef OPENSSL_NO_DSA - if (CApkey->type == EVP_PKEY_DSA) - digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (CApkey->type == EVP_PKEY_EC) - digest = EVP_ecdsa(); -#endif assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, @@ -978,15 +996,6 @@ bad: BIO_printf(bio_err,"Generating certificate request\n"); -#ifndef OPENSSL_NO_DSA - if (pk->type == EVP_PKEY_DSA) - digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pk->type == EVP_PKEY_EC) - digest=EVP_ecdsa(); -#endif - rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); if (rq == NULL) @@ -1040,16 +1049,15 @@ bad: } else if (outformat == FORMAT_NETSCAPE) { - ASN1_HEADER ah; - ASN1_OCTET_STRING os; + NETSCAPE_X509 nx; + ASN1_OCTET_STRING hdr; - os.data=(unsigned char *)NETSCAPE_CERT_HDR; - os.length=strlen(NETSCAPE_CERT_HDR); - ah.header= &os; - ah.data=(char *)x; - ah.meth=X509_asn1_meth(); + hdr.data=(unsigned char *)NETSCAPE_CERT_HDR; + hdr.length=strlen(NETSCAPE_CERT_HDR); + nx.header= &hdr; + nx.cert=x; - i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah); + i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); @@ -1151,6 +1159,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); + X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; @@ -1167,7 +1176,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, goto end; /* hardwired expired */ - if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL) + if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL) goto end; if (clrext) diff --git a/src/lib/libssl/src/config b/src/lib/libssl/src/config index 68e7ea1737..965884a627 100644 --- a/src/lib/libssl/src/config +++ b/src/lib/libssl/src/config @@ -29,7 +29,7 @@ EXE="" for i do case "$i" in --d) PREFIX="debug-";; +-d*) PREFIX="debug-";; -t*) TEST="true";; -h*) TEST="true"; cat </dev/null` || MACHINE="unknown" -RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" -SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" -VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" +[ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" +[ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" +[ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" +[ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" # Now test for ISC and SCO, since it is has a braindamaged uname. @@ -122,6 +122,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "${MACHINE}-ibm-aix3"; exit 0 ;; + BeOS:*:BePC) + if [ -e /boot/develop/headers/be/bone ]; then + echo "beos-x86-bone"; exit 0 + else + echo "beos-x86-r5"; exit 0 + fi + ;; + dgux:*) echo "${MACHINE}-dg-dgux"; exit 0 ;; @@ -270,7 +278,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "ppc-apple-darwin${VERSION}" ;; *) - echo "i386-apple-darwin${VERSION}" + echo "i686-apple-darwin${VERSION}" ;; esac exit 0 @@ -488,6 +496,12 @@ echo Operating system: $GUESSOS # script above so we end up with values in vars but that would take # more time that I want to waste at the moment case "$GUESSOS" in + uClinux*64*) + OUT=uClinux-dist64 + ;; + uClinux*) + OUT=uClinux-dist + ;; mips2-sgi-irix) CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'` CPU=${CPU:-0} @@ -523,8 +537,28 @@ case "$GUESSOS" in OUT="irix-mips3-$CC" ;; ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; - ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; - i386-apple-darwin*) OUT="darwin-i386-cc" ;; + ppc-apple-darwin*) + ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null` + if [ "$ISA64" = "1" ]; then + echo "WARNING! If you wish to build 64-bit library, then you have to" + echo " invoke './Configure darwin64-ppc-cc' *manually*." + if [ "$TEST" = "false" -a -t 1 ]; then + echo " You have about 5 seconds to press Ctrl-C to abort." + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 + fi + fi + OUT="darwin-ppc-cc" ;; + i?86-apple-darwin*) + ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null` + if [ "$ISA64" = "1" ]; then + echo "WARNING! If you wish to build 64-bit library, then you have to" + echo " invoke './Configure darwin64-x86_64-cc' *manually*." + if [ "$TEST" = "false" -a -t 1 ]; then + echo " You have about 5 seconds to press Ctrl-C to abort." + (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 + fi + fi + OUT="darwin-i386-cc" ;; alpha-*-linux2) ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` case ${ISA:-generic} in @@ -589,13 +623,13 @@ case "$GUESSOS" in options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH" OUT="linux-generic32" ;; - arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; - arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; + armv[1-3]*-*-linux2) OUT="linux-generic32" ;; + arm*-*-linux2) OUT="linux-armv4" ;; sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;; m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; - s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;; - s390x-*-linux2) OUT="linux-generic64"; options="$options -DB_ENDIAN" ;; + s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;; + s390x-*-linux2) OUT="linux-s390x" ;; x86_64-*-linux?) OUT="linux-x86_64" ;; *86-*-linux2) OUT="linux-elf" if [ "$GCCVER" -gt 28 ]; then @@ -741,6 +775,10 @@ case "$GUESSOS" in OBJECT_MODE=${OBJECT_MODE:-32} if [ "$CC" = "gcc" ]; then OUT="aix-gcc" + if [ $OBJECT_MODE -eq 64 ]; then + echo 'Your $OBJECT_MODE was found to be set to 64' + OUT="aix64-gcc" + fi elif [ $OBJECT_MODE -eq 64 ]; then echo 'Your $OBJECT_MODE was found to be set to 64' OUT="aix64-cc" @@ -769,6 +807,9 @@ case "$GUESSOS" in t3e-cray-unicosmk) OUT="cray-t3e" ;; j90-cray-unicos) OUT="cray-j90" ;; nsr-tandem-nsk) OUT="tandem-c89" ;; + beos-*) OUT="$GUESSOS" ;; + x86pc-*-qnx6) OUT="QNX6-i386" ;; + *-*-qnx6) OUT="QNX6" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile index 6557f2b4e1..c1033f6d77 100644 --- a/src/lib/libssl/src/crypto/Makefile +++ b/src/lib/libssl/src/crypto/Makefile @@ -5,9 +5,9 @@ DIR= crypto TOP= .. CC= cc -INCLUDE= -I. -I$(TOP) -I../include +INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE) # INCLUDES targets sudbirs! -INCLUDES= -I.. -I../.. -I../../include +INCLUDES= -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE) CFLAG= -g MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) @@ -17,7 +17,7 @@ AR= ar r RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \ (cd $$i && echo "making $$target in $(DIR)/$$i..." && \ - $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \ + $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$target ) || exit 1; \ done; PEX_LIBS= @@ -26,6 +26,7 @@ EX_LIBS= CFLAGS= $(INCLUDE) $(CFLAG) ASFLAGS= $(INCLUDE) $(ASFLAG) AFLAGS=$(ASFLAGS) +CPUID_OBJ=mem_clr.o LIBS= @@ -33,12 +34,12 @@ GENERAL=Makefile README crypto-lib.com install.com LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c -LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ) +LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c +LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ) SRC= $(LIBSRC) -EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ +EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) @@ -47,7 +48,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: @(cd ..; $(MAKE) DIRS=$(DIR) all) -all: lib +all: shared buildinf.h: ../Makefile ( echo "#ifndef MK1MF_BUILD"; \ @@ -57,26 +58,26 @@ buildinf.h: ../Makefile echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ echo '#endif' ) >buildinf.h -x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@ -x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@ -x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl - $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@ +x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl + $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -uplink.o: ../ms/uplink.c - $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c +applink.o: $(TOP)/ms/applink.c + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/applink.c -uplink-cof.s: ../ms/uplink.pl - $(PERL) ../ms/uplink.pl coff > $@ +uplink.o: $(TOP)/ms/uplink.c applink.o + $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c + +uplink-cof.s: $(TOP)/ms/uplink.pl + $(PERL) $(TOP)/ms/uplink.pl coff > $@ x86_64cpuid.s: x86_64cpuid.pl - $(PERL) x86_64cpuid.pl $@ + $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@ ia64cpuid.s: ia64cpuid.S $(CC) $(CFLAGS) -E ia64cpuid.S > $@ +ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ testapps: - [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \ + [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ then cd des && $(MAKE) -e des; fi ) [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps ); @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @@ -94,11 +95,11 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) @target=links; $(RECURSIVE_MAKE) -# lib: and $(LIB): are splitted to avoid end-less loop -lib: buildinf.h $(LIB) subdirs +# lib: $(LIB): are splitted to avoid end-less loop +lib: $(LIB) @touch lib $(LIB): $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. shared: buildinf.h lib subdirs @@ -135,6 +136,7 @@ clean: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f opensslconf.h @target=dclean; $(RECURSIVE_MAKE) # DO NOT DELETE THIS LINE -- make depend depends on it. @@ -159,13 +161,6 @@ cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h cversion.o: cryptlib.h cversion.c -dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h -dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -dyn_lck.o: dyn_lck.c ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -174,13 +169,6 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c -fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h -fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h -fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h -fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c -fips_err.o: fips_err.h mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -201,23 +189,10 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h mem_dbg.o: mem_dbg.c o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_dir.o: LPdir_unix.c o_dir.c o_dir.h -o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h -o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h -o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h -o_init.o: ../include/openssl/symhacks.h o_init.c o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.o: o_str.c o_str.h o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c o_time.o: o_time.h -tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h -tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/src/lib/libssl/src/crypto/aes/Makefile b/src/lib/libssl/src/crypto/aes/Makefile index 9d174f4c3e..c501a43a8f 100644 --- a/src/lib/libssl/src/crypto/aes/Makefile +++ b/src/lib/libssl/src/crypto/aes/Makefile @@ -11,7 +11,7 @@ CFLAG=-g MAKEFILE= Makefile AR= ar r -AES_ASM_OBJ=aes_core.o aes_cbc.o +AES_ENC=aes_core.o aes_cbc.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -26,7 +26,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \ aes_ctr.c aes_ige.c aes_wrap.c LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \ - $(AES_ASM_OBJ) + $(AES_ENC) SRC= $(LIBSRC) @@ -41,24 +41,27 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -$(LIBOBJ): $(LIBSRC) - aes-ia64.s: asm/aes-ia64.S $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@ -ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl + $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ aes-x86_64.s: asm/aes-x86_64.pl - $(PERL) asm/aes-x86_64.pl $@ + $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ + +aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ + +aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +aes-%.s: asm/aes-%.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -97,16 +100,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h -aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -aes_cfb.o: aes_cfb.c aes_locl.h +aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c +aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -aes_core.o: aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h +aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h +aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h @@ -119,8 +120,8 @@ aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c -aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c +aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h +aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/src/lib/libssl/src/crypto/aes/aes.h b/src/lib/libssl/src/crypto/aes/aes.h index 450f2b4051..d2c99730fe 100644 --- a/src/lib/libssl/src/crypto/aes/aes.h +++ b/src/lib/libssl/src/crypto/aes/aes.h @@ -58,6 +58,8 @@ #error AES is disabled. #endif +#include + #define AES_ENCRYPT 1 #define AES_DECRYPT 0 @@ -66,10 +68,6 @@ #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 -#ifdef OPENSSL_FIPS -#define FIPS_AES_SIZE_T int -#endif - #ifdef __cplusplus extern "C" { #endif @@ -100,37 +98,32 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc); -void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const AES_KEY *key, - unsigned char *ivec,const int enc); void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); - -/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); /* NB: the IV is _four_ blocks long */ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, const AES_KEY *key2, const unsigned char *ivec, const int enc); @@ -141,6 +134,7 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); + #ifdef __cplusplus } #endif diff --git a/src/lib/libssl/src/crypto/aes/aes_cbc.c b/src/lib/libssl/src/crypto/aes/aes_cbc.c index 373864cd4b..227f75625d 100644 --- a/src/lib/libssl/src/crypto/aes/aes_cbc.c +++ b/src/lib/libssl/src/crypto/aes/aes_cbc.c @@ -49,85 +49,15 @@ * */ -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include - #include -#include "aes_locl.h" +#include -#if !defined(OPENSSL_FIPS_AES_ASM) void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t len, const AES_KEY *key, unsigned char *ivec, const int enc) { - unsigned long n; - unsigned long len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - const unsigned char *iv = ivec; - - assert(in && out && key && ivec); - assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - - if (AES_ENCRYPT == enc) { - while (len >= AES_BLOCK_SIZE) { - for(n=0; n < AES_BLOCK_SIZE; ++n) - out[n] = in[n] ^ iv[n]; - AES_encrypt(out, out, key); - iv = out; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - for(n=0; n < len; ++n) - out[n] = in[n] ^ iv[n]; - for(n=len; n < AES_BLOCK_SIZE; ++n) - out[n] = iv[n]; - AES_encrypt(out, out, key); - iv = out; - } - memcpy(ivec,iv,AES_BLOCK_SIZE); - } else if (in != out) { - while (len >= AES_BLOCK_SIZE) { - AES_decrypt(in, out, key); - for(n=0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - iv = in; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - AES_decrypt(in,tmp,key); - for(n=0; n < len; ++n) - out[n] = tmp[n] ^ iv[n]; - iv = in; - } - memcpy(ivec,iv,AES_BLOCK_SIZE); - } else { - while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for(n=0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - if (len) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(tmp, out, key); - for(n=0; n < len; ++n) - out[n] ^= ivec[n]; - for(n=len; n < AES_BLOCK_SIZE; ++n) - out[n] = tmp[n]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } - } + if (enc) + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt); + else + CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt); } -#endif diff --git a/src/lib/libssl/src/crypto/aes/aes_cfb.c b/src/lib/libssl/src/crypto/aes/aes_cfb.c index 49f0411010..0c6d058ce7 100644 --- a/src/lib/libssl/src/crypto/aes/aes_cfb.c +++ b/src/lib/libssl/src/crypto/aes/aes_cfb.c @@ -1,6 +1,6 @@ /* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -48,73 +48,9 @@ * ==================================================================== * */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include #include -#include "aes_locl.h" -#include "e_os.h" +#include /* The input and output encrypted as though 128bit cfb mode is being * used. The extra state information to record how much of the @@ -122,104 +58,24 @@ */ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned long l = length; - unsigned char c; - - assert(in && out && key && ivec && num); - - n = *num; - - if (enc) { - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % AES_BLOCK_SIZE; - } - } else { - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % AES_BLOCK_SIZE; - } - } - - *num=n; + CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } -/* This expects a single block of size nbits for both in and out. Note that - it corrupts any extra bits in the last byte of out */ -void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, - const int nbits,const AES_KEY *key, - unsigned char *ivec,const int enc) - { - int n,rem,num; - unsigned char ovec[AES_BLOCK_SIZE*2]; - - if (nbits<=0 || nbits>128) return; - - /* fill in the first half of the new IV with the current IV */ - memcpy(ovec,ivec,AES_BLOCK_SIZE); - /* construct the new IV */ - AES_encrypt(ivec,ivec,key); - num = (nbits+7)/8; - if (enc) /* encrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); - else /* decrypt the input */ - for(n=0 ; n < num ; ++n) - out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; - /* shift ovec left... */ - rem = nbits%8; - num = nbits/8; - if(rem==0) - memcpy(ivec,ovec+num,AES_BLOCK_SIZE); - else - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - ivec[n] = ovec[n+num]<>(8-rem); - - /* it is not necessary to cleanse ovec, since the IV is not secret */ - } - /* N.B. This expects the input to be packed, MS bit first */ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - unsigned char c[1],d[1]; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - memset(out,0,(length+7)/8); - for(n=0 ; n < length ; ++n) - { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); - out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); - } + CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, const int enc) { - unsigned int n; - - assert(in && out && key && ivec && num); - assert(*num == 0); - - for(n=0 ; n < length ; ++n) - AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); + CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt); } diff --git a/src/lib/libssl/src/crypto/aes/aes_core.c b/src/lib/libssl/src/crypto/aes/aes_core.c index cffdd4daec..a7ec54f4da 100644 --- a/src/lib/libssl/src/crypto/aes/aes_core.c +++ b/src/lib/libssl/src/crypto/aes/aes_core.c @@ -37,12 +37,9 @@ #include #include -#ifdef OPENSSL_FIPS -#include -#endif - #include "aes_locl.h" +#ifndef AES_ASM /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; @@ -635,10 +632,6 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int i = 0; u32 temp; -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif - if (!userKey || !key) return -1; if (bits != 128 && bits != 192 && bits != 256) @@ -781,7 +774,6 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, return 0; } -#ifndef AES_ASM /* * Encrypt a single block * in and out can overlap @@ -1164,4 +1156,203 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, PUTU32(out + 12, s3); } +#else /* AES_ASM */ + +static const u8 Te4[256] = { + 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, + 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, + 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, + 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, + 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, + 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, + 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, + 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, + 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, + 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, + 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, + 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, + 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, + 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, + 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, + 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, + 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, + 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, + 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, + 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, + 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, + 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, + 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, + 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, + 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, + 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, + 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, + 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, + 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, + 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, + 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, + 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +/** + * Expand the cipher key into the encryption key schedule. + */ +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) { + u32 *rk; + int i = 0; + u32 temp; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = key->rd_key; + + if (bits==128) + key->rounds = 10; + else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; + + rk[0] = GETU32(userKey ); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp ) & 0xff] << 8) ^ + (Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[ 5]; + rk[ 6] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp ) & 0xff] << 8) ^ + (Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[ 7] = rk[ 1] ^ rk[ 6]; + rk[ 8] = rk[ 2] ^ rk[ 7]; + rk[ 9] = rk[ 3] ^ rk[ 8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[ 4] ^ rk[ 9]; + rk[11] = rk[ 5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[ 7]; + rk[ 8] = rk[ 0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp ) & 0xff] << 8) ^ + (Te4[(temp >> 24) ]) ^ + rcon[i]; + rk[ 9] = rk[ 1] ^ rk[ 8]; + rk[10] = rk[ 2] ^ rk[ 9]; + rk[11] = rk[ 3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[ 4] ^ + (Te4[(temp >> 24) ] << 24) ^ + (Te4[(temp >> 16) & 0xff] << 16) ^ + (Te4[(temp >> 8) & 0xff] << 8) ^ + (Te4[(temp ) & 0xff]); + rk[13] = rk[ 5] ^ rk[12]; + rk[14] = rk[ 6] ^ rk[13]; + rk[15] = rk[ 7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) { + + u32 *rk; + int i, j, status; + u32 temp; + + /* first, start with an encryption schedule */ + status = AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + + rk = key->rd_key; + + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + for (j = 0; j < 4; j++) { + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + + tp1 = rk[j]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; +#if defined(ROTATE) + rk[j] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,24) ^ ROTATE(tpb,8); +#else + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 8) ^ (tp9 << 24) ^ + (tpb >> 24) ^ (tpb << 8); +#endif + } + } + return 0; +} + #endif /* AES_ASM */ diff --git a/src/lib/libssl/src/crypto/aes/aes_ctr.c b/src/lib/libssl/src/crypto/aes/aes_ctr.c index f36982be1e..7c9d165d8a 100644 --- a/src/lib/libssl/src/crypto/aes/aes_ctr.c +++ b/src/lib/libssl/src/crypto/aes/aes_ctr.c @@ -49,91 +49,13 @@ * */ -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include - #include -#include "aes_locl.h" - -/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code - * is endian-neutral. */ - -/* increment counter (128-bit int) by 1 */ -static void AES_ctr128_inc(unsigned char *counter) { - unsigned long c; - - /* Grab bottom dword of counter and increment */ - c = GETU32(counter + 12); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 12, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 1st dword of counter and increment */ - c = GETU32(counter + 8); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 8, c); - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab 2nd dword of counter and increment */ - c = GETU32(counter + 4); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 4, c); - - /* if no overflow, we're done */ - if (c) - return; +#include - /* Grab top dword of counter and increment */ - c = GETU32(counter + 0); - c++; c &= 0xFFFFFFFF; - PUTU32(counter + 0, c); -} - -/* The input encrypted as though 128bit counter mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num, and the - * encrypted counter is kept in ecount_buf. Both *num and - * ecount_buf must be initialised with zeros before the first - * call to AES_ctr128_encrypt(). - * - * This algorithm assumes that the counter is in the x lower bits - * of the IV (ivec), and that the application has full control over - * overflow and the rest of the IV. This implementation takes NO - * responsability for checking that the counter doesn't overflow - * into the rest of the IV when incremented. - */ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], - unsigned int *num) { - - unsigned int n; - unsigned long l=length; - - assert(in && out && key && counter && num); - assert(*num < AES_BLOCK_SIZE); - - n = *num; - - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ecount_buf, key); - AES_ctr128_inc(ivec); - } - *(out++) = *(in++) ^ ecount_buf[n]; - n = (n+1) % AES_BLOCK_SIZE; - } - - *num=n; + size_t length, const AES_KEY *key, + unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], + unsigned int *num) { + CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt); } diff --git a/src/lib/libssl/src/crypto/aes/aes_ofb.c b/src/lib/libssl/src/crypto/aes/aes_ofb.c index f358bb39e2..50bf0b8325 100644 --- a/src/lib/libssl/src/crypto/aes/aes_ofb.c +++ b/src/lib/libssl/src/crypto/aes/aes_ofb.c @@ -1,6 +1,6 @@ /* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -48,95 +48,13 @@ * ==================================================================== * */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef AES_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif -#include #include -#include "aes_locl.h" +#include -/* The input and output encrypted as though 128bit ofb mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; - */ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, int *num) { - - unsigned int n; - unsigned long l=length; - - assert(in && out && key && ivec && num); - - n = *num; - - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % AES_BLOCK_SIZE; - } - - *num=n; + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt); } diff --git a/src/lib/libssl/src/crypto/asn1/Makefile b/src/lib/libssl/src/crypto/asn1/Makefile index 94a6885804..160544eede 100644 --- a/src/lib/libssl/src/crypto/asn1/Makefile +++ b/src/lib/libssl/src/crypto/asn1/Makefile @@ -22,30 +22,32 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ + tasn_prn.c ameth_lib.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \ - asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ + f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \ + asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ + x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ + tasn_prn.o ameth_lib.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \ - asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ + f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \ + asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) EXHEADER= asn1.h asn1_mac.h asn1t.h -HEADER= $(EXHEADER) +HEADER= $(EXHEADER) asn1_locl.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -63,7 +65,7 @@ pk: pk.c all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -142,9 +144,9 @@ a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_digest.o: ../../include/openssl/opensslconf.h a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -173,14 +175,6 @@ a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c -a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h -a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -205,13 +199,6 @@ a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_mbstr.o: ../cryptlib.h a_mbstr.c -a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -250,27 +237,27 @@ a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c +a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_sign.o: ../cryptlib.h a_sign.c asn1_locl.h a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -a_strex.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +a_strex.o: ../cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -318,14 +305,29 @@ a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_verify.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h +a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c +a_verify.o: asn1_locl.h +ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ameth_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ameth_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ameth_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ameth_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ameth_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ameth_lib.o: ../../include/openssl/opensslconf.h +ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ameth_lib.c +ameth_lib.o: asn1_locl.h asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -339,9 +341,8 @@ asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn1_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn1_gen.o: ../../include/openssl/opensslconf.h +asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -371,24 +372,23 @@ asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -asn_mime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -asn_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn_mime.o: ../../include/openssl/opensslconf.h +asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../cryptlib.h asn_mime.c +asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +asn_moid.o: ../../include/openssl/opensslconf.h asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -402,28 +402,43 @@ asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c +bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_asn1.o: ../../include/openssl/opensslconf.h +bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c +bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pr.c +d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h d2i_pu.c +d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +d2i_pu.o: ../cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -455,77 +470,76 @@ f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pr.c +i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h i2d_pu.c +i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i2d_pu.o: ../cryptlib.h i2d_pu.c n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c +n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -nsseq.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c +nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c +p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_pbe.o: ../cryptlib.h p5_pbe.c p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbev2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_pbev2.o: ../../include/openssl/opensslconf.h +p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -538,51 +552,48 @@ p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p8_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c +p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_bitst.o: ../cryptlib.h t_bitst.c t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c +t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_crl.o: ../cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h -t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_pkey.o: ../cryptlib.h t_pkey.c t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h @@ -591,57 +602,57 @@ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_req.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c +t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_req.o: ../cryptlib.h t_req.c t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c +t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_spki.o: ../cryptlib.h t_spki.c t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c +t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +t_x509.o: ../cryptlib.h t_x509.c t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_x509a.o: ../cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -675,6 +686,21 @@ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h +tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +tasn_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tasn_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tasn_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +tasn_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tasn_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tasn_prn.o: ../../include/openssl/opensslconf.h +tasn_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +tasn_prn.o: ../cryptlib.h asn1_locl.h tasn_prn.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h @@ -694,23 +720,21 @@ x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_algor.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c +x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_attrib.o: ../../include/openssl/opensslconf.h +x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -727,44 +751,42 @@ x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../cryptlib.h x_crl.c +x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -x_exten.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c +x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -780,125 +802,129 @@ x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_name.o: ../cryptlib.h x_name.c +x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h x_name.c +x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x_nx509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x_nx509.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h +x_nx509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_nx509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_nx509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_nx509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_nx509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_nx509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_nx509.o: ../../include/openssl/x509_vfy.h x_nx509.c x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pkey.o: ../cryptlib.h x_pkey.c +x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_pubkey.o: ../../include/openssl/opensslconf.h x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h x_pubkey.c +x_pubkey.o: ../cryptlib.h asn1_locl.h x_pubkey.c x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_req.o: ../cryptlib.h x_req.c +x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_sig.o: ../cryptlib.h x_sig.c +x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_spki.o: ../cryptlib.h x_spki.c +x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_val.o: ../cryptlib.h x_val.c +x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_x509.o: ../cryptlib.h x_x509.c +x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_x509a.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c diff --git a/src/lib/libssl/src/crypto/asn1/a_bitstr.c b/src/lib/libssl/src/crypto/asn1/a_bitstr.c index 0fb9ce0c2a..34179960b8 100644 --- a/src/lib/libssl/src/crypto/asn1/a_bitstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_bitstr.c @@ -223,3 +223,26 @@ int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) return((a->data[w]&v) != 0); } +/* + * Checks if the given bit string contains only bits specified by + * the flags vector. Returns 0 if there is at least one bit set in 'a' + * which is not specified in 'flags', 1 otherwise. + * 'len' is the length of 'flags'. + */ +int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len) + { + int i, ok; + /* Check if there is one bit set at all. */ + if (!a || !a->data) return 1; + + /* Check each byte of the internal representation of the bit string. */ + ok = 1; + for (i = 0; i < a->length && ok; ++i) + { + unsigned char mask = i < flags_len ? ~flags[i] : 0xff; + /* We are done if there is an unneeded bit set. */ + ok = (a->data[i] & mask) == 0; + } + return ok; + } diff --git a/src/lib/libssl/src/crypto/asn1/a_dup.c b/src/lib/libssl/src/crypto/asn1/a_dup.c index 199d50f521..d98992548a 100644 --- a/src/lib/libssl/src/crypto/asn1/a_dup.c +++ b/src/lib/libssl/src/crypto/asn1/a_dup.c @@ -62,7 +62,7 @@ #ifndef NO_OLD_ASN1 -void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) { unsigned char *b,*p; const unsigned char *p2; diff --git a/src/lib/libssl/src/crypto/asn1/a_gentm.c b/src/lib/libssl/src/crypto/asn1/a_gentm.c index def79062a5..c79c6f538c 100644 --- a/src/lib/libssl/src/crypto/asn1/a_gentm.c +++ b/src/lib/libssl/src/crypto/asn1/a_gentm.c @@ -117,8 +117,8 @@ err: int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) { - static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[9]={99, 99,12,31,23,59,59,12,59}; + static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; + static const int max[9]={99, 99,12,31,23,59,59,12,59}; char *a; int n,i,l,o; @@ -176,6 +176,11 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) o++; } } + else + { + /* Missing time zone information. */ + goto err; + } return(o == l); err: return(0); @@ -205,6 +210,12 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t) + { + return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); + } + +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec) { char *p; struct tm *ts; @@ -220,13 +231,19 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, if (ts == NULL) return(NULL); + if (offset_day || offset_sec) + { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } + p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); if (p == NULL) { - ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); return(NULL); } diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c index f8d198efb1..c6fd204ae3 100644 --- a/src/lib/libssl/src/crypto/asn1/a_int.c +++ b/src/lib/libssl/src/crypto/asn1/a_int.c @@ -61,10 +61,10 @@ #include #include -ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) +ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { return M_ASN1_INTEGER_dup(x);} -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) { int neg, ret; /* Compare signs */ @@ -373,7 +373,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) return(1); } -long ASN1_INTEGER_get(ASN1_INTEGER *a) +long ASN1_INTEGER_get(const ASN1_INTEGER *a) { int neg=0,i; long r=0; @@ -402,7 +402,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a) return(r); } -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) { ASN1_INTEGER *ret; int len,j; @@ -444,7 +444,7 @@ err: return(NULL); } -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) { BIGNUM *ret; diff --git a/src/lib/libssl/src/crypto/asn1/a_mbstr.c b/src/lib/libssl/src/crypto/asn1/a_mbstr.c index 1bcd046893..1538e0a4fc 100644 --- a/src/lib/libssl/src/crypto/asn1/a_mbstr.c +++ b/src/lib/libssl/src/crypto/asn1/a_mbstr.c @@ -93,7 +93,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, int str_type; int ret; char free_out; - int outform, outlen; + int outform, outlen = 0; ASN1_STRING *dest; unsigned char *p; int nchar; diff --git a/src/lib/libssl/src/crypto/asn1/a_object.c b/src/lib/libssl/src/crypto/asn1/a_object.c index dc980421d0..e5fbe7cbb1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_object.c +++ b/src/lib/libssl/src/crypto/asn1/a_object.c @@ -281,8 +281,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, return ret; err: ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_OBJECT_free(ret); return(NULL); } ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, @@ -290,7 +288,19 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, { ASN1_OBJECT *ret=NULL; const unsigned char *p; + unsigned char *data; int i; + /* Sanity check OID encoding: can't have leading 0x80 in + * subidentifiers, see: X.690 8.19.2 + */ + for (i = 0, p = *pp + 1; i < len - 1; i++, p++) + { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) + { + ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); + return NULL; + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ @@ -302,15 +312,22 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, else ret=(*a); p= *pp; - if ((ret->data == NULL) || (ret->length < len)) + /* detach data from object */ + data = (unsigned char *)ret->data; + ret->data = NULL; + /* once detached we can change it */ + if ((data == NULL) || (ret->length < len)) { - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); - ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; - if (ret->data == NULL) + ret->length=0; + if (data != NULL) OPENSSL_free(data); + data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); + if (data == NULL) { i=ERR_R_MALLOC_FAILURE; goto err; } + ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; } - memcpy(ret->data,p,(int)len); + memcpy(data,p,(int)len); + /* reattach data to object, after which it remains const */ + ret->data =data; ret->length=(int)len; ret->sn=NULL; ret->ln=NULL; @@ -359,7 +376,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) } if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - if (a->data != NULL) OPENSSL_free(a->data); + if (a->data != NULL) OPENSSL_free((void *)a->data); a->data=NULL; a->length=0; } diff --git a/src/lib/libssl/src/crypto/asn1/a_octet.c b/src/lib/libssl/src/crypto/asn1/a_octet.c index 24fd0f8e5a..e8725e44f1 100644 --- a/src/lib/libssl/src/crypto/asn1/a_octet.c +++ b/src/lib/libssl/src/crypto/asn1/a_octet.c @@ -60,10 +60,10 @@ #include "cryptlib.h" #include -ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) { return M_ASN1_OCTET_STRING_dup(x); } -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b) { return M_ASN1_OCTET_STRING_cmp(a, b); } int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c index 958558c204..d726c8d3a8 100644 --- a/src/lib/libssl/src/crypto/asn1/a_set.c +++ b/src/lib/libssl/src/crypto/asn1/a_set.c @@ -85,8 +85,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 ) } /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ -int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, - int ex_class, int is_set) +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, + int is_set) { int ret=0,r; int i; @@ -96,8 +97,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, int totSize; if (a == NULL) return(0); - for (i=sk_num(a)-1; i>=0; i--) - ret+=i2d(sk_value(a,i),NULL); + for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--) + ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL); r=ASN1_object_size(1,ret,ex_tag); if (pp == NULL) return(r); @@ -108,10 +109,10 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, /* And then again by Ben */ /* And again by Steve */ - if(!is_set || (sk_num(a) < 2)) + if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) { - for (i=0; i #include #include +#include "asn1_locl.h" #ifndef NO_ASN1_OLD @@ -218,45 +219,47 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, { EVP_MD_CTX ctx; unsigned char *buf_in=NULL,*buf_out=NULL; - int i,inl=0,outl=0,outll=0; - X509_ALGOR *a; + int inl=0,outl=0,outll=0; + int signid, paramtype; - EVP_MD_CTX_init(&ctx); - for (i=0; i<2; i++) + if (type == NULL) { - if (i == 0) - a=algor1; - else - a=algor2; - if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1 || - type->pkey_type == NID_ecdsa_with_SHA1) - { - /* special case: RFC 3279 tells us to omit 'parameters' - * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ - ASN1_TYPE_free(a->parameter); - a->parameter = NULL; - } - else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; - a->parameter->type=V_ASN1_NULL; - } - ASN1_OBJECT_free(a->algorithm); - a->algorithm=OBJ_nid2obj(type->pkey_type); - if (a->algorithm == NULL) - { - ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); - goto err; - } - if (a->algorithm->length == 0) + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) + type = EVP_get_digestbynid(def_nid); + } + + if (type == NULL) + { + ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST); + return 0; + } + + if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) + { + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), + pkey->ameth->pkey_id)) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - goto err; + ASN1err(ASN1_F_ASN1_ITEM_SIGN, + ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; } } + else + signid = type->pkey_type; + + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; + else + paramtype = V_ASN1_UNDEF; + + if (algor1) + X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); + if (algor2) + X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); + + EVP_MD_CTX_init(&ctx); inl=ASN1_item_i2d(asn,&buf_in, it); outll=outl=EVP_PKEY_size(pkey); buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); @@ -267,12 +270,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, goto err; } - if (!EVP_SignInit_ex(&ctx,type, NULL)) - { - outl=0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); - goto err; - } + EVP_SignInit_ex(&ctx,type, NULL); EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) diff --git a/src/lib/libssl/src/crypto/asn1/a_strnid.c b/src/lib/libssl/src/crypto/asn1/a_strnid.c index fe515b52ba..753021a7a2 100644 --- a/src/lib/libssl/src/crypto/asn1/a_strnid.c +++ b/src/lib/libssl/src/crypto/asn1/a_strnid.c @@ -67,7 +67,6 @@ static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, const ASN1_STRING_TABLE * const *b); -static int table_cmp(const void *a, const void *b); /* This is the global mask for the mbstring functions: this is use to @@ -158,7 +157,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, /* This table must be kept in NID order */ -static ASN1_STRING_TABLE tbl_standard[] = { +static const ASN1_STRING_TABLE tbl_standard[] = { {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, @@ -186,22 +185,23 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, return (*a)->nid - (*b)->nid; } -static int table_cmp(const void *a, const void *b) +DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); + +static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) { - const ASN1_STRING_TABLE *sa = a, *sb = b; - return sa->nid - sb->nid; + return a->nid - b->nid; } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) { int idx; ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; fnd.nid = nid; - ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, - (char *)tbl_standard, - sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), - sizeof(ASN1_STRING_TABLE), table_cmp); + ttmp = OBJ_bsearch_table(&fnd, tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); if(ttmp) return ttmp; if(!stable) return NULL; idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); diff --git a/src/lib/libssl/src/crypto/asn1/a_time.c b/src/lib/libssl/src/crypto/asn1/a_time.c index 159681fbcb..e2eb9b243e 100644 --- a/src/lib/libssl/src/crypto/asn1/a_time.c +++ b/src/lib/libssl/src/crypto/asn1/a_time.c @@ -100,18 +100,29 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) { + return ASN1_TIME_adj(s, t, 0, 0); + } + +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec) + { struct tm *ts; struct tm data; ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) { - ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); + ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); return NULL; } + if (offset_day || offset_sec) + { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) - return ASN1_UTCTIME_set(s, t); - return ASN1_GENERALIZEDTIME_set(s,t); + return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec); + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); } int ASN1_TIME_check(ASN1_TIME *t) @@ -162,3 +173,26 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE return ret; } + +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) + { + ASN1_TIME t; + + t.length = strlen(str); + t.data = (unsigned char *)str; + t.flags = 0; + + t.type = V_ASN1_UTCTIME; + + if (!ASN1_TIME_check(&t)) + { + t.type = V_ASN1_GENERALIZEDTIME; + if (!ASN1_TIME_check(&t)) + return 0; + } + + if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) + return 0; + + return 1; + } diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c index 36beceacdb..a45d2f9d12 100644 --- a/src/lib/libssl/src/crypto/asn1/a_type.c +++ b/src/lib/libssl/src/crypto/asn1/a_type.c @@ -77,7 +77,10 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); } a->type=type; - a->value.ptr=value; + if (type == V_ASN1_BOOLEAN) + a->value.boolean = value ? 0xff : 0; + else + a->value.ptr=value; } int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) @@ -98,7 +101,7 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) else { ASN1_STRING *sdup; - sdup = ASN1_STRING_dup((ASN1_STRING *)value); + sdup = ASN1_STRING_dup(value); if (!sdup) return 0; ASN1_TYPE_set(a, type, sdup); @@ -108,3 +111,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) + +/* Returns 0 if they are equal, != 0 otherwise. */ +int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) + { + int result = -1; + + if (!a || !b || a->type != b->type) return -1; + + switch (a->type) + { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, + (ASN1_STRING *) b->value.ptr); + break; + } + + return result; + } diff --git a/src/lib/libssl/src/crypto/asn1/a_utctm.c b/src/lib/libssl/src/crypto/asn1/a_utctm.c index d31c028193..072e236592 100644 --- a/src/lib/libssl/src/crypto/asn1/a_utctm.c +++ b/src/lib/libssl/src/crypto/asn1/a_utctm.c @@ -114,8 +114,8 @@ err: int ASN1_UTCTIME_check(ASN1_UTCTIME *d) { - static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[8]={99,12,31,23,59,59,12,59}; + static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; + static const int max[8]={99,12,31,23,59,59,12,59}; char *a; int n,i,l,o; @@ -186,6 +186,12 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) { + return ASN1_UTCTIME_adj(s, t, 0, 0); + } + +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec) + { char *p; struct tm *ts; struct tm data; @@ -200,13 +206,22 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) if (ts == NULL) return(NULL); + if (offset_day || offset_sec) + { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) + return NULL; + } + + if((ts->tm_year < 50) || (ts->tm_year >= 150)) + return NULL; + p=(char *)s->data; if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); if (p == NULL) { - ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE); return(NULL); } if (s->data != NULL) diff --git a/src/lib/libssl/src/crypto/asn1/a_verify.c b/src/lib/libssl/src/crypto/asn1/a_verify.c index da3efaaf8d..cecdb13c70 100644 --- a/src/lib/libssl/src/crypto/asn1/a_verify.c +++ b/src/lib/libssl/src/crypto/asn1/a_verify.c @@ -60,6 +60,7 @@ #include #include "cryptlib.h" +#include "asn1_locl.h" #ifndef NO_SYS_TYPES_H # include @@ -100,12 +101,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - if (!EVP_VerifyInit_ex(&ctx,type, NULL)) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; - } + EVP_VerifyInit_ex(&ctx,type, NULL); EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); @@ -134,19 +130,34 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; - const EVP_MD *type; + const EVP_MD *type = NULL; unsigned char *buf_in=NULL; - int ret= -1,i,inl; + int ret= -1,inl; + + int mdnid, pknid; EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); + + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } + type=EVP_get_digestbynid(mdnid); if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + /* Check public key OID matches public key type */ + if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); diff --git a/src/lib/libssl/src/crypto/asn1/asn1.h b/src/lib/libssl/src/crypto/asn1/asn1.h index e3385226d4..f7718b5a94 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1.h +++ b/src/lib/libssl/src/crypto/asn1/asn1.h @@ -213,7 +213,7 @@ typedef struct asn1_object_st const char *sn,*ln; int nid; int length; - unsigned char *data; + const unsigned char *data; /* data remains const after init */ int flags; /* Should we free this one */ } ASN1_OBJECT; @@ -228,8 +228,12 @@ typedef struct asn1_object_st * complete and is a place holder for content when it had all been * accessed. The flag will be reset when content has been written to it. */ -#define ASN1_STRING_FLAG_CONT 0x020 +#define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { @@ -330,6 +334,13 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; type *name##_new(void); \ void name##_free(type *a); +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + #define D2I_OF(type) type *(*)(type **,const unsigned char **,long) #define I2D_OF(type) int (*)(type *,unsigned char **) #define I2D_OF_const(type) int (*)(const type *,unsigned char **) @@ -534,28 +545,23 @@ typedef struct asn1_type_st * contain the set or sequence bytes */ ASN1_STRING * set; ASN1_STRING * sequence; - ASN1_VALUE * asn1_value; + ASN1_VALUE * asn1_value; } value; } ASN1_TYPE; DECLARE_STACK_OF(ASN1_TYPE) DECLARE_ASN1_SET_OF(ASN1_TYPE) -typedef struct asn1_method_st - { - i2d_of_void *i2d; - d2i_of_void *d2i; - void *(*create)(void); - void (*destroy)(void *); - } ASN1_METHOD; - -/* This is used when parsing some Netscape objects */ -typedef struct asn1_header_st +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + +typedef struct NETSCAPE_X509_st { ASN1_OCTET_STRING *header; - void *data; - ASN1_METHOD *meth; - } ASN1_HEADER; + X509 *cert; + } NETSCAPE_X509; /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { @@ -575,32 +581,34 @@ typedef struct BIT_STRING_BITNAME_st { ASN1_STRING_type_new(V_ASN1_BIT_STRING) #define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) #define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) #define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ ASN1_STRING_type_new(V_ASN1_INTEGER) #define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) #define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ ASN1_STRING_type_new(V_ASN1_ENUMERATED) #define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) #define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) #define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) + (const ASN1_STRING *)a,(const ASN1_STRING *)b) #define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) #define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) #define M_i2d_ASN1_OCTET_STRING(a,pp) \ @@ -684,7 +692,7 @@ typedef struct BIT_STRING_BITNAME_st { ASN1_STRING_type_new(V_ASN1_IA5STRING) #define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) + (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) #define M_i2d_ASN1_IA5STRING(a,pp) \ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ V_ASN1_UNIVERSAL) @@ -695,18 +703,20 @@ typedef struct BIT_STRING_BITNAME_st { #define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ ASN1_STRING_type_new(V_ASN1_UTCTIME) #define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) #define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) #define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (ASN1_STRING *)a) + (const ASN1_STRING *)a) #define M_ASN1_TIME_new() (ASN1_TIME *)\ ASN1_STRING_type_new(V_ASN1_UTCTIME) #define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) +#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ + ASN1_STRING_dup((const ASN1_STRING *)a) #define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) @@ -767,6 +777,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -783,14 +794,15 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING * ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); -ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING * ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING * ASN1_STRING_type_new(int type ); -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); /* Since this is used to store all sorts of things, via macros, for now, make its data void * */ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); -int ASN1_STRING_length(ASN1_STRING *x); +int ASN1_STRING_length(const ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); int ASN1_STRING_type(ASN1_STRING *x); unsigned char * ASN1_STRING_data(ASN1_STRING *x); @@ -803,6 +815,8 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length ); int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, + unsigned char *flags, int flags_len); #ifndef OPENSSL_NO_BIO int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, @@ -821,13 +835,15 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, long length); -ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); +ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) int ASN1_UTCTIME_check(ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); #if 0 @@ -836,11 +852,13 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec); int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) -ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); +ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b); int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) @@ -867,14 +885,20 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME) DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t, + int offset_day, long offset_sec); int ASN1_TIME_check(ASN1_TIME *t); ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); -int i2d_ASN1_SET(STACK *a, unsigned char **pp, - i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); -STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, - d2i_of_void *d2i, void (*free_func)(void *), - int ex_tag, int ex_class); +int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, + i2d_of_void *i2d, int ex_tag, int ex_class, + int is_set); +STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, + const unsigned char **pp, + long length, d2i_of_void *d2i, + void (*free_func)(OPENSSL_BLOCK), int ex_tag, + int ex_class); #ifndef OPENSSL_NO_BIO int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); @@ -892,9 +916,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, const char *sn, const char *ln); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); -long ASN1_INTEGER_get(ASN1_INTEGER *a); -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); @@ -928,7 +952,7 @@ int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); /* Used to implement other functions */ -void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); #define ASN1_dup_of(type,i2d,d2i,x) \ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ @@ -999,29 +1023,23 @@ int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); CHECKED_PTR_OF(const type, x))) int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); -int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); -int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); -int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); -int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); #endif const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert/key */ -int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); -ASN1_HEADER *ASN1_HEADER_new(void ); -void ASN1_HEADER_free(ASN1_HEADER *a); +/* Used to load and write netscape format cert */ -int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); +DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) -/* Not used that much at this point, except for the first two */ -ASN1_METHOD *X509_asn1_meth(void); -ASN1_METHOD *RSAPrivateKey_asn1_meth(void); -ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); -ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); @@ -1032,9 +1050,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, unsigned char *data, int max_len); -STACK *ASN1_seq_unpack(const unsigned char *buf, int len, - d2i_of_void *d2i, void (*free_func)(void *)); -unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK)); +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, unsigned char **buf, int *len ); void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); @@ -1077,15 +1095,58 @@ void ASN1_add_oid_module(void); ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); -typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it); - -int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, + const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs, - asn1_output_data_fn *data_fn, const ASN1_ITEM *it); ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -1116,6 +1177,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 #define ASN1_F_ASN1_EX_C2I 204 #define ASN1_F_ASN1_FIND_END 190 +#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 #define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 #define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 @@ -1136,7 +1198,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_ITEM_VERIFY 197 #define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 -#define ASN1_F_ASN1_OUTPUT_DATA 207 +#define ASN1_F_ASN1_OUTPUT_DATA 214 #define ASN1_F_ASN1_PACK_STRING 124 #define ASN1_F_ASN1_PCTX_NEW 205 #define ASN1_F_ASN1_PKCS5_PBE_SET 125 @@ -1150,14 +1212,17 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 #define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +#define ASN1_F_ASN1_TIME_ADJ 217 #define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_ADJ 218 #define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 -#define ASN1_F_B64_READ_ASN1 208 -#define ASN1_F_B64_WRITE_ASN1 209 +#define ASN1_F_B64_READ_ASN1 209 +#define ASN1_F_B64_WRITE_ASN1 210 +#define ASN1_F_BIO_NEW_NDEF 208 #define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 @@ -1176,6 +1241,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_ASN1_TYPE_BYTES 149 #define ASN1_F_D2I_ASN1_UINTEGER 150 #define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_AUTOPRIVATEKEY 207 #define ASN1_F_D2I_NETSCAPE_RSA 152 #define ASN1_F_D2I_NETSCAPE_RSA_2 153 #define ASN1_F_D2I_PRIVATEKEY 154 @@ -1185,6 +1251,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_X509 156 #define ASN1_F_D2I_X509_CINF 157 #define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_BIO_STREAM 211 #define ASN1_F_I2D_ASN1_SET 188 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 @@ -1196,10 +1263,11 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_LONG_C2I 166 #define ASN1_F_OID_MODULE_INIT 174 #define ASN1_F_PARSE_TAGGING 182 -#define ASN1_F_PKCS5_PBE2_SET 167 +#define ASN1_F_PKCS5_PBE2_SET_IV 167 #define ASN1_F_PKCS5_PBE_SET 202 -#define ASN1_F_SMIME_READ_ASN1 210 -#define ASN1_F_SMIME_TEXT 211 +#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +#define ASN1_F_SMIME_READ_ASN1 212 +#define ASN1_F_SMIME_TEXT 213 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 #define ASN1_F_X509_INFO_NEW 170 @@ -1211,14 +1279,14 @@ void ERR_load_ASN1_strings(void); /* Reason codes. */ #define ASN1_R_ADDING_OBJECT 171 -#define ASN1_R_ASN1_PARSE_ERROR 198 -#define ASN1_R_ASN1_SIG_PARSE_ERROR 199 +#define ASN1_R_ASN1_PARSE_ERROR 203 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 204 #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 -#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 @@ -1227,6 +1295,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 #define ASN1_R_DEPTH_EXCEEDED 174 +#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 #define ASN1_R_ENCODE_ERROR 112 #define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 @@ -1260,9 +1329,10 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 -#define ASN1_R_INVALID_MIME_TYPE 200 +#define ASN1_R_INVALID_MIME_TYPE 205 #define ASN1_R_INVALID_MODIFIER 186 #define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 @@ -1270,9 +1340,9 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 #define ASN1_R_LIST_ERROR 188 -#define ASN1_R_MIME_NO_CONTENT_TYPE 201 -#define ASN1_R_MIME_PARSE_ERROR 202 -#define ASN1_R_MIME_SIG_PARSE_ERROR 203 +#define ASN1_R_MIME_NO_CONTENT_TYPE 206 +#define ASN1_R_MIME_PARSE_ERROR 207 +#define ASN1_R_MIME_SIG_PARSE_ERROR 208 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 #define ASN1_R_MISSING_VALUE 189 @@ -1282,11 +1352,12 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_NON_HEX_CHARACTERS 141 #define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 -#define ASN1_R_NO_CONTENT_TYPE 204 +#define ASN1_R_NO_CONTENT_TYPE 209 +#define ASN1_R_NO_DEFAULT_DIGEST 201 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 -#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 -#define ASN1_R_NO_MULTIPART_BOUNDARY 206 -#define ASN1_R_NO_SIG_CONTENT_TYPE 207 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +#define ASN1_R_NO_MULTIPART_BOUNDARY 211 +#define ASN1_R_NO_SIG_CONTENT_TYPE 212 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 @@ -1296,8 +1367,8 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 -#define ASN1_R_SIG_INVALID_MIME_TYPE 208 -#define ASN1_R_STREAMING_NOT_SUPPORTED 209 +#define ASN1_R_SIG_INVALID_MIME_TYPE 213 +#define ASN1_R_STREAMING_NOT_SUPPORTED 202 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 @@ -1308,11 +1379,12 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 -#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 #define ASN1_R_UNKNOWN_TAG 194 #define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 @@ -1320,6 +1392,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 #define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c index 5f5de98eed..6e04d08f31 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_err.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -90,10 +90,11 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, +{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, -{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, +{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, @@ -112,7 +113,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, -{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, +{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, @@ -124,14 +125,17 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, +{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, +{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, +{ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, @@ -143,13 +147,14 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, -{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, +{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"}, {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, +{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, @@ -159,6 +164,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, +{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, @@ -170,8 +176,9 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, -{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, +{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, +{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, @@ -204,6 +211,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, {ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"}, +{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),"digest and key type not supported"}, {ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, {ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, @@ -240,6 +248,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, {ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, @@ -260,6 +269,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, {ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST) ,"no default digest"}, {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, @@ -290,6 +300,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, +{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"}, {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, {ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, @@ -297,6 +308,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"}, +{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong public key type"}, {ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, {ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, {0,NULL} diff --git a/src/lib/libssl/src/crypto/asn1/asn1_lib.c b/src/lib/libssl/src/crypto/asn1/asn1_lib.c index 5af559ef8d..1bcb44aee2 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_lib.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_lib.c @@ -340,20 +340,31 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length) return(1); } -ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) { - ASN1_STRING *ret; + if (str == NULL) + return 0; + dst->type = str->type; + if (!ASN1_STRING_set(dst,str->data,str->length)) + return 0; + dst->flags = str->flags; + return 1; + } - if (str == NULL) return(NULL); - if ((ret=ASN1_STRING_type_new(str->type)) == NULL) - return(NULL); - if (!ASN1_STRING_set(ret,str->data,str->length)) +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) + { + ASN1_STRING *ret; + if (!str) + return NULL; + ret=ASN1_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_STRING_copy(ret,str)) { ASN1_STRING_free(ret); - return(NULL); + return NULL; } - ret->flags = str->flags; - return(ret); + return ret; } int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) @@ -427,11 +438,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type) void ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; - if (a->data != NULL) OPENSSL_free(a->data); + if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_free(a->data); OPENSSL_free(a); } -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) { int i; @@ -457,7 +469,7 @@ void asn1_add_error(const unsigned char *address, int offset) ERR_add_error_data(4,"address=",buf1," offset=",buf2); } -int ASN1_STRING_length(ASN1_STRING *x) +int ASN1_STRING_length(const ASN1_STRING *x) { return M_ASN1_STRING_length(x); } void ASN1_STRING_length_set(ASN1_STRING *x, int len) diff --git a/src/lib/libssl/src/crypto/asn1/asn1_mac.h b/src/lib/libssl/src/crypto/asn1/asn1_mac.h index d958ca60d9..87bd0e9e1d 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_mac.h +++ b/src/lib/libssl/src/crypto/asn1/asn1_mac.h @@ -153,6 +153,13 @@ err:\ M_ASN1_D2I_get(b,func); \ } +#define M_ASN1_D2I_get_int_opt(b,func,type) \ + if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ + == (V_ASN1_UNIVERSAL|(type)))) \ + { \ + M_ASN1_D2I_get_int(b,func); \ + } + #define M_ASN1_D2I_get_imp(b,func, type) \ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ c.q=c.p; \ diff --git a/src/lib/libssl/src/crypto/asn1/asn1_par.c b/src/lib/libssl/src/crypto/asn1/asn1_par.c index 8657f73d66..aaca69aebd 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1_par.c +++ b/src/lib/libssl/src/crypto/asn1/asn1_par.c @@ -70,9 +70,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, int indent) { static const char fmt[]="%-18s"; - static const char fmt2[]="%2d %-15s"; char str[128]; - const char *p,*p2=NULL; + const char *p; if (constructed & V_ASN1_CONSTRUCTED) p="cons: "; @@ -93,14 +92,8 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, else p = ASN1_tag2str(tag); - if (p2 != NULL) - { - if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; - } - else - { - if (BIO_printf(bp,fmt,p) <= 0) goto err; - } + if (BIO_printf(bp,fmt,p) <= 0) + goto err; return(1); err: return(0); @@ -246,7 +239,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { - if (BIO_write(bp,"Bad boolean\n",12)) + if (BIO_write(bp,"Bad boolean\n",12) <= 0) goto end; } BIO_printf(bp,":%d",ii); @@ -424,7 +417,7 @@ end: const char *ASN1_tag2str(int tag) { - static const char *tag2str[] = { + static const char * const tag2str[] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ diff --git a/src/lib/libssl/src/crypto/asn1/asn1t.h b/src/lib/libssl/src/crypto/asn1/asn1t.h index ac14f9415b..d230e4bf70 100644 --- a/src/lib/libssl/src/crypto/asn1/asn1t.h +++ b/src/lib/libssl/src/crypto/asn1/asn1t.h @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -218,6 +218,18 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + /* This pair helps declare a CHOICE type. We can do: * @@ -651,8 +663,13 @@ typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); typedef struct ASN1_COMPAT_FUNCS_st { ASN1_new_func *asn1_new; @@ -668,6 +685,7 @@ typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_free_func *asn1_ex_clear; ASN1_ex_d2i *asn1_ex_d2i; ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; } ASN1_EXTERN_FUNCS; typedef struct ASN1_PRIMITIVE_FUNCS_st { @@ -678,6 +696,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { ASN1_ex_free_func *prim_clear; ASN1_primitive_c2i *prim_c2i; ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; } ASN1_PRIMITIVE_FUNCS; /* This is the ASN1_AUX structure: it handles various @@ -697,7 +716,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { * then an external type is more appropriate. */ -typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); typedef struct ASN1_AUX_st { void *app_data; @@ -708,6 +728,23 @@ typedef struct ASN1_AUX_st { int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + /* Flags in ASN1_AUX */ /* Use a reference count */ @@ -727,6 +764,12 @@ typedef struct ASN1_AUX_st { #define ASN1_OP_D2I_POST 5 #define ASN1_OP_I2D_PRE 6 #define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 /* Macro to implement a primitive type */ #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) @@ -782,9 +825,22 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ @@ -834,6 +890,17 @@ typedef struct ASN1_AUX_st { return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ } +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) diff --git a/src/lib/libssl/src/crypto/asn1/asn_pack.c b/src/lib/libssl/src/crypto/asn1/asn_pack.c index f1a5a05632..ad738217d7 100644 --- a/src/lib/libssl/src/crypto/asn1/asn_pack.c +++ b/src/lib/libssl/src/crypto/asn1/asn_pack.c @@ -66,10 +66,10 @@ /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ -STACK *ASN1_seq_unpack(const unsigned char *buf, int len, - d2i_of_void *d2i,void (*free_func)(void *)) +STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, + d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK)) { - STACK *sk; + STACK_OF(OPENSSL_BLOCK) *sk; const unsigned char *pbuf; pbuf = buf; if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, @@ -82,7 +82,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len, * OPENSSL_malloc'ed buffer */ -unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, +unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, unsigned char **buf, int *len) { int safelen; diff --git a/src/lib/libssl/src/crypto/asn1/charmap.h b/src/lib/libssl/src/crypto/asn1/charmap.h index bd020a9562..b55e638725 100644 --- a/src/lib/libssl/src/crypto/asn1/charmap.h +++ b/src/lib/libssl/src/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * Mask of various character properties */ -static unsigned char char_type[] = { +static const unsigned char char_type[] = { 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16, diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pr.c b/src/lib/libssl/src/crypto/asn1/d2i_pr.c index 207ccda5ac..2828944777 100644 --- a/src/lib/libssl/src/crypto/asn1/d2i_pr.c +++ b/src/lib/libssl/src/crypto/asn1/d2i_pr.c @@ -61,16 +61,12 @@ #include #include #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_EC -#include +#ifndef OPENSSL_NO_ENGINE +#include #endif +#include +#include +#include "asn1_locl.h" EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) @@ -85,47 +81,43 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, return(NULL); } } - else ret= *a; - - ret->save_type=type; - ret->type=EVP_PKEY_type(type); - switch (ret->type) + else { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + ret= *a; +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); - goto err; + ENGINE_finish(ret->engine); + ret->engine = NULL; } - break; #endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ + } + + if (!EVP_PKEY_set_type(ret, type)) + { + ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + goto err; + } + + if (!ret->ameth->old_priv_decode || + !ret->ameth->old_priv_decode(ret, pp, length)) + { + if (ret->ameth->priv_decode) { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); - goto err; - } - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, - (const unsigned char **)pp, length)) == NULL) + PKCS8_PRIV_KEY_INFO *p8=NULL; + p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length); + if (!p8) goto err; + EVP_PKEY_free(ret); + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + + } + else { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); + ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); goto err; } - break; -#endif - default: - ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); - goto err; - /* break; */ - } + } if (a != NULL) (*a)=ret; return(ret); err: @@ -146,8 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * by analyzing it we can determine the passed structure: this * assumes the input is surrounded by an ASN1 SEQUENCE. */ - inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, - ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); /* Since we only need to discern "traditional format" RSA and DSA * keys we can just count the elements. */ @@ -155,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_DSA; else if (sk_ASN1_TYPE_num(inkey) == 4) keytype = EVP_PKEY_EC; + else if (sk_ASN1_TYPE_num(inkey) == 3) + { /* This seems to be PKCS8, not traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (!p8) + { + ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (a) { + *a = ret; + } + return ret; + } else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); diff --git a/src/lib/libssl/src/crypto/asn1/d2i_pu.c b/src/lib/libssl/src/crypto/asn1/d2i_pu.c index 3694f51a8c..c8f39ceb03 100644 --- a/src/lib/libssl/src/crypto/asn1/d2i_pu.c +++ b/src/lib/libssl/src/crypto/asn1/d2i_pu.c @@ -87,9 +87,13 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, } else ret= *a; - ret->save_type=type; - ret->type=EVP_PKEY_type(type); - switch (ret->type) + if (!EVP_PKEY_set_type(ret, type)) + { + ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); + goto err; + } + + switch (EVP_PKEY_id(ret)) { #ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c index 0be52c5b76..e398b62666 100644 --- a/src/lib/libssl/src/crypto/asn1/i2d_pr.c +++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c @@ -58,41 +58,22 @@ #include #include "cryptlib.h" -#include #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_EC -#include -#endif +#include +#include "asn1_locl.h" int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { -#ifndef OPENSSL_NO_RSA - if (a->type == EVP_PKEY_RSA) + if (a->ameth && a->ameth->old_priv_encode) { - return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); + return a->ameth->old_priv_encode(a, pp); } - else -#endif -#ifndef OPENSSL_NO_DSA - if (a->type == EVP_PKEY_DSA) - { - return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); - } -#endif -#ifndef OPENSSL_NO_EC - if (a->type == EVP_PKEY_EC) - { - return(i2d_ECPrivateKey(a->pkey.ec, pp)); - } -#endif - + if (a->ameth && a->ameth->priv_encode) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp); + PKCS8_PRIV_KEY_INFO_free(p8); + return ret; + } ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return(-1); } diff --git a/src/lib/libssl/src/crypto/asn1/nsseq.c b/src/lib/libssl/src/crypto/asn1/nsseq.c index e551c57d59..b8c4202230 100644 --- a/src/lib/libssl/src/crypto/asn1/nsseq.c +++ b/src/lib/libssl/src/crypto/asn1/nsseq.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -62,7 +62,8 @@ #include #include -static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_POST) { NETSCAPE_CERT_SEQUENCE *nsseq; diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c index c4582f8041..94bc38b99f 100644 --- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c +++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c @@ -71,61 +71,78 @@ ASN1_SEQUENCE(PBEPARAM) = { IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) -/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, - int saltlen) -{ +/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen) + { PBEPARAM *pbe=NULL; - ASN1_OBJECT *al; - X509_ALGOR *algor; - ASN1_TYPE *astype=NULL; + ASN1_STRING *pbe_str=NULL; + unsigned char *sstr; - if (!(pbe = PBEPARAM_new ())) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + pbe = PBEPARAM_new(); + if (!pbe) + { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; - } - if(iter <= 0) iter = PKCS5_DEFAULT_ITER; - if (!ASN1_INTEGER_set(pbe->iter, iter)) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + } + if(iter <= 0) + iter = PKCS5_DEFAULT_ITER; + if (!ASN1_INTEGER_set(pbe->iter, iter)) + { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; - } - if (!saltlen) saltlen = PKCS5_SALT_LEN; - if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + } + if (!saltlen) + saltlen = PKCS5_SALT_LEN; + if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) + { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; - } - pbe->salt->length = saltlen; - if (salt) memcpy (pbe->salt->data, salt, saltlen); - else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) + } + sstr = ASN1_STRING_data(pbe->salt); + if (salt) + memcpy(sstr, salt, saltlen); + else if (RAND_pseudo_bytes(sstr, saltlen) < 0) goto err; - if (!(astype = ASN1_TYPE_new())) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) + { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; - } + } - astype->type = V_ASN1_SEQUENCE; - if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, - &astype->value.sequence)) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - PBEPARAM_free (pbe); + PBEPARAM_free(pbe); pbe = NULL; - - al = OBJ_nid2obj(alg); /* never need to free al */ - if (!(algor = X509_ALGOR_new())) { - ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_OBJECT_free(algor->algorithm); - algor->algorithm = al; - algor->parameter = astype; - return (algor); + if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) + return 1; + err: - if (pbe != NULL) PBEPARAM_free(pbe); - if (astype != NULL) ASN1_TYPE_free(astype); + if (pbe != NULL) + PBEPARAM_free(pbe); + if (pbe_str != NULL) + ASN1_STRING_free(pbe_str); + return 0; + } + +/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen) + { + X509_ALGOR *ret; + ret = X509_ALGOR_new(); + if (!ret) + { + ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) + return ret; + + X509_ALGOR_free(ret); return NULL; -} + } diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c index 2b0516afee..cb49b6651d 100644 --- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c +++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c @@ -82,10 +82,13 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: * yes I know this is horrible! + * + * Extended version to allow application supplied PRF NID and IV. */ -X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen) +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid) { X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; int alg_nid; @@ -98,7 +101,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, alg_nid = EVP_CIPHER_type(cipher); if(alg_nid == NID_undef) { - ASN1err(ASN1_F_PKCS5_PBE2_SET, + ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } @@ -113,20 +116,33 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher) && - RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) - goto err; + if (EVP_CIPHER_iv_length(cipher)) + { + if (aiv) + memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); + else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) + goto err; + } EVP_CIPHER_CTX_init(&ctx); - /* Dummy cipherinit to just setup the IV */ + /* Dummy cipherinit to just setup the IV, and PRF */ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET, + ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); EVP_CIPHER_CTX_cleanup(&ctx); goto err; } + /* If prf NID unspecified see if cipher has a preference. + * An error is OK here: just means use default PRF. + */ + if ((prf_nid == -1) && + EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) + { + ERR_clear_error(); + prf_nid = NID_hmacWithSHA1; + } EVP_CIPHER_CTX_cleanup(&ctx); if(!(kdf = PBKDF2PARAM_new())) goto merr; @@ -154,7 +170,15 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, EVP_CIPHER_key_length(cipher))) goto merr; } - /* prf can stay NULL because we are using hmacWithSHA1 */ + /* prf can stay NULL if we are using hmacWithSHA1 */ + if (prf_nid != NID_hmacWithSHA1) + { + kdf->prf = X509_ALGOR_new(); + if (!kdf->prf) + goto merr; + X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), + V_ASN1_NULL, NULL); + } /* Now setup the PBE2PARAM keyfunc structure */ @@ -164,7 +188,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; - if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, + if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), &pbe2->keyfunc->parameter->value.sequence)) goto merr; pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; @@ -180,7 +204,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, /* Encode PBE2PARAM into parameter */ - if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, + if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), &ret->parameter->value.sequence)) goto merr; ret->parameter->type = V_ASN1_SEQUENCE; @@ -190,7 +214,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, return ret; merr: - ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE); err: PBE2PARAM_free(pbe2); @@ -203,3 +227,9 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, return NULL; } + +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen) + { + return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); + } diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c index 0a1957556e..17b68d386d 100644 --- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -62,7 +62,8 @@ #include /* Minor tweak to operation: zero private key data */ -static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ if(operation == ASN1_OP_FREE_PRE) { @@ -82,3 +83,73 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, + int ptype, void *pval, + unsigned char *penc, int penclen) + { + unsigned char **ppenc = NULL; + if (version >= 0) + { + if (!ASN1_INTEGER_set(priv->version, version)) + return 0; + } + if (penc) + { + int pmtype; + ASN1_OCTET_STRING *oct; + oct = ASN1_OCTET_STRING_new(); + if (!oct) + return 0; + oct->data = penc; + ppenc = &oct->data; + oct->length = penclen; + if (priv->broken == PKCS8_NO_OCTET) + pmtype = V_ASN1_SEQUENCE; + else + pmtype = V_ASN1_OCTET_STRING; + ASN1_TYPE_set(priv->pkey, pmtype, oct); + } + if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) + { + /* If call fails do not swallow 'enc' */ + if (ppenc) + *ppenc = NULL; + return 0; + } + return 1; + } + +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + PKCS8_PRIV_KEY_INFO *p8) + { + if (ppkalg) + *ppkalg = p8->pkeyalg->algorithm; + if(p8->pkey->type == V_ASN1_OCTET_STRING) + { + p8->broken = PKCS8_OK; + if (pk) + { + *pk = p8->pkey->value.octet_string->data; + *ppklen = p8->pkey->value.octet_string->length; + } + } + else if (p8->pkey->type == V_ASN1_SEQUENCE) + { + p8->broken = PKCS8_NO_OCTET; + if (pk) + { + *pk = p8->pkey->value.sequence->data; + *ppklen = p8->pkey->value.sequence->length; + } + } + else + return 0; + if (pa) + *pa = p8->pkeyalg; + return 1; + } + diff --git a/src/lib/libssl/src/crypto/asn1/t_pkey.c b/src/lib/libssl/src/crypto/asn1/t_pkey.c index afb95d6712..9dd18f6579 100644 --- a/src/lib/libssl/src/crypto/asn1/t_pkey.c +++ b/src/lib/libssl/src/crypto/asn1/t_pkey.c @@ -55,520 +55,15 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * Binary polynomial ECC support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ #include #include "cryptlib.h" #include #include #include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DH -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_EC -#include -#endif - -static int print(BIO *fp,const char *str, const BIGNUM *num, - unsigned char *buf,int off); -#ifndef OPENSSL_NO_EC -static int print_bin(BIO *fp, const char *str, const unsigned char *num, - size_t len, int off); -#endif -#ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_FP_API -int RSA_print_fp(FILE *fp, const RSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=RSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int RSA_print(BIO *bp, const RSA *x, int off) - { - char str[128]; - const char *s; - unsigned char *m=NULL; - int ret=0, mod_len = 0; - size_t buf_len=0, i; - - if (x->n) - buf_len = (size_t)BN_num_bytes(x->n); - if (x->e) - if (buf_len < (i = (size_t)BN_num_bytes(x->e))) - buf_len = i; - if (x->d) - if (buf_len < (i = (size_t)BN_num_bytes(x->d))) - buf_len = i; - if (x->p) - if (buf_len < (i = (size_t)BN_num_bytes(x->p))) - buf_len = i; - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->dmp1) - if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) - buf_len = i; - if (x->dmq1) - if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) - buf_len = i; - if (x->iqmp) - if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) - buf_len = i; - - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (x->n != NULL) - mod_len = BN_num_bits(x->n); - - if (x->d != NULL) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) - <= 0) goto err; - } - - if (x->d == NULL) - BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); - else - BUF_strlcpy(str,"modulus:",sizeof str); - if (!print(bp,str,x->n,m,off)) goto err; - s=(x->d == NULL)?"Exponent:":"publicExponent:"; - if ((x->e != NULL) && !print(bp,s,x->e,m,off)) - goto err; - if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) - goto err; - if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) - goto err; - if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) - goto err; - if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) - goto err; - if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) - goto err; - if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) - goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif /* OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSA_print_fp(FILE *fp, const DSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int DSA_print(BIO *bp, const DSA *x, int off) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0,i; - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - if (x->priv_key) - if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) - buf_len = i; - if (x->pub_key) - if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) - buf_len = i; - - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (x->priv_key != NULL) - { - if(!BIO_indent(bp,off,128)) - goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) - <= 0) goto err; - } - - if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) - goto err; - if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) - goto err; - if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; - if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; - if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif /* !OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_EC -#ifndef OPENSSL_NO_FP_API -int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECPKParameters_print(b, x, off); - BIO_free(b); - return(ret); - } - -int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = EC_KEY_print(b, x, off); - BIO_free(b); - return(ret); - } -#endif - -int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) - { - unsigned char *buffer=NULL; - size_t buf_len=0, i; - int ret=0, reason=ERR_R_BIO_LIB; - BN_CTX *ctx=NULL; - const EC_POINT *point=NULL; - BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, - *order=NULL, *cofactor=NULL; - const unsigned char *seed; - size_t seed_len=0; - - static const char *gen_compressed = "Generator (compressed):"; - static const char *gen_uncompressed = "Generator (uncompressed):"; - static const char *gen_hybrid = "Generator (hybrid):"; - - if (!x) - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - if (EC_GROUP_get_asn1_flag(x)) - { - /* the curve parameter are given by an asn1 OID */ - int nid; - - if (!BIO_indent(bp, off, 128)) - goto err; - - nid = EC_GROUP_get_curve_name(x); - if (nid == 0) - goto err; - - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) - goto err; - if (BIO_printf(bp, "\n") <= 0) - goto err; - } - else - { - /* explicit parameters */ - int is_char_two = 0; - point_conversion_form_t form; - int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; - - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL || (order = BN_new()) == NULL || - (cofactor = BN_new()) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (is_char_two) - { - if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) - { - reason = ERR_R_EC_LIB; - goto err; - } - } - else /* prime field */ - { - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) - { - reason = ERR_R_EC_LIB; - goto err; - } - } - - if ((point = EC_GROUP_get0_generator(x)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - if (!EC_GROUP_get_order(x, order, NULL) || - !EC_GROUP_get_cofactor(x, cofactor, NULL)) - { - reason = ERR_R_EC_LIB; - goto err; - } - - form = EC_GROUP_get_point_conversion_form(x); - - if ((gen = EC_POINT_point2bn(x, point, - form, NULL, ctx)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - - buf_len = (size_t)BN_num_bytes(p); - if (buf_len < (i = (size_t)BN_num_bytes(a))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(b))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(gen))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(order))) - buf_len = i; - if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) - buf_len = i; - - if ((seed = EC_GROUP_get0_seed(x)) != NULL) - seed_len = EC_GROUP_get_seed_len(x); - - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (!BIO_indent(bp, off, 128)) - goto err; - - /* print the 'short name' of the field type */ - if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) - <= 0) - goto err; - - if (is_char_two) - { - /* print the 'short name' of the base type OID */ - int basis_type = EC_GROUP_get_basis_type(x); - if (basis_type == 0) - goto err; - - if (!BIO_indent(bp, off, 128)) - goto err; - - if (BIO_printf(bp, "Basis Type: %s\n", - OBJ_nid2sn(basis_type)) <= 0) - goto err; - - /* print the polynomial */ - if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, - off)) - goto err; - } - else - { - if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) - goto err; - } - if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) - goto err; - if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) - goto err; - if (form == POINT_CONVERSION_COMPRESSED) - { - if ((gen != NULL) && !print(bp, gen_compressed, gen, - buffer, off)) - goto err; - } - else if (form == POINT_CONVERSION_UNCOMPRESSED) - { - if ((gen != NULL) && !print(bp, gen_uncompressed, gen, - buffer, off)) - goto err; - } - else /* form == POINT_CONVERSION_HYBRID */ - { - if ((gen != NULL) && !print(bp, gen_hybrid, gen, - buffer, off)) - goto err; - } - if ((order != NULL) && !print(bp, "Order: ", order, - buffer, off)) goto err; - if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, - buffer, off)) goto err; - if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) - goto err; - } - ret=1; -err: - if (!ret) - ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (gen) - BN_free(gen); - if (order) - BN_free(order); - if (cofactor) - BN_free(cofactor); - if (ctx) - BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); - return(ret); - } -int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) - { - unsigned char *buffer=NULL; - size_t buf_len=0, i; - int ret=0, reason=ERR_R_BIO_LIB; - BIGNUM *pub_key=NULL, *order=NULL; - BN_CTX *ctx=NULL; - const EC_GROUP *group; - const EC_POINT *public_key; - const BIGNUM *priv_key; - - if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - public_key = EC_KEY_get0_public_key(x); - if ((pub_key = EC_POINT_point2bn(group, public_key, - EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) - { - reason = ERR_R_EC_LIB; - goto err; - } - - buf_len = (size_t)BN_num_bytes(pub_key); - priv_key = EC_KEY_get0_private_key(x); - if (priv_key != NULL) - { - if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) - buf_len = i; - } - - buf_len += 10; - if ((buffer = OPENSSL_malloc(buf_len)) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (priv_key != NULL) - { - if (!BIO_indent(bp, off, 128)) - goto err; - if ((order = BN_new()) == NULL) - goto err; - if (!EC_GROUP_get_order(group, order, NULL)) - goto err; - if (BIO_printf(bp, "Private-Key: (%d bit)\n", - BN_num_bits(order)) <= 0) goto err; - } - - if ((priv_key != NULL) && !print(bp, "priv:", priv_key, - buffer, off)) - goto err; - if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, - buffer, off)) - goto err; - if (!ECPKParameters_print(bp, group, off)) - goto err; - ret=1; -err: - if (!ret) - ECerr(EC_F_EC_KEY_PRINT, reason); - if (pub_key) - BN_free(pub_key); - if (order) - BN_free(order); - if (ctx) - BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); - return(ret); - } -#endif /* OPENSSL_NO_EC */ - -static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, - int off) +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off) { int n,i; const char *neg; @@ -617,223 +112,3 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char * } return(1); } - -#ifndef OPENSSL_NO_EC -static int print_bin(BIO *fp, const char *name, const unsigned char *buf, - size_t len, int off) - { - size_t i; - char str[128]; - - if (buf == NULL) - return 1; - if (off) - { - if (off > 128) - off=128; - memset(str,' ',off); - if (BIO_write(fp, str, off) <= 0) - return 0; - } - - if (BIO_printf(fp,"%s", name) <= 0) - return 0; - - for (i=0; ip) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - reason=ERR_R_MALLOC_FAILURE; - goto err; - } - - if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"prime:",x->p,m,4)) goto err; - if (!print(bp,"generator:",x->g,m,4)) goto err; - if (x->length != 0) - { - if (BIO_printf(bp," recommended-private-length: %d bits\n", - (int)x->length) <= 0) goto err; - } - ret=1; - if (0) - { -err: - DHerr(DH_F_DHPARAMS_PRINT,reason); - } - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSAparams_print_fp(FILE *fp, const DSA *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int DSAparams_print(BIO *bp, const DSA *x) - { - unsigned char *m=NULL; - int ret=0; - size_t buf_len=0,i; - - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); - else - { - DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); - goto err; - } - if (x->q) - if (buf_len < (i = (size_t)BN_num_bytes(x->q))) - buf_len = i; - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - m=(unsigned char *)OPENSSL_malloc(buf_len+10); - if (m == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"p:",x->p,m,4)) goto err; - if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; - if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } - -#endif /* !OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_EC -#ifndef OPENSSL_NO_FP_API -int ECParameters_print_fp(FILE *fp, const EC_KEY *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); - return(0); - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECParameters_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int ECParameters_print(BIO *bp, const EC_KEY *x) - { - int reason=ERR_R_EC_LIB, ret=0; - BIGNUM *order=NULL; - const EC_GROUP *group; - - if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) - { - reason = ERR_R_PASSED_NULL_PARAMETER;; - goto err; - } - - if ((order = BN_new()) == NULL) - { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (!EC_GROUP_get_order(group, order, NULL)) - { - reason = ERR_R_EC_LIB; - goto err; - } - - if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", - BN_num_bits(order)) <= 0) - goto err; - if (!ECPKParameters_print(bp, group, 4)) - goto err; - ret=1; -err: - if (order) - BN_free(order); - ECerr(EC_F_ECPARAMETERS_PRINT, reason); - return(ret); - } - -#endif diff --git a/src/lib/libssl/src/crypto/asn1/t_req.c b/src/lib/libssl/src/crypto/asn1/t_req.c index 5557e06584..ea1794e3e0 100644 --- a/src/lib/libssl/src/crypto/asn1/t_req.c +++ b/src/lib/libssl/src/crypto/asn1/t_req.c @@ -149,34 +149,10 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long ERR_print_errors(bp); } else -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + EVP_PKEY_print_public(bp, pkey, 16, NULL); + EVP_PKEY_free(pkey); } - else -#endif -#ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) - { - BIO_printf(bp, "%12sEC Public Key: \n",""); - EC_KEY_print(bp, pkey->pkey.ec, 16); - } - else -#endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); - - EVP_PKEY_free(pkey); } if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) diff --git a/src/lib/libssl/src/crypto/asn1/t_spki.c b/src/lib/libssl/src/crypto/asn1/t_spki.c index a73369b949..079c081a81 100644 --- a/src/lib/libssl/src/crypto/asn1/t_spki.c +++ b/src/lib/libssl/src/crypto/asn1/t_spki.c @@ -82,36 +82,11 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); pkey = X509_PUBKEY_get(spki->spkac->pubkey); if(!pkey) BIO_printf(out, " Unable to load public key\n"); - else { -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - BIO_printf(out," RSA Public Key: (%d bit)\n", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(out,pkey->pkey.rsa,2); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - BIO_printf(out," DSA Public Key:\n"); - DSA_print(out,pkey->pkey.dsa,2); - } - else -#endif -#ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) + else { - BIO_printf(out, " EC Public Key:\n"); - EC_KEY_print(out, pkey->pkey.ec,2); - } - else -#endif - - BIO_printf(out," Unknown Public Key:\n"); + EVP_PKEY_print_public(out, pkey, 4, NULL); EVP_PKEY_free(pkey); - } + } chal = spki->spkac->challenge; if(chal->length) BIO_printf(out, " Challenge String: %s\n", chal->data); diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c index 8f746f9c05..e061f2ffad 100644 --- a/src/lib/libssl/src/crypto/asn1/t_x509.c +++ b/src/lib/libssl/src/crypto/asn1/t_x509.c @@ -111,7 +111,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) ASN1_INTEGER *bs; EVP_PKEY *pkey=NULL; const char *neg; - ASN1_STRING *str=NULL; if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; @@ -215,34 +214,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) ERR_print_errors(bp); } else -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); - } - else -#endif -#ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) { - BIO_printf(bp, "%12sEC Public Key:\n",""); - EC_KEY_print(bp, pkey->pkey.ec, 16); + EVP_PKEY_print_public(bp, pkey, 16, NULL); + EVP_PKEY_free(pkey); } - else -#endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); - - EVP_PKEY_free(pkey); } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) @@ -259,7 +234,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) } ret=1; err: - if (str != NULL) ASN1_STRING_free(str); if (m != NULL) OPENSSL_free(m); return(ret); } @@ -329,14 +303,15 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) return 1; } -int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) { int i,n; - char buf[80],*p; + char buf[80]; + const char *p; if (v == NULL) return(0); n=0; - p=(char *)v->data; + p=(const char *)v->data; for (i=0; ilength; i++) { if ((p[i] > '~') || ((p[i] < ' ') && @@ -358,7 +333,7 @@ int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) return(1); } -int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) +int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); if(tm->type == V_ASN1_GENERALIZEDTIME) @@ -373,12 +348,14 @@ static const char *mon[12]= "Jul","Aug","Sep","Oct","Nov","Dec" }; -int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) +int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) { char *v; int gmt=0; int i; int y=0,M=0,d=0,h=0,m=0,s=0; + char *f = NULL; + int f_len = 0; i=tm->length; v=(char *)tm->data; @@ -396,10 +373,21 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) if (tm->length >= 14 && (v[12] >= '0') && (v[12] <= '9') && (v[13] >= '0') && (v[13] <= '9')) + { s= (v[12]-'0')*10+(v[13]-'0'); + /* Check for fractions of seconds. */ + if (tm->length >= 15 && v[14] == '.') + { + int l = tm->length; + f = &v[14]; /* The decimal point. */ + f_len = 1; + while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') + ++f_len; + } + } - if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", - mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0) + if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s", + mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0) return(0); else return(1); @@ -408,15 +396,15 @@ err: return(0); } -int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) +int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) { - char *v; + const char *v; int gmt=0; int i; int y=0,M=0,d=0,h=0,m=0,s=0; i=tm->length; - v=(char *)tm->data; + v=(const char *)tm->data; if (i < 10) goto err; if (v[i-1] == 'Z') gmt=1; diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c index 48bc1c0d4d..3bee439968 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -114,6 +114,8 @@ unsigned long ASN1_tag2bit(int tag) /* Macro to initialize and invalidate the cache */ #define asn1_tlc_clear(c) if (c) (c)->valid = 0 +/* Version to avoid compiler warning about 'c' always non-NULL */ +#define asn1_tlc_clear_nc(c) (c)->valid = 0 /* Decode an ASN1 item, this currently behaves just * like a standard 'd2i' function. 'in' points to @@ -130,7 +132,7 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, ASN1_VALUE *ptmpval = NULL; if (!pval) pval = &ptmpval; - c.valid = 0; + asn1_tlc_clear_nc(&c); if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) return *pval; return NULL; @@ -140,7 +142,7 @@ int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt) { ASN1_TLC c; - c.valid = 0; + asn1_tlc_clear_nc(&c); return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); } @@ -306,7 +308,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, case ASN1_ITYPE_CHOICE: - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; /* Allocate structure */ @@ -356,7 +358,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, asn1_set_choice_selector(pval, i, it); *in = p; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; return 1; @@ -403,7 +405,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; /* Get each field entry */ @@ -505,7 +507,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; *in = p; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; return 1; @@ -665,11 +667,12 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, else { /* We've got a valid STACK: free up any items present */ - STACK *sktmp = (STACK *)*val; + STACK_OF(ASN1_VALUE) *sktmp + = (STACK_OF(ASN1_VALUE) *)*val; ASN1_VALUE *vtmp; - while(sk_num(sktmp) > 0) + while(sk_ASN1_VALUE_num(sktmp) > 0) { - vtmp = (ASN1_VALUE *)sk_pop(sktmp); + vtmp = sk_ASN1_VALUE_pop(sktmp); ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); } @@ -710,7 +713,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, goto err; } len -= p - q; - if (!sk_push((STACK *)*val, (char *)skfield)) + if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, + skfield)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c index 2721f904a6..936ad1f767 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c @@ -158,7 +158,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); if ((i >= 0) && (i < it->tcount)) @@ -171,7 +171,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, -1, aclass); } /* Fixme: error condition if selector out of range */ - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) return 0; break; @@ -216,7 +216,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) | V_ASN1_UNIVERSAL; } - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; /* First work out sequence content length */ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) @@ -250,7 +250,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, } if (ndef == 2) ASN1_put_eoc(out); - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) return 0; return seqlen; @@ -569,7 +569,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, ASN1_STRING *strtmp; ASN1_OBJECT *otmp; int utype; - unsigned char *cont, c; + const unsigned char *cont; + unsigned char c; int len; const ASN1_PRIMITIVE_FUNCS *pf; pf = it->funcs; diff --git a/src/lib/libssl/src/crypto/asn1/tasn_fre.c b/src/lib/libssl/src/crypto/asn1/tasn_fre.c index d7c017fa1d..77d3092d31 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_fre.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_fre.c @@ -110,7 +110,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c case ASN1_ITYPE_CHOICE: if (asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); + i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); if (i == 2) return; } @@ -123,7 +123,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c ASN1_template_free(pchval, tt); } if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it); + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); if (!combine) { OPENSSL_free(*pval); @@ -149,7 +149,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c return; if (asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); + i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); if (i == 2) return; } @@ -170,7 +170,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c ASN1_template_free(pseqval, seqtt); } if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it); + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); if (!combine) { OPENSSL_free(*pval); diff --git a/src/lib/libssl/src/crypto/asn1/tasn_new.c b/src/lib/libssl/src/crypto/asn1/tasn_new.c index 5c6a2ebd4d..0d9e78cc7c 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_new.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_new.c @@ -68,7 +68,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); +static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) { @@ -146,7 +146,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_ITYPE_CHOICE: if (asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); + i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); if (!i) goto auxerr; if (i==2) @@ -166,7 +166,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, memset(*pval, 0, it->size); } asn1_set_choice_selector(pval, -1, it); - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; break; @@ -174,7 +174,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_ITYPE_SEQUENCE: if (asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); + i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); if (!i) goto auxerr; if (i==2) @@ -201,7 +201,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, if (!ASN1_template_new(pseqval, tt)) goto memerr; } - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; break; } @@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; + ASN1_STRING *str; int utype; if (it && it->funcs) @@ -345,10 +346,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; case V_ASN1_BOOLEAN: - if (it) - *(ASN1_BOOLEAN *)pval = it->size; - else - *(ASN1_BOOLEAN *)pval = -1; + *(ASN1_BOOLEAN *)pval = it->size; return 1; case V_ASN1_NULL: @@ -365,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) break; default: - *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); + str = ASN1_STRING_type_new(utype); + if (it->itype == ASN1_ITYPE_MSTRING && str) + str->flags |= ASN1_STRING_FLAG_MSTRING; + *pval = (ASN1_VALUE *)str; break; } if (*pval) @@ -373,7 +374,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 0; } -void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; if (it && it->funcs) diff --git a/src/lib/libssl/src/crypto/asn1/tasn_prn.c b/src/lib/libssl/src/crypto/asn1/tasn_prn.c index b9c96a6dbe..453698012d 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_prn.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_prn.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,141 +58,570 @@ #include +#include "cryptlib.h" #include +#include #include #include #include -#include +#include +#include "asn1_locl.h" -/* Print routines. Print out a whole structure from a template. +/* Print routines. */ -static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name); +/* ASN1_PCTX routines */ -int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it) -{ - return asn1_item_print_nm(out, fld, indent, it, it->sname); -} +ASN1_PCTX default_pctx = + { + ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ + 0, /* nm_flags */ + 0, /* cert_flags */ + 0, /* oid_flags */ + 0 /* str_flags */ + }; + -static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name) -{ - ASN1_STRING *str; +ASN1_PCTX *ASN1_PCTX_new(void) + { + ASN1_PCTX *ret; + ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); + if (ret == NULL) + { + ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->flags = 0; + ret->nm_flags = 0; + ret->cert_flags = 0; + ret->oid_flags = 0; + ret->str_flags = 0; + return ret; + } + +void ASN1_PCTX_free(ASN1_PCTX *p) + { + OPENSSL_free(p); + } + +unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) + { + return p->flags; + } + +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) + { + p->flags = flags; + } + +unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p) + { + return p->nm_flags; + } + +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) + { + p->nm_flags = flags; + } + +unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p) + { + return p->cert_flags; + } + +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) + { + p->cert_flags = flags; + } + +unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p) + { + return p->oid_flags; + } + +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) + { + p->oid_flags = flags; + } + +unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p) + { + return p->str_flags; + } + +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) + { + p->str_flags = flags; + } + +/* Main print routines */ + +static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_ITEM *it, + const char *fname, const char *sname, + int nohdr, const ASN1_PCTX *pctx); + +int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); + +static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, + const ASN1_ITEM *it, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx); + +static int asn1_print_fsname(BIO *out, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx); + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx) + { + const char *sname; + if (pctx == NULL) + pctx = &default_pctx; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) + sname = NULL; + else + sname = it->sname; + return asn1_item_print_ctx(out, &ifld, indent, it, + NULL, sname, 0, pctx); + } + +static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_ITEM *it, + const char *fname, const char *sname, + int nohdr, const ASN1_PCTX *pctx) + { const ASN1_TEMPLATE *tt; - void *tmpfld; + const ASN1_EXTERN_FUNCS *ef; + ASN1_VALUE **tmpfld; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb; + ASN1_PRINT_ARG parg; int i; - if(!fld) { - BIO_printf(out, "%*s%s ABSENT\n", indent, "", name); + if (aux && aux->asn1_cb) + { + parg.out = out; + parg.indent = indent; + parg.pctx = pctx; + asn1_cb = aux->asn1_cb; + } + else asn1_cb = 0; + + if(*fld == NULL) + { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) + { + if (!nohdr && !asn1_print_fsname(out, indent, + fname, sname, pctx)) + return 0; + if (BIO_puts(out, "\n") <= 0) + return 0; + } return 1; - } - switch(it->itype) { + } + switch(it->itype) + { case ASN1_ITYPE_PRIMITIVE: if(it->templates) - return ASN1_template_print(out, fld, indent, it->templates); - return asn1_primitive_print(out, fld, it->utype, indent, name); - break; - + { + if (!asn1_template_print_ctx(out, fld, indent, + it->templates, pctx)) + return 0; + } + /* fall thru */ case ASN1_ITYPE_MSTRING: - str = fld; - return asn1_primitive_print(out, fld, str->type, indent, name); + if (!asn1_primitive_print(out, fld, it, + indent, fname, sname,pctx)) + return 0; + break; case ASN1_ITYPE_EXTERN: - BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT"); - return 1; - case ASN1_ITYPE_COMPAT: - BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT"); - return 1; - + if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + /* Use new style print routine if possible */ + ef = it->funcs; + if (ef && ef->asn1_ex_print) + { + i = ef->asn1_ex_print(out, fld, indent, "", pctx); + if (!i) + return 0; + if ((i == 2) && (BIO_puts(out, "\n") <= 0)) + return 0; + return 1; + } + else if (sname && + BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) + return 0; + break; case ASN1_ITYPE_CHOICE: +#if 0 + if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; +#endif /* CHOICE type, get selector */ i = asn1_get_choice_selector(fld, it); /* This should never happen... */ - if((i < 0) || (i >= it->tcount)) { - BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i); + if((i < 0) || (i >= it->tcount)) + { + if (BIO_printf(out, + "ERROR: selector [%d] invalid\n", i) <= 0) + return 0; return 1; - } + } tt = it->templates + i; - tmpfld = asn1_get_field(fld, tt); - return ASN1_template_print(out, tmpfld, indent, tt); + tmpfld = asn1_get_field_ptr(fld, tt); + if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx)) + return 0; + break; case ASN1_ITYPE_SEQUENCE: - BIO_printf(out, "%*s%s {\n", indent, "", name); - /* Get each field entry */ - for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - tmpfld = asn1_get_field(fld, tt); - ASN1_template_print(out, tmpfld, indent + 2, tt); - } - BIO_printf(out, "%*s}\n", indent, ""); - return 1; + case ASN1_ITYPE_NDEF_SEQUENCE: + if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + if (fname || sname) + { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) + { + if (BIO_puts(out, " {\n") <= 0) + return 0; + } + else + { + if (BIO_puts(out, "\n") <= 0) + return 0; + } + } + + if (asn1_cb) + { + i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg); + if (i == 0) + return 0; + if (i == 2) + return 1; + } + + /* Print each field entry */ + for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) + { + const ASN1_TEMPLATE *seqtt; + seqtt = asn1_do_adb(fld, tt, 1); + tmpfld = asn1_get_field_ptr(fld, seqtt); + if (!asn1_template_print_ctx(out, tmpfld, + indent + 2, seqtt, pctx)) + return 0; + } + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) + { + if (BIO_printf(out, "%*s}\n", indent, "") < 0) + return 0; + } + + if (asn1_cb) + { + i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg); + if (i == 0) + return 0; + } + break; default: + BIO_printf(out, "Unprocessed type %d\n", it->itype); return 0; + } + + return 1; } -} -int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt) -{ +int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) + { int i, flags; -#if 0 - if(!fld) return 0; -#endif + const char *sname, *fname; flags = tt->flags; - if(flags & ASN1_TFLG_SK_MASK) { + if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) + sname = ASN1_ITEM_ptr(tt->item)->sname; + else + sname = NULL; + if(pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) + fname = NULL; + else + fname = tt->field_name; + if(flags & ASN1_TFLG_SK_MASK) + { char *tname; - void *skitem; + ASN1_VALUE *skitem; + STACK_OF(ASN1_VALUE) *stack; + /* SET OF, SEQUENCE OF */ - if(flags & ASN1_TFLG_SET_OF) tname = "SET"; - else tname = "SEQUENCE"; - if(fld) { - BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name); - for(i = 0; i < sk_num(fld); i++) { - skitem = sk_value(fld, i); - asn1_item_print_nm(out, skitem, indent + 2, tt->item, ""); + if (fname) + { + if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) + { + if(flags & ASN1_TFLG_SET_OF) + tname = "SET"; + else + tname = "SEQUENCE"; + if (BIO_printf(out, "%*s%s OF %s {\n", + indent, "", tname, tt->field_name) <= 0) + return 0; + } + else if (BIO_printf(out, "%*s%s:\n", indent, "", + fname) <= 0) + return 0; + } + stack = (STACK_OF(ASN1_VALUE) *)*fld; + for(i = 0; i < sk_ASN1_VALUE_num(stack); i++) + { + if ((i > 0) && (BIO_puts(out, "\n") <= 0)) + return 0; + + skitem = sk_ASN1_VALUE_value(stack, i); + if (!asn1_item_print_ctx(out, &skitem, indent + 2, + ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx)) + return 0; + } + if (!i && BIO_printf(out, "%*s\n", indent + 2, "") <= 0) + return 0; + if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) + { + if (BIO_printf(out, "%*s}\n", indent, "") <= 0) + return 0; } - BIO_printf(out, "%*s}\n", indent, ""); - } else - BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name); return 1; + } + return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item), + fname, sname, 0, pctx); } - return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name); -} - -static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name) -{ - ASN1_STRING *str = fld; - if(fld) { - if(utype == V_ASN1_BOOLEAN) { - int *bool = fld; -if(*bool == -1) printf("BOOL MISSING\n"); - BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE"); - } else if((utype == V_ASN1_INTEGER) - || (utype == V_ASN1_ENUMERATED)) { - char *s, *nm; - s = i2s_ASN1_INTEGER(NULL, fld); - if(utype == V_ASN1_INTEGER) nm = "INTEGER"; - else nm = "ENUMERATED"; - BIO_printf(out, "%*s%s:%s", indent, "", nm, s); - OPENSSL_free(s); - } else if(utype == V_ASN1_NULL) { - BIO_printf(out, "%*s%s", indent, "", "NULL"); - } else if(utype == V_ASN1_UTCTIME) { - BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME"); - ASN1_UTCTIME_print(out, str); - } else if(utype == V_ASN1_GENERALIZEDTIME) { - BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME"); - ASN1_GENERALIZEDTIME_print(out, str); - } else if(utype == V_ASN1_OBJECT) { - char objbuf[80], *ln; - ln = OBJ_nid2ln(OBJ_obj2nid(fld)); - if(!ln) ln = ""; - OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1); - BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); - } else { - BIO_printf(out, "%*s%s:", indent, "", name); - ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE); + +static int asn1_print_fsname(BIO *out, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx) + { + static char spaces[] = " "; + const int nspaces = sizeof(spaces) - 1; + +#if 0 + if (!sname && !fname) + return 1; +#endif + + while (indent > nspaces) + { + if (BIO_write(out, spaces, nspaces) != nspaces) + return 0; + indent -= nspaces; + } + if (BIO_write(out, spaces, indent) != indent) + return 0; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) + sname = NULL; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) + fname = NULL; + if (!sname && !fname) + return 1; + if (fname) + { + if (BIO_puts(out, fname) <= 0) + return 0; } - BIO_printf(out, "\n"); - } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name); + if (sname) + { + if (fname) + { + if (BIO_printf(out, " (%s)", sname) <= 0) + return 0; + } + else + { + if (BIO_puts(out, sname) <= 0) + return 0; + } + } + if (BIO_write(out, ": ", 2) != 2) + return 0; return 1; -} + } + +static int asn1_print_boolean_ctx(BIO *out, const int bool, + const ASN1_PCTX *pctx) + { + const char *str; + switch (bool) + { + case -1: + str = "BOOL ABSENT"; + break; + + case 0: + str = "FALSE"; + break; + + default: + str = "TRUE"; + break; + + } + + if (BIO_puts(out, str) <= 0) + return 0; + return 1; + + } + +static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, + const ASN1_PCTX *pctx) + { + char *s; + int ret = 1; + s = i2s_ASN1_INTEGER(NULL, str); + if (BIO_puts(out, s) <= 0) + ret = 0; + OPENSSL_free(s); + return ret; + } + +static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, + const ASN1_PCTX *pctx) + { + char objbuf[80]; + const char *ln; + ln = OBJ_nid2ln(OBJ_obj2nid(oid)); + if(!ln) + ln = ""; + OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) + return 0; + return 1; + } + +static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, + const ASN1_PCTX *pctx) + { + if (str->type == V_ASN1_BIT_STRING) + { + if (BIO_printf(out, " (%ld unused bits)\n", + str->flags & 0x7) <= 0) + return 0; + } + else if (BIO_puts(out, "\n") <= 0) + return 0; + if ((str->length > 0) + && BIO_dump_indent(out, (char *)str->data, str->length, + indent + 2) <= 0) + return 0; + return 1; + } + +static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, + const ASN1_ITEM *it, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx) + { + long utype; + ASN1_STRING *str; + int ret = 1, needlf = 1; + const char *pname; + const ASN1_PRIMITIVE_FUNCS *pf; + pf = it->funcs; + if (!asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + if (pf && pf->prim_print) + return pf->prim_print(out, fld, it, indent, pctx); + str = (ASN1_STRING *)*fld; + if (it->itype == ASN1_ITYPE_MSTRING) + utype = str->type & ~V_ASN1_NEG; + else + utype = it->utype; + if (utype == V_ASN1_ANY) + { + ASN1_TYPE *atype = (ASN1_TYPE *)*fld; + utype = atype->type; + fld = &atype->value.asn1_value; + str = (ASN1_STRING *)*fld; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE) + pname = NULL; + else + pname = ASN1_tag2str(utype); + } + else + { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE) + pname = ASN1_tag2str(utype); + else + pname = NULL; + } + + if (utype == V_ASN1_NULL) + { + if (BIO_puts(out, "NULL\n") <= 0) + return 0; + return 1; + } + + if (pname) + { + if (BIO_puts(out, pname) <= 0) + return 0; + if (BIO_puts(out, ":") <= 0) + return 0; + } + + switch (utype) + { + case V_ASN1_BOOLEAN: + { + int bool = *(int *)fld; + if (bool == -1) + bool = it->size; + ret = asn1_print_boolean_ctx(out, bool, pctx); + } + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: + ret = asn1_print_integer_ctx(out, str, pctx); + break; + + case V_ASN1_UTCTIME: + ret = ASN1_UTCTIME_print(out, str); + break; + + case V_ASN1_GENERALIZEDTIME: + ret = ASN1_GENERALIZEDTIME_print(out, str); + break; + + case V_ASN1_OBJECT: + ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); + break; + + case V_ASN1_OCTET_STRING: + case V_ASN1_BIT_STRING: + ret = asn1_print_obstring_ctx(out, str, indent, pctx); + needlf = 0; + break; + + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_OTHER: + if (BIO_puts(out, "\n") <= 0) + return 0; + if (ASN1_parse_dump(out, str->data, str->length, + indent, 0) <= 0) + ret = 0; + needlf = 0; + break; + + default: + ret = ASN1_STRING_print_ex(out, str, pctx->str_flags); + + } + if (!ret) + return 0; + if (needlf && BIO_puts(out, "\n") <= 0) + return 0; + return 1; + } diff --git a/src/lib/libssl/src/crypto/asn1/tasn_typ.c b/src/lib/libssl/src/crypto/asn1/tasn_typ.c index 6252213d15..6fb1c372da 100644 --- a/src/lib/libssl/src/crypto/asn1/tasn_typ.c +++ b/src/lib/libssl/src/crypto/asn1/tasn_typ.c @@ -135,3 +135,14 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) /* Special, OCTET STRING with indefinite length constructed support */ IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) + +ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) +ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY) + +ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) +ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY) + +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY) diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c index 70d56a67f2..c51c690ba9 100644 --- a/src/lib/libssl/src/crypto/asn1/x_crl.c +++ b/src/lib/libssl/src/crypto/asn1/x_crl.c @@ -58,11 +58,14 @@ #include #include "cryptlib.h" +#include "asn1_locl.h" #include #include +#include static int X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b); +static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); ASN1_SEQUENCE(X509_REVOKED) = { ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), @@ -70,11 +73,26 @@ ASN1_SEQUENCE(X509_REVOKED) = { ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) } ASN1_SEQUENCE_END(X509_REVOKED) +static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); +static int def_crl_lookup(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer); + +static X509_CRL_METHOD int_crl_meth = + { + 0, + 0,0, + def_crl_lookup, + def_crl_verify + }; + +static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; + /* The X509_CRL_INFO structure needs a bit of customisation. * Since we cache the original encoding the signature wont be affected by * reordering of the revoked field. */ -static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; @@ -101,7 +119,237 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) -ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { +/* Set CRL entry issuer according to CRL certificate issuer extension. + * Check for unhandled critical CRL entry extensions. + */ + +static int crl_set_issuers(X509_CRL *crl) + { + + int i, j; + GENERAL_NAMES *gens, *gtmp; + STACK_OF(X509_REVOKED) *revoked; + + revoked = X509_CRL_get_REVOKED(crl); + + gens = NULL; + for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) + { + X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); + STACK_OF(X509_EXTENSION) *exts; + ASN1_ENUMERATED *reason; + X509_EXTENSION *ext; + gtmp = X509_REVOKED_get_ext_d2i(rev, + NID_certificate_issuer, + &j, NULL); + if (!gtmp && (j != -1)) + { + crl->flags |= EXFLAG_INVALID; + return 1; + } + + if (gtmp) + { + gens = gtmp; + if (!crl->issuers) + { + crl->issuers = sk_GENERAL_NAMES_new_null(); + if (!crl->issuers) + return 0; + } + if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) + return 0; + } + rev->issuer = gens; + + reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, + &j, NULL); + if (!reason && (j != -1)) + { + crl->flags |= EXFLAG_INVALID; + return 1; + } + + if (reason) + { + rev->reason = ASN1_ENUMERATED_get(reason); + ASN1_ENUMERATED_free(reason); + } + else + rev->reason = CRL_REASON_NONE; + + /* Check for critical CRL entry extensions */ + + exts = rev->extensions; + + for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) + { + ext = sk_X509_EXTENSION_value(exts, j); + if (ext->critical > 0) + { + if (OBJ_obj2nid(ext->object) == + NID_certificate_issuer) + continue; + crl->flags |= EXFLAG_CRITICAL; + break; + } + } + + + } + + return 1; + + } + +/* The X509_CRL structure needs a bit of customisation. Cache some extensions + * and hash of the whole CRL. + */ +static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) + { + X509_CRL *crl = (X509_CRL *)*pval; + STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSION *ext; + int idx; + + switch(operation) + { + case ASN1_OP_NEW_POST: + crl->idp = NULL; + crl->akid = NULL; + crl->flags = 0; + crl->idp_flags = 0; + crl->idp_reasons = CRLDP_ALL_REASONS; + crl->meth = default_crl_method; + crl->meth_data = NULL; + crl->issuers = NULL; + crl->crl_number = NULL; + crl->base_crl_number = NULL; + break; + + case ASN1_OP_D2I_POST: +#ifndef OPENSSL_NO_SHA + X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); +#endif + crl->idp = X509_CRL_get_ext_d2i(crl, + NID_issuing_distribution_point, NULL, NULL); + if (crl->idp) + setup_idp(crl, crl->idp); + + crl->akid = X509_CRL_get_ext_d2i(crl, + NID_authority_key_identifier, NULL, NULL); + + crl->crl_number = X509_CRL_get_ext_d2i(crl, + NID_crl_number, NULL, NULL); + + crl->base_crl_number = X509_CRL_get_ext_d2i(crl, + NID_delta_crl, NULL, NULL); + /* Delta CRLs must have CRL number */ + if (crl->base_crl_number && !crl->crl_number) + crl->flags |= EXFLAG_INVALID; + + /* See if we have any unhandled critical CRL extensions and + * indicate this in a flag. We only currently handle IDP so + * anything else critical sets the flag. + * + * This code accesses the X509_CRL structure directly: + * applications shouldn't do this. + */ + + exts = crl->crl->extensions; + + for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) + { + int nid; + ext = sk_X509_EXTENSION_value(exts, idx); + nid = OBJ_obj2nid(ext->object); + if (nid == NID_freshest_crl) + crl->flags |= EXFLAG_FRESHEST; + if (ext->critical > 0) + { + /* We handle IDP and deltas */ + if ((nid == NID_issuing_distribution_point) + || (nid == NID_delta_crl)) + break;; + crl->flags |= EXFLAG_CRITICAL; + break; + } + } + + + if (!crl_set_issuers(crl)) + return 0; + + if (crl->meth->crl_init) + { + if (crl->meth->crl_init(crl) == 0) + return 0; + } + break; + + case ASN1_OP_FREE_POST: + if (crl->meth->crl_free) + { + if (!crl->meth->crl_free(crl)) + return 0; + } + if (crl->akid) + AUTHORITY_KEYID_free(crl->akid); + if (crl->idp) + ISSUING_DIST_POINT_free(crl->idp); + ASN1_INTEGER_free(crl->crl_number); + ASN1_INTEGER_free(crl->base_crl_number); + sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); + break; + } + return 1; + } + +/* Convert IDP into a more convenient form */ + +static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) + { + int idp_only = 0; + /* Set various flags according to IDP */ + crl->idp_flags |= IDP_PRESENT; + if (idp->onlyuser > 0) + { + idp_only++; + crl->idp_flags |= IDP_ONLYUSER; + } + if (idp->onlyCA > 0) + { + idp_only++; + crl->idp_flags |= IDP_ONLYCA; + } + if (idp->onlyattr > 0) + { + idp_only++; + crl->idp_flags |= IDP_ONLYATTR; + } + + if (idp_only > 1) + crl->idp_flags |= IDP_INVALID; + + if (idp->indirectCRL > 0) + crl->idp_flags |= IDP_INDIRECT; + + if (idp->onlysomereasons) + { + crl->idp_flags |= IDP_REASONS; + if (idp->onlysomereasons->length > 0) + crl->idp_reasons = idp->onlysomereasons->data[0]; + if (idp->onlysomereasons->length > 1) + crl->idp_reasons |= + (idp->onlysomereasons->data[1] << 8); + crl->idp_reasons &= CRLDP_ALL_REASONS; + } + + DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + } + +ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) @@ -134,6 +382,145 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) return 1; } +int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) + { + if (crl->meth->crl_verify) + return crl->meth->crl_verify(crl, r); + return 0; + } + +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial) + { + if (crl->meth->crl_lookup) + return crl->meth->crl_lookup(crl, ret, serial, NULL); + return 0; + } + +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) + { + if (crl->meth->crl_lookup) + return crl->meth->crl_lookup(crl, ret, + X509_get_serialNumber(x), + X509_get_issuer_name(x)); + return 0; + } + +static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) + { + return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), + crl->sig_alg, crl->signature,crl->crl,r)); + } + +static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, + X509_REVOKED *rev) + { + int i; + + if (!rev->issuer) + { + if (!nm) + return 1; + if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) + return 1; + return 0; + } + + if (!nm) + nm = X509_CRL_get_issuer(crl); + + for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) + { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); + if (gen->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(nm, gen->d.directoryName)) + return 1; + } + return 0; + + } + +static int def_crl_lookup(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) + { + X509_REVOKED rtmp, *rev; + int idx; + rtmp.serialNumber = serial; + /* Sort revoked into serial number order if not already sorted. + * Do this under a lock to avoid race condition. + */ + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); + sk_X509_REVOKED_sort(crl->crl->revoked); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + } + idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); + if(idx < 0) + return 0; + /* Need to look for matching name */ + for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) + { + rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); + if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) + return 0; + if (crl_revoked_issuer_match(crl, issuer, rev)) + { + if (ret) + *ret = rev; + if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) + return 2; + return 1; + } + } + return 0; + } + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) + { + if (meth == NULL) + default_crl_method = &int_crl_meth; + else + default_crl_method = meth; + } + +X509_CRL_METHOD *X509_CRL_METHOD_new( + int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)) + { + X509_CRL_METHOD *m; + m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); + if (!m) + return NULL; + m->crl_init = crl_init; + m->crl_free = crl_free; + m->crl_lookup = crl_lookup; + m->crl_verify = crl_verify; + m->flags = X509_CRL_METHOD_DYNAMIC; + return m; + } + +void X509_CRL_METHOD_free(X509_CRL_METHOD *m) + { + if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) + return; + OPENSSL_free(m); + } + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) + { + crl->meth_data = dat; + } + +void *X509_CRL_get_meth_data(X509_CRL *crl) + { + return crl->meth_data; + } + IMPLEMENT_STACK_OF(X509_REVOKED) IMPLEMENT_ASN1_SET_OF(X509_REVOKED) IMPLEMENT_STACK_OF(X509_CRL) diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c index bf35457c1f..75317418e1 100644 --- a/src/lib/libssl/src/crypto/asn1/x_long.c +++ b/src/lib/libssl/src/crypto/asn1/x_long.c @@ -71,6 +71,7 @@ static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS long_pf = { NULL, 0, @@ -78,7 +79,8 @@ static ASN1_PRIMITIVE_FUNCS long_pf = { long_free, long_free, /* Clear should set to initial value */ long_c2i, - long_i2c + long_i2c, + long_print }; ASN1_ITEM_start(LONG) @@ -169,3 +171,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, memcpy(cp, <mp, sizeof(long)); return 1; } + +static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, + int indent, const ASN1_PCTX *pctx) + { + return BIO_printf(out, "%ld\n", *(long *)pval); + } diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c index 04380abc3f..caa4409feb 100644 --- a/src/lib/libssl/src/crypto/asn1/x_name.c +++ b/src/lib/libssl/src/crypto/asn1/x_name.c @@ -57,18 +57,36 @@ */ #include +#include #include "cryptlib.h" #include #include +#include "asn1_locl.h" -static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); +typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; +DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) -static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +static int x509_name_ex_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); + +static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); static int x509_name_encode(X509_NAME *a); +static int x509_name_canon(X509_NAME *a); +static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in); +static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname, + unsigned char **in); + + +static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, + int indent, + const char *fname, + const ASN1_PCTX *pctx); ASN1_SEQUENCE(X509_NAME_ENTRY) = { ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), @@ -102,7 +120,8 @@ const ASN1_EXTERN_FUNCS x509_name_ff = { x509_name_ex_free, 0, /* Default clear behaviour is OK */ x509_name_ex_d2i, - x509_name_ex_i2d + x509_name_ex_i2d, + x509_name_ex_print }; IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) @@ -118,6 +137,8 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL) goto memerr; if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr; + ret->canon_enc = NULL; + ret->canon_enclen = 0; ret->modified=1; *val = (ASN1_VALUE *)ret; return 1; @@ -142,25 +163,19 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) BUF_MEM_free(a->bytes); sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); + if (a->canon_enc) + OPENSSL_free(a->canon_enc); OPENSSL_free(a); *pval = NULL; } -/* Used with sk_pop_free() to free up the internal representation. - * NB: we only free the STACK and not its contents because it is - * already present in the X509_NAME structure. - */ - -static void sk_internal_free(void *a) -{ - sk_free(a); -} - -static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int x509_name_ex_d2i(ASN1_VALUE **val, + const unsigned char **in, long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) { const unsigned char *p = *in, *q; - union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; + union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; } intname = {NULL}; union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; int i, j, ret; STACK_OF(X509_NAME_ENTRY) *entries; @@ -181,8 +196,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ - for(i = 0; i < sk_num(intname.s); i++) { - entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); + for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { + entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; @@ -191,7 +206,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len } sk_X509_NAME_ENTRY_free(entries); } - sk_free(intname.s); + sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); + ret = x509_name_canon(nm.x); + if (!ret) + goto err; nm.x->modified = 0; *val = nm.a; *in = p; @@ -206,8 +224,12 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT int ret; X509_NAME *a = (X509_NAME *)*val; if(a->modified) { - ret = x509_name_encode((X509_NAME *)a); - if(ret < 0) return ret; + ret = x509_name_encode(a); + if(ret < 0) + return ret; + ret = x509_name_canon(a); + if(ret < 0) + return ret; } ret = a->bytes->length; if(out != NULL) { @@ -217,22 +239,35 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT return ret; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) + { + sk_X509_NAME_ENTRY_free(ne); + } + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) + { + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); + } + static int x509_name_encode(X509_NAME *a) { - union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; + union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; } intname = {NULL}; int len; unsigned char *p; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry; int i, set = -1; - intname.s = sk_new_null(); + intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); if(!intname.s) goto memerr; for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { entry = sk_X509_NAME_ENTRY_value(a->entries, i); if(entry->set != set) { entries = sk_X509_NAME_ENTRY_new_null(); if(!entries) goto memerr; - if(!sk_push(intname.s, (char *)entries)) goto memerr; + if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, + entries)) + goto memerr; set = entry->set; } if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; @@ -243,15 +278,222 @@ static int x509_name_encode(X509_NAME *a) p=(unsigned char *)a->bytes->data; ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - sk_pop_free(intname.s, sk_internal_free); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); a->modified = 0; return len; - memerr: - sk_pop_free(intname.s, sk_internal_free); +memerr: + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); return -1; } +static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, + int indent, + const char *fname, + const ASN1_PCTX *pctx) + { + if (X509_NAME_print_ex(out, (X509_NAME *)*pval, + indent, pctx->nm_flags) <= 0) + return 0; + return 2; + } + +/* This function generates the canonical encoding of the Name structure. + * In it all strings are converted to UTF8, leading, trailing and + * multiple spaces collapsed, converted to lower case and the leading + * SEQUENCE header removed. + * + * In future we could also normalize the UTF8 too. + * + * By doing this comparison of Name structures can be rapidly + * perfomed by just using memcmp() of the canonical encoding. + * By omitting the leading SEQUENCE name constraints of type + * dirName can also be checked with a simple memcmp(). + */ + +static int x509_name_canon(X509_NAME *a) + { + unsigned char *p; + STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; + STACK_OF(X509_NAME_ENTRY) *entries = NULL; + X509_NAME_ENTRY *entry, *tmpentry = NULL; + int i, set = -1, ret = 0; + + if (a->canon_enc) + { + OPENSSL_free(a->canon_enc); + a->canon_enc = NULL; + } + /* Special case: empty X509_NAME => null encoding */ + if (sk_X509_NAME_ENTRY_num(a->entries) == 0) + { + a->canon_enclen = 0; + return 1; + } + intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); + if(!intname) + goto err; + for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) + { + entry = sk_X509_NAME_ENTRY_value(a->entries, i); + if(entry->set != set) + { + entries = sk_X509_NAME_ENTRY_new_null(); + if(!entries) + goto err; + if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) + goto err; + set = entry->set; + } + tmpentry = X509_NAME_ENTRY_new(); + tmpentry->object = OBJ_dup(entry->object); + if (!asn1_string_canon(tmpentry->value, entry->value)) + goto err; + if(!sk_X509_NAME_ENTRY_push(entries, tmpentry)) + goto err; + tmpentry = NULL; + } + + /* Finally generate encoding */ + + a->canon_enclen = i2d_name_canon(intname, NULL); + + p = OPENSSL_malloc(a->canon_enclen); + + if (!p) + goto err; + + a->canon_enc = p; + + i2d_name_canon(intname, &p); + + ret = 1; + + err: + + if (tmpentry) + X509_NAME_ENTRY_free(tmpentry); + if (intname) + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, + local_sk_X509_NAME_ENTRY_pop_free); + return ret; + } + +/* Bitmap of all the types of string that will be canonicalized. */ + +#define ASN1_MASK_CANON \ + (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ + | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ + | B_ASN1_VISIBLESTRING) + + +static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) + { + unsigned char *to, *from; + int len, i; + + /* If type not in bitmask just copy string across */ + if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) + { + out->type = in->type; + if (!ASN1_STRING_set(out, in->data, in->length)) + return 0; + return 1; + } + + out->type = V_ASN1_UTF8STRING; + out->length = ASN1_STRING_to_UTF8(&out->data, in); + if (out->length == -1) + return 0; + + to = out->data; + from = to; + + len = out->length; + + /* Convert string in place to canonical form. + * Ultimately we may need to handle a wider range of characters + * but for now ignore anything with MSB set and rely on the + * isspace() and tolower() functions. + */ + + /* Ignore leading spaces */ + while((len > 0) && !(*from & 0x80) && isspace(*from)) + { + from++; + len--; + } + + to = from + len - 1; + + /* Ignore trailing spaces */ + while ((len > 0) && !(*to & 0x80) && isspace(*to)) + { + to--; + len--; + } + + to = out->data; + + i = 0; + while(i < len) + { + /* If MSB set just copy across */ + if (*from & 0x80) + { + *to++ = *from++; + i++; + } + /* Collapse multiple spaces */ + else if (isspace(*from)) + { + /* Copy one space across */ + *to++ = ' '; + /* Ignore subsequent spaces. Note: don't need to + * check len here because we know the last + * character is a non-space so we can't overflow. + */ + do + { + from++; + i++; + } + while(!(*from & 0x80) && isspace(*from)); + } + else + { + *to++ = tolower(*from++); + i++; + } + } + + out->length = to - out->data; + + return 1; + + } + +static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, + unsigned char **in) + { + int i, len, ltmp; + ASN1_VALUE *v; + STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; + + len = 0; + for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) + { + v = sk_ASN1_VALUE_value(intname, i); + ltmp = ASN1_item_ex_i2d(&v, in, + ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); + if (ltmp < 0) + return ltmp; + len += ltmp; + } + return len; + } int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c index 91c2756116..d42b6a2c54 100644 --- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c +++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include "asn1_locl.h" #ifndef OPENSSL_NO_RSA #include #endif @@ -68,7 +69,8 @@ #endif /* Minor tweak to operation: free up EVP_PKEY */ -static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if (operation == ASN1_OP_FREE_POST) { @@ -88,169 +90,42 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { X509_PUBKEY *pk=NULL; - X509_ALGOR *a; - ASN1_OBJECT *o; - unsigned char *s,*p = NULL; - int i; if (x == NULL) return(0); - if ((pk=X509_PUBKEY_new()) == NULL) goto err; - a=pk->algor; + if ((pk=X509_PUBKEY_new()) == NULL) goto error; - /* set the algorithm id */ - if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; - ASN1_OBJECT_free(a->algorithm); - a->algorithm=o; - - /* Set the parameter list */ - if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) + if (pkey->ameth) { - if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) + if (pkey->ameth->pub_encode) { - ASN1_TYPE_free(a->parameter); - if (!(a->parameter=ASN1_TYPE_new())) + if (!pkey->ameth->pub_encode(pk, pkey)) { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; + X509err(X509_F_X509_PUBKEY_SET, + X509_R_PUBLIC_KEY_ENCODE_ERROR); + goto error; } - a->parameter->type=V_ASN1_NULL; - } - } -#ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA) - { - unsigned char *pp; - DSA *dsa; - - dsa=pkey->pkey.dsa; - dsa->write_params=0; - ASN1_TYPE_free(a->parameter); - if ((i=i2d_DSAparams(dsa,NULL)) <= 0) - goto err; - if (!(p=(unsigned char *)OPENSSL_malloc(i))) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - pp=p; - i2d_DSAparams(dsa,&pp); - if (!(a->parameter=ASN1_TYPE_new())) - { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - a->parameter->type=V_ASN1_SEQUENCE; - if (!(a->parameter->value.sequence=ASN1_STRING_new())) - { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; } - if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) + else { - OPENSSL_free(p); - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; + X509err(X509_F_X509_PUBKEY_SET, + X509_R_METHOD_NOT_SUPPORTED); + goto error; } - OPENSSL_free(p); } -#endif -#ifndef OPENSSL_NO_EC - else if (pkey->type == EVP_PKEY_EC) - { - int nid=0; - unsigned char *pp; - EC_KEY *ec_key; - const EC_GROUP *group; - - ec_key = pkey->pkey.ec; - ASN1_TYPE_free(a->parameter); - - if ((a->parameter = ASN1_TYPE_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - goto err; - } - - group = EC_KEY_get0_group(ec_key); - if (EC_GROUP_get_asn1_flag(group) - && (nid = EC_GROUP_get_curve_name(group))) - { - /* just set the OID */ - a->parameter->type = V_ASN1_OBJECT; - a->parameter->value.object = OBJ_nid2obj(nid); - } - else /* explicit parameters */ - { - if ((i = i2d_ECParameters(ec_key, NULL)) == 0) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); - goto err; - } - if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); - goto err; - } - pp = p; - if (!i2d_ECParameters(ec_key, &pp)) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); - OPENSSL_free(p); - goto err; - } - a->parameter->type = V_ASN1_SEQUENCE; - if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); - OPENSSL_free(p); - goto err; - } - ASN1_STRING_set(a->parameter->value.sequence, p, i); - OPENSSL_free(p); - } - } -#endif - else if (1) + else { X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); - goto err; + goto error; } - if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; - if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - p=s; - i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; - } - /* Set number of unused bits to zero */ - pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; - - OPENSSL_free(s); - -#if 0 - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - pk->pkey=pkey; -#endif - if (*x != NULL) X509_PUBKEY_free(*x); *x=pk; return 1; -err: +error: if (pk != NULL) X509_PUBKEY_free(pk); return 0; } @@ -258,119 +133,50 @@ err: EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret=NULL; - long j; - int type; - const unsigned char *p; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) - const unsigned char *cp; - X509_ALGOR *a; -#endif - if (key == NULL) goto err; + if (key == NULL) goto error; if (key->pkey != NULL) { CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - return(key->pkey); + return key->pkey; } - if (key->public_key == NULL) goto err; + if (key->public_key == NULL) goto error; - type=OBJ_obj2nid(key->algor->algorithm); if ((ret = EVP_PKEY_new()) == NULL) { X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); - goto err; + goto error; } - ret->type = EVP_PKEY_type(type); - - /* the parameters must be extracted before the public key (ECDSA!) */ - -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) - a=key->algor; -#endif - if (0) - ; -#ifndef OPENSSL_NO_DSA - else if (ret->type == EVP_PKEY_DSA) + if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { - if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) - { - if ((ret->pkey.dsa = DSA_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->pkey.dsa->write_params=0; - cp=p=a->parameter->value.sequence->data; - j=a->parameter->value.sequence->length; - if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) - goto err; - } - ret->save_parameters=1; + X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM); + goto error; } -#endif -#ifndef OPENSSL_NO_EC - else if (ret->type == EVP_PKEY_EC) + + if (ret->ameth->pub_decode) { - if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) + if (!ret->ameth->pub_decode(ret, key)) { - /* type == V_ASN1_SEQUENCE => we have explicit parameters - * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) - */ - if ((ret->pkey.ec= EC_KEY_new()) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET, - ERR_R_MALLOC_FAILURE); - goto err; - } - cp = p = a->parameter->value.sequence->data; - j = a->parameter->value.sequence->length; - if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) - { - X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); - goto err; - } - } - else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) - { - /* type == V_ASN1_OBJECT => the parameters are given - * by an asn1 OID - */ - EC_KEY *ec_key; - EC_GROUP *group; - - if (ret->pkey.ec == NULL) - ret->pkey.ec = EC_KEY_new(); - ec_key = ret->pkey.ec; - if (ec_key == NULL) - goto err; - group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); - if (group == NULL) - goto err; - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(ec_key, group) == 0) - goto err; - EC_GROUP_free(group); + X509err(X509_F_X509_PUBKEY_GET, + X509_R_PUBLIC_KEY_DECODE_ERROR); + goto error; } - /* the case implicitlyCA is currently not implemented */ - ret->save_parameters = 1; } -#endif - - p=key->public_key->data; - j=key->public_key->length; - if (!d2i_PublicKey(type, &ret, &p, (long)j)) + else { - X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); - goto err; + X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED); + goto error; } key->pkey = ret; CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); - return(ret); -err: + + return ret; + + error: if (ret != NULL) EVP_PKEY_free(ret); return(NULL); @@ -529,3 +335,39 @@ int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) return(ret); } #endif + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen) + { + if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) + return 0; + if (penc) + { + if (pub->public_key->data) + OPENSSL_free(pub->public_key->data); + pub->public_key->data = penc; + pub->public_key->length = penclen; + /* Set number of unused bits to zero */ + pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; + } + return 1; + } + +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + X509_PUBKEY *pub) + { + if (ppkalg) + *ppkalg = pub->algor->algorithm; + if (pk) + { + *pk = pub->public_key->data; + *ppklen = pub->public_key->length; + } + if (pa) + *pa = pub->algor; + return 1; + } diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c index 59ca8ce329..d57555827c 100644 --- a/src/lib/libssl/src/crypto/asn1/x_req.c +++ b/src/lib/libssl/src/crypto/asn1/x_req.c @@ -79,7 +79,8 @@ * */ -static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c index e118696625..dafd3cc921 100644 --- a/src/lib/libssl/src/crypto/asn1/x_x509.c +++ b/src/lib/libssl/src/crypto/asn1/x_x509.c @@ -81,7 +81,8 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) extern void policy_cache_free(X509_POLICY_CACHE *cache); -static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { X509 *ret = (X509 *)*pval; @@ -99,6 +100,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) ret->rfc3779_asid = NULL; #endif ret->aux = NULL; + ret->crldp = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); break; @@ -112,7 +114,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) X509_CERT_AUX_free(ret->aux); ASN1_OCTET_STRING_free(ret->skid); AUTHORITY_KEYID_free(ret->akid); + CRL_DIST_POINTS_free(ret->crldp); policy_cache_free(ret->policy_cache); + GENERAL_NAMES_free(ret->altname); + NAME_CONSTRAINTS_free(ret->nc); #ifndef OPENSSL_NO_RFC3779 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); @@ -136,19 +141,6 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { IMPLEMENT_ASN1_FUNCTIONS(X509) IMPLEMENT_ASN1_DUP_FUNCTION(X509) -static ASN1_METHOD meth= - { - (I2D_OF(void)) i2d_X509, - (D2I_OF(void)) d2i_X509, - (void *(*)(void))X509_new, - (void (*)(void *)) X509_free - }; - -ASN1_METHOD *X509_asn1_meth(void) - { - return(&meth); - } - int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/src/lib/libssl/src/crypto/bf/Makefile b/src/lib/libssl/src/crypto/bf/Makefile index 7f4f03eb82..dd2c2c708e 100644 --- a/src/lib/libssl/src/crypto/bf/Makefile +++ b/src/lib/libssl/src/crypto/bf/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -40,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +bf-586.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/bf-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -103,9 +94,5 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h -bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -bf_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bf_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_skey.o: bf_locl.h bf_pi.h bf_skey.c +bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h +bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c diff --git a/src/lib/libssl/src/crypto/bf/asm/bf-586.pl b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl index b556642c94..b74cfbafd4 100644 --- a/src/lib/libssl/src/crypto/bf/asm/bf-586.pl +++ b/src/lib/libssl/src/crypto/bf/asm/bf-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c index 6ac2aeb279..3673cdee6e 100644 --- a/src/lib/libssl/src/crypto/bf/bf_skey.c +++ b/src/lib/libssl/src/crypto/bf/bf_skey.c @@ -59,15 +59,10 @@ #include #include #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - #include "bf_locl.h" #include "bf_pi.h" -FIPS_NON_FIPS_VCIPHER_Init(BF) +void BF_set_key(BF_KEY *key, int len, const unsigned char *data) { int i; BF_LONG *p,ri,in[2]; diff --git a/src/lib/libssl/src/crypto/bf/blowfish.h b/src/lib/libssl/src/crypto/bf/blowfish.h index d24ffccb65..b97e76f9a3 100644 --- a/src/lib/libssl/src/crypto/bf/blowfish.h +++ b/src/lib/libssl/src/crypto/bf/blowfish.h @@ -79,7 +79,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define BF_LONG unsigned long #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define BF_LONG unsigned long @@ -104,9 +104,7 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; -#ifdef OPENSSL_FIPS -void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); -#endif + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/src/lib/libssl/src/crypto/bio/Makefile b/src/lib/libssl/src/crypto/bio/Makefile index 1cd76ce7a2..c395d80496 100644 --- a/src/lib/libssl/src/crypto/bio/Makefile +++ b/src/lib/libssl/src/crypto/bio/Makefile @@ -45,7 +45,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -102,11 +102,12 @@ b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c +b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +b_sock.o: ../cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c index 3a87b0ec0b..143a7cfefa 100644 --- a/src/lib/libssl/src/crypto/bio/b_print.c +++ b/src/lib/libssl/src/crypto/bio/b_print.c @@ -115,8 +115,8 @@ #define LDOUBLE double #endif -#if HAVE_LONG_LONG -# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +#ifdef HAVE_LONG_LONG +# if defined(_WIN32) && !defined(__GNUC__) # define LLONG __int64 # else # define LLONG long long diff --git a/src/lib/libssl/src/crypto/bio/b_sock.c b/src/lib/libssl/src/crypto/bio/b_sock.c index ead477d8a2..12b0a53a81 100644 --- a/src/lib/libssl/src/crypto/bio/b_sock.c +++ b/src/lib/libssl/src/crypto/bio/b_sock.c @@ -72,11 +72,9 @@ NETDB_DEFINE_CONTEXT #ifndef OPENSSL_NO_SOCK -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else +#include + #define SOCKET_PROTOCOL IPPROTO_TCP -#endif #ifdef SO_MAXCONN #define MAX_LISTEN SO_MAXCONN @@ -90,6 +88,17 @@ NETDB_DEFINE_CONTEXT static int wsa_init_done=0; #endif +/* + * WSAAPI specifier is required to make indirect calls to run-time + * linked WinSock 2 functions used in this module, to be specific + * [get|free]addrinfo and getnameinfo. This is because WinSock uses + * uses non-C calling convention, __stdcall vs. __cdecl, on x86 + * Windows. On non-WinSock platforms WSAAPI needs to be void. + */ +#ifndef WSAAPI +#define WSAAPI +#endif + #if 0 static unsigned long BIO_ghbn_hits=0L; static unsigned long BIO_ghbn_miss=0L; @@ -226,6 +235,10 @@ int BIO_sock_error(int sock) int j,i; int size; +#if defined(OPENSSL_SYS_BEOS_R5) + return 0; +#endif + size=sizeof(int); /* Note: under Windows the third parameter is of type (char *) * whereas under other systems it is (void *) if you don't have @@ -466,7 +479,12 @@ int BIO_sock_init(void) wsa_init_done=1; memset(&wsa_state,0,sizeof(wsa_state)); - if (WSAStartup(0x0101,&wsa_state)!=0) + /* Not making wsa_state available to the rest of the + * code is formally wrong. But the structures we use + * are [beleived to be] invariable among Winsock DLLs, + * while API availability is [expected to be] probed + * at run-time with DSO_global_lookup. */ + if (WSAStartup(0x0202,&wsa_state)!=0) { err=WSAGetLastError(); SYSerr(SYS_F_WSASTARTUP,err); @@ -510,8 +528,8 @@ void BIO_sock_cleanup(void) if (wsa_init_done) { wsa_init_done=0; -#ifndef OPENSSL_SYS_WINCE - WSACancelBlockingCall(); /* Winsock 1.1 specific */ +#if 0 /* this call is claimed to be non-present in Winsock2 */ + WSACancelBlockingCall(); #endif WSACleanup(); } @@ -581,12 +599,18 @@ static int get_ip(const char *str, unsigned char ip[4]) int BIO_get_accept_socket(char *host, int bind_mode) { int ret=0; - struct sockaddr_in server,client; - int s=INVALID_SOCKET,cs; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +#if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +#endif + } server,client; + int s=INVALID_SOCKET,cs,addrlen; unsigned char ip[4]; unsigned short port; char *str=NULL,*e; - const char *h,*p; + char *h,*p; unsigned long l; int err_num; @@ -600,8 +624,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) { if (*e == ':') { - p= &(e[1]); - *e='\0'; + p=e; } else if (*e == '/') { @@ -609,21 +632,70 @@ int BIO_get_accept_socket(char *host, int bind_mode) break; } } - - if (p == NULL) + if (p) *p++='\0'; /* points at last ':', '::port' is special [see below] */ + else p=h,h=NULL; + +#ifdef EAI_FAMILY + do { + static union { void *p; + int (WSAAPI *f)(const char *,const char *, + const struct addrinfo *, + struct addrinfo **); + } p_getaddrinfo = {NULL}; + static union { void *p; + void (WSAAPI *f)(struct addrinfo *); + } p_freeaddrinfo = {NULL}; + struct addrinfo *res,hint; + + if (p_getaddrinfo.p==NULL) + { + if ((p_getaddrinfo.p=DSO_global_lookup("getaddrinfo"))==NULL || + (p_freeaddrinfo.p=DSO_global_lookup("freeaddrinfo"))==NULL) + p_getaddrinfo.p=(void*)-1; + } + if (p_getaddrinfo.p==(void *)-1) break; + + /* '::port' enforces IPv6 wildcard listener. Some OSes, + * e.g. Solaris, default to IPv6 without any hint. Also + * note that commonly IPv6 wildchard socket can service + * IPv4 connections just as well... */ + memset(&hint,0,sizeof(hint)); + if (h) { - p=h; - h="*"; + if (strchr(h,':')) + { + if (h[1]=='\0') h=NULL; +#if OPENSSL_USE_IPV6 + hint.ai_family = AF_INET6; +#else + h=NULL; +#endif + } + else if (h[0]=='*' && h[1]=='\0') + h=NULL; } + if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break; + + addrlen = res->ai_addrlen<=sizeof(server) ? + res->ai_addrlen : + sizeof(server); + memcpy(&server, res->ai_addr, addrlen); + + (*p_freeaddrinfo.f)(res); + goto again; + } while (0); +#endif + if (!BIO_get_port(p,&port)) goto err; memset((char *)&server,0,sizeof(server)); - server.sin_family=AF_INET; - server.sin_port=htons(port); + server.sa_in.sin_family=AF_INET; + server.sa_in.sin_port=htons(port); + addrlen = sizeof(server.sa_in); - if (strcmp(h,"*") == 0) - server.sin_addr.s_addr=INADDR_ANY; + if (h == NULL || strcmp(h,"*") == 0) + server.sa_in.sin_addr.s_addr=INADDR_ANY; else { if (!BIO_get_host_ip(h,&(ip[0]))) goto err; @@ -632,11 +704,11 @@ int BIO_get_accept_socket(char *host, int bind_mode) ((unsigned long)ip[1]<<16L)| ((unsigned long)ip[2]<< 8L)| ((unsigned long)ip[3]); - server.sin_addr.s_addr=htonl(l); + server.sa_in.sin_addr.s_addr=htonl(l); } again: - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL); if (s == INVALID_SOCKET) { SYSerr(SYS_F_SOCKET,get_last_socket_error()); @@ -654,22 +726,42 @@ again: bind_mode=BIO_BIND_NORMAL; } #endif - if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) + if (bind(s,&server.sa,addrlen) == -1) { #ifdef SO_REUSEADDR err_num=get_last_socket_error(); if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && +#ifdef OPENSSL_SYS_WINDOWS + /* Some versions of Windows define EADDRINUSE to + * a dummy value. + */ + (err_num == WSAEADDRINUSE)) +#else (err_num == EADDRINUSE)) +#endif { - memcpy((char *)&client,(char *)&server,sizeof(server)); - if (strcmp(h,"*") == 0) - client.sin_addr.s_addr=htonl(0x7F000001); - cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + client = server; + if (h == NULL || strcmp(h,"*") == 0) + { +#if OPENSSL_USE_IPV6 + if (client.sa.sa_family == AF_INET6) + { + memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr)); + client.sa_in6.sin6_addr.s6_addr[15]=1; + } + else +#endif + if (client.sa.sa_family == AF_INET) + { + client.sa_in.sin_addr.s_addr=htonl(0x7F000001); + } + else goto err; + } + cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL); if (cs != INVALID_SOCKET) { int ii; - ii=connect(cs,(struct sockaddr *)&client, - sizeof(client)); + ii=connect(cs,&client.sa,addrlen); closesocket(cs); if (ii == INVALID_SOCKET) { @@ -708,20 +800,52 @@ err: int BIO_accept(int sock, char **addr) { int ret=INVALID_SOCKET; - static struct sockaddr_in from; unsigned long l; unsigned short port; - int len; char *p; - memset((char *)&from,0,sizeof(from)); - len=sizeof(from); - /* Note: under VMS with SOCKETSHR the fourth parameter is currently - * of type (int *) whereas under other systems it is (void *) if - * you don't have a cast it will choke the compiler: if you do - * have a cast then you can either go for (int *) or (void *). + struct { + /* + * As for following union. Trouble is that there are platforms + * that have socklen_t and there are platforms that don't, on + * some platforms socklen_t is int and on some size_t. So what + * one can do? One can cook #ifdef spaghetti, which is nothing + * but masochistic. Or one can do union between int and size_t. + * One naturally does it primarily for 64-bit platforms where + * sizeof(int) != sizeof(size_t). But would it work? Note that + * if size_t member is initialized to 0, then later int member + * assignment naturally does the job on little-endian platforms + * regardless accept's expectations! What about big-endians? + * If accept expects int*, then it works, and if size_t*, then + * length value would appear as unreasonably large. But this + * won't prevent it from filling in the address structure. The + * trouble of course would be if accept returns more data than + * actual buffer can accomodate and overwrite stack... That's + * where early OPENSSL_assert comes into picture. Besides, the + * only 64-bit big-endian platform found so far that expects + * size_t* is HP-UX, where stack grows towards higher address. + * */ - ret=accept(sock,(struct sockaddr *)&from,(void *)&len); + union { size_t s; int i; } len; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; +#if OPENSSL_USE_IPV6 + struct sockaddr_in6 sa_in6; +#endif + } from; + } sa; + + sa.len.s=0; + sa.len.i=sizeof(sa.from); + memset(&sa.from,0,sizeof(sa.from)); + ret=accept(sock,&sa.from.sa,(void *)&sa.len); + if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0) + { + OPENSSL_assert(sa.len.s<=sizeof(sa.from)); + sa.len.i = (int)sa.len.s; + /* use sa.len.i from this point */ + } if (ret == INVALID_SOCKET) { if(BIO_sock_should_retry(ret)) return -2; @@ -732,8 +856,46 @@ int BIO_accept(int sock, char **addr) if (addr == NULL) goto end; - l=ntohl(from.sin_addr.s_addr); - port=ntohs(from.sin_port); +#ifdef EAI_FAMILY + do { + char h[NI_MAXHOST],s[NI_MAXSERV]; + size_t nl; + static union { void *p; + int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/, + char *,size_t,char *,size_t,int); + } p_getnameinfo = {NULL}; + /* 2nd argument to getnameinfo is specified to + * be socklen_t. Unfortunately there is a number + * of environments where socklen_t is not defined. + * As it's passed by value, it's safe to pass it + * as size_t... */ + + if (p_getnameinfo.p==NULL) + { + if ((p_getnameinfo.p=DSO_global_lookup("getnameinfo"))==NULL) + p_getnameinfo.p=(void*)-1; + } + if (p_getnameinfo.p==(void *)-1) break; + + if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s), + NI_NUMERICHOST|NI_NUMERICSERV)) break; + nl = strlen(h)+strlen(s)+2; + p = *addr; + if (p) { *p = '\0'; p = OPENSSL_realloc(p,nl); } + else { p = OPENSSL_malloc(nl); } + if (p==NULL) + { + BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE); + goto end; + } + *addr = p; + BIO_snprintf(*addr,nl,"%s:%s",h,s); + goto end; + } while(0); +#endif + if (sa.from.sa.sa_family != AF_INET) goto end; + l=ntohl(sa.from.sa_in.sin_addr.s_addr); + port=ntohs(sa.from.sa_in.sin_port); if (*addr == NULL) { if ((p=OPENSSL_malloc(24)) == NULL) diff --git a/src/lib/libssl/src/crypto/bio/bio.h b/src/lib/libssl/src/crypto/bio/bio.h index cecb6a7207..152802fbdf 100644 --- a/src/lib/libssl/src/crypto/bio/bio.h +++ b/src/lib/libssl/src/crypto/bio/bio.h @@ -95,6 +95,7 @@ extern "C" { #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ #define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#define BIO_TYPE_ASN1 (22|0x0200) /* filter */ #define BIO_TYPE_COMP (23|0x0200) /* filter */ #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ @@ -156,8 +157,11 @@ extern "C" { * previous write * operation */ +#define BIO_CTRL_DGRAM_GET_PEER 46 #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to + * adjust socket timeouts */ /* modifiers */ #define BIO_FP_READ 0x02 @@ -262,7 +266,6 @@ int BIO_method_type(const BIO *b); typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); -#ifndef OPENSSL_SYS_WIN16 typedef struct bio_method_st { int type; @@ -276,21 +279,6 @@ typedef struct bio_method_st int (*destroy)(BIO *); long (*callback_ctrl)(BIO *, int, bio_info_cb *); } BIO_METHOD; -#else -typedef struct bio_method_st - { - int type; - const char *name; - int (_far *bwrite)(); - int (_far *bread)(); - int (_far *bputs)(); - int (_far *bgets)(); - long (_far *ctrl)(); - int (_far *create)(); - int (_far *destroy)(); - long (_far *callback_ctrl)(); - } BIO_METHOD; -#endif struct bio_st { @@ -331,6 +319,9 @@ typedef struct bio_f_buffer_ctx_struct int obuf_off; /* write/read offset */ } BIO_F_BUFFER_CTX; +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); + /* connect BIO stuff */ #define BIO_CONN_S_BEFORE 1 #define BIO_CONN_S_GET_IP 2 @@ -393,6 +384,13 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_C_RESET_READ_REQUEST 147 #define BIO_C_SET_MD_CTX 148 +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) #define BIO_get_app_data(s) BIO_get_ex_data(s,0) @@ -405,7 +403,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) #define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3) +#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) @@ -414,7 +412,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) +#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) #define BIO_BIND_NORMAL 0 @@ -541,6 +539,8 @@ int BIO_ctrl_reset_read_request(BIO *b); (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) #define BIO_dgram_send_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) #define BIO_dgram_set_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) @@ -554,22 +554,21 @@ int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, unsigned long BIO_number_read(BIO *bio); unsigned long BIO_number_written(BIO *bio); +/* For BIO_f_asn1() */ +int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, + asn1_ps_func *prefix_free); +int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, + asn1_ps_func **pprefix_free); +int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + asn1_ps_func *suffix_free); +int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + # ifndef OPENSSL_NO_FP_API -# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL) -BIO_METHOD *BIO_s_file_internal(void); -BIO *BIO_new_file_internal(char *filename, char *mode); -BIO *BIO_new_fp_internal(FILE *stream, int close_flag); -# define BIO_s_file BIO_s_file_internal -# define BIO_new_file BIO_new_file_internal -# define BIO_new_fp BIO_new_fp_internal -# else /* FP_API */ BIO_METHOD *BIO_s_file(void ); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file -# define BIO_new_file_internal BIO_new_file -# define BIO_new_fp_internal BIO_s_file -# endif /* FP_API */ +# define BIO_s_file_internal BIO_s_file # endif BIO * BIO_new(BIO_METHOD *type); int BIO_set(BIO *a,BIO_METHOD *type); @@ -598,13 +597,8 @@ int BIO_nread(BIO *bio, char **buf, int num); int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); -#ifndef OPENSSL_SYS_WIN16 long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, long argl,long ret); -#else -long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, - long argl,long ret); -#endif BIO_METHOD *BIO_s_mem(void); BIO *BIO_new_mem_buf(void *buf, int len); diff --git a/src/lib/libssl/src/crypto/bio/bio_cb.c b/src/lib/libssl/src/crypto/bio/bio_cb.c index 6f4254a114..9bcbc321d9 100644 --- a/src/lib/libssl/src/crypto/bio/bio_cb.c +++ b/src/lib/libssl/src/crypto/bio/bio_cb.c @@ -85,28 +85,32 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", - bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s fd=%d\n", + bio->num,(unsigned long)argi, + bio->method->name,bio->num); else - BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", - bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s\n", + bio->num,(unsigned long)argi, + bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", - bio->num,argi,bio->method->name,bio->num); + BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s fd=%d\n", + bio->num,(unsigned long)argi, + bio->method->name,bio->num); else - BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", - bio->num,argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s\n", + bio->num,(unsigned long)argi, + bio->method->name); break; case BIO_CB_PUTS: BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); break; case BIO_CB_GETS: - BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"gets(%lu) - %s\n",(unsigned long)argi,bio->method->name); break; case BIO_CB_CTRL: - BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); + BIO_snprintf(p,p_maxlen,"ctrl(%lu) - %s\n",(unsigned long)argi,bio->method->name); break; case BIO_CB_RETURN|BIO_CB_READ: BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); diff --git a/src/lib/libssl/src/crypto/bio/bio_err.c b/src/lib/libssl/src/crypto/bio/bio_err.c index 6603f1c74d..a224edd5a0 100644 --- a/src/lib/libssl/src/crypto/bio/bio_err.c +++ b/src/lib/libssl/src/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* crypto/bio/bio_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/bio/bio_lib.c b/src/lib/libssl/src/crypto/bio/bio_lib.c index 3f52ae953c..77f4de9c32 100644 --- a/src/lib/libssl/src/crypto/bio/bio_lib.c +++ b/src/lib/libssl/src/crypto/bio/bio_lib.c @@ -429,7 +429,7 @@ BIO *BIO_push(BIO *b, BIO *bio) if (bio != NULL) bio->prev_bio=lb; /* called to do internal processing */ - BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL); + BIO_ctrl(b,BIO_CTRL_PUSH,0,lb); return(b); } @@ -441,7 +441,7 @@ BIO *BIO_pop(BIO *b) if (b == NULL) return(NULL); ret=b->next_bio; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); + BIO_ctrl(b,BIO_CTRL_POP,0,b); if (b->prev_bio != NULL) b->prev_bio->next_bio=b->next_bio; diff --git a/src/lib/libssl/src/crypto/bio/bss_acpt.c b/src/lib/libssl/src/crypto/bio/bss_acpt.c index d090b7272f..826f761143 100644 --- a/src/lib/libssl/src/crypto/bio/bss_acpt.c +++ b/src/lib/libssl/src/crypto/bio/bss_acpt.c @@ -100,8 +100,8 @@ static int acpt_new(BIO *h); static int acpt_free(BIO *data); static int acpt_state(BIO *b, BIO_ACCEPT *c); static void acpt_close_socket(BIO *data); -BIO_ACCEPT *BIO_ACCEPT_new(void ); -void BIO_ACCEPT_free(BIO_ACCEPT *a); +static BIO_ACCEPT *BIO_ACCEPT_new(void ); +static void BIO_ACCEPT_free(BIO_ACCEPT *a); #define ACPT_S_BEFORE 1 #define ACPT_S_GET_ACCEPT_SOCKET 2 @@ -141,7 +141,7 @@ static int acpt_new(BIO *bi) return(1); } -BIO_ACCEPT *BIO_ACCEPT_new(void) +static BIO_ACCEPT *BIO_ACCEPT_new(void) { BIO_ACCEPT *ret; @@ -154,7 +154,7 @@ BIO_ACCEPT *BIO_ACCEPT_new(void) return(ret); } -void BIO_ACCEPT_free(BIO_ACCEPT *a) +static void BIO_ACCEPT_free(BIO_ACCEPT *a) { if(a == NULL) return; diff --git a/src/lib/libssl/src/crypto/bio/bss_fd.c b/src/lib/libssl/src/crypto/bio/bss_fd.c index 4c229bf641..d1bf85aae1 100644 --- a/src/lib/libssl/src/crypto/bio/bss_fd.c +++ b/src/lib/libssl/src/crypto/bio/bss_fd.c @@ -60,6 +60,13 @@ #include #define USE_SOCKETS #include "cryptlib.h" + +#if defined(OPENSSL_NO_POSIX_IO) +/* + * One can argue that one should implement dummy placeholder for + * BIO_s_fd here... + */ +#else /* * As for unconditional usage of "UPLINK" interface in this module. * Trouble is that unlike Unix file descriptors [which are indexes @@ -77,6 +84,7 @@ static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); static int fd_puts(BIO *h, const char *str); +static int fd_gets(BIO *h, char *buf, int size); static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int fd_new(BIO *h); static int fd_free(BIO *data); @@ -88,7 +96,7 @@ static BIO_METHOD methods_fdp= fd_write, fd_read, fd_puts, - NULL, /* fd_gets, */ + fd_gets, fd_ctrl, fd_new, fd_free, @@ -227,6 +235,22 @@ static int fd_puts(BIO *bp, const char *str) return(ret); } +static int fd_gets(BIO *bp, char *buf, int size) + { + int ret=0; + char *ptr=buf; + char *end=buf+size-1; + + while ( (ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n') ) + ptr++; + + ptr[0]='\0'; + + if (buf[0] != '\0') + ret=strlen(buf); + return(ret); + } + int BIO_fd_should_retry(int i) { int err; @@ -292,3 +316,4 @@ int BIO_fd_non_fatal_error(int err) } return(0); } +#endif diff --git a/src/lib/libssl/src/crypto/bio/bss_file.c b/src/lib/libssl/src/crypto/bio/bss_file.c index 9ad46fa081..8bfa0bcd97 100644 --- a/src/lib/libssl/src/crypto/bio/bss_file.c +++ b/src/lib/libssl/src/crypto/bio/bss_file.c @@ -118,10 +118,47 @@ static BIO_METHOD methods_filep= BIO *BIO_new_file(const char *filename, const char *mode) { - BIO *ret; - FILE *file; + BIO *ret; + FILE *file=NULL; + +#if defined(_WIN32) && defined(CP_UTF8) + int sz, len_0 = (int)strlen(filename)+1; - if ((file=fopen(filename,mode)) == NULL) + /* + * Basically there are three cases to cover: a) filename is + * pure ASCII string; b) actual UTF-8 encoded string and + * c) locale-ized string, i.e. one containing 8-bit + * characters that are meaningful in current system locale. + * If filename is pure ASCII or real UTF-8 encoded string, + * MultiByteToWideChar succeeds and _wfopen works. If + * filename is locale-ized string, chances are that + * MultiByteToWideChar fails reporting + * ERROR_NO_UNICODE_TRANSLATION, in which case we fall + * back to fopen... + */ + if ((sz=MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + filename,len_0,NULL,0))>0) + { + WCHAR wmode[8]; + WCHAR *wfilename = _alloca(sz*sizeof(WCHAR)); + + if (MultiByteToWideChar(CP_UTF8,MB_ERR_INVALID_CHARS, + filename,len_0,wfilename,sz) && + MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1, + wmode,sizeof(wmode)/sizeof(wmode[0])) && + (file=_wfopen(wfilename,wmode))==NULL && errno==ENOENT + ) /* UTF-8 decode succeeded, but no file, filename + * could still have been locale-ized... */ + file = fopen(filename,mode); + } + else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION) + { + file = fopen(filename,mode); + } +#else + file=fopen(filename,mode); +#endif + if (file == NULL) { SYSerr(SYS_F_FOPEN,get_last_sys_error()); ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); @@ -131,7 +168,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); return(NULL); } - if ((ret=BIO_new(BIO_s_file_internal())) == NULL) + if ((ret=BIO_new(BIO_s_file())) == NULL) { fclose(file); return(NULL); @@ -272,9 +309,9 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_clear_flags(b,BIO_FLAGS_UPLINK); #endif #endif -#ifdef UP_fsetmode +#ifdef UP_fsetmod if (b->flags&BIO_FLAGS_UPLINK) - UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b'); + UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b')); else #endif { @@ -286,8 +323,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd,_O_BINARY); #elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) int fd = fileno((FILE*)ptr); - /* Under CLib there are differences in file modes - */ + /* Under CLib there are differences in file modes */ if (num & BIO_FP_TEXT) setmode(fd,O_TEXT); else @@ -308,7 +344,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) else _setmode(fd,_O_BINARY); } -#elif defined(OPENSSL_SYS_OS2) +#elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) int fd = fileno((FILE*)ptr); if (num & BIO_FP_TEXT) setmode(fd, O_TEXT); @@ -404,11 +440,18 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) buf[0]='\0'; if (bp->flags&BIO_FLAGS_UPLINK) - UP_fgets(buf,size,bp->ptr); + { + if (!UP_fgets(buf,size,bp->ptr)) + goto err; + } else - fgets(buf,size,(FILE *)bp->ptr); + { + if (!fgets(buf,size,(FILE *)bp->ptr)) + goto err; + } if (buf[0] != '\0') ret=strlen(buf); + err: return(ret); } diff --git a/src/lib/libssl/src/crypto/bio/bss_log.c b/src/lib/libssl/src/crypto/bio/bss_log.c index 6360dbc820..7ead044b37 100644 --- a/src/lib/libssl/src/crypto/bio/bss_log.c +++ b/src/lib/libssl/src/crypto/bio/bss_log.c @@ -70,7 +70,6 @@ #if defined(OPENSSL_SYS_WINCE) #elif defined(OPENSSL_SYS_WIN32) -# include #elif defined(OPENSSL_SYS_VMS) # include # include @@ -122,18 +121,6 @@ static int MS_CALLBACK slg_free(BIO *data); static void xopenlog(BIO* bp, char* name, int level); static void xsyslog(BIO* bp, int priority, const char* string); static void xcloselog(BIO* bp); -#ifdef OPENSSL_SYS_WIN32 -LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx; -HANDLE (WINAPI *register_event_source)() = NULL; -BOOL (WINAPI *deregister_event_source)() = NULL; -BOOL (WINAPI *report_event)() = NULL; -#define DL_PROC(m,f) (GetProcAddress( m, f )) -#ifdef UNICODE -#define DL_PROC_X(m,f) DL_PROC( m, f "W" ) -#else -#define DL_PROC_X(m,f) DL_PROC( m, f "A" ) -#endif -#endif static BIO_METHOD methods_slg= { @@ -175,7 +162,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) char* buf; char* pp; int priority, i; - static struct + static const struct { int strl; char str[10]; @@ -249,35 +236,20 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str) static void xopenlog(BIO* bp, char* name, int level) { - if ( !register_event_source ) - { - HANDLE advapi; - if ( !(advapi = GetModuleHandle("advapi32")) ) - return; - register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi, - "RegisterEventSource" ); - deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi, - "DeregisterEventSource"); - report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi, - "ReportEvent" ); - if ( !(register_event_source && deregister_event_source && - report_event) ) - { - register_event_source = NULL; - deregister_event_source = NULL; - report_event = NULL; - return; - } - } - bp->ptr= (char *)register_event_source(NULL, name); + if (GetVersion() < 0x80000000) + bp->ptr = RegisterEventSourceA(NULL,name); + else + bp->ptr = NULL; } static void xsyslog(BIO *bp, int priority, const char *string) { LPCSTR lpszStrings[2]; WORD evtype= EVENTLOG_ERROR_TYPE; - int pid = _getpid(); - char pidbuf[DECIMAL_SIZE(pid)+4]; + char pidbuf[DECIMAL_SIZE(DWORD)+4]; + + if (bp->ptr == NULL) + return; switch (priority) { @@ -301,19 +273,18 @@ static void xsyslog(BIO *bp, int priority, const char *string) break; } - sprintf(pidbuf, "[%d] ", pid); + sprintf(pidbuf, "[%u] ", GetCurrentProcessId()); lpszStrings[0] = pidbuf; lpszStrings[1] = string; - if(report_event && bp->ptr) - report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, + ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); } static void xcloselog(BIO* bp) { - if(deregister_event_source && bp->ptr) - deregister_event_source((HANDLE)(bp->ptr)); + if(bp->ptr) + DeregisterEventSource((HANDLE)(bp->ptr)); bp->ptr= NULL; } diff --git a/src/lib/libssl/src/crypto/bio/bss_mem.c b/src/lib/libssl/src/crypto/bio/bss_mem.c index e7ab9cb3a3..37d4194e4b 100644 --- a/src/lib/libssl/src/crypto/bio/bss_mem.c +++ b/src/lib/libssl/src/crypto/bio/bss_mem.c @@ -94,16 +94,18 @@ BIO *BIO_new_mem_buf(void *buf, int len) { BIO *ret; BUF_MEM *b; + size_t sz; + if (!buf) { BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER); return NULL; } - if(len == -1) len = strlen(buf); + sz = (len<0) ? strlen(buf) : (size_t)len; if(!(ret = BIO_new(BIO_s_mem())) ) return NULL; b = (BUF_MEM *)ret->ptr; b->data = buf; - b->length = len; - b->max = len; + b->length = sz; + b->max = sz; ret->flags |= BIO_FLAGS_MEM_RDONLY; /* Since this is static data retrying wont help */ ret->num = 0; @@ -144,22 +146,16 @@ static int mem_read(BIO *b, char *out, int outl) { int ret= -1; BUF_MEM *bm; - int i; - char *from,*to; bm=(BUF_MEM *)b->ptr; BIO_clear_retry_flags(b); - ret=(outl > bm->length)?bm->length:outl; + ret=(outl >=0 && (size_t)outl > bm->length)?(int)bm->length:outl; if ((out != NULL) && (ret > 0)) { memcpy(out,bm->data,ret); bm->length-=ret; - /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; else { - from=(char *)&(bm->data[ret]); - to=(char *)&(bm->data[0]); - for (i=0; ilength; i++) - to[i]=from[i]; + memmove(&(bm->data[0]),&(bm->data[ret]),bm->length); } } else if (bm->length == 0) { diff --git a/src/lib/libssl/src/crypto/bio/bss_sock.c b/src/lib/libssl/src/crypto/bio/bss_sock.c index 30c3ceab46..3df31938c1 100644 --- a/src/lib/libssl/src/crypto/bio/bss_sock.c +++ b/src/lib/libssl/src/crypto/bio/bss_sock.c @@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) switch (cmd) { - case BIO_CTRL_RESET: - num=0; - case BIO_C_FILE_SEEK: - ret=0; - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret=0; - break; case BIO_C_SET_FD: sock_free(b); b->num= *((int *)ptr); @@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_SET_CLOSE: b->shutdown=(int)num; break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret=0; - break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: ret=1; diff --git a/src/lib/libssl/src/crypto/bn/Makefile b/src/lib/libssl/src/crypto/bn/Makefile index f5e8f65a46..aabc4f56b8 100644 --- a/src/lib/libssl/src/crypto/bn/Makefile +++ b/src/lib/libssl/src/crypto/bn/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r BN_ASM= bn_asm.o -# or use -#BN_ASM= bn86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -28,13 +26,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c bn_x931p.c bn_const.c bn_opt.c + bn_depr.c bn_const.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o bn_x931p.o bn_const.o bn_opt.o + bn_depr.o bn_const.o SRC= $(LIBSRC) @@ -58,36 +56,25 @@ bnbug: bnbug.c ../../libcrypto.a top cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@) -co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@) -mo86-elf.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@) -# COFF -bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@) -co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@) -mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@) -# a.out -bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@) -co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@) -mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@) +bn-586.s: asm/bn-586.pl ../perlasm/x86asm.pl + $(PERL) asm/bn-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +co-586.s: asm/co-586.pl ../perlasm/x86asm.pl + $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +x86-mont.s: asm/x86-mont.pl ../perlasm/x86asm.pl + $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sparcv8.o: asm/sparcv8.S $(CC) $(CFLAGS) -c asm/sparcv8.S -sparcv8plus.o: asm/sparcv8plus.S - $(CC) $(CFLAGS) -c asm/sparcv8plus.S +bn-sparcv9.o: asm/sparcv8plus.S + $(CC) $(CFLAGS) -c -o $@ asm/sparcv8plus.S +sparcv9a-mont.s: asm/sparcv9a-mont.pl + $(PERL) asm/sparcv9a-mont.pl $(CFLAGS) > $@ +sparcv9-mont.s: asm/sparcv9-mont.pl + $(PERL) asm/sparcv9-mont.pl $(CFLAGS) > $@ bn-mips3.o: asm/mips3.s @if [ "$(CC)" = "gcc" ]; then \ @@ -95,10 +82,13 @@ bn-mips3.o: asm/mips3.s as -$$ABI -O -o $@ asm/mips3.s; \ else $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi +bn-s390x.o: asm/s390x.S + $(CC) $(CFLAGS) -c -o $@ asm/s390x.S + x86_64-gcc.o: asm/x86_64-gcc.c $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c x86_64-mont.s: asm/x86_64-mont.pl - $(PERL) asm/x86_64-mont.pl $@ + $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@ bn-ia64.s: asm/ia64.S $(CC) $(CFLAGS) -E asm/ia64.S > $@ @@ -111,12 +101,14 @@ pa-risc2.o: asm/pa-risc2.s /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s # ppc - AIX, Linux, MacOS X... -linux_ppc32.s: asm/ppc.pl; $(PERL) $< $@ -linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@ -aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ -aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ -osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ -osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@ +bn-ppc.s: asm/ppc.pl; $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@ +ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@ + +alpha-mont.s: asm/alpha-mont.pl + $(PERL) $< | $(CC) -E - | tee $@ > /dev/null + +# GNU make "catch all" +%-mont.s: asm/%-mont.pl; $(PERL) $< $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -184,8 +176,11 @@ bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h -bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c +bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bn_const.o: ../../include/openssl/opensslconf.h +bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_const.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_const.o: ../../include/openssl/symhacks.h bn.h bn_const.c bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -292,13 +287,6 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c -bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -357,6 +345,3 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c -bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -bn_x931p.o: ../../include/openssl/opensslconf.h -bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c diff --git a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl index 26c2685a72..332ef3e91d 100644 --- a/src/lib/libssl/src/crypto/bn/asm/bn-586.pl +++ b/src/lib/libssl/src/crypto/bn/asm/bn-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); @@ -24,38 +25,25 @@ sub bn_mul_add_words { local($name)=@_; - &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); + &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ebp"; - $r="edi"; - $c="esi"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - - &mov("ecx",&wparam(2)); # - &mov($a,&wparam(1)); # - - &and("ecx",0xfffffff8); # num / 8 - &mov($w,&wparam(3)); # - - &push("ecx"); # Up the stack for a tmp variable - - &jz(&label("maw_finish")); + $r="eax"; + $a="edx"; + $c="ecx"; if ($sse2) { &picmeup("eax","OPENSSL_ia32cap_P"); &bt(&DWP(0,"eax"),26); - &jnc(&label("maw_loop")); + &jnc(&label("maw_non_sse2")); - &movd("mm0",$w); # mm0 = w + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + &movd("mm0",&wparam(3)); # mm0 = w &pxor("mm1","mm1"); # mm1 = carry_in - - &set_label("maw_sse2_loop",0); + &jmp(&label("maw_sse2_entry")); + + &set_label("maw_sse2_unrolled",16); &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] &paddq("mm1","mm3"); # mm1 = carry_in + r[0] &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] @@ -112,42 +100,82 @@ sub bn_mul_add_words &psrlq("mm1",32); # mm1 = carry6 &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] &movd(&DWP(28,$r,"",0),"mm1"); - &add($r,32); + &lea($r,&DWP(32,$r)); &psrlq("mm1",32); # mm1 = carry_out - &sub("ecx",8); + &sub($c,8); + &jz(&label("maw_sse2_exit")); + &set_label("maw_sse2_entry"); + &test($c,0xfffffff8); + &jnz(&label("maw_sse2_unrolled")); + + &set_label("maw_sse2_loop",4); + &movd("mm2",&DWP(0,$a)); # mm2 = a[i] + &movd("mm3",&DWP(0,$r)); # mm3 = r[i] + &pmuludq("mm2","mm0"); # a[i] *= w + &lea($a,&DWP(4,$a)); + &paddq("mm1","mm3"); # carry += r[i] + &paddq("mm1","mm2"); # carry += a[i]*w + &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low + &sub($c,1); + &psrlq("mm1",32); # carry = carry_high + &lea($r,&DWP(4,$r)); &jnz(&label("maw_sse2_loop")); - - &movd($c,"mm1"); # c = carry_out + &set_label("maw_sse2_exit"); + &movd("eax","mm1"); # c = carry_out &emms(); + &ret(); - &jmp(&label("maw_finish")); + &set_label("maw_non_sse2",16); } - &set_label("maw_loop",0); + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); + + &comment(""); + $Low="eax"; + $High="edx"; + $a="ebx"; + $w="ebp"; + $r="edi"; + $c="esi"; + + &xor($c,$c); # clear carry + &mov($r,&wparam(0)); # + + &mov("ecx",&wparam(2)); # + &mov($a,&wparam(1)); # + + &and("ecx",0xfffffff8); # num / 8 + &mov($w,&wparam(3)); # - &mov(&swtmp(0),"ecx"); # + &push("ecx"); # Up the stack for a tmp variable + + &jz(&label("maw_finish")); + + &set_label("maw_loop",16); for ($i=0; $i<32; $i+=4) { &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a + &mov("eax",&DWP($i,$a)); # *a &mul($w); # *a * w - &add("eax",$c); # L(t)+= *r - &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r + &add("eax",$c); # L(t)+= c &adc("edx",0); # H(t)+=carry - &add("eax",$c); # L(t)+=c + &add("eax",&DWP($i,$r)); # L(t)+= *r &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); + &mov(&DWP($i,$r),"eax"); # *r= L(t); &mov($c,"edx"); # c= H(t); } &comment(""); - &mov("ecx",&swtmp(0)); # - &add($a,32); - &add($r,32); &sub("ecx",8); + &lea($a,&DWP(32,$a)); + &lea($r,&DWP(32,$r)); &jnz(&label("maw_loop")); &set_label("maw_finish",0); @@ -160,16 +188,15 @@ sub bn_mul_add_words for ($i=0; $i<7; $i++) { &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a + &mov("eax",&DWP($i*4,$a)); # *a &mul($w); # *a * w &add("eax",$c); # L(t)+=c - &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r &adc("edx",0); # H(t)+=carry - &add("eax",$c); + &add("eax",&DWP($i*4,$r)); # L(t)+= *r &adc("edx",0); # H(t)+=carry &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); + &mov(&DWP($i*4,$r),"eax"); # *r= L(t); + &mov($c,"edx"); # c= H(t); &jz(&label("maw_end")) if ($i != 7-1); } &set_label("maw_end",0); @@ -184,7 +211,45 @@ sub bn_mul_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); + + $r="eax"; + $a="edx"; + $c="ecx"; + + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),26); + &jnc(&label("mw_non_sse2")); + + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + &movd("mm0",&wparam(3)); # mm0 = w + &pxor("mm1","mm1"); # mm1 = carry = 0 + + &set_label("mw_sse2_loop",16); + &movd("mm2",&DWP(0,$a)); # mm2 = a[i] + &pmuludq("mm2","mm0"); # a[i] *= w + &lea($a,&DWP(4,$a)); + &paddq("mm1","mm2"); # carry += a[i]*w + &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low + &sub($c,1); + &psrlq("mm1",32); # carry = carry_high + &lea($r,&DWP(4,$r)); + &jnz(&label("mw_sse2_loop")); + + &movd("eax","mm1"); # return carry + &emms(); + &ret(); + &set_label("mw_non_sse2",16); + } + + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); &comment(""); $Low="eax"; @@ -257,7 +322,40 @@ sub bn_sqr_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); + + $r="eax"; + $a="edx"; + $c="ecx"; + + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),26); + &jnc(&label("sqr_non_sse2")); + + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + + &set_label("sqr_sse2_loop",16); + &movd("mm0",&DWP(0,$a)); # mm0 = a[i] + &pmuludq("mm0","mm0"); # a[i] *= a[i] + &lea($a,&DWP(4,$a)); # a++ + &movq(&QWP(0,$r),"mm0"); # r[i] = a[i]*a[i] + &sub($c,1); + &lea($r,&DWP(8,$r)); # r += 2 + &jnz(&label("sqr_sse2_loop")); + + &emms(); + &ret(); + &set_label("sqr_non_sse2",16); + } + + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); &comment(""); $r="esi"; @@ -313,12 +411,13 @@ sub bn_div_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,""); &mov("edx",&wparam(0)); # &mov("eax",&wparam(1)); # - &mov("ebx",&wparam(2)); # - &div("ebx"); - &function_end($name); + &mov("ecx",&wparam(2)); # + &div("ecx"); + &ret(); + &function_end_B($name); } sub bn_add_words diff --git a/src/lib/libssl/src/crypto/bn/asm/co-586.pl b/src/lib/libssl/src/crypto/bn/asm/co-586.pl index 5d962cb957..57101a6bd7 100644 --- a/src/lib/libssl/src/crypto/bn/asm/co-586.pl +++ b/src/lib/libssl/src/crypto/bn/asm/co-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); diff --git a/src/lib/libssl/src/crypto/bn/asm/ppc.pl b/src/lib/libssl/src/crypto/bn/asm/ppc.pl index 08e0053473..37c65d3511 100644 --- a/src/lib/libssl/src/crypto/bn/asm/ppc.pl +++ b/src/lib/libssl/src/crypto/bn/asm/ppc.pl @@ -100,9 +100,9 @@ # me a note at schari@us.ibm.com # -$opf = shift; +$flavour = shift; -if ($opf =~ /32\.s/) { +if ($flavour =~ /32/) { $BITS= 32; $BNSZ= $BITS/8; $ISA= "\"ppc\""; @@ -125,7 +125,7 @@ if ($opf =~ /32\.s/) { $INSR= "insrwi"; # insert right $ROTL= "rotlwi"; # rotate left by immediate $TR= "tw"; # conditional trap -} elsif ($opf =~ /64\.s/) { +} elsif ($flavour =~ /64/) { $BITS= 64; $BNSZ= $BITS/8; $ISA= "\"ppc64\""; @@ -149,93 +149,16 @@ if ($opf =~ /32\.s/) { $INSR= "insrdi"; # insert right $ROTL= "rotldi"; # rotate left by immediate $TR= "td"; # conditional trap -} else { die "nonsense $opf"; } +} else { die "nonsense $flavour"; } -( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!"; +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; -# function entry points from the AIX code -# -# There are other, more elegant, ways to handle this. We (IBM) chose -# this approach as it plays well with scripts we run to 'namespace' -# OpenSSL .i.e. we add a prefix to all the public symbols so we can -# co-exist in the same process with other implementations of OpenSSL. -# 'cleverer' ways of doing these substitutions tend to hide data we -# need to be obvious. -# -my @items = ("bn_sqr_comba4", - "bn_sqr_comba8", - "bn_mul_comba4", - "bn_mul_comba8", - "bn_sub_words", - "bn_add_words", - "bn_div_words", - "bn_sqr_words", - "bn_mul_words", - "bn_mul_add_words"); +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; -if ($opf =~ /linux/) { do_linux(); } -elsif ($opf =~ /aix/) { do_aix(); } -elsif ($opf =~ /osx/) { do_osx(); } -else { do_bsd(); } - -sub do_linux { - $d=&data(); - - if ($BITS==64) { - foreach $t (@items) { - $d =~ s/\.$t:/\ -\t.section\t".opd","aw"\ -\t.align\t3\ -\t.globl\t$t\ -$t:\ -\t.quad\t.$t,.TOC.\@tocbase,0\ -\t.size\t$t,24\ -\t.previous\n\ -\t.type\t.$t,\@function\ -\t.globl\t.$t\ -.$t:/g; - } - } - else { - foreach $t (@items) { - $d=~s/\.$t/$t/g; - } - } - # hide internal labels to avoid pollution of name table... - $d=~s/Lppcasm_/.Lppcasm_/gm; - print $d; -} - -sub do_aix { - # AIX assembler is smart enough to please the linker without - # making us do something special... - print &data(); -} - -# MacOSX 32 bit -sub do_osx { - $d=&data(); - # Change the bn symbol prefix from '.' to '_' - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - # Change .machine to something OS X asm will accept - $d=~s/\.machine.*/.text/g; - $d=~s/\#/;/g; # change comment from '#' to ';' - print $d; -} - -# BSD (Untested) -sub do_bsd { - $d=&data(); - foreach $t (@items) { - $d=~s/\.$t/_$t/g; - } - print $d; -} - -sub data { - local($data)=< 0 then result !=0 # In either case carry bit is set. - bc BO_IF,CR0_EQ,Lppcasm_sub_adios + beq Lppcasm_sub_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1635,11 +1545,11 @@ Lppcasm_sub_mainloop: # if carry = 1 this is r7-r8. Else it # is r7-r8 -1 as we need. $STU r6,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop + bdnz- Lppcasm_sub_mainloop Lppcasm_sub_adios: subfze r3,r0 # if carry bit is set then r3 = 0 else -1 andi. r3,r3,1 # keep only last bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 @@ -1670,7 +1580,7 @@ Lppcasm_sub_adios: # check for r6 = 0. Is this needed? # addic. r6,r6,0 #test r6 and clear carry bit. - bc BO_IF,CR0_EQ,Lppcasm_add_adios + beq Lppcasm_add_adios addi r4,r4,-$BNSZ addi r3,r3,-$BNSZ addi r5,r5,-$BNSZ @@ -1680,10 +1590,10 @@ Lppcasm_add_mainloop: $LDU r8,$BNSZ(r5) adde r8,r7,r8 $STU r8,$BNSZ(r3) - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop + bdnz- Lppcasm_add_mainloop Lppcasm_add_adios: addze r3,r0 #return carry bit. - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1707,24 +1617,24 @@ Lppcasm_add_adios: # r5 = d $UCMPI 0,r5,0 # compare r5 and 0 - bc BO_IF_NOT,CR0_EQ,Lppcasm_div1 # proceed if d!=0 + bne Lppcasm_div1 # proceed if d!=0 li r3,-1 # d=0 return -1 - bclr BO_ALWAYS,CR0_LT + blr Lppcasm_div1: xor r0,r0,r0 #r0=0 li r8,$BITS $CNTLZ. r7,r5 #r7 = num leading 0s in d. - bc BO_IF,CR0_EQ,Lppcasm_div2 #proceed if no leading zeros + beq Lppcasm_div2 #proceed if no leading zeros subf r8,r7,r8 #r8 = BN_num_bits_word(d) $SHR. r9,r3,r8 #are there any bits above r8'th? $TR 16,r9,r0 #if there're, signal to dump core... Lppcasm_div2: $UCMP 0,r3,r5 #h>=d? - bc BO_IF,CR0_LT,Lppcasm_div3 #goto Lppcasm_div3 if not + blt Lppcasm_div3 #goto Lppcasm_div3 if not subf r3,r5,r3 #h-=d ; Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i cmpi 0,0,r7,0 # is (i == 0)? - bc BO_IF,CR0_EQ,Lppcasm_div4 + beq Lppcasm_div4 $SHL r3,r3,r7 # h = (h<< i) $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) $SHL r5,r5,r7 # d<<=i @@ -1741,7 +1651,7 @@ Lppcasm_divouterloop: $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 # compute here for innerloop. $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh - bc BO_IF_NOT,CR0_EQ,Lppcasm_div5 # goto Lppcasm_div5 if not + bne Lppcasm_div5 # goto Lppcasm_div5 if not li r8,-1 $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l @@ -1762,9 +1672,9 @@ Lppcasm_divinnerloop: # the following 2 instructions do that $SHLI r7,r10,`$BITS/2` # r7 = (t<>BN_BITS4) - $UCMP 1,r6,r7 # compare (tl <= r7) - bc BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit - bc BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit + $UCMP cr1,r6,r7 # compare (tl <= r7) + bne Lppcasm_divinnerexit + ble cr1,Lppcasm_divinnerexit addi r8,r8,-1 #q-- subf r12,r9,r12 #th -=dh $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. @@ -1773,14 +1683,14 @@ Lppcasm_divinnerloop: Lppcasm_divinnerexit: $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) $SHLI r11,r6,`$BITS/2` #tl=(tl<=tl) goto Lppcasm_div7 + bge cr1,Lppcasm_div7 # if (l>=tl) goto Lppcasm_div7 addi r12,r12,1 # th++ Lppcasm_div7: subf r11,r11,r4 #r11=l-tl - $UCMP 1,r3,r12 #compare h and th - bc BO_IF_NOT,CR1_FX,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 + $UCMP cr1,r3,r12 #compare h and th + bge cr1,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 addi r8,r8,-1 # q-- add r3,r5,r3 # h+=d Lppcasm_div8: @@ -1791,12 +1701,12 @@ Lppcasm_div8: # the following 2 instructions will do this. $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ; + bdz Lppcasm_div9 #if (count==0) break ; $SHLI r0,r8,`$BITS/2` #ret =q<> 2 - bc BO_IF,CR0_EQ,Lppcasm_mw_REM + beq Lppcasm_mw_REM mtctr r7 Lppcasm_mw_LOOP: #mul(rp[0],ap[0],w,c1); @@ -1896,11 +1806,11 @@ Lppcasm_mw_LOOP: addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP + bdnz- Lppcasm_mw_LOOP Lppcasm_mw_REM: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[0],ap[0],w,c1); $LD r8,`0*$BNSZ`(r4) $UMULL r9,r6,r8 @@ -1912,7 +1822,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul(rp[1],ap[1],w,c1); @@ -1926,7 +1836,7 @@ Lppcasm_mw_REM: addi r5,r5,-1 cmpli 0,0,r5,0 - bc BO_IF,CR0_EQ,Lppcasm_mw_OVER + beq Lppcasm_mw_OVER #mul_add(rp[2],ap[2],w,c1); $LD r8,`2*$BNSZ`(r4) @@ -1939,7 +1849,7 @@ Lppcasm_mw_REM: Lppcasm_mw_OVER: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 # @@ -1964,7 +1874,7 @@ Lppcasm_mw_OVER: xor r0,r0,r0 #r0 = 0 xor r12,r12,r12 #r12 = 0 . used for carry rlwinm. r7,r5,30,2,31 # num >> 2 - bc BO_IF,CR0_EQ,Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover + beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover mtctr r7 Lppcasm_maw_mainloop: #mul_add(rp[0],ap[0],w,c1); @@ -2017,11 +1927,11 @@ Lppcasm_maw_mainloop: $ST r11,`3*$BNSZ`(r3) addi r3,r3,`4*$BNSZ` addi r4,r4,`4*$BNSZ` - bc BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop + bdnz- Lppcasm_maw_mainloop Lppcasm_maw_leftover: andi. r5,r5,0x3 - bc BO_IF,CR0_EQ,Lppcasm_maw_adios + beq Lppcasm_maw_adios addi r3,r3,-$BNSZ addi r4,r4,-$BNSZ #mul_add(rp[0],ap[0],w,c1); @@ -2036,7 +1946,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[1],ap[1],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2048,7 +1958,7 @@ Lppcasm_maw_leftover: addze r12,r10 $ST r9,0(r3) - bc BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios + bdz Lppcasm_maw_adios #mul_add(rp[2],ap[2],w,c1); $LDU r8,$BNSZ(r4) $UMULL r9,r6,r8 @@ -2062,17 +1972,10 @@ Lppcasm_maw_leftover: Lppcasm_maw_adios: addi r3,r12,0 - bclr BO_ALWAYS,CR0_LT + blr .long 0x00000000 .align 4 EOF - $data =~ s/\`([^\`]*)\`/eval $1/gem; - - # if some assembler chokes on some simplified mnemonic, - # this is the spot to fix it up, e.g.: - # GNU as doesn't seem to accept cmplw, 32-bit unsigned compare - $data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm; - # assembler X doesn't accept li, load immediate value - #$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm; - return($data); -} +$data =~ s/\`([^\`]*)\`/eval $1/gem; +print $data; +close STDOUT; diff --git a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S index 8c56e2e7e7..63de1860f2 100644 --- a/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S +++ b/src/lib/libssl/src/crypto/bn/asm/sparcv8plus.S @@ -144,6 +144,19 @@ * } */ +#if defined(__SUNPRO_C) && defined(__sparcv9) + /* They've said -xarch=v9 at command line */ + .register %g2,#scratch + .register %g3,#scratch +# define FRAME_SIZE -192 +#elif defined(__GNUC__) && defined(__arch64__) + /* They've said -m64 at command line */ + .register %g2,#scratch + .register %g3,#scratch +# define FRAME_SIZE -192 +#else +# define FRAME_SIZE -96 +#endif /* * GNU assembler can't stand stuw:-( */ @@ -619,8 +632,6 @@ bn_sub_words: * Andy. */ -#define FRAME_SIZE -96 - /* * Here is register usage map for *all* routines below. */ diff --git a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c index f13f52dd85..acb0b40118 100644 --- a/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c +++ b/src/lib/libssl/src/crypto/bn/asm/x86_64-gcc.c @@ -1,4 +1,5 @@ -#ifdef __SUNPRO_C +#include "../bn_lcl.h" +#if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else /* @@ -54,7 +55,15 @@ * machine. */ +#ifdef _WIN64 +#define BN_ULONG unsigned long long +#else #define BN_ULONG unsigned long +#endif + +#undef mul +#undef mul_add +#undef sqr /* * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; @@ -97,7 +106,7 @@ : "a"(a) \ : "cc"); -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -121,7 +130,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) { BN_ULONG c1=0; @@ -144,7 +153,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) return(c1); } -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { if (n <= 0) return; @@ -175,14 +184,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) return ret; } -BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " adcq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -198,14 +207,14 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) } #ifndef SIMICS -BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) +BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) { BN_ULONG ret=0,i=0; if (n <= 0) return 0; asm ( " subq %2,%2 \n" - ".align 16 \n" + ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" " sbbq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" @@ -485,7 +494,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) r[7]=c2; } -void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; @@ -561,7 +570,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) r[15]=c1; } -void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) +void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) { BN_ULONG t1,t2; BN_ULONG c1,c2,c3; diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h index f1719a5877..e484b7fc11 100644 --- a/src/lib/libssl/src/crypto/bn/bn.h +++ b/src/lib/libssl/src/crypto/bn/bn.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. * @@ -77,6 +130,7 @@ #include /* FILE */ #endif #include +#include #ifdef __cplusplus extern "C" { @@ -94,9 +148,11 @@ extern "C" { /* #define BN_DEBUG */ /* #define BN_DEBUG_RAND */ +#ifndef OPENSSL_SMALL_FOOTPRINT #define BN_MUL_COMBA #define BN_SQR_COMBA #define BN_RECURSION +#endif /* This next option uses the C libraries (2 word)/(1 word) function. * If it is not defined, I use my C version (which is slower). @@ -137,6 +193,8 @@ extern "C" { #define BN_DEC_FMT1 "%lu" #define BN_DEC_FMT2 "%019lu" #define BN_DEC_NUM 19 +#define BN_HEX_FMT1 "%lX" +#define BN_HEX_FMT2 "%016lX" #endif /* This is where the long long data type is 64 bits, but long is 32. @@ -162,83 +220,37 @@ extern "C" { #define BN_DEC_FMT1 "%llu" #define BN_DEC_FMT2 "%019llu" #define BN_DEC_NUM 19 +#define BN_HEX_FMT1 "%llX" +#define BN_HEX_FMT2 "%016llX" #endif #ifdef THIRTY_TWO_BIT #ifdef BN_LLONG -# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +# if defined(_WIN32) && !defined(__GNUC__) # define BN_ULLONG unsigned __int64 +# define BN_MASK (0xffffffffffffffffI64) # else # define BN_ULLONG unsigned long long +# define BN_MASK (0xffffffffffffffffLL) # endif #endif -#define BN_ULONG unsigned long -#define BN_LONG long +#define BN_ULONG unsigned int +#define BN_LONG int #define BN_BITS 64 #define BN_BYTES 4 #define BN_BITS2 32 #define BN_BITS4 16 -#ifdef OPENSSL_SYS_WIN32 -/* VC++ doesn't like the LL suffix */ -#define BN_MASK (0xffffffffffffffffL) -#else -#define BN_MASK (0xffffffffffffffffLL) -#endif #define BN_MASK2 (0xffffffffL) #define BN_MASK2l (0xffff) #define BN_MASK2h1 (0xffff8000L) #define BN_MASK2h (0xffff0000L) #define BN_TBIT (0x80000000L) #define BN_DEC_CONV (1000000000L) -#define BN_DEC_FMT1 "%lu" -#define BN_DEC_FMT2 "%09lu" -#define BN_DEC_NUM 9 -#endif - -#ifdef SIXTEEN_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned long -#define BN_ULONG unsigned short -#define BN_LONG short -#define BN_BITS 32 -#define BN_BYTES 2 -#define BN_BITS2 16 -#define BN_BITS4 8 -#define BN_MASK (0xffffffff) -#define BN_MASK2 (0xffff) -#define BN_MASK2l (0xff) -#define BN_MASK2h1 (0xff80) -#define BN_MASK2h (0xff00) -#define BN_TBIT (0x8000) -#define BN_DEC_CONV (100000) #define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%05u" -#define BN_DEC_NUM 5 -#endif - -#ifdef EIGHT_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned short -#define BN_ULONG unsigned char -#define BN_LONG char -#define BN_BITS 16 -#define BN_BYTES 1 -#define BN_BITS2 8 -#define BN_BITS4 4 -#define BN_MASK (0xffff) -#define BN_MASK2 (0xff) -#define BN_MASK2l (0xf) -#define BN_MASK2h1 (0xf8) -#define BN_MASK2h (0xf0) -#define BN_TBIT (0x80) -#define BN_DEC_CONV (100) -#define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%02u" -#define BN_DEC_NUM 2 +#define BN_DEC_FMT2 "%09u" +#define BN_DEC_NUM 9 +#define BN_HEX_FMT1 "%X" +#define BN_HEX_FMT2 "%08X" #endif #define BN_DEFAULT_BITS 1280 @@ -303,12 +315,8 @@ struct bn_mont_ctx_st BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ -#if 0 - /* OpenSSL 0.9.9 preview: */ - BN_ULONG n0[2];/* least significant word(s) of Ni */ -#else - BN_ULONG n0; /* least significant word of Ni */ -#endif + BN_ULONG n0[2];/* least significant word(s) of Ni; + (type changed with 0.9.9, was "BN_ULONG n0;" before) */ int flags; }; @@ -504,6 +512,7 @@ char * BN_bn2hex(const BIGNUM *a); char * BN_bn2dec(const BIGNUM *a); int BN_hex2bn(BIGNUM **a, const char *str); int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ BIGNUM *BN_mod_inverse(BIGNUM *ret, @@ -531,17 +540,6 @@ int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); -int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); - -int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); -int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xp1, BIGNUM *Xp2, - const BIGNUM *Xp, - const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); - BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, @@ -560,19 +558,22 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, #define BN_BLINDING_NO_UPDATE 0x00000001 #define BN_BLINDING_NO_RECREATE 0x00000002 -BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); void BN_BLINDING_free(BN_BLINDING *b); int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +#ifndef OPENSSL_NO_DEPRECATED unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +#endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx); @@ -625,24 +626,24 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, * t^p[0] + t^p[1] + ... + t^p[k] * where m = p[0] > p[1] > ... > p[k] = 0. */ -int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); /* r = a mod p */ int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ -int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], + const int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx); /* r = (a * a) mod p */ -int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], BN_CTX *ctx); /* r = (1 / b) mod p */ int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ + const int p[], BN_CTX *ctx); /* r = (a / b) mod p */ int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ + const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, - const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ + const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, - const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ -int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); -int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); + const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); /* faster mod functions for the 'NIST primes' * 0 <= a < p^2 */ @@ -751,10 +752,12 @@ int RAND_pseudo_bytes(unsigned char *buf,int num); #define bn_correct_top(a) \ { \ BN_ULONG *ftl; \ - if ((a)->top > 0) \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ } \ bn_pollute(a); \ } diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c index 99bc2de491..c43c91cc09 100644 --- a/src/lib/libssl/src/crypto/bn/bn_asm.c +++ b/src/lib/libssl/src/crypto/bn/bn_asm.c @@ -75,6 +75,7 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) assert(num >= 0); if (num <= 0) return(c1); +#ifndef OPENSSL_SMALL_FOOTPRINT while (num&~3) { mul_add(rp[0],ap[0],w,c1); @@ -83,11 +84,11 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) mul_add(rp[3],ap[3],w,c1); ap+=4; rp+=4; num-=4; } - if (num) +#endif + while (num) { - mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; - mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; - mul_add(rp[2],ap[2],w,c1); return c1; + mul_add(rp[0],ap[0],w,c1); + ap++; rp++; num--; } return(c1); @@ -100,6 +101,7 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) assert(num >= 0); if (num <= 0) return(c1); +#ifndef OPENSSL_SMALL_FOOTPRINT while (num&~3) { mul(rp[0],ap[0],w,c1); @@ -108,11 +110,11 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) mul(rp[3],ap[3],w,c1); ap+=4; rp+=4; num-=4; } - if (num) +#endif + while (num) { - mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; - mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; - mul(rp[2],ap[2],w,c1); + mul(rp[0],ap[0],w,c1); + ap++; rp++; num--; } return(c1); } @@ -121,6 +123,8 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { assert(n >= 0); if (n <= 0) return; + +#ifndef OPENSSL_SMALL_FOOTPRINT while (n&~3) { sqr(r[0],r[1],a[0]); @@ -129,11 +133,11 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) sqr(r[6],r[7],a[3]); a+=4; r+=8; n-=4; } - if (n) +#endif + while (n) { - sqr(r[0],r[1],a[0]); if (--n == 0) return; - sqr(r[2],r[3],a[1]); if (--n == 0) return; - sqr(r[4],r[5],a[2]); + sqr(r[0],r[1],a[0]); + a++; r+=2; n--; } } @@ -150,18 +154,20 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) bl=LBITS(w); bh=HBITS(w); - for (;;) +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num&~3) { mul_add(rp[0],ap[0],bl,bh,c); - if (--num == 0) break; mul_add(rp[1],ap[1],bl,bh,c); - if (--num == 0) break; mul_add(rp[2],ap[2],bl,bh,c); - if (--num == 0) break; mul_add(rp[3],ap[3],bl,bh,c); - if (--num == 0) break; - ap+=4; - rp+=4; + ap+=4; rp+=4; num-=4; + } +#endif + while (num) + { + mul_add(rp[0],ap[0],bl,bh,c); + ap++; rp++; num--; } return(c); } @@ -177,18 +183,20 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) bl=LBITS(w); bh=HBITS(w); - for (;;) +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num&~3) { mul(rp[0],ap[0],bl,bh,carry); - if (--num == 0) break; mul(rp[1],ap[1],bl,bh,carry); - if (--num == 0) break; mul(rp[2],ap[2],bl,bh,carry); - if (--num == 0) break; mul(rp[3],ap[3],bl,bh,carry); - if (--num == 0) break; - ap+=4; - rp+=4; + ap+=4; rp+=4; num-=4; + } +#endif + while (num) + { + mul(rp[0],ap[0],bl,bh,carry); + ap++; rp++; num--; } return(carry); } @@ -197,22 +205,21 @@ void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) { assert(n >= 0); if (n <= 0) return; - for (;;) + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n&~3) { sqr64(r[0],r[1],a[0]); - if (--n == 0) break; - sqr64(r[2],r[3],a[1]); - if (--n == 0) break; - sqr64(r[4],r[5],a[2]); - if (--n == 0) break; - sqr64(r[6],r[7],a[3]); - if (--n == 0) break; - - a+=4; - r+=8; + a+=4; r+=8; n-=4; + } +#endif + while (n) + { + sqr64(r[0],r[1],a[0]); + a++; r+=2; n--; } } @@ -303,31 +310,30 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) assert(n >= 0); if (n <= 0) return((BN_ULONG)0); - for (;;) +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n&~3) { ll+=(BN_ULLONG)a[0]+b[0]; r[0]=(BN_ULONG)ll&BN_MASK2; ll>>=BN_BITS2; - if (--n <= 0) break; - ll+=(BN_ULLONG)a[1]+b[1]; r[1]=(BN_ULONG)ll&BN_MASK2; ll>>=BN_BITS2; - if (--n <= 0) break; - ll+=(BN_ULLONG)a[2]+b[2]; r[2]=(BN_ULONG)ll&BN_MASK2; ll>>=BN_BITS2; - if (--n <= 0) break; - ll+=(BN_ULLONG)a[3]+b[3]; r[3]=(BN_ULONG)ll&BN_MASK2; ll>>=BN_BITS2; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; + a+=4; b+=4; r+=4; n-=4; + } +#endif + while (n) + { + ll+=(BN_ULLONG)a[0]+b[0]; + r[0]=(BN_ULONG)ll&BN_MASK2; + ll>>=BN_BITS2; + a++; b++; r++; n--; } return((BN_ULONG)ll); } @@ -340,7 +346,8 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) if (n <= 0) return((BN_ULONG)0); c=0; - for (;;) +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n&~3) { t=a[0]; t=(t+c)&BN_MASK2; @@ -348,35 +355,36 @@ BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) l=(t+b[0])&BN_MASK2; c+=(l < t); r[0]=l; - if (--n <= 0) break; - t=a[1]; t=(t+c)&BN_MASK2; c=(t < c); l=(t+b[1])&BN_MASK2; c+=(l < t); r[1]=l; - if (--n <= 0) break; - t=a[2]; t=(t+c)&BN_MASK2; c=(t < c); l=(t+b[2])&BN_MASK2; c+=(l < t); r[2]=l; - if (--n <= 0) break; - t=a[3]; t=(t+c)&BN_MASK2; c=(t < c); l=(t+b[3])&BN_MASK2; c+=(l < t); r[3]=l; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; + a+=4; b+=4; r+=4; n-=4; + } +#endif + while(n) + { + t=a[0]; + t=(t+c)&BN_MASK2; + c=(t < c); + l=(t+b[0])&BN_MASK2; + c+=(l < t); + r[0]=l; + a++; b++; r++; n--; } return((BN_ULONG)c); } @@ -390,36 +398,35 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) assert(n >= 0); if (n <= 0) return((BN_ULONG)0); - for (;;) +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n&~3) { t1=a[0]; t2=b[0]; r[0]=(t1-t2-c)&BN_MASK2; if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - t1=a[1]; t2=b[1]; r[1]=(t1-t2-c)&BN_MASK2; if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - t1=a[2]; t2=b[2]; r[2]=(t1-t2-c)&BN_MASK2; if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - t1=a[3]; t2=b[3]; r[3]=(t1-t2-c)&BN_MASK2; if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; + a+=4; b+=4; r+=4; n-=4; + } +#endif + while (n) + { + t1=a[0]; t2=b[0]; + r[0]=(t1-t2-c)&BN_MASK2; + if (t1 != t2) c=(t1 < t2); + a++; b++; r++; n--; } return(c); } -#ifdef BN_MUL_COMBA +#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) #undef bn_mul_comba8 #undef bn_mul_comba4 @@ -820,18 +827,134 @@ void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) r[6]=c1; r[7]=c2; } + +#ifdef OPENSSL_NO_ASM +#ifdef OPENSSL_BN_ASM_MONT +#include +/* + * This is essentially reference implementation, which may or may not + * result in performance improvement. E.g. on IA-32 this routine was + * observed to give 40% faster rsa1024 private key operations and 10% + * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only + * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a + * reference implementation, one to be used as starting point for + * platform-specific assembler. Mentioned numbers apply to compiler + * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and + * can vary not only from platform to platform, but even for compiler + * versions. Assembler vs. assembler improvement coefficients can + * [and are known to] differ and are to be documented elsewhere. + */ +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num) + { + BN_ULONG c0,c1,ml,*tp,n0; +#ifdef mul64 + BN_ULONG mh; +#endif + volatile BN_ULONG *vp; + int i=0,j; + +#if 0 /* template for platform-specific implementation */ + if (ap==bp) return bn_sqr_mont(rp,ap,np,n0p,num); +#endif + vp = tp = alloca((num+2)*sizeof(BN_ULONG)); + + n0 = *n0p; + + c0 = 0; + ml = bp[0]; +#ifdef mul64 + mh = HBITS(ml); + ml = LBITS(ml); + for (j=0;j=np[num-1]) + { + c0 = bn_sub_words(rp,tp,np,num); + if (tp[num]!=0 || c0==0) + { + for(i=0;i +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num) + { + BN_ULONG c0,c1,*tp,n0=*n0p; + volatile BN_ULONG *vp; + int i=0,j; + + vp = tp = alloca((num+2)*sizeof(BN_ULONG)); + + for(i=0;i<=num;i++) tp[i]=0; + + for(i=0;i=np[num-1]) + { + c0 = bn_sub_words(rp,tp,np,num); + if (tp[num]!=0 || c0==0) + { + for(i=0;imod, BN_FLG_CONSTTIME); ret->counter = BN_BLINDING_COUNTER; + CRYPTO_THREADID_current(&ret->tid); return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); @@ -263,6 +267,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct return(ret); } +#ifndef OPENSSL_NO_DEPRECATED unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) { return b->thread_id; @@ -272,6 +277,12 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) { b->thread_id = n; } +#endif + +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) + { + return &b->tid; + } unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) { @@ -284,7 +295,7 @@ void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) } BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, - const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx) diff --git a/src/lib/libssl/src/crypto/bn/bn_ctx.c b/src/lib/libssl/src/crypto/bn/bn_ctx.c index b3452f1a91..3f2256f675 100644 --- a/src/lib/libssl/src/crypto/bn/bn_ctx.c +++ b/src/lib/libssl/src/crypto/bn/bn_ctx.c @@ -161,7 +161,7 @@ static void ctxdbg(BN_CTX *ctx) fprintf(stderr,"(%08x): ", (unsigned int)ctx); while(bnidx < ctx->used) { - fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); + fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); if(!(bnidx % BN_CTX_POOL_SIZE)) item = item->next; } @@ -171,8 +171,8 @@ static void ctxdbg(BN_CTX *ctx) while(fpidx < stack->depth) { while(bnidx++ < stack->indexes[fpidx]) - fprintf(stderr," "); - fprintf(stderr,"^^ "); + fprintf(stderr," "); + fprintf(stderr,"^^^ "); bnidx++; fpidx++; } diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c index 1e8e57626b..802a43d642 100644 --- a/src/lib/libssl/src/crypto/bn/bn_div.c +++ b/src/lib/libssl/src/crypto/bn/bn_div.c @@ -102,7 +102,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, /* The next 2 are needed so we can do a dv->d[0]|=1 later * since BN_lshift1 will only work once there is a value :-) */ BN_zero(dv); - bn_wexpand(dv,1); + if(bn_wexpand(dv,1) == NULL) goto end; dv->top=1; if (!BN_lshift(D,D,nm-nd)) goto end; @@ -229,7 +229,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, if (dv == NULL) res=BN_CTX_get(ctx); else res=dv; - if (sdiv == NULL || res == NULL) goto err; + if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) + goto err; /* First we normalise the numbers */ norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); @@ -336,7 +337,7 @@ X) -> 0x%08X\n", t2 -= d1; } #else /* !BN_LLONG */ - BN_ULONG t2l,t2h,ql,qh; + BN_ULONG t2l,t2h; q=bn_div_words(n0,n1,d0); #ifdef BN_DEBUG_LEVITTE @@ -354,9 +355,12 @@ X) -> 0x%08X\n", t2l = d1 * q; t2h = BN_UMULT_HIGH(d1,q); #else + { + BN_ULONG ql, qh; t2l=LBITS(d1); t2h=HBITS(d1); ql =LBITS(q); qh =HBITS(q); mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ + } #endif for (;;) @@ -560,7 +564,7 @@ X) -> 0x%08X\n", t2 -= d1; } #else /* !BN_LLONG */ - BN_ULONG t2l,t2h,ql,qh; + BN_ULONG t2l,t2h; q=bn_div_words(n0,n1,d0); #ifdef BN_DEBUG_LEVITTE @@ -578,9 +582,12 @@ X) -> 0x%08X\n", t2l = d1 * q; t2h = BN_UMULT_HIGH(d1,q); #else + { + BN_ULONG ql, qh; t2l=LBITS(d1); t2h=HBITS(d1); ql =LBITS(q); qh =HBITS(q); mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ + } #endif for (;;) diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c index 70a33f0d93..d9b6c737fc 100644 --- a/src/lib/libssl/src/crypto/bn/bn_exp.c +++ b/src/lib/libssl/src/crypto/bn/bn_exp.c @@ -134,7 +134,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) rr = BN_CTX_get(ctx); else rr = r; - if ((v = BN_CTX_get(ctx)) == NULL) goto err; + v = BN_CTX_get(ctx); + if (rr == NULL || v == NULL) goto err; if (BN_copy(v,a) == NULL) goto err; bits=BN_num_bits(p); diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h index 27ac4397a1..8e5e98e3f2 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lcl.h +++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h @@ -255,7 +255,8 @@ extern "C" { : "r"(a), "r"(b)); \ ret; }) # endif /* compiler */ -# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) +# elif (defined(__x86_64) || defined(__x86_64__)) && \ + (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) # if defined(__GNUC__) # define BN_UMULT_HIGH(a,b) ({ \ register BN_ULONG ret,discard; \ diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c index 32a8fbaf51..5470fbe6ef 100644 --- a/src/lib/libssl/src/crypto/bn/bn_lib.c +++ b/src/lib/libssl/src/crypto/bn/bn_lib.c @@ -133,15 +133,34 @@ int BN_get_params(int which) const BIGNUM *BN_value_one(void) { - static BN_ULONG data_one=1L; - static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; + static const BN_ULONG data_one=1L; + static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA}; return(&const_one); } +char *BN_options(void) + { + static int init=0; + static char data[16]; + + if (!init) + { + init++; +#ifdef BN_LLONG + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); +#else + BIO_snprintf(data,sizeof data,"bn(%d,%d)", + (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); +#endif + } + return(data); + } + int BN_num_bits_word(BN_ULONG l) { - static const char bits[256]={ + static const unsigned char bits[256]={ 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, @@ -216,7 +235,7 @@ int BN_num_bits_word(BN_ULONG l) else #endif { -#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) if (l & 0xff00L) return(bits[(int)(l>>8)]+8); else @@ -744,7 +763,7 @@ int BN_is_bit_set(const BIGNUM *a, int n) i=n/BN_BITS2; j=n%BN_BITS2; if (a->top <= i) return 0; - return(((a->d[i])>>j)&((BN_ULONG)1)); + return (int)(((a->d[i])>>j)&((BN_ULONG)1)); } int BN_mask_bits(BIGNUM *a, int n) diff --git a/src/lib/libssl/src/crypto/bn/bn_mont.c b/src/lib/libssl/src/crypto/bn/bn_mont.c index 4799b152dd..7224637ab3 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mont.c +++ b/src/lib/libssl/src/crypto/bn/bn_mont.c @@ -122,26 +122,10 @@ #define MONT_WORD /* use the faster word-based algorithm */ -#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) -/* This condition means we have a specific non-default build: - * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any - * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. - * I.e., if we are here, the user intentionally deviates from the - * normal stable build to get better Montgomery performance from - * the 0.9.9-dev backport. - * - * In this case only, we also enable BN_from_montgomery_word() - * (another non-stable feature from 0.9.9-dev). - */ -#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD -#endif - -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#ifdef MONT_WORD static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif - - int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { @@ -153,11 +137,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (num>1 && a->top==num && b->top==num) { if (bn_wexpand(r,num) == NULL) return(0); -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) -#else - if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) -#endif { r->neg = a->neg^b->neg; r->top = num; @@ -181,7 +161,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (!BN_mul(tmp,a,b,ctx)) goto err; } /* reduce from aRR to aR */ -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#ifdef MONT_WORD if (!BN_from_montgomery_word(r,tmp,mont)) goto err; #else if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; @@ -193,7 +173,7 @@ err: return(ret); } -#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +#ifdef MONT_WORD static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; @@ -217,15 +197,15 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) nrp= &(r->d[nl]); /* clear the top words of T */ +#if 1 for (i=r->top; id[i]=0; +#else + memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); +#endif r->top=max; -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ n0=mont->n0[0]; -#else - n0=mont->n0; -#endif #ifdef BN_COUNT fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); @@ -270,6 +250,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) } al=r->top-ri; +#define BRANCH_FREE 1 +#if BRANCH_FREE if (bn_wexpand(ret,ri) == NULL) return(0); x=0-(((al-ri)>>(sizeof(al)*8-1))&1); ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ @@ -317,164 +299,8 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp[i]=nrp[i], ap[i]=0; bn_correct_top(r); bn_correct_top(ret); - bn_check_top(ret); - - return(1); - } - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) - retn = BN_from_montgomery_word(ret,t,mont); - BN_CTX_end(ctx); - return retn; - } - -#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; - -#ifdef MONT_WORD - BIGNUM *n,*r; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; - - BN_CTX_start(ctx); - if ((r = BN_CTX_get(ctx)) == NULL) goto err; - - if (!BN_copy(r,a)) goto err; - n= &(mont->N); - - ap=a->d; - /* mont->ri is the size of mont->N in bits (rounded up - to the word size) */ - al=ri=mont->ri/BN_BITS2; - - nl=n->top; - if ((al == 0) || (nl == 0)) { r->top=0; return(1); } - - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; - - r->neg=a->neg^n->neg; - np=n->d; - rp=r->d; - nrp= &(r->d[nl]); - - /* clear the top words of T */ -#if 1 - for (i=r->top; id[i]=0; #else - memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); -#endif - - r->top=max; - n0=mont->n0; - -#ifdef BN_COUNT - fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); -#endif - for (i=0; i= v) - continue; - else - { - if (((++nrp[0])&BN_MASK2) != 0) continue; - if (((++nrp[1])&BN_MASK2) != 0) continue; - for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; - } - } - bn_correct_top(r); - - /* mont->ri will be a multiple of the word size and below code - * is kind of BN_rshift(ret,r,mont->ri) equivalent */ - if (r->top <= ri) - { - ret->top=0; - retn=1; - goto err; - } - al=r->top-ri; - -# define BRANCH_FREE 1 -# if BRANCH_FREE - if (bn_wexpand(ret,ri) == NULL) goto err; - x=0-(((al-ri)>>(sizeof(al)*8-1))&1); - ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ - ret->neg=r->neg; - - rp=ret->d; - ap=&(r->d[ri]); - - { - size_t m1,m2; - - v=bn_sub_words(rp,ap,np,ri); - /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ - /* in other words if subtraction result is real, then - * trick unconditional memcpy below to perform in-place - * "refresh" instead of actual copy. */ - m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ - m1|=m2; /* (al!=ri) */ - m1|=(0-(size_t)v); /* (al!=ri || v) */ - m1&=~m2; /* (al!=ri || v) && !al>ri */ - nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); - } - - /* 'itop=al; ret->neg=r->neg; @@ -497,8 +323,30 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, al+=4; for (; iN)) >= 0) + { + if (!BN_usub(ret,ret,&(mont->N))) return(0); + } +#endif + bn_check_top(ret); + + return(1); + } +#endif /* MONT_WORD */ + +int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) + { + int retn=0; +#ifdef MONT_WORD + BIGNUM *t; + + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) && BN_copy(t,a)) + retn = BN_from_montgomery_word(ret,t,mont); + BN_CTX_end(ctx); +#else /* !MONT_WORD */ BIGNUM *t1,*t2; BN_CTX_start(ctx); @@ -515,21 +363,18 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; if (!BN_add(t2,a,t1)) goto err; if (!BN_rshift(ret,t2,mont->ri)) goto err; -#endif /* MONT_WORD */ -#if !defined(BRANCH_FREE) || BRANCH_FREE==0 if (BN_ucmp(ret, &(mont->N)) >= 0) { if (!BN_usub(ret,ret,&(mont->N))) goto err; } -#endif retn=1; bn_check_top(ret); err: BN_CTX_end(ctx); +#endif /* MONT_WORD */ return(retn); } -#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ BN_MONT_CTX *BN_MONT_CTX_new(void) { @@ -549,11 +394,7 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx) BN_init(&(ctx->RR)); BN_init(&(ctx->N)); BN_init(&(ctx->Ni)); -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ ctx->n0[0] = ctx->n0[1] = 0; -#else - ctx->n0 = 0; -#endif ctx->flags=0; } @@ -585,26 +426,22 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BIGNUM tmod; BN_ULONG buf[2]; - mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - BN_zero(R); -#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", - only certain BN_BITS2<=32 platforms actually need this */ - if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ -#else - if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ -#endif - - buf[0]=mod->d[0]; /* tmod = N mod word size */ - buf[1]=0; - BN_init(&tmod); tmod.d=buf; - tmod.top = buf[0] != 0 ? 1 : 0; tmod.dmax=2; tmod.neg=0; -#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; - only certain BN_BITS2<=32 platforms actually need this */ + mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; + +#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) + /* Only certain BN_BITS2<=32 platforms actually make use of + * n0[1], and we could use the #else case (with a shorter R + * value) for the others. However, currently only the assembler + * files do know which is which. */ + + BN_zero(R); + if (!(BN_set_bit(R,2*BN_BITS2))) goto err; + tmod.top=0; if ((buf[0] = mod->d[0])) tmod.top=1; if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; @@ -632,6 +469,12 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; #else + BN_zero(R); + if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ + + buf[0]=mod->d[0]; /* tmod = N mod word size */ + buf[1]=0; + tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N*/ if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) goto err; @@ -647,12 +490,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; /* Ni = (R*Ri-1)/N, * keep only least significant word: */ -# if 0 /* for OpenSSL 0.9.9 mont->n0 */ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; mont->n0[1] = 0; -# else - mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; -# endif #endif } #else /* !MONT_WORD */ @@ -689,12 +528,8 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) if (!BN_copy(&(to->N),&(from->N))) return NULL; if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; to->ri=from->ri; -#if 0 /* for OpenSSL 0.9.9 mont->n0 */ to->n0[0]=from->n0[0]; to->n0[1]=from->n0[1]; -#else - to->n0=from->n0; -#endif return(to); } diff --git a/src/lib/libssl/src/crypto/bn/bn_mul.c b/src/lib/libssl/src/crypto/bn/bn_mul.c index b848c8cc60..a0e9ec3b46 100644 --- a/src/lib/libssl/src/crypto/bn/bn_mul.c +++ b/src/lib/libssl/src/crypto/bn/bn_mul.c @@ -1028,17 +1028,19 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) assert(j <= al || j <= bl); k = j+j; t = BN_CTX_get(ctx); + if (t == NULL) + goto err; if (al > j || bl > j) { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); + if (bn_wexpand(t,k*4) == NULL) goto err; + if (bn_wexpand(rr,k*4) == NULL) goto err; bn_mul_part_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } else /* al <= j || bl <= j */ { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); + if (bn_wexpand(t,k*2) == NULL) goto err; + if (bn_wexpand(rr,k*2) == NULL) goto err; bn_mul_recursive(rr->d,a->d,b->d, j,al-j,bl-j,t->d); } diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c index 810dde34e1..bebb466d08 100644 --- a/src/lib/libssl/src/crypto/bn/bn_print.c +++ b/src/lib/libssl/src/crypto/bn/bn_print.c @@ -294,6 +294,27 @@ err: return(0); } +int BN_asc2bn(BIGNUM **bn, const char *a) + { + const char *p = a; + if (*p == '-') + p++; + + if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) + { + if (!BN_hex2bn(bn, p + 2)) + return 0; + } + else + { + if (!BN_dec2bn(bn, p)) + return 0; + } + if (*a == '-') + (*bn)->neg = 1; + return 1; + } + #ifndef OPENSSL_NO_BIO #ifndef OPENSSL_NO_FP_API int BN_print_fp(FILE *fp, const BIGNUM *a) diff --git a/src/lib/libssl/src/crypto/bn/bntest.c b/src/lib/libssl/src/crypto/bn/bntest.c index cf190380f5..0cd99c5b4b 100644 --- a/src/lib/libssl/src/crypto/bn/bntest.c +++ b/src/lib/libssl/src/crypto/bn/bntest.c @@ -486,7 +486,7 @@ static void print_word(BIO *bp,BN_ULONG w) return; } #endif - BIO_printf(bp,"%lX",w); + BIO_printf(bp,BN_HEX_FMT1,w); } int test_div_word(BIO *bp) @@ -732,6 +732,8 @@ int test_mont(BIO *bp, BN_CTX *ctx) BN_init(&n); mont=BN_MONT_CTX_new(); + if (mont == NULL) + return 0; BN_bntest_rand(&a,100,0,0); /**/ BN_bntest_rand(&b,100,0,0); /**/ @@ -1027,7 +1029,7 @@ int test_exp(BIO *bp, BN_CTX *ctx) BN_bntest_rand(a,20+i*5,0,0); /**/ BN_bntest_rand(b,2+i,0,0); /**/ - if (!BN_exp(d,a,b,ctx)) + if (BN_exp(d,a,b,ctx) <= 0) return(0); if (bp != NULL) @@ -1116,8 +1118,8 @@ int test_gf2m_mod(BIO *bp) { BIGNUM *a,*b[2],*c,*d,*e; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1174,8 +1176,8 @@ int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1245,8 +1247,8 @@ int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1304,8 +1306,8 @@ int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1359,8 +1361,8 @@ int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1422,8 +1424,8 @@ int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1493,8 +1495,8 @@ int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e,*f; int i, j, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); @@ -1552,8 +1554,8 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx) { BIGNUM *a,*b[2],*c,*d,*e; int i, j, s = 0, t, ret = 0; - unsigned int p0[] = {163,7,6,3,0}; - unsigned int p1[] = {193,15,0}; + int p0[] = {163,7,6,3,0,-1}; + int p1[] = {193,15,0,-1}; a=BN_new(); b[0]=BN_new(); diff --git a/src/lib/libssl/src/crypto/bn/exptest.c b/src/lib/libssl/src/crypto/bn/exptest.c index f598a07cf5..074a8e882a 100644 --- a/src/lib/libssl/src/crypto/bn/exptest.c +++ b/src/lib/libssl/src/crypto/bn/exptest.c @@ -163,7 +163,7 @@ int main(int argc, char *argv[]) { if (BN_cmp(r_simple,r_mont) != 0) printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple,r_mont) != 0) + if (BN_cmp(r_simple,r_mont_const) != 0) printf("\nsimple and mont const time results differ\n"); if (BN_cmp(r_simple,r_recp) != 0) printf("\nsimple and recp results differ\n"); @@ -187,7 +187,7 @@ int main(int argc, char *argv[]) BN_free(b); BN_free(m); BN_CTX_free(ctx); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); diff --git a/src/lib/libssl/src/crypto/buffer/Makefile b/src/lib/libssl/src/crypto/buffer/Makefile index 9e0f46e19a..9f3a88d2d6 100644 --- a/src/lib/libssl/src/crypto/buffer/Makefile +++ b/src/lib/libssl/src/crypto/buffer/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= buffer.c buf_str.c buf_err.c -LIBOBJ= buffer.o buf_str.o buf_err.o +LIBSRC= buffer.c buf_err.c +LIBOBJ= buffer.o buf_err.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -81,13 +81,6 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h buf_err.o: buf_err.c -buf_str.o: ../../e_os.h ../../include/openssl/bio.h -buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/src/lib/libssl/src/crypto/buffer/buf_err.c b/src/lib/libssl/src/crypto/buffer/buf_err.c index 3e25bbe879..8f1de6192b 100644 --- a/src/lib/libssl/src/crypto/buffer/buf_err.c +++ b/src/lib/libssl/src/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c index b3e947771d..620ea8d536 100644 --- a/src/lib/libssl/src/crypto/buffer/buffer.c +++ b/src/lib/libssl/src/crypto/buffer/buffer.c @@ -89,10 +89,10 @@ void BUF_MEM_free(BUF_MEM *a) OPENSSL_free(a); } -int BUF_MEM_grow(BUF_MEM *str, int len) +int BUF_MEM_grow(BUF_MEM *str, size_t len) { char *ret; - unsigned int n; + size_t n; if (str->length >= len) { @@ -125,10 +125,10 @@ int BUF_MEM_grow(BUF_MEM *str, int len) return(len); } -int BUF_MEM_grow_clean(BUF_MEM *str, int len) +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) { char *ret; - unsigned int n; + size_t n; if (str->length >= len) { @@ -161,3 +161,84 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) } return(len); } + +char *BUF_strdup(const char *str) + { + if (str == NULL) return(NULL); + return BUF_strndup(str, strlen(str)); + } + +char *BUF_strndup(const char *str, size_t siz) + { + char *ret; + + if (str == NULL) return(NULL); + + ret=OPENSSL_malloc(siz+1); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + BUF_strlcpy(ret,str,siz+1); + return(ret); + } + +void *BUF_memdup(const void *data, size_t siz) + { + void *ret; + + if (data == NULL) return(NULL); + + ret=OPENSSL_malloc(siz); + if (ret == NULL) + { + BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); + return(NULL); + } + return memcpy(ret, data, siz); + } + +size_t BUF_strlcpy(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 1 && *src; size--) + { + *dst++ = *src++; + l++; + } + if (size) + *dst = '\0'; + return l + strlen(src); + } + +size_t BUF_strlcat(char *dst, const char *src, size_t size) + { + size_t l = 0; + for(; size > 0 && *dst; size--, dst++) + l++; + return l + BUF_strlcpy(dst, src, size); + } + +void BUF_reverse(unsigned char *out, unsigned char *in, size_t size) + { + size_t i; + if (in) + { + out += size - 1; + for (i = 0; i < size; i++) + *in++ = *out--; + } + else + { + unsigned char *q; + char c; + q = out + size - 1; + for (i = 0; i < size/2; i++) + { + c = *q; + *q-- = *out; + *out++ = c; + } + } + } diff --git a/src/lib/libssl/src/crypto/buffer/buffer.h b/src/lib/libssl/src/crypto/buffer/buffer.h index 1db9607450..178e418282 100644 --- a/src/lib/libssl/src/crypto/buffer/buffer.h +++ b/src/lib/libssl/src/crypto/buffer/buffer.h @@ -76,18 +76,19 @@ extern "C" { struct buf_mem_st { - int length; /* current number of bytes */ + size_t length; /* current number of bytes */ char *data; - int max; /* size of buffer */ + size_t max; /* size of buffer */ }; BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, int len); -int BUF_MEM_grow_clean(BUF_MEM *str, int len); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); char * BUF_strdup(const char *str); char * BUF_strndup(const char *str, size_t siz); void * BUF_memdup(const void *data, size_t siz); +void BUF_reverse(unsigned char *out, unsigned char *in, size_t siz); /* safe string functions */ size_t BUF_strlcpy(char *dst,const char *src,size_t siz); diff --git a/src/lib/libssl/src/crypto/cast/Makefile b/src/lib/libssl/src/crypto/cast/Makefile index 2e026dbe0d..0acc38f28d 100644 --- a/src/lib/libssl/src/crypto/cast/Makefile +++ b/src/lib/libssl/src/crypto/cast/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@) -# COFF -cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@) -# a.out -cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@) +cast-586.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/cast-586.pl $(PERLASM_SCHEME) $(CLAGS) $(PROCESSOR) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -102,8 +95,5 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h c_ofb64.o: c_ofb64.c cast_lcl.h c_skey.o: ../../e_os.h ../../include/openssl/cast.h -c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -c_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h +c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +c_skey.o: c_skey.c cast_lcl.h cast_s.h diff --git a/src/lib/libssl/src/crypto/cast/asm/cast-586.pl b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl index 6be0bfe572..bf6810d335 100644 --- a/src/lib/libssl/src/crypto/cast/asm/cast-586.pl +++ b/src/lib/libssl/src/crypto/cast/asm/cast-586.pl @@ -3,7 +3,8 @@ # define for pentium pro friendly version $ppro=1; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; diff --git a/src/lib/libssl/src/crypto/cast/c_cfb64.c b/src/lib/libssl/src/crypto/cast/c_cfb64.c index 514c005c32..dcec13a201 100644 --- a/src/lib/libssl/src/crypto/cast/c_cfb64.c +++ b/src/lib/libssl/src/crypto/cast/c_cfb64.c @@ -65,7 +65,7 @@ */ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc) { register CAST_LONG v0,v1,t; @@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, v0=v1=ti[0]=ti[1]=t=c=cc=0; *num=n; } - diff --git a/src/lib/libssl/src/crypto/cast/c_ecb.c b/src/lib/libssl/src/crypto/cast/c_ecb.c index f2dc606226..b6a3b1fff9 100644 --- a/src/lib/libssl/src/crypto/cast/c_ecb.c +++ b/src/lib/libssl/src/crypto/cast/c_ecb.c @@ -63,7 +63,7 @@ const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT; void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - CAST_KEY *ks, int enc) + const CAST_KEY *ks, int enc) { CAST_LONG l,d[2]; @@ -77,4 +77,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, l=d[1]; l2n(l,out); l=d[0]=d[1]=0; } - diff --git a/src/lib/libssl/src/crypto/cast/c_enc.c b/src/lib/libssl/src/crypto/cast/c_enc.c index 0fe2cffecc..357c41ebf0 100644 --- a/src/lib/libssl/src/crypto/cast/c_enc.c +++ b/src/lib/libssl/src/crypto/cast/c_enc.c @@ -59,9 +59,10 @@ #include #include "cast_lcl.h" -void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + register CAST_LONG l,r,t; + const register CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -91,9 +92,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) data[0]=r&0xffffffffL; } -void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + register CAST_LONG l,r,t; + const register CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -124,7 +126,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) } void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc) + const CAST_KEY *ks, unsigned char *iv, int enc) { register CAST_LONG tin0,tin1; register CAST_LONG tout0,tout1,xor0,xor1; @@ -204,4 +206,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } - diff --git a/src/lib/libssl/src/crypto/cast/c_ofb64.c b/src/lib/libssl/src/crypto/cast/c_ofb64.c index fd0469a62f..cb3222456c 100644 --- a/src/lib/libssl/src/crypto/cast/c_ofb64.c +++ b/src/lib/libssl/src/crypto/cast/c_ofb64.c @@ -64,7 +64,7 @@ * 64bit block we have used is contained in *num; */ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num) { register CAST_LONG v0,v1,t; @@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, t=v0=v1=ti[0]=ti[1]=0; *num=n; } - diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c index 68e690a60c..76e40005c9 100644 --- a/src/lib/libssl/src/crypto/cast/c_skey.c +++ b/src/lib/libssl/src/crypto/cast/c_skey.c @@ -57,11 +57,6 @@ */ #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - #include "cast_lcl.h" #include "cast_s.h" @@ -77,7 +72,7 @@ #define S6 CAST_S_table6 #define S7 CAST_S_table7 -FIPS_NON_FIPS_VCIPHER_Init(CAST) +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) { CAST_LONG x[16]; CAST_LONG z[16]; diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h index 1faf5806aa..1a264f8143 100644 --- a/src/lib/libssl/src/crypto/cast/cast.h +++ b/src/lib/libssl/src/crypto/cast/cast.h @@ -72,7 +72,7 @@ extern "C" { #define CAST_ENCRYPT 1 #define CAST_DECRYPT 0 -#define CAST_LONG unsigned long +#define CAST_LONG unsigned int #define CAST_BLOCK 8 #define CAST_KEY_LENGTH 16 @@ -83,21 +83,19 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; -#ifdef OPENSSL_FIPS -void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -#endif + void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); -void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc); + const CAST_KEY *ks, unsigned char *iv, int enc); void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc); void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num); #ifdef __cplusplus diff --git a/src/lib/libssl/src/crypto/comp/Makefile b/src/lib/libssl/src/crypto/comp/Makefile index 5d364b8513..efda832dce 100644 --- a/src/lib/libssl/src/crypto/comp/Makefile +++ b/src/lib/libssl/src/crypto/comp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/comp/c_zlib.c b/src/lib/libssl/src/crypto/comp/c_zlib.c index eccfd09137..8adf35f3fc 100644 --- a/src/lib/libssl/src/crypto/comp/c_zlib.c +++ b/src/lib/libssl/src/crypto/comp/c_zlib.c @@ -136,15 +136,6 @@ struct zlib_state static int zlib_stateful_ex_idx = -1; -static void zlib_stateful_free_ex_data(void *obj, void *item, - CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) - { - struct zlib_state *state = (struct zlib_state *)item; - inflateEnd(&state->istream); - deflateEnd(&state->ostream); - OPENSSL_free(state); - } - static int zlib_stateful_init(COMP_CTX *ctx) { int err; @@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *ctx) static void zlib_stateful_finish(COMP_CTX *ctx) { + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + inflateEnd(&state->istream); + deflateEnd(&state->ostream); + OPENSSL_free(state); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); } @@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void) if (zlib_stateful_ex_idx == -1) zlib_stateful_ex_idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); + 0,NULL,NULL,NULL,NULL); CRYPTO_w_unlock(CRYPTO_LOCK_COMP); if (zlib_stateful_ex_idx == -1) goto err; @@ -784,6 +781,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; + } return ret; diff --git a/src/lib/libssl/src/crypto/comp/comp_err.c b/src/lib/libssl/src/crypto/comp/comp_err.c index 187d68b725..661c94c3a4 100644 --- a/src/lib/libssl/src/crypto/comp/comp_err.c +++ b/src/lib/libssl/src/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* crypto/comp/comp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/conf/Makefile b/src/lib/libssl/src/crypto/conf/Makefile index ccd0721332..78bb324106 100644 --- a/src/lib/libssl/src/crypto/conf/Makefile +++ b/src/lib/libssl/src/crypto/conf/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,8 +114,8 @@ conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mall.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_mall.o: ../../include/openssl/objects.h conf_mall.o: ../../include/openssl/opensslconf.h conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -128,9 +128,9 @@ conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +conf_mod.o: ../../include/openssl/opensslconf.h conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,9 +143,8 @@ conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_sap.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -conf_sap.o: ../../include/openssl/opensslconf.h +conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libssl/src/crypto/conf/README b/src/lib/libssl/src/crypto/conf/README index ca58d0240f..96e53b34ed 100644 --- a/src/lib/libssl/src/crypto/conf/README +++ b/src/lib/libssl/src/crypto/conf/README @@ -1,8 +1,3 @@ -WARNING WARNING WARNING!!! - -This stuff is experimental, may change radically or be deleted altogether -before OpenSSL 0.9.7 release. You have been warned! - Configuration modules. These are a set of modules which can perform various configuration functions. @@ -13,7 +8,7 @@ The routines read a configuration file set up like this: ----- #default section -openssl_init=init_section +openssl_conf=init_section [init_section] @@ -30,29 +25,27 @@ path=/some/path/to/some/dso.so other_stuff=other_value ---- -When this file is loaded a configuration module with the specified -string (module* in the above example) is looked up and its init -function called as: +When this file is loaded a configuration module with the specified string +(module* in the above example) is looked up and its init function called as: int conf_init_func(CONF_IMODULE *md, CONF *cnf); -The function can then take whatever action is appropriate, for example -further lookups based on the value. Multiple instances of the same -config module can be loaded. +The function can then take whatever action is appropriate, for example further +lookups based on the value. Multiple instances of the same config module can be +loaded. -When the application closes down the modules are cleaned up by calling -an optional finish function: +When the application closes down the modules are cleaned up by calling an +optional finish function: void conf_finish_func(CONF_IMODULE *md); The finish functions are called in reverse order: that is the last module loaded is the first one cleaned up. -If no module exists with a given name then an attempt is made to load -a DSO with the supplied name. This might mean that "module3" attempts -to load a DSO called libmodule3.so or module3.dll for example. An explicit -DSO name can be given by including a separate section as in the module4 example -above. +If no module exists with a given name then an attempt is made to load a DSO +with the supplied name. This might mean that "module3" attempts to load a DSO +called libmodule3.so or module3.dll for example. An explicit DSO name can be +given by including a separate section as in the module4 example above. The DSO is expected to at least contain an initialization function: @@ -64,15 +57,17 @@ void OPENSSL_finish(CONF_IMODULE *md); Static modules can also be added using, -int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc); +int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func +*ffunc); -where "name" is the name in the configuration file this function corresponds to. +where "name" is the name in the configuration file this function corresponds +to. -A set of builtin modules (currently only an ASN1 non functional test module) can be -added by calling OPENSSL_load_builtin_modules(). +A set of builtin modules (currently only an ASN1 non functional test module) +can be added by calling OPENSSL_load_builtin_modules(). -The function OPENSSL_config() is intended as a simple configuration function that -any application can call to perform various default configuration tasks. It uses the -file openssl.cnf in the usual locations. +The function OPENSSL_config() is intended as a simple configuration function +that any application can call to perform various default configuration tasks. +It uses the file openssl.cnf in the usual locations. diff --git a/src/lib/libssl/src/crypto/conf/conf.h b/src/lib/libssl/src/crypto/conf/conf.h index 8aa06bc5ec..c2199978a3 100644 --- a/src/lib/libssl/src/crypto/conf/conf.h +++ b/src/lib/libssl/src/crypto/conf/conf.h @@ -79,8 +79,7 @@ typedef struct } CONF_VALUE; DECLARE_STACK_OF(CONF_VALUE) -DECLARE_STACK_OF(CONF_MODULE) -DECLARE_STACK_OF(CONF_IMODULE) +DECLARE_LHASH_OF(CONF_VALUE); struct conf_st; struct conf_method_st; @@ -105,6 +104,9 @@ struct conf_method_st typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + /* DSO module function typedefs */ typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); typedef void conf_finish_func(CONF_IMODULE *md); @@ -117,18 +119,23 @@ typedef void conf_finish_func(CONF_IMODULE *md); #define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); -void CONF_set_nconf(CONF *conf,LHASH *hash); -LHASH *CONF_load(LHASH *conf,const char *file,long *eline); +void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file, + long *eline); #ifndef OPENSSL_NO_FP_API -LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); #endif -LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline); -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section); -char *CONF_get_string(LHASH *conf,const char *group,const char *name); -long CONF_get_number(LHASH *conf,const char *group,const char *name); -void CONF_free(LHASH *conf); -int CONF_dump_fp(LHASH *conf, FILE *out); -int CONF_dump_bio(LHASH *conf, BIO *out); +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); void OPENSSL_config(const char *config_name); void OPENSSL_no_config(void); @@ -140,7 +147,7 @@ struct conf_st { CONF_METHOD *meth; void *meth_data; - LHASH *data; + LHASH_OF(CONF_VALUE) *data; }; CONF *NCONF_new(CONF_METHOD *meth); @@ -214,6 +221,7 @@ void ERR_load_CONF_strings(void); #define CONF_F_CONF_LOAD_BIO 102 #define CONF_F_CONF_LOAD_FP 103 #define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_CONF_PARSE_LIST 119 #define CONF_F_DEF_LOAD 120 #define CONF_F_DEF_LOAD_BIO 121 #define CONF_F_MODULE_INIT 115 @@ -233,6 +241,7 @@ void ERR_load_CONF_strings(void); /* Reason codes. */ #define CONF_R_ERROR_LOADING_DSO 110 +#define CONF_R_LIST_CANNOT_BE_NULL 115 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 #define CONF_R_MISSING_EQUAL_SIGN 101 #define CONF_R_MISSING_FINISH_FUNCTION 111 diff --git a/src/lib/libssl/src/crypto/conf/conf_api.c b/src/lib/libssl/src/crypto/conf/conf_api.c index 909d72b4b8..22617e5fa1 100644 --- a/src/lib/libssl/src/crypto/conf/conf_api.c +++ b/src/lib/libssl/src/crypto/conf/conf_api.c @@ -69,16 +69,12 @@ #include #include "e_os.h" -static void value_free_hash(CONF_VALUE *a, LHASH *conf); -static void value_free_stack(CONF_VALUE *a,LHASH *conf); -static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) -static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) -/* We don't use function pointer casting or wrapper functions - but cast each - * callback parameter inside the callback functions. */ -/* static unsigned long hash(CONF_VALUE *v); */ -static unsigned long hash(const void *v_void); -/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ -static int cmp_conf(const void *a_void,const void *b_void); +static void value_free_hash_doall_arg(CONF_VALUE *a, + LHASH_OF(CONF_VALUE) *conf); +static void value_free_stack_doall(CONF_VALUE *a); +static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE, + LHASH_OF(CONF_VALUE)) +static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE) /* Up until OpenSSL 0.9.5a, this was get_section */ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) @@ -88,7 +84,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) if ((conf == NULL) || (section == NULL)) return(NULL); vv.name=NULL; vv.section=(char *)section; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); + v=lh_CONF_VALUE_retrieve(conf->data,&vv); return(v); } @@ -118,7 +114,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) return 0; } - v = (CONF_VALUE *)lh_insert(conf->data, value); + v = lh_CONF_VALUE_insert(conf->data, value); if (v != NULL) { (void)sk_CONF_VALUE_delete_ptr(ts,v); @@ -141,24 +137,24 @@ char *_CONF_get_string(const CONF *conf, const char *section, const char *name) { vv.name=(char *)name; vv.section=(char *)section; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); + v=lh_CONF_VALUE_retrieve(conf->data,&vv); if (v != NULL) return(v->value); if (strcmp(section,"ENV") == 0) { - p=Getenv(name); + p=getenv(name); if (p != NULL) return(p); } } vv.section="default"; vv.name=(char *)name; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); + v=lh_CONF_VALUE_retrieve(conf->data,&vv); if (v != NULL) return(v->value); else return(NULL); } else - return(Getenv(name)); + return(getenv(name)); } #if 0 /* There's no way to provide error checking with this function, so @@ -182,6 +178,34 @@ long _CONF_get_number(CONF *conf, char *section, char *name) } #endif +static unsigned long conf_value_hash(const CONF_VALUE *v) + { + return (lh_strhash(v->section)<<2)^lh_strhash(v->name); + } +static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE) + +static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) + { + int i; + + if (a->section != b->section) + { + i=strcmp(a->section,b->section); + if (i) return(i); + } + + if ((a->name != NULL) && (b->name != NULL)) + { + i=strcmp(a->name,b->name); + return(i); + } + else if (a->name == b->name) + return(0); + else + return((a->name == NULL)?-1:1); + } +static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE) + int _CONF_new_data(CONF *conf) { if (conf == NULL) @@ -189,7 +213,7 @@ int _CONF_new_data(CONF *conf) return 0; } if (conf->data == NULL) - if ((conf->data = lh_new(hash, cmp_conf)) == NULL) + if ((conf->data = lh_CONF_VALUE_new()) == NULL) { return 0; } @@ -200,105 +224,73 @@ void _CONF_free_data(CONF *conf) { if (conf == NULL || conf->data == NULL) return; - conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' - * works as expected */ - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), - conf->data); + lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make + * sure the 'OPENSSL_free()' works as + * expected */ + lh_CONF_VALUE_doall_arg(conf->data, + LHASH_DOALL_ARG_FN(value_free_hash), + LHASH_OF(CONF_VALUE), conf->data); /* We now have only 'section' entries in the hash table. * Due to problems with */ - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), - conf->data); - lh_free(conf->data); + lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); + lh_CONF_VALUE_free(conf->data); } -static void value_free_hash(CONF_VALUE *a, LHASH *conf) +static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) { if (a->name != NULL) - { - a=(CONF_VALUE *)lh_delete(conf,a); - } + (void)lh_CONF_VALUE_delete(conf,a); } -static void value_free_stack(CONF_VALUE *a, LHASH *conf) +static void value_free_stack_doall(CONF_VALUE *a) { CONF_VALUE *vv; - STACK *sk; + STACK_OF(CONF_VALUE) *sk; int i; if (a->name != NULL) return; - sk=(STACK *)a->value; - for (i=sk_num(sk)-1; i>=0; i--) + sk=(STACK_OF(CONF_VALUE) *)a->value; + for (i=sk_CONF_VALUE_num(sk)-1; i>=0; i--) { - vv=(CONF_VALUE *)sk_value(sk,i); + vv=sk_CONF_VALUE_value(sk,i); OPENSSL_free(vv->value); OPENSSL_free(vv->name); OPENSSL_free(vv); } - if (sk != NULL) sk_free(sk); + if (sk != NULL) sk_CONF_VALUE_free(sk); OPENSSL_free(a->section); OPENSSL_free(a); } -/* static unsigned long hash(CONF_VALUE *v) */ -static unsigned long hash(const void *v_void) - { - CONF_VALUE *v = (CONF_VALUE *)v_void; - return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); - } - -/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ -static int cmp_conf(const void *a_void,const void *b_void) - { - int i; - CONF_VALUE *a = (CONF_VALUE *)a_void; - CONF_VALUE *b = (CONF_VALUE *)b_void; - - if (a->section != b->section) - { - i=strcmp(a->section,b->section); - if (i) return(i); - } - - if ((a->name != NULL) && (b->name != NULL)) - { - i=strcmp(a->name,b->name); - return(i); - } - else if (a->name == b->name) - return(0); - else - return((a->name == NULL)?-1:1); - } - /* Up until OpenSSL 0.9.5a, this was new_section */ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) { - STACK *sk=NULL; + STACK_OF(CONF_VALUE) *sk=NULL; int ok=0,i; CONF_VALUE *v=NULL,*vv; - if ((sk=sk_new_null()) == NULL) + if ((sk=sk_CONF_VALUE_new_null()) == NULL) goto err; - if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) + if ((v=OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) goto err; i=strlen(section)+1; - if ((v->section=(char *)OPENSSL_malloc(i)) == NULL) + if ((v->section=OPENSSL_malloc(i)) == NULL) goto err; memcpy(v->section,section,i); v->name=NULL; v->value=(char *)sk; - vv=(CONF_VALUE *)lh_insert(conf->data,v); + vv=lh_CONF_VALUE_insert(conf->data,v); assert(vv == NULL); ok=1; err: if (!ok) { - if (sk != NULL) sk_free(sk); + if (sk != NULL) sk_CONF_VALUE_free(sk); if (v != NULL) OPENSSL_free(v); v=NULL; } diff --git a/src/lib/libssl/src/crypto/conf/conf_def.c b/src/lib/libssl/src/crypto/conf/conf_def.c index d8bce8732a..0b571b0394 100644 --- a/src/lib/libssl/src/crypto/conf/conf_def.c +++ b/src/lib/libssl/src/crypto/conf/conf_def.c @@ -129,7 +129,7 @@ static CONF *def_create(CONF_METHOD *meth) { CONF *ret; - ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); + ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); if (ret) if (meth->init(ret) == 0) { @@ -145,7 +145,7 @@ static int def_init_default(CONF *conf) return 0; conf->meth = &default_method; - conf->meth_data = (void *)CONF_type_default; + conf->meth_data = CONF_type_default; conf->data = NULL; return 1; @@ -722,7 +722,7 @@ static char *scan_dquote(CONF *conf, char *p) return(p); } -static void dump_value(CONF_VALUE *a, BIO *out) +static void dump_value_doall_arg(CONF_VALUE *a, BIO *out) { if (a->name) BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); @@ -730,11 +730,12 @@ static void dump_value(CONF_VALUE *a, BIO *out) BIO_printf(out, "[[%s]]\n", a->section); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO) static int def_dump(const CONF *conf, BIO *out) { - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); + lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), + BIO, out); return 1; } diff --git a/src/lib/libssl/src/crypto/conf/conf_err.c b/src/lib/libssl/src/crypto/conf/conf_err.c index a16a5e0bd4..25bb5dc9aa 100644 --- a/src/lib/libssl/src/crypto/conf/conf_err.c +++ b/src/lib/libssl/src/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* crypto/conf/conf_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -75,6 +75,7 @@ static ERR_STRING_DATA CONF_str_functs[]= {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, +{ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, @@ -97,6 +98,7 @@ static ERR_STRING_DATA CONF_str_functs[]= static ERR_STRING_DATA CONF_str_reasons[]= { {ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"}, +{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL) ,"list cannot be null"}, {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"}, {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"}, {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"}, diff --git a/src/lib/libssl/src/crypto/conf/conf_lib.c b/src/lib/libssl/src/crypto/conf/conf_lib.c index 2a3399d269..54046defca 100644 --- a/src/lib/libssl/src/crypto/conf/conf_lib.c +++ b/src/lib/libssl/src/crypto/conf/conf_lib.c @@ -69,7 +69,7 @@ static CONF_METHOD *default_CONF_method=NULL; /* Init a 'CONF' structure from an old LHASH */ -void CONF_set_nconf(CONF *conf, LHASH *hash) +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash) { if (default_CONF_method == NULL) default_CONF_method = NCONF_default(); @@ -87,9 +87,10 @@ int CONF_set_default_method(CONF_METHOD *meth) return 1; } -LHASH *CONF_load(LHASH *conf, const char *file, long *eline) +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline) { - LHASH *ltmp; + LHASH_OF(CONF_VALUE) *ltmp; BIO *in=NULL; #ifdef OPENSSL_SYS_VMS @@ -110,10 +111,11 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline) } #ifndef OPENSSL_NO_FP_API -LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline) { BIO *btmp; - LHASH *ltmp; + LHASH_OF(CONF_VALUE) *ltmp; if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); return NULL; @@ -124,7 +126,8 @@ LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) } #endif -LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline) { CONF ctmp; int ret; @@ -137,7 +140,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) return NULL; } -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section) { if (conf == NULL) { @@ -151,7 +155,8 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) } } -char *CONF_get_string(LHASH *conf,const char *group,const char *name) +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name) { if (conf == NULL) { @@ -165,7 +170,8 @@ char *CONF_get_string(LHASH *conf,const char *group,const char *name) } } -long CONF_get_number(LHASH *conf,const char *group,const char *name) +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group, + const char *name) { int status; long result = 0; @@ -189,7 +195,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name) return result; } -void CONF_free(LHASH *conf) +void CONF_free(LHASH_OF(CONF_VALUE) *conf) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -197,7 +203,7 @@ void CONF_free(LHASH *conf) } #ifndef OPENSSL_NO_FP_API -int CONF_dump_fp(LHASH *conf, FILE *out) +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) { BIO *btmp; int ret; @@ -212,7 +218,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out) } #endif -int CONF_dump_bio(LHASH *conf, BIO *out) +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) { CONF ctmp; CONF_set_nconf(&ctmp, conf); diff --git a/src/lib/libssl/src/crypto/conf/conf_mall.c b/src/lib/libssl/src/crypto/conf/conf_mall.c index 1cc1fd5534..c6f4cb2d55 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mall.c +++ b/src/lib/libssl/src/crypto/conf/conf_mall.c @@ -63,7 +63,6 @@ #include #include #include -#include #ifndef OPENSSL_NO_ENGINE #include #endif @@ -77,6 +76,5 @@ void OPENSSL_load_builtin_modules(void) #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif - EVP_add_alg_module(); } diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c index ee9c677d9b..df1642a0a5 100644 --- a/src/lib/libssl/src/crypto/conf/conf_mod.c +++ b/src/lib/libssl/src/crypto/conf/conf_mod.c @@ -582,8 +582,14 @@ int CONF_parse_list(const char *list_, int sep, int nospc, { int ret; const char *lstart, *tmpend, *p; - lstart = list_; + if(list_ == NULL) + { + CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL); + return 0; + } + + lstart = list_; for(;;) { if (nospc) diff --git a/src/lib/libssl/src/crypto/cpt_err.c b/src/lib/libssl/src/crypto/cpt_err.c index 9fd41fff8c..139b9284e4 100644 --- a/src/lib/libssl/src/crypto/cpt_err.c +++ b/src/lib/libssl/src/crypto/cpt_err.c @@ -1,6 +1,6 @@ /* crypto/cpt_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c index 8f9e88e403..b4449b86d6 100644 --- a/src/lib/libssl/src/crypto/cryptlib.c +++ b/src/lib/libssl/src/crypto/cryptlib.c @@ -1,6 +1,6 @@ /* crypto/cryptlib.c */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -121,17 +121,279 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif +DECLARE_STACK_OF(CRYPTO_dynlock) + +/* real #defines in crypto.h, keep these upto date */ +static const char* const lock_names[CRYPTO_NUM_LOCKS] = + { + "<>", + "err", + "ex_data", + "x509", + "x509_info", + "x509_pkey", + "x509_crl", + "x509_req", + "dsa", + "rsa", + "evp_pkey", + "x509_store", + "ssl_ctx", + "ssl_cert", + "ssl_session", + "ssl_sess_cert", + "ssl", + "ssl_method", + "rand", + "rand2", + "debug_malloc", + "BIO", + "gethostbyname", + "getservbyname", + "readdir", + "RSA_blinding", + "dh", + "debug_malloc2", + "dso", + "dynlock", + "engine", + "ui", + "ecdsa", + "ec", + "ecdh", + "bn", + "ec_pre_comp", + "store", + "comp", + "fips", + "fips2", +#if CRYPTO_NUM_LOCKS != 41 +# error "Inconsistency between crypto.h and cryptlib.c" +#endif + }; + +/* This is for applications to allocate new type names in the non-dynamic + array of lock names. These are numbered with positive numbers. */ +static STACK_OF(OPENSSL_STRING) *app_locks=NULL; + +/* For applications that want a more dynamic way of handling threads, the + following stack is used. These are externally numbered with negative + numbers. */ +static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; + + static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=NULL; + const char *file,int line)=0; static int (MS_FAR *add_lock_callback)(int *pointer,int amount, - int type,const char *file,int line)=NULL; -static unsigned long (MS_FAR *id_callback)(void)=NULL; + int type,const char *file,int line)=0; +#ifndef OPENSSL_NO_DEPRECATED +static unsigned long (MS_FAR *id_callback)(void)=0; +#endif +static void (MS_FAR *threadid_callback)(CRYPTO_THREADID *)=0; +static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) + (const char *file,int line)=0; +static void (MS_FAR *dynlock_lock_callback)(int mode, + struct CRYPTO_dynlock_value *l, const char *file,int line)=0; +static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, + const char *file,int line)=0; + +int CRYPTO_get_new_lockid(char *name) + { + char *str; + int i; + +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) + /* A hack to make Visual C++ 5.0 work correctly when linking as + * a DLL using /MT. Without this, the application cannot use + * any floating point printf's. + * It also seems to be needed for Visual C 1.5 (win16) */ + SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; +#endif + + if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL)) + { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); + return(0); + } + if ((str=BUF_strdup(name)) == NULL) + { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); + return(0); + } + i=sk_OPENSSL_STRING_push(app_locks,str); + if (!i) + OPENSSL_free(str); + else + i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ + return(i); + } int CRYPTO_num_locks(void) { return CRYPTO_NUM_LOCKS; } +int CRYPTO_get_new_dynlockid(void) + { + int i = 0; + CRYPTO_dynlock *pointer = NULL; + + if (dynlock_create_callback == NULL) + { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); + return(0); + } + CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); + if ((dyn_locks == NULL) + && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); + return(0); + } + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + + pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); + if (pointer == NULL) + { + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); + return(0); + } + pointer->references = 1; + pointer->data = dynlock_create_callback(__FILE__,__LINE__); + if (pointer->data == NULL) + { + OPENSSL_free(pointer); + CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); + return(0); + } + + CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); + /* First, try to find an existing empty slot */ + i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); + /* If there was none, push, thereby creating a new one */ + if (i == -1) + /* Since sk_push() returns the number of items on the + stack, not the location of the pushed item, we need + to transform the returned number into a position, + by decreasing it. */ + i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; + else + /* If we found a place with a NULL pointer, put our pointer + in it. */ + (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + + if (i == -1) + { + dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); + OPENSSL_free(pointer); + } + else + i += 1; /* to avoid 0 */ + return -i; + } + +void CRYPTO_destroy_dynlockid(int i) + { + CRYPTO_dynlock *pointer = NULL; + if (i) + i = -i-1; + if (dynlock_destroy_callback == NULL) + return; + + CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); + + if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + return; + } + pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); + if (pointer != NULL) + { + --pointer->references; +#ifdef REF_CHECK + if (pointer->references < 0) + { + fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); + abort(); + } + else +#endif + if (pointer->references <= 0) + { + (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); + } + else + pointer = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + + if (pointer) + { + dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); + OPENSSL_free(pointer); + } + } + +struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) + { + CRYPTO_dynlock *pointer = NULL; + if (i) + i = -i-1; + + CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); + + if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) + pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); + if (pointer) + pointer->references++; + + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + + if (pointer) + return pointer->data; + return NULL; + } + +struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) + (const char *file,int line) + { + return(dynlock_create_callback); + } + +void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, + struct CRYPTO_dynlock_value *l, const char *file,int line) + { + return(dynlock_lock_callback); + } + +void (*CRYPTO_get_dynlock_destroy_callback(void)) + (struct CRYPTO_dynlock_value *l, const char *file,int line) + { + return(dynlock_destroy_callback); + } + +void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) + (const char *file, int line)) + { + dynlock_create_callback=func; + } + +void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, + struct CRYPTO_dynlock_value *l, const char *file, int line)) + { + dynlock_lock_callback=func; + } + +void CRYPTO_set_dynlock_destroy_callback(void (*func) + (struct CRYPTO_dynlock_value *l, const char *file, int line)) + { + dynlock_destroy_callback=func; + } + + void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, int line) { @@ -156,6 +418,108 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, add_lock_callback=func; } +/* the memset() here and in set_pointer() seem overkill, but for the sake of + * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause two + * "equal" THREADID structs to not be memcmp()-identical. */ +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) + { + memset(id, 0, sizeof(*id)); + id->val = val; + } + +static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 }; +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) + { + unsigned char *dest = (void *)&id->val; + unsigned int accum = 0; + unsigned char dnum = sizeof(id->val); + + memset(id, 0, sizeof(*id)); + id->ptr = ptr; + if (sizeof(id->val) >= sizeof(id->ptr)) + { + /* 'ptr' can be embedded in 'val' without loss of uniqueness */ + id->val = (unsigned long)id->ptr; + return; + } + /* hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a + * linear function over the bytes in 'ptr', the co-efficients of which + * are a sequence of low-primes (hash_coeffs is an 8-element cycle) - + * the starting prime for the sequence varies for each byte of 'val' + * (unique polynomials unless pointers are >64-bit). For added spice, + * the totals accumulate rather than restarting from zero, and the index + * of the 'val' byte is added each time (position dependence). If I was + * a black-belt, I'd scan big-endian pointers in reverse to give + * low-order bits more play, but this isn't crypto and I'd prefer nobody + * mistake it as such. Plus I'm lazy. */ + while (dnum--) + { + const unsigned char *src = (void *)&id->ptr; + unsigned char snum = sizeof(id->ptr); + while (snum--) + accum += *(src++) * hash_coeffs[(snum + dnum) & 7]; + accum += dnum; + *(dest++) = accum & 255; + } + } + +int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *)) + { + if (threadid_callback) + return 0; + threadid_callback = func; + return 1; + } + +void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *) + { + return threadid_callback; + } + +void CRYPTO_THREADID_current(CRYPTO_THREADID *id) + { + if (threadid_callback) + { + threadid_callback(id); + return; + } +#ifndef OPENSSL_NO_DEPRECATED + /* If the deprecated callback was set, fall back to that */ + if (id_callback) + { + CRYPTO_THREADID_set_numeric(id, id_callback()); + return; + } +#endif + /* Else pick a backup */ +#ifdef OPENSSL_SYS_WIN16 + CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); +#elif defined(OPENSSL_SYS_WIN32) + CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); +#elif defined(OPENSSL_SYS_BEOS) + CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); +#else + /* For everything else, default to using the address of 'errno' */ + CRYPTO_THREADID_set_pointer(id, &errno); +#endif + } + +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) + { + return memcmp(a, b, sizeof(*a)); + } + +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) + { + memcpy(dest, src, sizeof(*src)); + } + +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) + { + return id->val; + } + +#ifndef OPENSSL_NO_DEPRECATED unsigned long (*CRYPTO_get_id_callback(void))(void) { return(id_callback); @@ -178,6 +542,8 @@ unsigned long CRYPTO_thread_id(void) ret=(unsigned long)GetCurrentThreadId(); #elif defined(GETPID_IS_MEANINGLESS) ret=1L; +#elif defined(OPENSSL_SYS_BEOS) + ret=(unsigned long)find_thread(NULL); #else ret=(unsigned long)getpid(); #endif @@ -186,19 +552,13 @@ unsigned long CRYPTO_thread_id(void) ret=id_callback(); return(ret); } - -static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); - -void int_CRYPTO_set_do_dynlock_callback( - void (*dyn_cb)(int mode, int type, const char *file, int line)) - { - do_dynlock_cb = dyn_cb; - } +#endif void CRYPTO_lock(int mode, int type, const char *file, int line) { #ifdef LOCK_DEBUG { + CRYPTO_THREADID id; char *rw_text,*operation_text; if (mode & CRYPTO_LOCK) @@ -215,15 +575,25 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) else rw_text="ERROR"; + CRYPTO_THREADID_current(&id); fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", - CRYPTO_thread_id(), rw_text, operation_text, + CRYPTO_THREADID_hash(&id), rw_text, operation_text, CRYPTO_get_lock_name(type), file, line); } #endif if (type < 0) { - if (do_dynlock_cb) - do_dynlock_cb(mode, type, file, line); + if (dynlock_lock_callback != NULL) + { + struct CRYPTO_dynlock_value *pointer + = CRYPTO_get_dynlock_value(type); + + OPENSSL_assert(pointer != NULL); + + dynlock_lock_callback(mode, pointer, file, line); + + CRYPTO_destroy_dynlockid(type); + } } else if (locking_callback != NULL) @@ -243,11 +613,14 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, ret=add_lock_callback(pointer,amount,type,file,line); #ifdef LOCK_DEBUG + { + CRYPTO_THREADID id; + CRYPTO_THREADID_current(&id); fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - before,amount,ret, + CRYPTO_THREADID_hash(&id), before,amount,ret, CRYPTO_get_lock_name(type), file,line); + } #endif } else @@ -256,11 +629,15 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, ret= *pointer+amount; #ifdef LOCK_DEBUG + { + CRYPTO_THREADID id; + CRYPTO_THREADID_current(&id); fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), + CRYPTO_THREADID_hash(&id), *pointer,amount,ret, CRYPTO_get_lock_name(type), file,line); + } #endif *pointer=ret; CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); @@ -268,6 +645,18 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, return(ret); } +const char *CRYPTO_get_lock_name(int type) + { + if (type < 0) + return("dynamic"); + else if (type < CRYPTO_NUM_LOCKS) + return(lock_names[type]); + else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks)) + return("ERROR"); + else + return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS)); + } + #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__INTEL__) || \ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) @@ -301,70 +690,16 @@ void OPENSSL_cpuid_setup(void) unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } #endif int OPENSSL_NONPIC_relocated = 0; -#if !defined(OPENSSL_CPUID_SETUP) +#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) void OPENSSL_cpuid_setup(void) {} #endif #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) - -#ifdef OPENSSL_FIPS - -#include -#if defined(__GNUC__) && __GNUC__>=2 -static int DllInit(void) __attribute__((constructor)); -#elif defined(_MSC_VER) -static int DllInit(void); -# ifdef _WIN64 -# pragma section(".CRT$XCU",read) - __declspec(allocate(".CRT$XCU")) -# else -# pragma data_seg(".CRT$XCU") -# endif - static int (*p)(void) = DllInit; -# pragma data_seg() -#endif - -static int DllInit(void) -{ -#if defined(_WIN32_WINNT) - union { int(*f)(void); BYTE *p; } t = { DllInit }; - HANDLE hModuleSnap = INVALID_HANDLE_VALUE; - IMAGE_DOS_HEADER *dos_header; - IMAGE_NT_HEADERS *nt_headers; - MODULEENTRY32 me32 = {sizeof(me32)}; - - hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); - if (hModuleSnap != INVALID_HANDLE_VALUE && - Module32First(hModuleSnap,&me32)) do - { - if (t.p >= me32.modBaseAddr && - t.p < me32.modBaseAddr+me32.modBaseSize) - { - dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; - if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) - { - nt_headers=(IMAGE_NT_HEADERS *) - ((BYTE *)dos_header+dos_header->e_lfanew); - if (nt_headers->Signature==IMAGE_NT_SIGNATURE && - me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) - OPENSSL_NONPIC_relocated=1; - } - break; - } - } while (Module32Next(hModuleSnap,&me32)); - - if (hModuleSnap != INVALID_HANDLE_VALUE) - CloseHandle(hModuleSnap); -#endif - OPENSSL_cpuid_setup(); - return 0; -} - -#else - #ifdef __CYGWIN__ /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ #include +/* this has side-effect of _WIN32 getting defined, which otherwise + * is mutually exclusive with __CYGWIN__... */ #endif /* All we really need to do is remove the 'error' state when a thread @@ -405,16 +740,27 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, } #endif -#endif - #if defined(_WIN32) && !defined(__CYGWIN__) #include +#include #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 int OPENSSL_isservice(void) { HWINSTA h; DWORD len; WCHAR *name; + static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL }; + + if (_OPENSSL_isservice.p == NULL) { + HANDLE h = GetModuleHandle(NULL); + if (h != NULL) + _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice"); + if (_OPENSSL_isservice.p == NULL) + _OPENSSL_isservice.p = (void *)-1; + } + + if (_OPENSSL_isservice.p != (void *)-1) + return (*_OPENSSL_isservice.f)(); (void)GetDesktopWindow(); /* return value is ignored */ @@ -513,7 +859,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice()) + if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); @@ -539,7 +885,13 @@ void OpenSSLDie(const char *file,int line,const char *assertion) OPENSSL_showfatal( "%s(%d): OpenSSL internal error, assertion failed: %s\n", file,line,assertion); +#if !defined(_WIN32) || defined(__CYGWIN__) abort(); +#else + /* Win32 abort() customarily shows a dialog, but we just did that... */ + raise(SIGABRT); + _exit(3); +#endif } void *OPENSSL_stderr(void) { return stderr; } diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com index e72af90822..a4b6635091 100644 --- a/src/lib/libssl/src/crypto/crypto-lib.com +++ b/src/lib/libssl/src/crypto/crypto-lib.com @@ -6,10 +6,11 @@ $! A-Com Computing, Inc. $! byer@mail.all-net.net $! $! Changes by Richard Levitte +$! Zoltan Arpadffy $! $! This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" -$! library for OpenSSL. The "xxx" denotes the machine architecture of AXP -$! or VAX. +$! library for OpenSSL. The "xxx" denotes the machine architecture, ALPHA, +$! IA64 or VAX. $! $! It was re-written so it would try to determine what "C" compiler to use $! or you can specify which "C" compiler to use. @@ -17,28 +18,28 @@ $! $! Specify the following as P1 to build just that part or ALL to just $! build everything. $! -$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. -$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE -$! ALL To do both LIBRARY and APPS +$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. +$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE +$! ALL To do both LIBRARY and APPS $! $! Specify DEBUG or NODEBUG as P2 to compile with or without debugger $! information. $! $! Specify which compiler at P3 to try to compile under. $! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. +$! VAXC For VAX C. +$! DECC For DEC C. +$! GNUC For GNU C. $! -$! If you don't speficy a compiler, it will try to determine which +$! If you don't specify a compiler, it will try to determine which $! "C" compiler to use. $! $! P4, if defined, sets a TCP/IP library to use, through one of the following $! keywords: $! -$! UCX for UCX -$! TCPIP for TCPIP (post UCX) -$! SOCKETSHR for SOCKETSHR+NETLIB +$! UCX For UCX +$! TCPIP For TCPIP (post UCX) +$! SOCKETSHR For SOCKETSHR+NETLIB $! $! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) $! @@ -54,36 +55,49 @@ $ TCPIP_LIB = "" $! $! Check Which Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP +$! The Architecture Is VAX $! -$ ARCH := AXP +$ ARCH = "VAX" $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! $ ENDIF $! $! Define The Different Encryption Types. +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the SDIRS variable in [-]Makefile.org as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. $! +$ ET_WHIRLPOOL = "WHRLPOOL" +$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" $ ENCRYPT_TYPES = "Basic,"+ - "OBJECTS,"+ - - "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - - "DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,"+ - - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - + "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - + "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - + "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "STORE,CMS,PQUEUE,JPAKE" + "STORE,CMS,PQUEUE,TS,JPAKE" +$! Define The OBJ Directory. +$! +$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] +$! +$! Define The EXE Directory. +$! +$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -97,9 +111,6 @@ $! Tell The User What Kind of Machine We Run On. $! $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! -$! Define The OBJ Directory. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] $! $! Check To See If The Architecture Specific OBJ Directory Exists. $! @@ -114,10 +125,6 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! -$! Define The EXE Directory. -$! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] -$! $! Check To See If The Architecture Specific Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -161,15 +168,16 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err" +$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,ebcdic,uid,o_time,o_str,o_dir" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" $ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" $ LIB_MDC2 = "mdc2dgst,mdc2_one" -$ LIB_HMAC = "hmac" +$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth" $ LIB_RIPEMD = "rmd_dgst,rmd_one" -$ LIB_DES = "des_lib,set_key,ecb_enc,cbc_enc,"+ - +$ LIB_WHRLPOOL = "wp_dgst,wp_block" +$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - "enc_read,enc_writ,ofb64enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - @@ -184,35 +192,39 @@ $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - "cmll_cfb,cmll_ctr" -$ LIB_SEED = "seed,seed_cbc,seed_ecb,seed_cfb,seed_ofb" +$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" +$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" -$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" +$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - + LIB_BN_ASM = "bn_asm" $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - - "bn_depr,bn_x931p,bn_const,bn_opt" + "bn_depr,bn_const" $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - - "ec2_smpl,ec2_mult" + "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn" $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng" + "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ - + "rsa_pmeth" $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - - "dsa_err,dsa_ossl,dsa_depr,dsa_utl" + "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn" $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" -$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr" +$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ - + "dh_ameth,dh_pmeth,dh_prn" $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - - "dso_openssl,dso_win32,dso_vms" + "dso_openssl,dso_win32,dso_vms,dso_beos" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - - "tb_cipher,tb_digest,"+ - - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ctr,aes_ige,aes_wrap" -$ LIB_BUFFER = "buffer,buf_str,buf_err" + "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ - + "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev" +$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ - + "aes_ige,aes_wrap" +$ LIB_BUFFER = "buffer,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - @@ -224,33 +236,34 @@ $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - "rand_vms" -$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio" -$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" -$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - +$ LIB_ERR = "err,err_all,err_prn" +$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" +$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - "e_rc4,e_aes,names,e_seed,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min" -$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - + "e_xcbc_d,e_rc2,e_cast,e_rc5" +$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" -$ LIB_EVP_3 = "e_old" +$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver" $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "d2i_pu,d2i_pr,i2d_pu,i2d_pr" + "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr" $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - + "tasn_prn,ameth_lib,"+ - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - + "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ - + "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - - "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey" + "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt" $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - "x509_obj,x509_req,x509spki,x509_vfy,"+ - "x509_set,x509cset,x509rset,x509_err,"+ - @@ -266,7 +279,7 @@ $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" $ LIB_TXT_DB = "txt_db" $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - - "pk7_mime" + "pk7_mime,bio_pk7" $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - "p12_init,p12_key,p12_kiss,p12_mutl,"+ - "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" @@ -281,6 +294,9 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess" $ LIB_PQUEUE = "pqueue" +$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ - + "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ - + "ts_asn1" $ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations @@ -291,7 +307,7 @@ $ ! Disable the DOLLARID warning $ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir" $ ! Disable disjoint optimization $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," + "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc," $ ! Disable the MIXLINKAGE warning $ COMPILEWITH_CC6 = ",enc_read,set_key," $! @@ -334,11 +350,11 @@ $! Create The Library and Apps Module Names. $! $ LIB_MODULE = "LIB_" + MODULE_NAME $ APPS_MODULE = "APPS_" + MODULE_NAME -$ IF (MODULE_NAME.EQS."ASN1_2") +$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_") $ THEN $ MODULE_NAME = "ASN1" $ ENDIF -$ IF (MODULE_NAME.EQS."EVP_2") +$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_") $ THEN $ MODULE_NAME = "EVP" $ ENDIF @@ -353,7 +369,7 @@ $! $ IF F$TYPE('LIB_MODULE') .EQS. "" $ THEN $ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..." +$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." $ WRITE SYS$ERROR "" $ GOTO MODULE_NEXT $ ENDIF @@ -694,7 +710,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need A non-VAX Or A VAX Linker Option File. $! $ IF ARCH .EQS. "VAX" $ THEN @@ -714,19 +730,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -763,12 +779,12 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -787,15 +803,16 @@ $ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.E $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." +$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -848,7 +865,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -913,7 +930,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -1019,12 +1036,12 @@ $ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - THEN CC = "CC/DECC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -1046,14 +1063,14 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $ CCDEFS = """VAXC""," + CCDEFS $! @@ -1063,7 +1080,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -1085,12 +1102,12 @@ $! $! Use GNU C... $! $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - + "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + - CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -1135,7 +1152,7 @@ $! Show user the result $! $ WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! @@ -1153,14 +1170,14 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! $! Build a MACRO command for the architecture at hand $! $ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" +$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" $! $! Show user the result $! @@ -1248,7 +1265,7 @@ $! Print info $! $ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h index 0e4fb0723c..b0360cec51 100644 --- a/src/lib/libssl/src/crypto/crypto.h +++ b/src/lib/libssl/src/crypto/crypto.h @@ -1,6 +1,6 @@ /* crypto/crypto.h */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -219,13 +219,9 @@ typedef struct openssl_item_st #define CRYPTO_LOCK_EC_PRE_COMP 36 #define CRYPTO_LOCK_STORE 37 #define CRYPTO_LOCK_COMP 38 -#ifndef OPENSSL_FIPS -#define CRYPTO_NUM_LOCKS 39 -#else #define CRYPTO_LOCK_FIPS 39 #define CRYPTO_LOCK_FIPS2 40 #define CRYPTO_NUM_LOCKS 41 -#endif #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -288,9 +284,10 @@ typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { - STACK *sk; + STACK_OF(void) *sk; int dummy; /* gcc is screwing up this data structure :-( */ }; +DECLARE_STACK_OF(void) /* This stuff is basically class callback functions * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ @@ -347,7 +344,14 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) /* Set standard debugging functions (not done by default * unless CRYPTO_MDEBUG is defined) */ -void CRYPTO_malloc_debug_init(void); +#define CRYPTO_malloc_debug_init() do {\ + CRYPTO_set_mem_debug_functions(\ + CRYPTO_dbg_malloc,\ + CRYPTO_dbg_realloc,\ + CRYPTO_dbg_free,\ + CRYPTO_dbg_set_options,\ + CRYPTO_dbg_get_options);\ + } while(0) int CRYPTO_mem_ctrl(int mode); int CRYPTO_is_mem_check_on(void); @@ -420,16 +424,32 @@ void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, const char *file, int line)); int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, const char *file,int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st + { + void *ptr; + unsigned long val; + } CRYPTO_THREADID; +/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +#ifndef OPENSSL_NO_DEPRECATED void CRYPTO_set_id_callback(unsigned long (*func)(void)); unsigned long (*CRYPTO_get_id_callback(void))(void); unsigned long CRYPTO_thread_id(void); +#endif + const char *CRYPTO_get_lock_name(int type); int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, int line); -void int_CRYPTO_set_do_dynlock_callback( - void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); - int CRYPTO_get_new_dynlockid(void); void CRYPTO_destroy_dynlockid(int i); struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); @@ -454,10 +474,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), void (*f)(void *,int), void (*so)(long), long (*go)(void)); -void CRYPTO_set_mem_info_functions( - int (*push_info_fn)(const char *info, const char *file, int line), - int (*pop_info_fn)(void), - int (*remove_all_info_fn)(void)); void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), @@ -514,9 +530,6 @@ void CRYPTO_dbg_free(void *addr,int before_p); void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); -int CRYPTO_dbg_push_info(const char *info, const char *file, int line); -int CRYPTO_dbg_pop_info(void); -int CRYPTO_dbg_remove_all_info(void); #ifndef OPENSSL_NO_FP_API void CRYPTO_mem_leaks_fp(FILE *); @@ -534,69 +547,12 @@ unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); -#ifdef OPENSSL_FIPS -#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ - alg " previous FIPS forbidden algorithm error ignored"); - -#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ - #alg " Algorithm forbidden in FIPS mode"); - -#ifdef OPENSSL_FIPS_STRICT -#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) -#else -#define FIPS_BAD_ALGORITHM(alg) \ - { \ - FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ - ERR_add_error_data(2, "Algorithm=", #alg); \ - return 0; \ - } -#endif - -/* Low level digest API blocking macro */ - -#define FIPS_NON_FIPS_MD_Init(alg) \ - int alg##_Init(alg##_CTX *c) \ - { \ - if (FIPS_mode()) \ - FIPS_BAD_ALGORITHM(alg) \ - return private_##alg##_Init(c); \ - } \ - int private_##alg##_Init(alg##_CTX *c) - -/* For ciphers the API often varies from cipher to cipher and each needs to - * be treated as a special case. Variable key length ciphers (Blowfish, RC4, - * CAST) however are very similar and can use a blocking macro. - */ - -#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ - void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ - { \ - if (FIPS_mode()) \ - FIPS_BAD_ABORT(alg) \ - private_##alg##_set_key(key, len, data); \ - } \ - void private_##alg##_set_key(alg##_KEY *key, int len, \ - const unsigned char *data) - -#else - -#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ - void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) - -#define FIPS_NON_FIPS_MD_Init(alg) \ - int alg##_Init(alg##_CTX *c) - -#endif /* def OPENSSL_FIPS */ - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_CRYPTO_strings(void); -#define OPENSSL_HAVE_INIT 1 -void OPENSSL_init(void); - /* Error codes for the CRYPTO functions. */ /* Function codes. */ diff --git a/src/lib/libssl/src/crypto/des/Makefile b/src/lib/libssl/src/crypto/des/Makefile index 786e68802e..ae982265fd 100644 --- a/src/lib/libssl/src/crypto/des/Makefile +++ b/src/lib/libssl/src/crypto/des/Makefile @@ -12,8 +12,6 @@ MAKEFILE= Makefile AR= ar r RANLIB= ranlib DES_ENC= des_enc.o fcrypt_b.o -# or use -#DES_ENC= dx86-elf.o yx86-elf.o CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) @@ -24,7 +22,7 @@ TEST=destest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ +LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ @@ -33,7 +31,7 @@ LIBSRC= des_lib.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ read2pwd.c -LIBOBJ= des_lib.o set_key.o ecb_enc.o cbc_enc.o \ +LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ enc_read.o enc_writ.o ofb64enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ @@ -54,7 +52,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -64,21 +62,10 @@ des: des.o cbc3_enc.o lib des_enc-sparc.S: asm/des_enc.m4 m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -# ELF -dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@) -yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@) -# COFF -dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@) -yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@) -# a.out -dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@) -yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@) +des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ +crypt586.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/crypt586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -156,14 +143,7 @@ des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_enc.o: des_enc.c des_locl.h ncbc_enc.c -des_lib.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -des_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -des_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -des_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_lib.o: ../../include/openssl/ui_compat.h des_lib.c des_locl.h des_ver.h +des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h @@ -182,12 +162,13 @@ ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h ecb3_enc.o: des_locl.h ecb3_enc.c +ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -ecb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb_enc.o: des_locl.h ecb_enc.c spr.h +ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h ede_cbcm_enc.o: ../../include/openssl/e_os2.h ede_cbcm_enc.o: ../../include/openssl/opensslconf.h @@ -277,11 +258,11 @@ rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c +set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +set_key.o: des_locl.h set_key.c str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libssl/src/crypto/des/asm/crypt586.pl b/src/lib/libssl/src/crypto/des/asm/crypt586.pl index 1d04ed6def..e36f7d44bd 100644 --- a/src/lib/libssl/src/crypto/des/asm/crypt586.pl +++ b/src/lib/libssl/src/crypto/des/asm/crypt586.pl @@ -6,7 +6,8 @@ # things perfect. # -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"crypt586.pl"); @@ -22,7 +23,7 @@ sub fcrypt_body { local($name,$do_ip)=@_; - &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); + &function_begin($name); &comment(""); &comment("Load the 2 words"); diff --git a/src/lib/libssl/src/crypto/des/asm/des-586.pl b/src/lib/libssl/src/crypto/des/asm/des-586.pl index b75d3c6b3a..5b5f39cebd 100644 --- a/src/lib/libssl/src/crypto/des/asm/des-586.pl +++ b/src/lib/libssl/src/crypto/des/asm/des-586.pl @@ -4,7 +4,8 @@ # Svend Olaf Mikkelsen # -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; require "desboth.pl"; @@ -18,29 +19,110 @@ require "desboth.pl"; $L="edi"; $R="esi"; +$trans="ebp"; +$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); +# one can discuss setting this variable to 1 unconditionally, as +# the folded loop is only 3% slower than unrolled, but >7 times smaller -&external_label("DES_SPtrans"); +&public_label("DES_SPtrans"); + +&DES_encrypt_internal(); +&DES_decrypt_internal(); &DES_encrypt("DES_encrypt1",1); &DES_encrypt("DES_encrypt2",0); &DES_encrypt3("DES_encrypt3",1); &DES_encrypt3("DES_decrypt3",0); &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1); &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5); +&DES_SPtrans(); &asm_finish(); +sub DES_encrypt_internal() + { + &function_begin_B("_x86_DES_encrypt"); + + if ($small_footprint) + { + &lea("edx",&DWP(128,"ecx")); + &push("edx"); + &push("ecx"); + &set_label("eloop"); + &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &add("ecx",16); + &cmp("ecx",&swtmp(1)); + &mov(&swtmp(0),"ecx"); + &jb(&label("eloop")); + &add("esp",8); + } + else + { + &push("ecx"); + for ($i=0; $i<16; $i+=2) + { + &comment("Round $i"); + &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment("Round ".sprintf("%d",$i+1)); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + } + &add("esp",4); + } + &ret(); + + &function_end_B("_x86_DES_encrypt"); + } + +sub DES_decrypt_internal() + { + &function_begin_B("_x86_DES_decrypt"); + + if ($small_footprint) + { + &push("ecx"); + &lea("ecx",&DWP(128,"ecx")); + &push("ecx"); + &set_label("dloop"); + &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &sub("ecx",16); + &cmp("ecx",&swtmp(1)); + &mov(&swtmp(0),"ecx"); + &ja(&label("dloop")); + &add("esp",8); + } + else + { + &push("ecx"); + for ($i=15; $i>0; $i-=2) + { + &comment("Round $i"); + &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment("Round ".sprintf("%d",$i-1)); + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + } + &add("esp",4); + } + &ret(); + + &function_end_B("_x86_DES_decrypt"); + } + sub DES_encrypt { local($name,$do_ip)=@_; - &function_begin_B($name,"EXTRN _DES_SPtrans:DWORD"); + &function_begin_B($name); &push("esi"); &push("edi"); &comment(""); &comment("Load the 2 words"); - $trans="ebp"; if ($do_ip) { @@ -73,39 +155,20 @@ sub DES_encrypt } # PIC-ification:-) - &picmeup($trans,"DES_SPtrans"); - #if ($cpp) { &picmeup($trans,"DES_SPtrans"); } - #else { &lea($trans,&DWP("DES_SPtrans")); } + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($trans); + &lea ($trans,&DWP(&label("DES_SPtrans")."-".&label("pic_point"),$trans)); &mov( "ecx", &wparam(1) ); - &cmp("ebx","0"); - &je(&label("start_decrypt")); - - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx"); - } - &jmp(&label("end")); - &set_label("start_decrypt"); - - for ($i=15; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx"); - } - - &set_label("end"); + &cmp("ebx","0"); + &je(&label("decrypt")); + &call("_x86_DES_encrypt"); + &jmp(&label("done")); + &set_label("decrypt"); + &call("_x86_DES_decrypt"); + &set_label("done"); if ($do_ip) { @@ -139,7 +202,7 @@ sub DES_encrypt sub D_ENCRYPT { - local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_; + local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_; &mov( $u, &DWP(&n2a($S*4),$tmp2,"",0)); &xor( $tmp1, $tmp1); @@ -166,7 +229,7 @@ sub D_ENCRYPT &and( $t, "0xff" ); &xor( $L, &DWP("0x600",$trans,$tmp1,0)); &xor( $L, &DWP("0x700",$trans,$tmp2,0)); - &mov( $tmp2, &wparam(1) ); + &mov( $tmp2, $wp1 ); &xor( $L, &DWP("0x400",$trans,$u,0)); &xor( $L, &DWP("0x500",$trans,$t,0)); } @@ -249,3 +312,142 @@ sub FP_new &rotr($tt , 4); } +sub DES_SPtrans + { + &set_label("DES_SPtrans",64); + &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802); + &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002); + &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802); + &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002); + &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800); + &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800); + &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002); + &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000); + &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002); + &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800); + &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002); + &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000); + &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802); + &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000); + &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800); + &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802); + # nibble 1 + &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000); + &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000); + &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000); + &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010); + &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000); + &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010); + &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010); + &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010); + &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010); + &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000); + &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010); + &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010); + &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010); + &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000); + &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000); + &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000); + # nibble 2 + &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101); + &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100); + &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001); + &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001); + &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100); + &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001); + &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000); + &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101); + &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000); + &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101); + &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001); + &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001); + &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101); + &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100); + &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101); + &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000); + # nibble 3 + &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008); + &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008); + &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008); + &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000); + &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008); + &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000); + &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000); + &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000); + &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008); + &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000); + &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008); + &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000); + &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000); + &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008); + &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008); + &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000); + # nibble 4 + &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420); + &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000); + &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400); + &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000); + &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420); + &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020); + &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020); + &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400); + &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000); + &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400); + &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000); + &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020); + &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420); + &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000); + &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420); + &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020); + # nibble 5 + &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000); + &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000); + &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000); + &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040); + &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000); + &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040); + &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040); + &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000); + &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040); + &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000); + &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000); + &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040); + &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040); + &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000); + &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000); + &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040); + # nibble 6 + &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004); + &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000); + &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000); + &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204); + &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204); + &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200); + &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004); + &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000); + &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204); + &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004); + &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000); + &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200); + &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200); + &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000); + &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204); + &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004); + # nibble 7 + &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000); + &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080); + &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080); + &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000); + &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000); + &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000); + &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080); + &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080); + &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080); + &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000); + &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080); + &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000); + &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080); + &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000); + &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000); + &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080); + } diff --git a/src/lib/libssl/src/crypto/des/des-lib.com b/src/lib/libssl/src/crypto/des/des-lib.com index fc2c35a1ce..348f1c0470 100644 --- a/src/lib/libssl/src/crypto/des/des-lib.com +++ b/src/lib/libssl/src/crypto/des/des-lib.com @@ -9,7 +9,7 @@ $! Changes by Richard Levitte $! $! This command files compiles and creates the $! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine -$! architecture of AXP or VAX. +$! architecture of ALPHA, IA64 or VAX. $! $! It was re-written to try to determine which "C" compiler to try to use $! or the user can specify a compiler in P3. @@ -45,25 +45,34 @@ $! $! $! Check Which Architecture We Are Using. $! -$ IF (F$GETSYI("CPU").GE.128) +$ IF (F$GETSYI("CPU").LT.128) $ THEN $! -$! The Architecture Is AXP. +$! The Architecture Is VAX $! -$ ARCH := AXP +$ ARCH := VAX $! $! Else... $! $ ELSE $! -$! The Architecture Is VAX. +$! The Architecture Is Alpha, IA64 or whatever comes in the future. $! -$ ARCH := VAX +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" $! $! End The Architecture Check. $! $ ENDIF $! +$! Define The OBJ Directory Name. +$! +$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] +$! +$! Define The EXE Directory Name. +$! +$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] +$! $! Check To Make Sure We Have Valid Command Line Parameters. $! $ GOSUB CHECK_OPTIONS @@ -72,10 +81,6 @@ $! Tell The User What Kind of Machine We Run On. $! $ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." $! -$! Define The OBJ Directory Name. -$! -$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] -$! $! Check To See If The Architecture Specific OBJ Directory Exists. $! $ IF (F$PARSE(OBJ_DIR).EQS."") @@ -89,10 +94,6 @@ $! End The Architecture Specific OBJ Directory Check. $! $ ENDIF $! -$! Define The EXE Directory Name. -$! -$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] -$! $! Check To See If The Architecture Specific Directory Exists. $! $ IF (F$PARSE(EXE_DIR).EQS."") @@ -564,7 +565,7 @@ $! $ IF (F$SEARCH(OPT_FILE).EQS."") $ THEN $! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. +$! Figure Out If We Need An non-VAX Or A VAX Linker Option File. $! $ IF (F$GETSYI("CPU").LT.128) $ THEN @@ -584,19 +585,19 @@ $! Else... $! $ ELSE $! -$! Create The AXP Linker Option File. +$! Create The non-VAX Linker Option File. $! $ CREATE 'OPT_FILE' $DECK ! -! Default System Options File For AXP To Link Agianst +! Default System Options File For non-VAX To Link Agianst ! The Sharable C Runtime Library. ! SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE SYS$SHARE:CMA$OPEN_RTL/SHARE $EOD $! -$! End The VAX/AXP DEC C Option File Check. +$! End The DEC C Option File Check. $! $ ENDIF $! @@ -658,13 +659,13 @@ $! Else... $! $ ELSE $! -$! Else, Check To See If P1 Has A Valid Arguement. +$! Else, Check To See If P1 Has A Valid Argument. $! $ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") $ THEN $! -$! A Valid Arguement. +$! A Valid Argument. $! $ BUILDALL = P1 $! @@ -677,7 +678,7 @@ $! $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything. +$ WRITE SYS$OUTPUT " ALL : Just Build Everything." $ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." $ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." $ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." @@ -687,15 +688,16 @@ $ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For: " $ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." +$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture." +$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture." +$ WRITE SYS$OUTPUT " VAX : VAX Architecture." $ WRITE SYS$OUTPUT "" $! $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -752,7 +754,7 @@ $! Time To EXIT. $! $ EXIT $! -$! End The Valid Arguement Check. +$! End The Valid Argument Check. $! $ ENDIF $! @@ -817,7 +819,7 @@ $ ELSE $! $! Check To See If We Have VAXC Or DECC. $! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") +$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") $ THEN $! $! Looks Like DECC, Set To Use DECC. @@ -882,7 +884,7 @@ $ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT" $! $! End DECC Check. $! @@ -904,9 +906,9 @@ $! $! Compile Using VAXC. $! $ CC = "CC" -$ IF ARCH.EQS."AXP" +$ IF ARCH.NES."VAX" $ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" +$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!" $ EXIT $ ENDIF $ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" @@ -919,7 +921,7 @@ $ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT" $! $! End VAXC Check $! @@ -944,7 +946,7 @@ $ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS $! $! Define The Linker Options File Name. $! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" +$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT" $! $! End The GNU C Check. $! @@ -976,7 +978,7 @@ $! Show user the result $! $ WRITE SYS$OUTPUT "Main Compiling Command: ",CC $! -$! Else The User Entered An Invalid Arguement. +$! Else The User Entered An Invalid Argument. $! $ ELSE $! diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c index cf71965aca..828feba208 100644 --- a/src/lib/libssl/src/crypto/des/des_enc.c +++ b/src/lib/libssl/src/crypto/des/des_enc.c @@ -57,6 +57,7 @@ */ #include "des_locl.h" +#include "spr.h" void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { @@ -107,12 +108,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } @@ -136,12 +135,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else - for (i=30; i>0; i-=8) + for (i=30; i>0; i-=4) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } @@ -203,12 +200,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } @@ -232,12 +227,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else - for (i=30; i>0; i-=8) + for (i=30; i>0; i-=4) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } @@ -289,8 +282,6 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, #ifndef DES_DEFAULT_OPTIONS -#if !defined(OPENSSL_FIPS_DES_ASM) - #undef CBC_ENC_C__DONT_UPDATE_IV #include "ncbc_enc.c" /* DES_ncbc_encrypt */ @@ -406,6 +397,4 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, tin[0]=tin[1]=0; } -#endif - #endif /* DES_DEFAULT_OPTIONS */ diff --git a/src/lib/libssl/src/crypto/des/des_locl.h b/src/lib/libssl/src/crypto/des/des_locl.h index 4b9ecff233..a3b512e9b0 100644 --- a/src/lib/libssl/src/crypto/des/des_locl.h +++ b/src/lib/libssl/src/crypto/des/des_locl.h @@ -61,7 +61,7 @@ #include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_WIN32) #ifndef OPENSSL_SYS_MSDOS #define OPENSSL_SYS_MSDOS #endif @@ -425,4 +425,8 @@ extern const DES_LONG DES_SPtrans[8][64]; void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1); + +#ifdef OPENSSL_SMALL_FOOTPRINT +#undef DES_UNROLL +#endif #endif diff --git a/src/lib/libssl/src/crypto/des/ecb_enc.c b/src/lib/libssl/src/crypto/des/ecb_enc.c index 75ae6cf8bb..0684e769b3 100644 --- a/src/lib/libssl/src/crypto/des/ecb_enc.c +++ b/src/lib/libssl/src/crypto/des/ecb_enc.c @@ -57,7 +57,53 @@ */ #include "des_locl.h" -#include "spr.h" +#include "des_ver.h" +#include +#include + +OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; +OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; + +const char *DES_options(void) + { + static int init=1; + static char buf[32]; + + if (init) + { + const char *ptr,*unroll,*risc,*size; + +#ifdef DES_PTR + ptr="ptr"; +#else + ptr="idx"; +#endif +#if defined(DES_RISC1) || defined(DES_RISC2) +#ifdef DES_RISC1 + risc="risc1"; +#endif +#ifdef DES_RISC2 + risc="risc2"; +#endif +#else + risc="cisc"; +#endif +#ifdef DES_UNROLL + unroll="16"; +#else + unroll="2"; +#endif + if (sizeof(DES_LONG) != sizeof(long)) + size="int"; + else + size="long"; + BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, + size); + init=0; + } + return(buf); + } + void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int enc) diff --git a/src/lib/libssl/src/crypto/des/enc_read.c b/src/lib/libssl/src/crypto/des/enc_read.c index e7da2ec66b..edb6620d08 100644 --- a/src/lib/libssl/src/crypto/des/enc_read.c +++ b/src/lib/libssl/src/crypto/des/enc_read.c @@ -63,7 +63,7 @@ /* This has some uglies in it but it works - even over sockets. */ /*extern int errno;*/ -OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; +OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE) /* @@ -87,6 +87,9 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv) { +#if defined(OPENSSL_NO_POSIX_IO) + return(0); +#else /* data to be unencrypted */ int net_num=0; static unsigned char *net=NULL; @@ -147,7 +150,7 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, /* first - get the length */ while (net_num < HDRSIZE) { -#ifndef _WIN32 +#ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); #else i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); @@ -173,7 +176,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, net_num=0; while (net_num < rnum) { +#ifndef OPENSSL_SYS_WIN32 i=read(fd,(void *)&(net[net_num]),rnum-net_num); +#else + i=_read(fd,(void *)&(net[net_num]),rnum-net_num); +#endif #ifdef EINTR if ((i == -1) && (errno == EINTR)) continue; #endif @@ -228,5 +235,6 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, } } return num; +#endif /* OPENSSL_NO_POSIX_IO */ } diff --git a/src/lib/libssl/src/crypto/des/enc_writ.c b/src/lib/libssl/src/crypto/des/enc_writ.c index c2f032c9a6..2353ac1e89 100644 --- a/src/lib/libssl/src/crypto/des/enc_writ.c +++ b/src/lib/libssl/src/crypto/des/enc_writ.c @@ -80,6 +80,9 @@ int DES_enc_write(int fd, const void *_buf, int len, DES_key_schedule *sched, DES_cblock *iv) { +#if defined(OPENSSL_NO_POSIX_IO) + return (-1); +#else #ifdef _LIBC extern unsigned long time(); extern int write(); @@ -172,4 +175,5 @@ int DES_enc_write(int fd, const void *_buf, int len, } return(len); +#endif /* OPENSSL_NO_POSIX_IO */ } diff --git a/src/lib/libssl/src/crypto/des/fcrypt_b.c b/src/lib/libssl/src/crypto/des/fcrypt_b.c index 1390138787..8822816938 100644 --- a/src/lib/libssl/src/crypto/des/fcrypt_b.c +++ b/src/lib/libssl/src/crypto/des/fcrypt_b.c @@ -100,12 +100,10 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, #ifndef DES_UNROLL register int i; - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 1 */ - D_ENCRYPT(r,l,i+6); /* 2 */ } #else D_ENCRYPT(l,r, 0); /* 1 */ diff --git a/src/lib/libssl/src/crypto/des/rpc_des.h b/src/lib/libssl/src/crypto/des/rpc_des.h index 4cbb4d2dcd..41328d7965 100644 --- a/src/lib/libssl/src/crypto/des/rpc_des.h +++ b/src/lib/libssl/src/crypto/des/rpc_des.h @@ -122,10 +122,10 @@ struct desparams { /* * Encrypt an arbitrary sized buffer */ -#define DESIOCBLOCK _IOWR(d, 6, struct desparams) +#define DESIOCBLOCK _IOWR('d', 6, struct desparams) /* * Encrypt of small amount of data, quickly */ -#define DESIOCQUICK _IOWR(d, 7, struct desparams) +#define DESIOCQUICK _IOWR('d', 7, struct desparams) diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c index c0806d593c..3004cc3ab3 100644 --- a/src/lib/libssl/src/crypto/des/set_key.c +++ b/src/lib/libssl/src/crypto/des/set_key.c @@ -64,12 +64,8 @@ * 1.0 First working version */ #include "des_locl.h" -#ifdef OPENSSL_FIPS -#include -#endif - -OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ +OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0) /* defaults to false */ static const unsigned char odd_parity[256]={ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, @@ -340,7 +336,7 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) { - static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; + static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; register DES_LONG c,d,t,s,t2; register const unsigned char *in; register DES_LONG *k; @@ -353,10 +349,6 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) k = &schedule->ks->deslong[0]; in = &(*key)[0]; -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif - c2l(in,c); c2l(in,d); @@ -413,4 +405,3 @@ void des_fixup_key_parity(des_cblock *key) des_set_odd_parity(key); } */ - diff --git a/src/lib/libssl/src/crypto/des/xcbc_enc.c b/src/lib/libssl/src/crypto/des/xcbc_enc.c index dc0c761b71..058cab6bce 100644 --- a/src/lib/libssl/src/crypto/des/xcbc_enc.c +++ b/src/lib/libssl/src/crypto/des/xcbc_enc.c @@ -61,7 +61,7 @@ /* RSA's DESX */ #if 0 /* broken code, preserved just in case anyone specifically looks for this */ -static unsigned char desx_white_in2out[256]={ +static const unsigned char desx_white_in2out[256]={ 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, 0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36, diff --git a/src/lib/libssl/src/crypto/dh/Makefile b/src/lib/libssl/src/crypto/dh/Makefile index d01fa960eb..f23b4f7fde 100644 --- a/src/lib/libssl/src/crypto/dh/Makefile +++ b/src/lib/libssl/src/crypto/dh/Makefile @@ -17,8 +17,10 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c \ + dh_ameth.c dh_pmeth.c dh_prn.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o \ + dh_ameth.o dh_pmeth.o dh_prn.o SRC= $(LIBSRC) @@ -33,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,6 +76,21 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dh_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dh_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_ameth.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +dh_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +dh_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_ameth.o: ../../include/openssl/opensslconf.h +dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +dh_ameth.o: dh_ameth.c dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -129,11 +146,35 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dh_lib.o: ../cryptlib.h dh_lib.c +dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dh_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h +dh_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dh_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dh_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +dh_pmeth.o: dh_pmeth.c +dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dh_prn.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h +dh_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c diff --git a/src/lib/libssl/src/crypto/dh/dh.h b/src/lib/libssl/src/crypto/dh/dh.h index 10475ac4b3..849309a489 100644 --- a/src/lib/libssl/src/crypto/dh/dh.h +++ b/src/lib/libssl/src/crypto/dh/dh.h @@ -77,8 +77,6 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif -#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -159,7 +157,6 @@ struct dh_st this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ @@ -167,12 +164,9 @@ struct dh_st #define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) -const DH_METHOD *DH_OpenSSL(void); +DH *DHparams_dup(DH *); -#ifdef OPENSSL_FIPS -DH * FIPS_dh_new(void); -void FIPS_dh_free(DH *dh); -#endif +const DH_METHOD *DH_OpenSSL(void); void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); @@ -212,6 +206,18 @@ int DHparams_print(BIO *bp, const DH *x); int DHparams_print(char *bp, const DH *x); #endif +#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -222,22 +228,31 @@ void ERR_load_DH_strings(void); /* Function codes. */ #define DH_F_COMPUTE_KEY 102 -#define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 #define DH_F_DH_BUILTIN_GENPARAMS 106 -#define DH_F_DH_COMPUTE_KEY 107 -#define DH_F_DH_GENERATE_KEY 108 -#define DH_F_DH_GENERATE_PARAMETERS 109 #define DH_F_DH_NEW_METHOD 105 +#define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PRIV_DECODE 110 +#define DH_F_DH_PRIV_ENCODE 111 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 +#define DH_F_DO_DH_PRINT 100 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 +#define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 -#define DH_R_KEY_SIZE_TOO_SMALL 104 +#define DH_R_KEYS_NOT_SET 108 #define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/dh/dh_asn1.c b/src/lib/libssl/src/crypto/dh/dh_asn1.c index 76740af2bd..0b4357d605 100644 --- a/src/lib/libssl/src/crypto/dh/dh_asn1.c +++ b/src/lib/libssl/src/crypto/dh/dh_asn1.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,7 +64,8 @@ #include /* Override the default free and new methods */ -static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DH_new(); @@ -85,3 +86,8 @@ ASN1_SEQUENCE_cb(DHparams, dh_cb) = { } ASN1_SEQUENCE_END_cb(DH, DHparams) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) + +DH *DHparams_dup(DH *dh) + { + return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh); + } diff --git a/src/lib/libssl/src/crypto/dh/dh_check.c b/src/lib/libssl/src/crypto/dh/dh_check.c index 316cb9221d..066898174e 100644 --- a/src/lib/libssl/src/crypto/dh/dh_check.c +++ b/src/lib/libssl/src/crypto/dh/dh_check.c @@ -70,8 +70,6 @@ * should hold. */ -#ifndef OPENSSL_FIPS - int DH_check(const DH *dh, int *ret) { int ok=0; @@ -130,11 +128,11 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) q=BN_new(); if (q == NULL) goto err; BN_set_word(q,1); - if (BN_cmp(pub_key,q) <= 0) + if (BN_cmp(pub_key,q)<=0) *ret|=DH_CHECK_PUBKEY_TOO_SMALL; BN_copy(q,dh->p); BN_sub_word(q,1); - if (BN_cmp(pub_key,q) >= 0) + if (BN_cmp(pub_key,q)>=0) *ret|=DH_CHECK_PUBKEY_TOO_LARGE; ok = 1; @@ -142,5 +140,3 @@ err: if (q != NULL) BN_free(q); return(ok); } - -#endif diff --git a/src/lib/libssl/src/crypto/dh/dh_err.c b/src/lib/libssl/src/crypto/dh/dh_err.c index 13263c81c1..d5cf0c22a3 100644 --- a/src/lib/libssl/src/crypto/dh/dh_err.c +++ b/src/lib/libssl/src/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,25 +71,34 @@ static ERR_STRING_DATA DH_str_functs[]= { {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, -{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, -{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, -{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +{ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, +{ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, +{ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, +{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, +{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, +{ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, +{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, +{ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, {0,NULL} }; static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, +{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, -{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c index 999e1deb40..cfd5b11868 100644 --- a/src/lib/libssl/src/crypto/dh/dh_gen.c +++ b/src/lib/libssl/src/crypto/dh/dh_gen.c @@ -66,8 +66,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -175,5 +173,3 @@ err: } return ok; } - -#endif diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c index 79dd331863..e7db440342 100644 --- a/src/lib/libssl/src/crypto/dh/dh_key.c +++ b/src/lib/libssl/src/crypto/dh/dh_key.c @@ -62,8 +62,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -263,5 +261,3 @@ static int dh_finish(DH *dh) BN_MONT_CTX_free(dh->method_mont_p); return(1); } - -#endif diff --git a/src/lib/libssl/src/crypto/dsa/Makefile b/src/lib/libssl/src/crypto/dsa/Makefile index 2cc45cdc62..8073c4ecfe 100644 --- a/src/lib/libssl/src/crypto/dsa/Makefile +++ b/src/lib/libssl/src/crypto/dsa/Makefile @@ -18,14 +18,14 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c + dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o + dsa_err.o dsa_ossl.o dsa_depr.o dsa_ameth.o dsa_pmeth.o dsa_prn.o SRC= $(LIBSRC) EXHEADER= dsa.h -HEADER= $(EXHEADER) +HEADER= dsa_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,12 +76,27 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +dsa_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_ameth.o: ../../include/openssl/objects.h +dsa_ameth.o: ../../include/openssl/opensslconf.h +dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +dsa_ameth.o: dsa_ameth.c dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -91,9 +106,8 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_depr.o: ../../include/openssl/opensslconf.h +dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -110,13 +124,12 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_gen.o: ../cryptlib.h dsa_gen.c +dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -132,14 +145,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dsa_lib.o: ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -148,40 +161,48 @@ dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_ossl.o: ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_ossl.o: ../cryptlib.h dsa_ossl.c -dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c +dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_pmeth.o: ../../include/openssl/objects.h +dsa_pmeth.o: ../../include/openssl/opensslconf.h +dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +dsa_pmeth.o: dsa_locl.h dsa_pmeth.c +dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +dsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_prn.o: ../cryptlib.h dsa_prn.c +dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h -dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_sign.o: ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c -dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c -dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h +dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_vrf.o: ../cryptlib.h dsa_vrf.c diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h index 702c50d6dc..ac50a5c846 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa.h +++ b/src/lib/libssl/src/crypto/dsa/dsa.h @@ -88,8 +88,6 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif -#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 - #define DSA_FLAG_CACHE_MONT_P 0x01 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA * implementation now uses constant time @@ -99,25 +97,6 @@ * be used for all exponents. */ -/* If this flag is set the DSA method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its reposibility - * to ensure the result is compliant. - */ - -#define DSA_FLAG_FIPS_METHOD 0x0400 - -/* If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - -#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 - -#ifdef OPENSSL_FIPS -#define FIPS_DSA_SIZE_T int -#endif - #ifdef __cplusplus extern "C" { #endif @@ -139,7 +118,7 @@ struct dsa_method int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); + DSA_SIG *sig, DSA *dsa); int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); @@ -152,7 +131,7 @@ struct dsa_method char *app_data; /* If this is non-NULL, it is used to generate DSA parameters */ int (*dsa_paramgen)(DSA *dsa, int bits, - unsigned char *seed, int seed_len, + const unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); /* If this is non-NULL, it is used to generate DSA keys */ @@ -186,7 +165,6 @@ struct dsa_st ENGINE *engine; }; -#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ @@ -195,6 +173,7 @@ struct dsa_st #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) +DSA *DSAparams_dup(DSA *x); DSA_SIG * DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); @@ -210,11 +189,6 @@ void DSA_set_default_method(const DSA_METHOD *); const DSA_METHOD *DSA_get_default_method(void); int DSA_set_method(DSA *dsa, const DSA_METHOD *); -#ifdef OPENSSL_FIPS -DSA * FIPS_dsa_new(void); -void FIPS_dsa_free (DSA *r); -#endif - DSA * DSA_new(void); DSA * DSA_new_method(ENGINE *engine); void DSA_free (DSA *r); @@ -246,7 +220,7 @@ DSA * DSA_generate_parameters(int bits, /* New version */ int DSA_generate_parameters_ex(DSA *dsa, int bits, - unsigned char *seed,int seed_len, + const unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); int DSA_generate_key(DSA *a); @@ -275,10 +249,13 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); DH *DSA_dup_DH(const DSA *r); #endif -#ifdef OPENSSL_FIPS -int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); -int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); -#endif +#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -290,33 +267,39 @@ void ERR_load_DSA_strings(void); /* Function codes. */ #define DSA_F_D2I_DSA_SIG 110 +#define DSA_F_DO_DSA_PRINT 104 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 -#define DSA_F_DSA_BUILTIN_KEYGEN 119 -#define DSA_F_DSA_BUILTIN_PARAMGEN 118 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 -#define DSA_F_DSA_GENERATE_PARAMETERS 117 #define DSA_F_DSA_NEW_METHOD 103 -#define DSA_F_DSA_PRINT 104 +#define DSA_F_DSA_PARAM_DECODE 119 #define DSA_F_DSA_PRINT_FP 105 -#define DSA_F_DSA_SET_DEFAULT_METHOD 115 -#define DSA_F_DSA_SET_METHOD 116 +#define DSA_F_DSA_PRIV_DECODE 115 +#define DSA_F_DSA_PRIV_ENCODE 116 +#define DSA_F_DSA_PUB_DECODE 117 +#define DSA_F_DSA_PUB_ENCODE 118 #define DSA_F_DSA_SIGN 106 #define DSA_F_DSA_SIGN_SETUP 107 #define DSA_F_DSA_SIG_NEW 109 #define DSA_F_DSA_VERIFY 108 #define DSA_F_I2D_DSA_SIG 111 +#define DSA_F_OLD_DSA_PRIV_DECODE 122 +#define DSA_F_PKEY_DSA_CTRL 120 +#define DSA_F_PKEY_DSA_KEYGEN 121 #define DSA_F_SIG_CB 114 /* Reason codes. */ #define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 -#define DSA_R_KEY_SIZE_TOO_SMALL 106 +#define DSA_R_DECODE_ERROR 104 +#define DSA_R_INVALID_DIGEST_TYPE 106 #define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 103 -#define DSA_R_NON_FIPS_METHOD 104 -#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 +#define DSA_R_NO_PARAMETERS_SET 107 +#define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c index 0645facb4b..c37460b2d6 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_asn1.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_asn1.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,24 +61,23 @@ #include #include #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - /* Override the default new methods */ -static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; sig = OPENSSL_malloc(sizeof(DSA_SIG)); + if (!sig) + { + DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); + return 0; + } sig->r = NULL; sig->s = NULL; *pval = (ASN1_VALUE *)sig; - if(sig) return 2; - DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); - return 0; + return 2; } return 1; } @@ -88,10 +87,11 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) +IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) /* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); @@ -144,75 +144,7 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) - { - DSA_SIG *s; -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); - } - -int DSA_size(const DSA *r) - { - int ret,i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ - - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) +DSA *DSAparams_dup(DSA *dsa) { - DSA_SIG *s; - int ret=-1; -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); + return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); } - diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c index 872839af94..bba984e92e 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,23 +71,26 @@ static ERR_STRING_DATA DSA_str_functs[]= { {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, +{ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, -{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, -{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, -{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, -{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, +{ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"}, {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, -{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, -{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, +{ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"}, +{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"}, +{ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"}, +{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, +{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"}, +{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"}, +{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"}, {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, {0,NULL} }; @@ -95,12 +98,15 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, +{ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DSA_R_BN_ERROR) ,"bn error"}, {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, -{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, -{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, -{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, +{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"}, +{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c index 6f1728e3cf..0fcd25f8b0 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c @@ -74,69 +74,88 @@ #ifndef OPENSSL_NO_SHA #include -#include #include "cryptlib.h" #include #include -#include #include #include - -#ifndef OPENSSL_FIPS - -static int dsa_builtin_paramgen(DSA *ret, int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, - unsigned char *seed_in, int seed_len, + const unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { if(ret->meth->dsa_paramgen) return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, counter_ret, h_ret, cb); - return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb); + else + { + const EVP_MD *evpmd; + size_t qbits = bits >= 2048 ? 256 : 160; + + if (bits >= 2048) + { + qbits = 256; + evpmd = EVP_sha256(); + } + else + { + qbits = 160; + evpmd = EVP_sha1(); + } + + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, + seed_in, seed_len, counter_ret, h_ret, cb); + } } -static int dsa_builtin_paramgen(DSA *ret, int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { int ok=0; - unsigned char seed[SHA_DIGEST_LENGTH]; - unsigned char md[SHA_DIGEST_LENGTH]; - unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; + unsigned char seed[SHA256_DIGEST_LENGTH]; + unsigned char md[SHA256_DIGEST_LENGTH]; + unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; BIGNUM *r0,*W,*X,*c,*test; BIGNUM *g=NULL,*q=NULL,*p=NULL; BN_MONT_CTX *mont=NULL; - int k,n=0,i,b,m=0; + int i, k,n=0,b,m=0, qsize = qbits >> 3; int counter=0; int r=0; BN_CTX *ctx=NULL; unsigned int h=2; - if (bits < 512) bits=512; - bits=(bits+63)/64*64; + if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && + qsize != SHA256_DIGEST_LENGTH) + /* invalid q size */ + return 0; + + if (evpmd == NULL) + /* use SHA1 as default */ + evpmd = EVP_sha1(); + + if (bits < 512) + bits = 512; + + bits = (bits+63)/64*64; /* NB: seed_len == 0 is special case: copy generated seed to * seed_in if it is not NULL. */ - if (seed_len && (seed_len < 20)) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > 20) - seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ - if ((seed_in != NULL) && (seed_len == 20)) - { - memcpy(seed,seed_in,seed_len); - /* set seed_in to NULL to avoid it being copied back */ - seed_in = NULL; - } - - if ((ctx=BN_CTX_new()) == NULL) goto err; + if (seed_len && (seed_len < (size_t)qsize)) + seed_in = NULL; /* seed buffer too small -- ignore */ + if (seed_len > (size_t)qsize) + seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits*/ + if (seed_in != NULL) + memcpy(seed, seed_in, seed_len); + + if ((ctx=BN_CTX_new()) == NULL) + goto err; - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; + if ((mont=BN_MONT_CTX_new()) == NULL) + goto err; BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); @@ -163,7 +182,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, if (!seed_len) { - RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); + RAND_pseudo_bytes(seed, qsize); seed_is_random = 1; } else @@ -171,25 +190,27 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, seed_is_random = 0; seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ } - memcpy(buf,seed,SHA_DIGEST_LENGTH); - memcpy(buf2,seed,SHA_DIGEST_LENGTH); + memcpy(buf , seed, qsize); + memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) + for (i = qsize-1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; + if (buf[i] != 0) + break; } /* step 2 */ - EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); - EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); - for (i=0; i= 0; i--) + for (i = qsize-1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; + if (buf[i] != 0) + break; } - EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); + EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) + if (!BN_bin2bn(md, qsize, r0)) goto err; - if (!BN_lshift(r0,r0,160*k)) goto err; + if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; if (!BN_add(W,W,r0)) goto err; } @@ -309,7 +331,6 @@ err: ok=0; goto err; } - if (seed_in != NULL) memcpy(seed_in,seed,20); if (counter_ret != NULL) *counter_ret=counter; if (h_ret != NULL) *h_ret=h; } @@ -322,4 +343,3 @@ err: return ok; } #endif -#endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c index 5e39124230..c4aa86bc6d 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_key.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c @@ -64,8 +64,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int dsa_builtin_keygen(DSA *dsa); int DSA_generate_key(DSA *dsa) @@ -128,5 +126,3 @@ err: return(ok); } #endif - -#endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c index 7ac9dc8c89..e9b75902db 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c @@ -76,14 +76,6 @@ static const DSA_METHOD *default_DSA_method = NULL; void DSA_set_default_method(const DSA_METHOD *meth) { -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) - { - DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); - return; - } -#endif - default_DSA_method = meth; } @@ -104,13 +96,6 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) /* NB: The caller is specifically setting a method, so it's not up to us * to deal with which ENGINE it comes from. */ const DSA_METHOD *mtmp; -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) - { - DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); - return 0; - } -#endif mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); #ifndef OPENSSL_NO_ENGINE @@ -162,18 +147,6 @@ DSA *DSA_new_method(ENGINE *engine) } } #endif -#ifdef OPENSSL_FIPS - if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) - { - DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); -#ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); -#endif - OPENSSL_free(ret); - return NULL; - } -#endif ret->pad=0; ret->version=0; @@ -260,6 +233,28 @@ int DSA_up_ref(DSA *r) return ((i > 1) ? 1 : 0); } +int DSA_size(const DSA *r) + { + int ret,i; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + + i=BN_num_bits(r->q); + bs.length=(i+7)/8; + bs.data=buf; + bs.type=V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0]=0xff; + + i=i2d_ASN1_INTEGER(&bs,NULL); + i+=i; /* r and s */ + ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); + return(ret); + } + int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c index 412cf1d88b..4fead07e80 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -61,16 +61,15 @@ #include #include "cryptlib.h" #include +#include #include #include #include -#ifndef OPENSSL_FIPS - static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa); + DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); @@ -135,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BIGNUM m; BIGNUM xr; BN_CTX *ctx=NULL; - int i,reason=ERR_R_BN_LIB; + int reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; BN_init(&m); @@ -150,8 +149,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) s=BN_new(); if (s == NULL) goto err; - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) + /* reject a excessive digest length (currently at most + * dsa-with-SHA256 is supported) */ + if (dlen > SHA256_DIGEST_LENGTH) { reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; goto err; @@ -172,7 +172,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) dsa->r=NULL; } - if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + + if (dlen > BN_num_bytes(dsa->q)) + /* if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 */ + dlen = BN_num_bytes(dsa->q); + if (BN_bin2bn(dgst,dlen,&m) == NULL) + goto err; /* Compute s = inv(k) (m + xr) mod q */ if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ @@ -283,30 +290,31 @@ err: if (!ret) { DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); + if (r != NULL) + BN_clear_free(r); } if (ctx_in == NULL) BN_CTX_free(ctx); - if (kinv != NULL) BN_clear_free(kinv); BN_clear_free(&k); BN_clear_free(&kq); return(ret); } static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) + DSA *dsa) { BN_CTX *ctx; BIGNUM u1,u2,t1; BN_MONT_CTX *mont=NULL; - int ret = -1; + int ret = -1, i; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); return -1; } - if (BN_num_bits(dsa->q) != 160) + i = BN_num_bits(dsa->q); + /* fips 186-3 allows only different sizes for q */ + if (i != 160 && i != 224 && i != 256) { DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); return -1; @@ -318,6 +326,14 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } + /* reject a excessive digest length (currently at most + * dsa-with-SHA256 is supported) */ + if (dgst_len > SHA256_DIGEST_LENGTH) + { + DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return -1; + } + BN_init(&u1); BN_init(&u2); BN_init(&t1); @@ -342,6 +358,11 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; /* save M in u1 */ + if (dgst_len > (i >> 3)) + /* if the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see + * fips 186-3, 4.2 */ + dgst_len = (i >> 3); if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; /* u1 = M * w mod q */ @@ -393,4 +414,3 @@ static int dsa_finish(DSA *dsa) return(1); } -#endif diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c index 4cfbbe57a8..17555e5892 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c @@ -58,38 +58,33 @@ /* Original version from Steven Schoch */ -#include #include "cryptlib.h" -#include #include #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return NULL; - } -#endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + DSA_SIG *s; + RAND_seed(dgst, dlen); + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) { - DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; + *siglen=0; + return(0); } -#endif + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); + } + +int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c index c75e423048..226a75ff3f 100644 --- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c +++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c @@ -58,27 +58,32 @@ /* Original version from Steven Schoch */ -#include #include "cryptlib.h" -#include #include -#include -#include -#ifdef OPENSSL_FIPS -#include -#endif - -#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) - { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } + +/* data has already been hashed (probably with SHA or SHA-1). */ +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) + { + DSA_SIG *s; + int ret=-1; + + s = DSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + ret=DSA_do_verify(dgst,dgst_len,s,dsa); +err: + DSA_SIG_free(s); + return(ret); + } diff --git a/src/lib/libssl/src/crypto/dsa/dsatest.c b/src/lib/libssl/src/crypto/dsa/dsatest.c index 912317bb44..edffd24e6b 100644 --- a/src/lib/libssl/src/crypto/dsa/dsatest.c +++ b/src/lib/libssl/src/crypto/dsa/dsatest.c @@ -169,7 +169,6 @@ int main(int argc, char **argv) } BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h); - if (dsa == NULL) goto end; DSA_print(bio_err,dsa,0); if (counter != 105) { @@ -223,7 +222,7 @@ end: ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) diff --git a/src/lib/libssl/src/crypto/dso/Makefile b/src/lib/libssl/src/crypto/dso/Makefile index 52f152888c..fb2709ed63 100644 --- a/src/lib/libssl/src/crypto/dso/Makefile +++ b/src/lib/libssl/src/crypto/dso/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c dso_win32.c dso_vms.c + dso_openssl.c dso_win32.c dso_vms.c dso_beos.c LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \ - dso_openssl.o dso_win32.o dso_vms.o + dso_openssl.o dso_win32.o dso_vms.o dso_beos.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -76,6 +76,14 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +dso_beos.o: ../../e_os.h ../../include/openssl/bio.h +dso_beos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dso_beos.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +dso_beos.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dso_beos.o: ../../include/openssl/opensslconf.h +dso_beos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dso_beos.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dso_beos.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_beos.c dso_dl.o: ../../e_os.h ../../include/openssl/bio.h dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h diff --git a/src/lib/libssl/src/crypto/dso/dso.h b/src/lib/libssl/src/crypto/dso/dso.h index 3e51913a72..839f2e0617 100644 --- a/src/lib/libssl/src/crypto/dso/dso.h +++ b/src/lib/libssl/src/crypto/dso/dso.h @@ -170,6 +170,11 @@ typedef struct dso_meth_st /* [De]Initialisation handlers. */ int (*init)(DSO *dso); int (*finish)(DSO *dso); + + /* Return pathname of the module containing location */ + int (*pathbyaddr)(void *addr,char *path,int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup)(const char *symname); } DSO_METHOD; /**********************************************************************/ @@ -183,7 +188,7 @@ struct dso_st * for use in the dso_bind handler. All in all, let each * method control its own destiny. "Handles" and such go in * a STACK. */ - STACK *meth_data; + STACK_OF(void) *meth_data; int references; int flags; /* For use by applications etc ... use this for your bits'n'pieces, @@ -296,6 +301,30 @@ DSO_METHOD *DSO_METHOD_win32(void); /* If VMS is defined, use shared images. If not, return NULL. */ DSO_METHOD *DSO_METHOD_vms(void); +/* This function writes null-terminated pathname of DSO module + * containing 'addr' into 'sz' large caller-provided 'path' and + * returns the number of characters [including trailing zero] + * written to it. If 'sz' is 0 or negative, 'path' is ignored and + * required amount of charachers [including trailing zero] to + * accomodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero + * return value denotes error. + */ +int DSO_pathbyaddr(void *addr,char *path,int sz); + +/* This function should be used with caution! It looks up symbols in + * *all* loaded modules and if module gets unloaded by somebody else + * attempt to dereference the pointer is doomed to have fatal + * consequences. Primary usage for this function is to probe *core* + * system functionality, e.g. check if getnameinfo(3) is available + * at run-time without bothering about OS-specific details such as + * libc.so.versioning or where does it actually reside: in libc + * itself or libsocket. */ +void *DSO_global_lookup(const char *name); + +/* If BeOS is defined, use shared images. If not, return NULL. */ +DSO_METHOD *DSO_METHOD_beos(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -305,6 +334,11 @@ void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ /* Function codes. */ +#define DSO_F_BEOS_BIND_FUNC 144 +#define DSO_F_BEOS_BIND_VAR 145 +#define DSO_F_BEOS_LOAD 146 +#define DSO_F_BEOS_NAME_CONVERTER 147 +#define DSO_F_BEOS_UNLOAD 148 #define DSO_F_DLFCN_BIND_FUNC 100 #define DSO_F_DLFCN_BIND_VAR 101 #define DSO_F_DLFCN_LOAD 102 @@ -324,22 +358,29 @@ void ERR_load_DSO_strings(void); #define DSO_F_DSO_FREE 111 #define DSO_F_DSO_GET_FILENAME 127 #define DSO_F_DSO_GET_LOADED_FILENAME 128 +#define DSO_F_DSO_GLOBAL_LOOKUP 139 #define DSO_F_DSO_LOAD 112 #define DSO_F_DSO_MERGE 132 #define DSO_F_DSO_NEW_METHOD 113 +#define DSO_F_DSO_PATHBYADDR 140 #define DSO_F_DSO_SET_FILENAME 129 #define DSO_F_DSO_SET_NAME_CONVERTER 122 #define DSO_F_DSO_UP_REF 114 +#define DSO_F_GLOBAL_LOOKUP_FUNC 138 +#define DSO_F_PATHBYADDR 137 #define DSO_F_VMS_BIND_SYM 115 #define DSO_F_VMS_LOAD 116 #define DSO_F_VMS_MERGER 133 #define DSO_F_VMS_UNLOAD 117 #define DSO_F_WIN32_BIND_FUNC 118 #define DSO_F_WIN32_BIND_VAR 119 +#define DSO_F_WIN32_GLOBALLOOKUP 142 +#define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 #define DSO_F_WIN32_JOINER 135 #define DSO_F_WIN32_LOAD 120 #define DSO_F_WIN32_MERGER 134 #define DSO_F_WIN32_NAME_CONVERTER 125 +#define DSO_F_WIN32_PATHBYADDR 141 #define DSO_F_WIN32_SPLITTER 136 #define DSO_F_WIN32_UNLOAD 121 diff --git a/src/lib/libssl/src/crypto/dso/dso_dl.c b/src/lib/libssl/src/crypto/dso/dso_dl.c index 417abb6ea9..fc4236bd9a 100644 --- a/src/lib/libssl/src/crypto/dso/dso_dl.c +++ b/src/lib/libssl/src/crypto/dso/dso_dl.c @@ -85,6 +85,8 @@ static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); #endif static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dl_pathbyaddr(void *addr,char *path,int sz); +static void *dl_globallookup(const char *name); static DSO_METHOD dso_meth_dl = { "OpenSSL 'dl' shared library method", @@ -101,7 +103,9 @@ static DSO_METHOD dso_meth_dl = { dl_name_converter, dl_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + dl_pathbyaddr, + dl_globallookup }; DSO_METHOD *DSO_METHOD_dl(void) @@ -350,4 +354,40 @@ static char *dl_name_converter(DSO *dso, const char *filename) return(translated); } +static int dl_pathbyaddr(void *addr,char *path,int sz) + { + struct shl_descriptor inf; + int i,len; + + if (addr == NULL) + { + union { int(*f)(void*,char*,int); void *p; } t = + { dl_pathbyaddr }; + addr = t.p; + } + + for (i=-1;shl_get_r(i,&inf)==0;i++) + { + if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || + ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) + { + len = (int)strlen(inf.filename); + if (sz <= 0) return len+1; + if (len >= sz) len=sz-1; + memcpy(path,inf.filename,len); + path[len++] = 0; + return len; + } + } + + return -1; + } + +static void *dl_globallookup(const char *name) + { + void *ret; + shl_t h = NULL; + + return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret; + } #endif /* DSO_DL */ diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c index 1fd10104c5..14bd322fb8 100644 --- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c +++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c @@ -56,6 +56,16 @@ * */ +/* We need to do this early, because stdio.h includes the header files + that handle _GNU_SOURCE and other similar macros. Defining it later + is simply too late, because those headers are protected from re- + inclusion. */ +#ifdef __linux +# ifndef _GNU_SOURCE +# define _GNU_SOURCE /* make sure dladdr is declared */ +# endif +#endif + #include #include "cryptlib.h" #include @@ -68,7 +78,16 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) #else #ifdef HAVE_DLFCN_H -#include +# ifdef __osf__ +# define __EXTENSIONS__ +# endif +# include +# define HAVE_DLINFO 1 +# if defined(_AIX) || defined(__CYGWIN__) || \ + defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ + (defined(__OpenBSD__) && !defined(RTLD_SELF)) +# undef HAVE_DLINFO +# endif #endif /* Part of the hack in "dlfcn_load" ... */ @@ -87,6 +106,8 @@ static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); static char *dlfcn_name_converter(DSO *dso, const char *filename); static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int dlfcn_pathbyaddr(void *addr,char *path,int sz); +static void *dlfcn_globallookup(const char *name); static DSO_METHOD dso_meth_dlfcn = { "OpenSSL 'dlfcn' shared library method", @@ -103,7 +124,9 @@ static DSO_METHOD dso_meth_dlfcn = { dlfcn_name_converter, dlfcn_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + dlfcn_pathbyaddr, + dlfcn_globallookup }; DSO_METHOD *DSO_METHOD_dlfcn(void) @@ -163,7 +186,7 @@ static int dlfcn_load(DSO *dso) ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); goto err; } - if(!sk_push(dso->meth_data, (char *)ptr)) + if(!sk_void_push(dso->meth_data, (char *)ptr)) { DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); goto err; @@ -188,15 +211,15 @@ static int dlfcn_unload(DSO *dso) DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) return(1); - ptr = (void *)sk_pop(dso->meth_data); + ptr = sk_void_pop(dso->meth_data); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE); /* Should push the value back onto the stack in * case of a retry. */ - sk_push(dso->meth_data, (char *)ptr); + sk_void_push(dso->meth_data, ptr); return(0); } /* For now I'm not aware of any errors associated with dlclose() */ @@ -213,12 +236,12 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR); return(NULL); } - ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE); @@ -237,32 +260,35 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) { void *ptr; - DSO_FUNC_TYPE sym, *tsym = &sym; + union { + DSO_FUNC_TYPE sym; + void *dlret; + } u; if((dso == NULL) || (symname == NULL)) { DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR); return(NULL); } - ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); return(NULL); } - *(void **)(tsym) = dlsym(ptr, symname); - if(sym == NULL) + u.dlret = dlsym(ptr, symname); + if(u.dlret == NULL) { DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); return(NULL); } - return(sym); + return u.sym; } static char *dlfcn_merger(DSO *dso, const char *filespec1, @@ -278,13 +304,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, } /* If the first file specification is a rooted path, it rules. same goes if the second file specification is missing. */ - if (!filespec2 || filespec1[0] == '/') + if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { merged = OPENSSL_malloc(strlen(filespec1) + 1); if(!merged) { - DSOerr(DSO_F_DLFCN_MERGER, - ERR_R_MALLOC_FAILURE); + DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return(NULL); } strcpy(merged, filespec1); @@ -310,7 +335,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, { int spec2len, len; - spec2len = (filespec2 ? strlen(filespec2) : 0); + spec2len = strlen(filespec2); len = spec2len + (filespec1 ? strlen(filespec1) : 0); if(filespec2 && filespec2[spec2len - 1] == '/') @@ -332,6 +357,15 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, return(merged); } +#ifdef OPENSSL_SYS_MACOSX +#define DSO_ext ".dylib" +#define DSO_extlen 6 +#else +#define DSO_ext ".so" +#define DSO_extlen 3 +#endif + + static char *dlfcn_name_converter(DSO *dso, const char *filename) { char *translated; @@ -342,8 +376,8 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) transform = (strstr(filename, "/") == NULL); if(transform) { - /* We will convert this to "%s.so" or "lib%s.so" */ - rsize += 3; /* The length of ".so" */ + /* We will convert this to "%s.so" or "lib%s.so" etc */ + rsize += DSO_extlen; /* The length of ".so" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) rsize += 3; /* The length of "lib" */ } @@ -357,13 +391,92 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) if(transform) { if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s.so", filename); + sprintf(translated, "lib%s" DSO_ext, filename); else - sprintf(translated, "%s.so", filename); + sprintf(translated, "%s" DSO_ext, filename); } else sprintf(translated, "%s", filename); return(translated); } +#ifdef __sgi +/* +This is a quote from IRIX manual for dladdr(3c): + + does not contain a prototype for dladdr or definition of + Dl_info. The #include in the SYNOPSIS line is traditional, + but contains no dladdr prototype and no IRIX library contains an + implementation. Write your own declaration based on the code below. + + The following code is dependent on internal interfaces that are not + part of the IRIX compatibility guarantee; however, there is no future + intention to change this interface, so on a practical level, the code + below is safe to use on IRIX. +*/ +#include +#ifndef _RLD_INTERFACE_DLFCN_H_DLADDR +#define _RLD_INTERFACE_DLFCN_H_DLADDR +typedef struct Dl_info { + const char * dli_fname; + void * dli_fbase; + const char * dli_sname; + void * dli_saddr; + int dli_version; + int dli_reserved1; + long dli_reserved[4]; +} Dl_info; +#else +typedef struct Dl_info Dl_info; +#endif +#define _RLD_DLADDR 14 + +static int dladdr(void *address, Dl_info *dl) +{ + void *v; + v = _rld_new_interface(_RLD_DLADDR,address,dl); + return (int)v; +} +#endif /* __sgi */ + +static int dlfcn_pathbyaddr(void *addr,char *path,int sz) + { +#ifdef HAVE_DLINFO + Dl_info dli; + int len; + + if (addr == NULL) + { + union { int(*f)(void*,char*,int); void *p; } t = + { dlfcn_pathbyaddr }; + addr = t.p; + } + + if (dladdr(addr,&dli)) + { + len = (int)strlen(dli.dli_fname); + if (sz <= 0) return len+1; + if (len >= sz) len=sz-1; + memcpy(path,dli.dli_fname,len); + path[len++]=0; + return len; + } + + ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror()); +#endif + return -1; + } + +static void *dlfcn_globallookup(const char *name) + { + void *ret = NULL,*handle = dlopen(NULL,RTLD_LAZY); + + if (handle) + { + ret = dlsym(handle,name); + dlclose(handle); + } + + return ret; + } #endif /* DSO_DLFCN */ diff --git a/src/lib/libssl/src/crypto/dso/dso_err.c b/src/lib/libssl/src/crypto/dso/dso_err.c index a8b0a210de..2bb07c2514 100644 --- a/src/lib/libssl/src/crypto/dso/dso_err.c +++ b/src/lib/libssl/src/crypto/dso/dso_err.c @@ -1,6 +1,6 @@ /* crypto/dso/dso_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,11 @@ static ERR_STRING_DATA DSO_str_functs[]= { +{ERR_FUNC(DSO_F_BEOS_BIND_FUNC), "BEOS_BIND_FUNC"}, +{ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"}, +{ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"}, +{ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"}, +{ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"}, {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, @@ -89,22 +94,29 @@ static ERR_STRING_DATA DSO_str_functs[]= {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, +{ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"}, {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, +{ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, +{ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"}, +{ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"}, {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, +{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"}, +{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"}, {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, +{ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"}, {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, {0,NULL} diff --git a/src/lib/libssl/src/crypto/dso/dso_lib.c b/src/lib/libssl/src/crypto/dso/dso_lib.c index 49bdd71309..8a15b794ab 100644 --- a/src/lib/libssl/src/crypto/dso/dso_lib.c +++ b/src/lib/libssl/src/crypto/dso/dso_lib.c @@ -107,7 +107,7 @@ DSO *DSO_new_method(DSO_METHOD *meth) return(NULL); } memset(ret, 0, sizeof(DSO)); - ret->meth_data = sk_new_null(); + ret->meth_data = sk_void_new_null(); if(ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ @@ -163,7 +163,7 @@ int DSO_free(DSO *dso) return(0); } - sk_free(dso->meth_data); + sk_void_free(dso->meth_data); if(dso->filename != NULL) OPENSSL_free(dso->filename); if(dso->loaded_filename != NULL) @@ -399,13 +399,6 @@ char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(filespec1 == NULL) - filespec1 = dso->filename; - if(filespec1 == NULL) - { - DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); - return(NULL); - } if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { if(dso->merger != NULL) @@ -464,3 +457,27 @@ const char *DSO_get_loaded_filename(DSO *dso) } return(dso->loaded_filename); } + +int DSO_pathbyaddr(void *addr,char *path,int sz) + { + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) meth = DSO_METHOD_openssl(); + if (meth->pathbyaddr == NULL) + { + DSOerr(DSO_F_DSO_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + return (*meth->pathbyaddr)(addr,path,sz); + } + +void *DSO_global_lookup(const char *name) + { + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) meth = DSO_METHOD_openssl(); + if (meth->globallookup == NULL) + { + DSOerr(DSO_F_DSO_GLOBAL_LOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + return (*meth->globallookup)(name); + } diff --git a/src/lib/libssl/src/crypto/dso/dso_null.c b/src/lib/libssl/src/crypto/dso/dso_null.c index 4972984651..49d842d1f5 100644 --- a/src/lib/libssl/src/crypto/dso/dso_null.c +++ b/src/lib/libssl/src/crypto/dso/dso_null.c @@ -78,7 +78,9 @@ static DSO_METHOD dso_meth_null = { NULL, /* dso_name_converter */ NULL, /* dso_merger */ NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + NULL, /* pathbyaddr */ + NULL /* globallookup */ }; DSO_METHOD *DSO_METHOD_null(void) diff --git a/src/lib/libssl/src/crypto/dso/dso_openssl.c b/src/lib/libssl/src/crypto/dso/dso_openssl.c index a4395ebffe..b17e8e8e9e 100644 --- a/src/lib/libssl/src/crypto/dso/dso_openssl.c +++ b/src/lib/libssl/src/crypto/dso/dso_openssl.c @@ -74,6 +74,8 @@ DSO_METHOD *DSO_METHOD_openssl(void) return(DSO_METHOD_win32()); #elif defined(DSO_VMS) return(DSO_METHOD_vms()); +#elif defined(DSO_BEOS) + return(DSO_METHOD_beos()); #else return(DSO_METHOD_null()); #endif diff --git a/src/lib/libssl/src/crypto/dso/dso_vms.c b/src/lib/libssl/src/crypto/dso/dso_vms.c index 2c434ee8a6..321512772a 100644 --- a/src/lib/libssl/src/crypto/dso/dso_vms.c +++ b/src/lib/libssl/src/crypto/dso/dso_vms.c @@ -215,7 +215,7 @@ static int vms_load(DSO *dso) p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; p->imagename_dsc.dsc$a_pointer = p->imagename; - if(!sk_push(dso->meth_data, (char *)p)) + if(!sk_void_push(dso->meth_data, (char *)p)) { DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR); goto err; @@ -245,9 +245,9 @@ static int vms_unload(DSO *dso) DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) return(1); - p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); + p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data); if(p == NULL) { DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE); @@ -302,13 +302,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); return; } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); return; } - ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, - sk_num(dso->meth_data) - 1); + ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, + sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE); diff --git a/src/lib/libssl/src/crypto/dso/dso_win32.c b/src/lib/libssl/src/crypto/dso/dso_win32.c index fd3dd6a7fe..6fb6c54181 100644 --- a/src/lib/libssl/src/crypto/dso/dso_win32.c +++ b/src/lib/libssl/src/crypto/dso/dso_win32.c @@ -96,7 +96,11 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) #else fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); #endif - if (fnamw == NULL) return NULL; + if (fnamw == NULL) + { + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + return NULL; + } #if defined(_WIN32_WCE) && _WIN32_WCE>=101 if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0)) @@ -124,6 +128,8 @@ static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); static char *win32_name_converter(DSO *dso, const char *filename); static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2); +static int win32_pathbyaddr(void *addr,char *path,int sz); +static void *win32_globallookup(const char *name); static const char *openssl_strnchr(const char *string, int c, size_t len); @@ -142,7 +148,9 @@ static DSO_METHOD dso_meth_win32 = { win32_name_converter, win32_merger, NULL, /* init */ - NULL /* finish */ + NULL, /* finish */ + win32_pathbyaddr, + win32_globallookup }; DSO_METHOD *DSO_METHOD_win32(void) @@ -180,7 +188,7 @@ static int win32_load(DSO *dso) goto err; } *p = h; - if(!sk_push(dso->meth_data, (char *)p)) + if(!sk_void_push(dso->meth_data, p)) { DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); goto err; @@ -207,9 +215,9 @@ static int win32_unload(DSO *dso) DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); return(0); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) return(1); - p = (HINSTANCE *)sk_pop(dso->meth_data); + p = sk_void_pop(dso->meth_data); if(p == NULL) { DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE); @@ -220,7 +228,7 @@ static int win32_unload(DSO *dso) DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED); /* We should push the value back onto the stack in * case of a retry. */ - sk_push(dso->meth_data, (char *)p); + sk_void_push(dso->meth_data, p); return(0); } /* Cleanup */ @@ -240,12 +248,12 @@ static void *win32_bind_var(DSO *dso, const char *symname) DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR); return(NULL); } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE); @@ -271,12 +279,12 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); return(NULL); } - if(sk_num(dso->meth_data) < 1) + if(sk_void_num(dso->meth_data) < 1) { DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR); return(NULL); } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); if(ptr == NULL) { DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE); @@ -327,8 +335,8 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, memset(result, 0, sizeof(struct file_st)); position = IN_DEVICE; - if(filename[0] == '\\' && filename[1] == '\\' - || filename[0] == '/' && filename[1] == '/') + if((filename[0] == '\\' && filename[1] == '\\') + || (filename[0] == '/' && filename[1] == '/')) { position = IN_NODE; filename += 2; @@ -347,10 +355,11 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); /*goto err;*/ + OPENSSL_free(result); return(NULL); } result->device = start; - result->devicelen = filename - start; + result->devicelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; @@ -359,7 +368,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, case '/': if(position == IN_NODE) { - result->nodelen = filename - start; + result->nodelen = (int)(filename - start); position = IN_FILE; start = ++filename; result->dir = start; @@ -369,20 +378,20 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, position = IN_FILE; filename++; result->dir = start; - result->dirlen = filename - start; + result->dirlen = (int)(filename - start); start = filename; } else { filename++; - result->dirlen += filename - start; + result->dirlen += (int)(filename - start); start = filename; } break; case '\0': if(position == IN_NODE) { - result->nodelen = filename - start; + result->nodelen = (int)(filename - start); } else { @@ -396,13 +405,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, result->dirlen = 0; } result->dirlen += - filename - start; + (int)(filename - start); } else { result->file = start; result->filelen = - filename - start; + (int)(filename - start); } } } @@ -496,7 +505,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + file_split->predirlen - (start - file_split->predir); strncpy(&result[offset], start, - end - start); offset += end - start; + end - start); offset += (int)(end - start); result[offset] = '\\'; offset++; start = end + 1; } @@ -517,7 +526,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + file_split->dirlen - (start - file_split->dir); strncpy(&result[offset], start, - end - start); offset += end - start; + end - start); offset += (int)(end - start); result[offset] = '\\'; offset++; start = end + 1; } @@ -613,6 +622,8 @@ static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2 merged = win32_joiner(dso, filespec1_split); } + OPENSSL_free(filespec1_split); + OPENSSL_free(filespec2_split); return(merged); } @@ -656,5 +667,178 @@ static const char *openssl_strnchr(const char *string, int c, size_t len) return NULL; } +#include +#ifdef _WIN32_WCE +# define DLLNAME "TOOLHELP.DLL" +#else +# ifdef MODULEENTRY32 +# undef MODULEENTRY32 /* unmask the ASCII version! */ +# endif +# define DLLNAME "KERNEL32.DLL" +#endif + +typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); +typedef BOOL (WINAPI *MODULE32)(HANDLE, MODULEENTRY32 *); -#endif /* OPENSSL_SYS_WIN32 */ +static int win32_pathbyaddr(void *addr,char *path,int sz) + { + HMODULE dll; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + MODULEENTRY32 me32; + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; + int len; + + if (addr == NULL) + { + union { int(*f)(void*,char*,int); void *p; } t = + { win32_pathbyaddr }; + addr = t.p; + } + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) + { + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + + create_snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CreateToolhelp32Snapshot"); + if (create_snap == NULL) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + /* We take the rest for granted... */ +#ifdef _WIN32_WCE + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CloseToolhelp32Snapshot"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll,"Module32First"); + module_next = (MODULE32)GetProcAddress(dll,"Module32Next"); + + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); + if( hModuleSnap == INVALID_HANDLE_VALUE ) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_UNSUPPORTED); + return -1; + } + + me32.dwSize = sizeof(me32); + + if(!(*module_first)(hModuleSnap,&me32)) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_PATHBYADDR,DSO_R_FAILURE); + return -1; + } + + do { + if ((BYTE *)addr >= me32.modBaseAddr && + (BYTE *)addr < me32.modBaseAddr+me32.modBaseSize) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); +#ifdef _WIN32_WCE +# if _WIN32_WCE >= 101 + return WideCharToMultiByte(CP_ACP,0,me32.szExePath,-1, + path,sz,NULL,NULL); +# else + len = (int)wcslen(me32.szExePath); + if (sz <= 0) return len+1; + if (len >= sz) len=sz-1; + for(i=0;i= sz) len=sz-1; + memcpy(path,me32.szExePath,len); + path[len++] = 0; + return len; +#endif + } + } while((*module_next)(hModuleSnap, &me32)); + + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return 0; + } + +static void *win32_globallookup(const char *name) + { + HMODULE dll; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + MODULEENTRY32 me32; + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; + FARPROC ret=NULL; + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) + { + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + + create_snap = (CREATETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CreateToolhelp32Snapshot"); + if (create_snap == NULL) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + /* We take the rest for granted... */ +#ifdef _WIN32_WCE + close_snap = (CLOSETOOLHELP32SNAPSHOT) + GetProcAddress(dll,"CloseToolhelp32Snapshot"); +#else + close_snap = (CLOSETOOLHELP32SNAPSHOT)CloseHandle; +#endif + module_first = (MODULE32)GetProcAddress(dll,"Module32First"); + module_next = (MODULE32)GetProcAddress(dll,"Module32Next"); + + hModuleSnap = (*create_snap)(TH32CS_SNAPMODULE,0); + if( hModuleSnap == INVALID_HANDLE_VALUE ) + { + FreeLibrary(dll); + DSOerr(DSO_F_WIN32_GLOBALLOOKUP,DSO_R_UNSUPPORTED); + return NULL; + } + + me32.dwSize = sizeof(me32); + + if (!(*module_first)(hModuleSnap,&me32)) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return NULL; + } + + do { + if ((ret = GetProcAddress(me32.hModule,name))) + { + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return ret; + } + } while((*module_next)(hModuleSnap,&me32)); + + (*close_snap)(hModuleSnap); + FreeLibrary(dll); + return NULL; + } +#endif /* DSO_WIN32 */ diff --git a/src/lib/libssl/src/crypto/ec/Makefile b/src/lib/libssl/src/crypto/ec/Makefile index b5bbc9faa1..db380ed16f 100644 --- a/src/lib/libssl/src/crypto/ec/Makefile +++ b/src/lib/libssl/src/crypto/ec/Makefile @@ -19,11 +19,11 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\ ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\ - ec2_smpl.c ec2_smpt.c ec2_mult.c + ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\ ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\ - ec2_smpl.o ec2_mult.o + ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o SRC= $(LIBSRC) @@ -38,7 +38,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -94,8 +94,22 @@ ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h -ec2_smpt.o: ec2_smpt.c +ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec_lcl.h +ec_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h +ec_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ec_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ec_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ec_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ec_ameth.o: ../../include/openssl/opensslconf.h +ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +ec_ameth.o: ec_ameth.c ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -160,6 +174,20 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c +ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ec_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ec_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ec_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ec_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_pmeth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ../evp/evp_locl.h +ec_pmeth.o: ec_pmeth.c ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -167,6 +195,16 @@ ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c +eck_prn.o: ../../e_os.h ../../include/openssl/asn1.h +eck_prn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +eck_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +eck_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +eck_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/src/lib/libssl/src/crypto/ec/ec.h b/src/lib/libssl/src/crypto/ec/ec.h index 8bc2a235b1..ee7078130c 100644 --- a/src/lib/libssl/src/crypto/ec/ec.h +++ b/src/lib/libssl/src/crypto/ec/ec.h @@ -2,8 +2,12 @@ /* * Originally written by Bodo Moeller for the OpenSSL project. */ +/** + * \file crypto/ec/ec.h Include file for the OpenSSL EC functions + * \author Originally written by Bodo Moeller for the OpenSSL project + */ /* ==================================================================== - * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -92,15 +96,21 @@ extern "C" { # endif #endif - + #ifndef OPENSSL_ECC_MAX_FIELD_BITS # define OPENSSL_ECC_MAX_FIELD_BITS 661 #endif +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ typedef enum { - /* values as defined in X9.62 (ECDSA) and elsewhere */ + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_HYBRID = 6 } point_conversion_form_t; @@ -121,37 +131,129 @@ typedef struct ec_group_st typedef struct ec_point_st EC_POINT; -/* EC_METHODs for curves over GF(p). - * EC_GFp_simple_method provides the basis for the optimized methods. +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object */ const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ const EC_METHOD *EC_GFp_mont_method(void); + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ const EC_METHOD *EC_GFp_nist_method(void); -/* EC_METHOD for curves over GF(2^m). + +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object */ const EC_METHOD *EC_GF2m_simple_method(void); -EC_GROUP *EC_GROUP_new(const EC_METHOD *); -void EC_GROUP_free(EC_GROUP *); -void EC_GROUP_clear_free(EC_GROUP *); -int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); -EC_GROUP *EC_GROUP_dup(const EC_GROUP *); +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); -int EC_METHOD_get_field_type(const EC_METHOD *); +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); -int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); -const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); -int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); -void EC_GROUP_set_curve_name(EC_GROUP *, int nid); -int EC_GROUP_get_curve_name(const EC_GROUP *); +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); -void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag); -int EC_GROUP_get_asn1_flag(const EC_GROUP *); +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and it's order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t); point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); @@ -160,36 +262,114 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); -int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM with the prime number + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM for the prime number + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + +/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM for the polynomial defining the underlying field + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -/* returns the number of bits needed to represent a field element */ -int EC_GROUP_get_degree(const EC_GROUP *); +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); -/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); -/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the - * elliptic curve is not zero, 0 otherwise */ -int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); -/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ -int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise + */ +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if both groups are equal and 1 otherwise + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); /* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ -EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure - * specified by a curve name (in form of a NID) */ +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ EC_GROUP *EC_GROUP_new_by_curve_name(int nid); -/* handling of internal curves */ + + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + typedef struct { int nid; const char *comment; } EC_builtin_curve; + /* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number * of all available curves or zero if a error occurred. * In case r ist not zero nitems EC_builtin_curve structures @@ -197,39 +377,168 @@ typedef struct { size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); -/* EC_POINT functions */ +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); + +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); -EC_POINT *EC_POINT_new(const EC_GROUP *); -void EC_POINT_free(EC_POINT *); -void EC_POINT_clear_free(EC_POINT *); -int EC_POINT_copy(EC_POINT *, const EC_POINT *); -EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); -const EC_METHOD *EC_POINT_method_of(const EC_POINT *); - -int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, BN_CTX *); -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, BN_CTX *); - -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, BN_CTX *); -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, BN_CTX *); - -size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + +/** Sets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + +/** Sets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); /* other interfaces to point2oct/oct2point: */ BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, @@ -241,29 +550,105 @@ char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, EC_POINT *, BN_CTX *); -int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); -int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); -int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if point if on the curve and 0 otherwise + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 0 if both points are equal and a value != 0 otherwise + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); -int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); -int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); - -/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ -int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); -/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ -int EC_GROUP_have_precompute_mult(const EC_GROUP *); +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); -/* ASN1 stuff */ +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ /* EC_GROUP_get_basis_type() returns the NID of the basis type * used to represent the field elements */ @@ -293,28 +678,96 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); #endif -/* the EC_KEY stuff */ + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + typedef struct ec_key_st EC_KEY; /* some values for the encoding_flag */ #define EC_PKEY_NO_PARAMETERS 0x001 #define EC_PKEY_NO_PUBKEY 0x002 +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ EC_KEY *EC_KEY_new(void); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ EC_KEY *EC_KEY_new_by_curve_name(int nid); -void EC_KEY_free(EC_KEY *); -EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); -EC_KEY *EC_KEY_dup(const EC_KEY *); - -int EC_KEY_up_ref(EC_KEY *); - -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *); -int EC_KEY_set_group(EC_KEY *, const EC_GROUP *); -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *); -int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *); -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); -int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); -unsigned EC_KEY_get_enc_flags(const EC_KEY *); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); @@ -325,31 +778,126 @@ void EC_KEY_insert_key_method_data(EC_KEY *, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); /* wrapper functions for the underlying EC_GROUP object */ void EC_KEY_set_asn1_flag(EC_KEY *, int); -int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); - -/* EC_KEY_generate_key() creates a ec private (public) key */ -int EC_KEY_generate_key(EC_KEY *); -/* EC_KEY_check_key() */ -int EC_KEY_check_key(const EC_KEY *); - -/* de- and encoding functions for SEC1 ECPrivateKey */ -EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len); -int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); -/* de- and encoding functions for EC parameters */ -EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); -int i2d_ECParameters(EC_KEY *a, unsigned char **out); -/* de- and encoding functions for EC public key - * (octet string, not DER -- hence 'o2i' and 'i2o') */ -EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); -int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); #ifndef OPENSSL_NO_BIO -int ECParameters_print(BIO *bp, const EC_KEY *x); -int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + #endif #ifndef OPENSSL_NO_FP_API -int ECParameters_print_fp(FILE *fp, const EC_KEY *x); -int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + #endif #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) @@ -362,6 +910,13 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); # endif #endif +#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + + +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -375,6 +930,14 @@ void ERR_load_EC_strings(void); #define EC_F_D2I_ECPARAMETERS 144 #define EC_F_D2I_ECPKPARAMETERS 145 #define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_DO_EC_KEY_PRINT 221 +#define EC_F_ECKEY_PARAM2TYPE 223 +#define EC_F_ECKEY_PARAM_DECODE 212 +#define EC_F_ECKEY_PRIV_DECODE 213 +#define EC_F_ECKEY_PRIV_ENCODE 214 +#define EC_F_ECKEY_PUB_DECODE 215 +#define EC_F_ECKEY_PUB_ENCODE 216 +#define EC_F_ECKEY_TYPE2PARAM 220 #define EC_F_ECPARAMETERS_PRINT 147 #define EC_F_ECPARAMETERS_PRINT_FP 148 #define EC_F_ECPKPARAMETERS_PRINT 149 @@ -448,7 +1011,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_KEY_PRINT 180 #define EC_F_EC_KEY_PRINT_FP 181 #define EC_F_EC_POINTS_MAKE_AFFINE 136 -#define EC_F_EC_POINTS_MUL 138 #define EC_F_EC_POINT_ADD 112 #define EC_F_EC_POINT_CMP 113 #define EC_F_EC_POINT_COPY 114 @@ -479,21 +1041,31 @@ void ERR_load_EC_strings(void); #define EC_F_I2D_ECPRIVATEKEY 192 #define EC_F_I2O_ECPUBLICKEY 151 #define EC_F_O2I_ECPUBLICKEY 152 +#define EC_F_OLD_EC_PRIV_DECODE 222 +#define EC_F_PKEY_EC_CTRL 197 +#define EC_F_PKEY_EC_CTRL_STR 198 +#define EC_F_PKEY_EC_DERIVE 217 +#define EC_F_PKEY_EC_KEYGEN 199 +#define EC_F_PKEY_EC_PARAMGEN 219 +#define EC_F_PKEY_EC_SIGN 218 /* Reason codes. */ #define EC_R_ASN1_ERROR 115 #define EC_R_ASN1_UNKNOWN_FIELD 116 #define EC_R_BUFFER_TOO_SMALL 100 #define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DECODE_ERROR 142 #define EC_R_DISCRIMINANT_IS_ZERO 118 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 -#define EC_R_FIELD_TOO_LARGE 138 +#define EC_R_FIELD_TOO_LARGE 143 #define EC_R_GROUP2PKPARAMETERS_FAILURE 120 #define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST_TYPE 138 #define EC_R_INVALID_ENCODING 102 #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 @@ -501,6 +1073,7 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_PENTANOMIAL_BASIS 132 #define EC_R_INVALID_PRIVATE_KEY 123 #define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KEYS_NOT_SET 140 #define EC_R_MISSING_PARAMETERS 124 #define EC_R_MISSING_PRIVATE_KEY 125 #define EC_R_NOT_A_NIST_PRIME 135 @@ -508,6 +1081,7 @@ void ERR_load_EC_strings(void); #define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 #define EC_R_NO_FIELD_MOD 133 +#define EC_R_NO_PARAMETERS_SET 139 #define EC_R_PASSED_NULL_PARAMETER 134 #define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 diff --git a/src/lib/libssl/src/crypto/ec/ec_err.c b/src/lib/libssl/src/crypto/ec/ec_err.c index d04c895560..84b4833371 100644 --- a/src/lib/libssl/src/crypto/ec/ec_err.c +++ b/src/lib/libssl/src/crypto/ec/ec_err.c @@ -74,6 +74,14 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, +{ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"}, +{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"}, +{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"}, +{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"}, +{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"}, +{ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"}, +{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"}, +{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"}, {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, @@ -147,7 +155,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, -{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, @@ -178,6 +185,13 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, +{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"}, +{ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"}, +{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"}, +{ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"}, +{ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"}, +{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"}, +{ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"}, {0,NULL} }; @@ -187,6 +201,7 @@ static ERR_STRING_DATA EC_str_reasons[]= {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, {ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, +{ERR_REASON(EC_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, {ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"}, @@ -196,6 +211,8 @@ static ERR_STRING_DATA EC_str_reasons[]= {ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"}, +{ERR_REASON(EC_R_INVALID_CURVE) ,"invalid curve"}, +{ERR_REASON(EC_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, {ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, {ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, {ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, @@ -203,6 +220,7 @@ static ERR_STRING_DATA EC_str_reasons[]= {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"}, {ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"}, +{ERR_REASON(EC_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, {ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, @@ -210,6 +228,7 @@ static ERR_STRING_DATA EC_str_reasons[]= {ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, {ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, {ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, +{ERR_REASON(EC_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, {ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, diff --git a/src/lib/libssl/src/crypto/ec/ec_lcl.h b/src/lib/libssl/src/crypto/ec/ec_lcl.h index fdd7aa2755..3e2c34b0bc 100644 --- a/src/lib/libssl/src/crypto/ec/ec_lcl.h +++ b/src/lib/libssl/src/crypto/ec/ec_lcl.h @@ -205,11 +205,14 @@ struct ec_group_st { * irreducible polynomial defining the field. */ - unsigned int poly[5]; /* Field specification for curves over GF(2^m). - * The irreducible f(t) is then of the form: - * t^poly[0] + t^poly[1] + ... + t^poly[k] - * where m = poly[0] > poly[1] > ... > poly[k] = 0. - */ + int poly[6]; /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + * The array is terminated with poly[k+1]=-1. + * All elliptic curve irreducibles have at most 5 + * non-zero terms. + */ BIGNUM a, b; /* Curve coefficients. * (Here the assumption is that BIGNUMs can be used diff --git a/src/lib/libssl/src/crypto/ec/ec_lib.c b/src/lib/libssl/src/crypto/ec/ec_lib.c index 5af84376c6..dd7da0fcf9 100644 --- a/src/lib/libssl/src/crypto/ec/ec_lib.c +++ b/src/lib/libssl/src/crypto/ec/ec_lib.c @@ -79,7 +79,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) if (meth == NULL) { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); + ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) @@ -740,7 +740,7 @@ void EC_POINT_clear_free(EC_POINT *point) if (point->meth->point_clear_finish != 0) point->meth->point_clear_finish(point); - else if (point->meth != NULL && point->meth->point_finish != 0) + else if (point->meth->point_finish != 0) point->meth->point_finish(point); OPENSSL_cleanse(point, sizeof *point); OPENSSL_free(point); diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c index 2ba173ef36..f05df5332e 100644 --- a/src/lib/libssl/src/crypto/ec/ec_mult.c +++ b/src/lib/libssl/src/crypto/ec/ec_mult.c @@ -224,6 +224,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) sign = -1; } + if (scalar->d == NULL || scalar->top == 0) + { + ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + goto err; + } + len = BN_num_bits(scalar); r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation * (*ret_len will be set to the actual length, i.e. at most @@ -233,12 +239,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); goto err; } - - if (scalar->d == NULL || scalar->top == 0) - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } window_val = scalar->d[0] & mask; j = 0; while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ @@ -419,7 +419,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (numblocks > pre_comp->numblocks) numblocks = pre_comp->numblocks; - pre_points_per_block = 1u << (pre_comp->w - 1); + pre_points_per_block = (size_t)1 << (pre_comp->w - 1); /* check that pre_comp looks sane */ if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) @@ -461,7 +461,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); - num_val += 1u << (wsize[i] - 1); + num_val += (size_t)1 << (wsize[i] - 1); wNAF[i + 1] = NULL; /* make sure we always have a pivot */ wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); if (wNAF[i] == NULL) @@ -600,7 +600,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; - for (j = 0; j < (1u << (wsize[i] - 1)); j++) + for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) { *v = EC_POINT_new(group); if (*v == NULL) goto err; @@ -636,7 +636,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (wsize[i] > 1) { if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; - for (j = 1; j < (1u << (wsize[i] - 1)); j++) + for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) { if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; } @@ -820,7 +820,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ - pre_points_per_block = 1u << (w - 1); + pre_points_per_block = (size_t)1 << (w - 1); num = pre_points_per_block * numblocks; /* number of points to compute and store */ points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); diff --git a/src/lib/libssl/src/crypto/ec/ecp_nist.c b/src/lib/libssl/src/crypto/ec/ecp_nist.c index 71893d5eab..2a5682ea41 100644 --- a/src/lib/libssl/src/crypto/ec/ecp_nist.c +++ b/src/lib/libssl/src/crypto/ec/ecp_nist.c @@ -112,10 +112,6 @@ const EC_METHOD *EC_GFp_nist_method(void) return &ret; } -#if BN_BITS2 == 64 -#define NO_32_BIT_TYPE -#endif - int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) { dest->field_mod_func = src->field_mod_func; @@ -139,34 +135,12 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) group->field_mod_func = BN_nist_mod_192; else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) - { -#ifndef NO_32_BIT_TYPE group->field_mod_func = BN_nist_mod_224; -#else - ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); - goto err; -#endif - } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) - { -#ifndef NO_32_BIT_TYPE group->field_mod_func = BN_nist_mod_256; -#else - ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); - goto err; -#endif - } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) - { -#ifndef NO_32_BIT_TYPE group->field_mod_func = BN_nist_mod_384; -#else - ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); - goto err; -#endif - } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) - /* this one works in the NO_32_BIT_TYPE case */ group->field_mod_func = BN_nist_mod_521; else { diff --git a/src/lib/libssl/src/crypto/ec/ectest.c b/src/lib/libssl/src/crypto/ec/ectest.c index 6148d553f9..7509cb9c7c 100644 --- a/src/lib/libssl/src/crypto/ec/ectest.c +++ b/src/lib/libssl/src/crypto/ec/ectest.c @@ -432,9 +432,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -478,9 +476,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -525,9 +521,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -577,9 +571,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -635,9 +627,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, "."); fflush(stdout); -#if 0 if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; -#endif if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; if (!EC_POINT_is_at_infinity(group, Q)) ABORT; fprintf(stdout, " ok\n"); @@ -809,7 +799,7 @@ void prime_field_tests() if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ fprintf(stdout, "."); \ fflush(stdout); \ - /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \ + if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \ if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \ fprintf(stdout, " ok\n"); \ @@ -1336,7 +1326,7 @@ int main(int argc, char *argv[]) #endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); return 0; diff --git a/src/lib/libssl/src/crypto/engine/Makefile b/src/lib/libssl/src/crypto/engine/Makefile index 0cc3722089..9c214824eb 100644 --- a/src/lib/libssl/src/crypto/engine/Makefile +++ b/src/lib/libssl/src/crypto/engine/Makefile @@ -20,13 +20,13 @@ LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ - tb_cipher.c tb_digest.c \ - eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ + eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ - tb_cipher.o tb_digest.o \ - eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o + tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ + eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o SRC= $(LIBSRC) @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,35 +88,34 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_all.o: ../cryptlib.h eng_all.c eng_int.h +eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_cryptodev.o: ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h @@ -131,9 +130,8 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_ctrl.o: ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -145,50 +143,49 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_err.o: eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_init.o: ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -200,23 +197,22 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c +eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_list.o: ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -229,9 +225,8 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_openssl.o: ../../include/openssl/objects.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h @@ -241,31 +236,14 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c -eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h -eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_padlock.o: ../../include/openssl/objects.h -eng_padlock.o: ../../include/openssl/opensslconf.h -eng_padlock.o: ../../include/openssl/opensslv.h -eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_pkey.o: ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -277,8 +255,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_table.o: ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -286,14 +264,29 @@ eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_table.o: eng_table.c +tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h +tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_asnmth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_asnmth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_asnmth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_asnmth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_asnmth.o: ../../include/openssl/objects.h +tb_asnmth.o: ../../include/openssl/opensslconf.h +tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_asnmth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +tb_asnmth.o: eng_int.h tb_asnmth.c tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_cipher.o: ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -306,22 +299,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_digest.o: ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -334,78 +327,89 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_ecdsa.o: ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h +tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +tb_pkmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +tb_pkmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +tb_pkmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_pkmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_pkmeth.o: ../../include/openssl/objects.h +tb_pkmeth.o: ../../include/openssl/opensslconf.h +tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h +tb_pkmeth.o: tb_pkmeth.c tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c tb_store.o: ../../e_os.h ../../include/openssl/asn1.h tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_store.o: ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c index d29cd57dc2..22c120454f 100644 --- a/src/lib/libssl/src/crypto/engine/eng_all.c +++ b/src/lib/libssl/src/crypto/engine/eng_all.c @@ -61,15 +61,15 @@ void ENGINE_load_builtin_engines(void) { +#if 0 /* There's no longer any need for an "openssl" ENGINE unless, one day, * it is the *only* way for standard builtin implementations to be be * accessed (ie. it would be possible to statically link binaries with * *no* builtin implementations). */ -#if 0 ENGINE_load_openssl(); #endif -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) - ENGINE_load_padlock(); +#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) + ENGINE_load_cryptodev(); #endif ENGINE_load_dynamic(); #ifndef OPENSSL_NO_STATIC_ENGINE @@ -98,14 +98,15 @@ void ENGINE_load_builtin_engines(void) #ifndef OPENSSL_NO_HW_UBSEC ENGINE_load_ubsec(); #endif +#ifndef OPENSSL_NO_HW_PADLOCK + ENGINE_load_padlock(); #endif -#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) - ENGINE_load_gmp(); #endif +#ifndef OPENSSL_NO_GOST + ENGINE_load_gost(); #endif -#ifndef OPENSSL_NO_HW -#if defined(__OpenBSD__) || defined(__FreeBSD__) - ENGINE_load_cryptodev(); +#ifndef OPENSSL_NO_GMP + ENGINE_load_gmp(); #endif #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ENGINE_load_capi(); @@ -113,7 +114,7 @@ void ENGINE_load_builtin_engines(void) #endif } -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) void ENGINE_setup_bsd_cryptodev(void) { static int bsd_cryptodev_default_loaded = 0; if (!bsd_cryptodev_default_loaded) { diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c index 08066cea59..95c4070015 100644 --- a/src/lib/libssl/src/crypto/engine/eng_cnf.c +++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c @@ -95,7 +95,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) int ret = 0; long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd; + CONF_VALUE *ecmd = NULL; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; int soft = 0; @@ -157,7 +157,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) return 1; } if (!e) - return 0; + goto err; } /* Allow "EMPTY" to mean no value: this allows a valid * "value" to be passed to ctrls of type NO_INPUT @@ -186,16 +186,27 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) - return 0; + goto err; } } if (e && (do_init == -1) && !int_engine_init(e)) + { + ecmd = NULL; goto err; + } ret = 1; err: + if (ret != 1) + { + ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); + if (ecmd) + ERR_add_error_data(6, "section=", ecmd->section, + ", name=", ecmd->name, + ", value=", ecmd->value); + } if (e) ENGINE_free(e); return ret; diff --git a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c b/src/lib/libssl/src/crypto/engine/eng_cryptodev.c index ab38cd52f0..52f4ca3901 100644 --- a/src/lib/libssl/src/crypto/engine/eng_cryptodev.c +++ b/src/lib/libssl/src/crypto/engine/eng_cryptodev.c @@ -32,7 +32,7 @@ #include #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ - (defined(OpenBSD) || defined(__FreeBSD_version)) + (defined(OpenBSD) || defined(__FreeBSD__)) #include # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) # define HAVE_CRYPTODEV @@ -55,6 +55,10 @@ ENGINE_load_cryptodev(void) #include #include +#include +#include +#include +#include #include #include #include @@ -68,6 +72,16 @@ ENGINE_load_cryptodev(void) struct dev_crypto_state { struct session_op d_sess; int d_fd; + +#ifdef USE_CRYPTODEV_DIGESTS + char dummy_mac_key[HASH_MAX_LEN]; + + unsigned char digest_res[HASH_MAX_LEN]; + char *mac_data; + int mac_len; + + int copy; +#endif }; static u_int32_t cryptodev_asymfeat = 0; @@ -75,15 +89,14 @@ static u_int32_t cryptodev_asymfeat = 0; static int get_asym_dev_crypto(void); static int open_dev_crypto(void); static int get_dev_crypto(void); -static int cryptodev_max_iv(int cipher); -static int cryptodev_key_length_valid(int cipher, int len); -static int cipher_nid_to_cryptodev(int nid); static int get_cryptodev_ciphers(const int **cnids); +#ifdef USE_CRYPTODEV_DIGESTS static int get_cryptodev_digests(const int **cnids); +#endif static int cryptodev_usable_ciphers(const int **nids); static int cryptodev_usable_digests(const int **nids); static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); @@ -100,7 +113,7 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); + RSA *rsa, BN_CTX *ctx); static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); @@ -117,7 +130,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)()); + void (*f)(void)); void ENGINE_load_cryptodev(void); static const ENGINE_CMD_DEFN cryptodev_defns[] = { @@ -130,27 +143,34 @@ static struct { int ivmax; int keylen; } ciphers[] = { + { CRYPTO_ARC4, NID_rc4, 0, 16, }, { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, + { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, }, + { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, }, { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, { 0, NID_undef, 0, 0, }, }; +#ifdef USE_CRYPTODEV_DIGESTS static struct { int id; int nid; + int keylen; } digests[] = { - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, - { CRYPTO_MD5_KPDK, NID_undef, }, - { CRYPTO_SHA1_KPDK, NID_undef, }, - { CRYPTO_MD5, NID_md5, }, - { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, + { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16}, + { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20}, + { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/}, + { CRYPTO_MD5_KPDK, NID_undef, 0}, + { CRYPTO_SHA1_KPDK, NID_undef, 0}, + { CRYPTO_MD5, NID_md5, 16}, + { CRYPTO_SHA1, NID_sha1, 20}, + { 0, NID_undef, 0}, }; +#endif /* * Return a fd if /dev/crypto seems usable, 0 otherwise. @@ -202,50 +222,6 @@ get_asym_dev_crypto(void) return fd; } -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ -static int -cryptodev_max_iv(int cipher) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].ivmax); - return (0); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. For now, fake it out - but most of these - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ -static int -cryptodev_key_length_valid(int cipher, int len) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); - return (0); -} - -/* convert libcrypto nids to cryptodev */ -static int -cipher_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (0); -} - /* * Find out what ciphers /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -264,7 +240,7 @@ get_cryptodev_ciphers(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; + sess.key = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (ciphers[i].nid == NID_undef) @@ -285,6 +261,7 @@ get_cryptodev_ciphers(const int **cnids) return (count); } +#ifdef USE_CRYPTODEV_DIGESTS /* * Find out what digests /dev/crypto will let us have a session for. * XXX note, that some of these openssl doesn't deal with yet! @@ -303,10 +280,12 @@ get_cryptodev_digests(const int **cnids) return (0); } memset(&sess, 0, sizeof(sess)); + sess.mackey = (caddr_t)"123456789abcdefghijklmno"; for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { if (digests[i].nid == NID_undef) continue; sess.mac = digests[i].id; + sess.mackeylen = digests[i].keylen; sess.cipher = 0; if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ioctl(fd, CIOCFSESSION, &sess.ses) != -1) @@ -320,6 +299,7 @@ get_cryptodev_digests(const int **cnids) *cnids = NULL; return (count); } +#endif /* 0 */ /* * Find the useable ciphers|digests from dev/crypto - this is the first @@ -351,6 +331,9 @@ cryptodev_usable_ciphers(const int **nids) static int cryptodev_usable_digests(const int **nids) { +#ifdef USE_CRYPTODEV_DIGESTS + return (get_cryptodev_digests(nids)); +#else /* * XXXX just disable all digests for now, because it sucks. * we need a better way to decide this - i.e. I may not @@ -365,16 +348,17 @@ cryptodev_usable_digests(const int **nids) */ *nids = NULL; return (0); +#endif } static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { struct crypt_op cryp; struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - void *iiv; + const void *iiv; unsigned char save_iv[EVP_MAX_IV_LENGTH]; if (state->d_fd < 0) @@ -398,7 +382,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { cryp.iv = (caddr_t) ctx->iv; if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; + iiv = in + inl - ctx->cipher->iv_len; memcpy(save_iv, iiv, ctx->cipher->iv_len); } } else @@ -413,7 +397,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (ctx->cipher->iv_len) { if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; + iiv = out + inl - ctx->cipher->iv_len; else iiv = save_iv; memcpy(ctx->iv, iiv, ctx->cipher->iv_len); @@ -427,23 +411,27 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { struct dev_crypto_state *state = ctx->cipher_data; struct session_op *sess = &state->d_sess; - int cipher; + int cipher = -1, i; - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) - return (0); - - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) - return (0); + for (i = 0; ciphers[i].id; i++) + if (ctx->cipher->nid == ciphers[i].nid && + ctx->cipher->iv_len <= ciphers[i].ivmax && + ctx->key_len == ciphers[i].keylen) { + cipher = ciphers[i].id; + break; + } - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) + if (!ciphers[i].id) { + state->d_fd = -1; return (0); + } memset(sess, 0, sizeof(struct session_op)); if ((state->d_fd = get_dev_crypto()) < 0) return (0); - sess->key = (unsigned char *)key; + sess->key = (caddr_t)key; sess->keylen = ctx->key_len; sess->cipher = cipher; @@ -496,6 +484,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) * gets called when libcrypto requests a cipher NID. */ +/* RC4 */ +const EVP_CIPHER cryptodev_rc4 = { + NID_rc4, + 1, 16, 0, + EVP_CIPH_VARIABLE_LENGTH, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + NULL, + NULL, + NULL +}; + /* DES CBC EVP */ const EVP_CIPHER cryptodev_des_cbc = { NID_des_cbc, @@ -563,6 +565,32 @@ const EVP_CIPHER cryptodev_aes_cbc = { NULL }; +const EVP_CIPHER cryptodev_aes_192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +const EVP_CIPHER cryptodev_aes_256_cbc = { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + cryptodev_init_key, + cryptodev_cipher, + cryptodev_cleanup, + sizeof(struct dev_crypto_state), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + /* * Registered by the ENGINE when used to find out how to deal with * a particular NID in the ENGINE. this says what we'll do at the @@ -576,6 +604,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (cryptodev_usable_ciphers(nids)); switch (nid) { + case NID_rc4: + *cipher = &cryptodev_rc4; + break; case NID_des_ede3_cbc: *cipher = &cryptodev_3des_cbc; break; @@ -591,6 +622,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, case NID_aes_128_cbc: *cipher = &cryptodev_aes_cbc; break; + case NID_aes_192_cbc: + *cipher = &cryptodev_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &cryptodev_aes_256_cbc; + break; default: *cipher = NULL; break; @@ -598,6 +635,234 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, return (*cipher != NULL); } + +#ifdef USE_CRYPTODEV_DIGESTS + +/* convert digest type to cryptodev */ +static int +digest_nid_to_cryptodev(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return (digests[i].id); + return (0); +} + + +static int +digest_key_length(int nid) +{ + int i; + + for (i = 0; digests[i].id; i++) + if (digests[i].nid == nid) + return digests[i].keylen; + return (0); +} + + +static int cryptodev_digest_init(EVP_MD_CTX *ctx) +{ + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + int digest; + + if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){ + printf("cryptodev_digest_init: Can't get digest \n"); + return (0); + } + + memset(state, 0, sizeof(struct dev_crypto_state)); + + if ((state->d_fd = get_dev_crypto()) < 0) { + printf("cryptodev_digest_init: Can't get Dev \n"); + return (0); + } + + sess->mackey = state->dummy_mac_key; + sess->mackeylen = digest_key_length(ctx->digest->type); + sess->mac = digest; + + if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) { + close(state->d_fd); + state->d_fd = -1; + printf("cryptodev_digest_init: Open session failed\n"); + return (0); + } + + return (1); +} + +static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, + size_t count) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (!data || state->d_fd < 0) { + printf("cryptodev_digest_update: illegal inputs \n"); + return (0); + } + + if (!count) { + return (0); + } + + if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { + /* if application doesn't support one buffer */ + state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); + + if (!state->mac_data) { + printf("cryptodev_digest_update: realloc failed\n"); + return (0); + } + + memcpy(state->mac_data + state->mac_len, data, count); + state->mac_len += count; + + return (1); + } + + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = count; + cryp.src = (caddr_t) data; + cryp.dst = NULL; + cryp.mac = (caddr_t) state->digest_res; + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_update: digest failed\n"); + return (0); + } + return (1); +} + + +static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + struct crypt_op cryp; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + int ret = 1; + + if (!md || state->d_fd < 0) { + printf("cryptodev_digest_final: illegal input\n"); + return(0); + } + + if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) { + /* if application doesn't support one buffer */ + memset(&cryp, 0, sizeof(cryp)); + + cryp.ses = sess->ses; + cryp.flags = 0; + cryp.len = state->mac_len; + cryp.src = state->mac_data; + cryp.dst = NULL; + cryp.mac = (caddr_t)md; + + if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) { + printf("cryptodev_digest_final: digest failed\n"); + return (0); + } + + return 1; + } + + memcpy(md, state->digest_res, ctx->digest->md_size); + + return (ret); +} + + +static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) +{ + int ret = 1; + struct dev_crypto_state *state = ctx->md_data; + struct session_op *sess = &state->d_sess; + + if (state->d_fd < 0) { + printf("cryptodev_digest_cleanup: illegal input\n"); + return (0); + } + + if (state->mac_data) { + OPENSSL_free(state->mac_data); + state->mac_data = NULL; + state->mac_len = 0; + } + + if (state->copy) + return 1; + + if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { + printf("cryptodev_digest_cleanup: failed to close session\n"); + ret = 0; + } else { + ret = 1; + } + close(state->d_fd); + state->d_fd = -1; + + return (ret); +} + +static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) +{ + struct dev_crypto_state *fstate = from->md_data; + struct dev_crypto_state *dstate = to->md_data; + + memcpy(dstate, fstate, sizeof(struct dev_crypto_state)); + + if (fstate->mac_len != 0) { + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); + memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); + } + + dstate->copy = 1; + + return 1; +} + + +const EVP_MD cryptodev_sha1 = { + NID_sha1, + NID_undef, + SHA_DIGEST_LENGTH, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + SHA_CBLOCK, + sizeof(struct dev_crypto_state), +}; + +const EVP_MD cryptodev_md5 = { + NID_md5, + NID_undef, + 16 /* MD5_DIGEST_LENGTH */, + EVP_MD_FLAG_ONESHOT, + cryptodev_digest_init, + cryptodev_digest_update, + cryptodev_digest_final, + cryptodev_digest_copy, + cryptodev_digest_cleanup, + EVP_PKEY_NULL_method, + 64 /* MD5_CBLOCK */, + sizeof(struct dev_crypto_state), +}; + +#endif /* USE_CRYPTODEV_DIGESTS */ + + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) @@ -606,10 +871,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, return (cryptodev_usable_digests(nids)); switch (nid) { +#ifdef USE_CRYPTODEV_DIGESTS case NID_md5: - *digest = NULL; /* need to make a clean md5 critter */ + *digest = &cryptodev_md5; break; + case NID_sha1: + *digest = &cryptodev_sha1; + break; default: +#endif /* USE_CRYPTODEV_DIGESTS */ *digest = NULL; break; } @@ -625,7 +895,7 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) { int i, j, k; - ssize_t words, bytes, bits; + ssize_t bytes, bits; u_char *b; crp->crp_p = NULL; @@ -637,8 +907,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp) b = malloc(bytes); if (b == NULL) return (1); + memset(b, 0, bytes); - crp->crp_p = b; + crp->crp_p = (caddr_t) b; crp->crp_nbits = bits; for (i = 0, j = 0; i < a->top; i++) { @@ -681,7 +952,7 @@ zapparams(struct crypt_kop *kop) { int i; - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { + for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { if (kop->crk_param[i].crp_p) free(kop->crk_param[i].crp_p); kop->crk_param[i].crp_p = NULL; @@ -746,21 +1017,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; kop.crk_iparams = 3; - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, Running in software\n"); + ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; - BN_CTX *ctx; - ctx = BN_CTX_new(); r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); BN_CTX_free(ctx); @@ -795,10 +1072,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) goto err; kop.crk_iparams = 6; - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { + if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { + const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF asym process failed, running in Software\n"); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); + + } else if (ECANCELED == kop.crk_status) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); + printf("OCF hardware operation cancelled. Running in Software\n"); ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } + /* else cryptodev operation worked ok ==> ret = 1*/ + err: zapparams(&kop); return (ret); @@ -934,7 +1219,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, kop.crk_iparams = 7; if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { - dsaret = kop.crk_status; +/*OCF success value is 0, if not zero, change dsaret to fail*/ + if(0 != kop.crk_status) dsaret = 0; } else { const DSA_METHOD *meth = DSA_OpenSSL(); @@ -994,7 +1280,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; kop.crk_iparams = 3; - kop.crk_param[3].crp_p = key; + kop.crk_param[3].crp_p = (caddr_t) key; kop.crk_param[3].crp_nbits = keylen * 8; kop.crk_oparams = 1; @@ -1025,7 +1311,7 @@ static DH_METHOD cryptodev_dh = { * but I expect we'll want some options soon. */ static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) +cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) { #ifdef HAVE_SYSLOG_R struct syslog_data sd = SYSLOG_DATA_INIT; diff --git a/src/lib/libssl/src/crypto/engine/eng_ctrl.c b/src/lib/libssl/src/crypto/engine/eng_ctrl.c index 95b6b455aa..5ce25d92ec 100644 --- a/src/lib/libssl/src/crypto/engine/eng_ctrl.c +++ b/src/lib/libssl/src/crypto/engine/eng_ctrl.c @@ -280,7 +280,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if (ENGINE_ctrl(e, num, i, p, f)) + if (ENGINE_ctrl(e, num, i, p, f) > 0) return 1; return 0; } @@ -345,7 +345,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * usage of these commands is consistent across applications and * that certain applications don't understand it one way, and * others another. */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -360,7 +360,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, if(flags & ENGINE_CMD_FLAG_STRING) { /* Same explanation as above */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; } @@ -383,7 +383,7 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if(ENGINE_ctrl(e, num, l, NULL, NULL)) + if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0) return 1; return 0; } diff --git a/src/lib/libssl/src/crypto/engine/eng_dyn.c b/src/lib/libssl/src/crypto/engine/eng_dyn.c index acb30c34d8..807da7a5eb 100644 --- a/src/lib/libssl/src/crypto/engine/eng_dyn.c +++ b/src/lib/libssl/src/crypto/engine/eng_dyn.c @@ -146,14 +146,14 @@ struct st_dynamic_data_ctx * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ int dir_load; /* A stack of directories from which ENGINEs could be loaded */ - STACK *dirs; + STACK_OF(OPENSSL_STRING) *dirs; }; /* This is the "ex_data" index we obtain and reserve for use with our context * structure. */ static int dynamic_ex_data_idx = -1; -static void int_free_str(void *s) { OPENSSL_free(s); } +static void int_free_str(char *s) { OPENSSL_free(s); } /* Because our ex_data element may or may not get allocated depending on whether * a "first-use" occurs before the ENGINE is freed, we have a memory leak * problem to solve. We can't declare a "new" handler for the ex_data as we @@ -174,7 +174,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, if(ctx->engine_id) OPENSSL_free((void*)ctx->engine_id); if(ctx->dirs) - sk_pop_free(ctx->dirs, int_free_str); + sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); } } @@ -203,7 +203,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) c->DYNAMIC_F1 = "v_check"; c->DYNAMIC_F2 = "bind_engine"; c->dir_load = 1; - c->dirs = sk_new_null(); + c->dirs = sk_OPENSSL_STRING_new_null(); if(!c->dirs) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); @@ -393,7 +393,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) ERR_R_MALLOC_FAILURE); return 0; } - sk_insert(ctx->dirs, tmp_str, -1); + sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1); } return 1; default: @@ -411,11 +411,11 @@ static int int_load(dynamic_data_ctx *ctx) ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) return 1; /* If we're not allowed to use 'dirs' or we have none, fail */ - if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) + if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) return 0; for(loop = 0; loop < num; loop++) { - const char *s = sk_value(ctx->dirs, loop); + const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop); char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); if(!merge) return 0; diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c index 574ffbb5c0..81c70acfa8 100644 --- a/src/lib/libssl/src/crypto/engine/eng_err.c +++ b/src/lib/libssl/src/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,8 @@ static ERR_STRING_DATA ENGINE_str_functs[]= {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH), "ENGINE_get_pkey_asn1_meth"}, +{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, @@ -124,6 +126,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, +{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"}, {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, @@ -150,6 +153,7 @@ static ERR_STRING_DATA ENGINE_str_reasons[]= {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"}, {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"}, {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"}, +{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"}, {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/engine/eng_fat.c b/src/lib/libssl/src/crypto/engine/eng_fat.c index 27c1662f62..db66e62350 100644 --- a/src/lib/libssl/src/crypto/engine/eng_fat.c +++ b/src/lib/libssl/src/crypto/engine/eng_fat.c @@ -89,6 +89,12 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) #endif if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; + if((flags & ENGINE_METHOD_PKEY_METHS) + && !ENGINE_set_default_pkey_meths(e)) + return 0; + if((flags & ENGINE_METHOD_PKEY_ASN1_METHS) + && !ENGINE_set_default_pkey_asn1_meths(e)) + return 0; return 1; } @@ -115,6 +121,13 @@ static int int_def_cb(const char *alg, int len, void *arg) *pflags |= ENGINE_METHOD_CIPHERS; else if (!strncmp(alg, "DIGESTS", len)) *pflags |= ENGINE_METHOD_DIGESTS; + else if (!strncmp(alg, "PKEY", len)) + *pflags |= + ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS; + else if (!strncmp(alg, "PKEY_CRYPTO", len)) + *pflags |= ENGINE_METHOD_PKEY_METHS; + else if (!strncmp(alg, "PKEY_ASN1", len)) + *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; else return 0; return 1; @@ -154,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e) ENGINE_register_ECDSA(e); #endif ENGINE_register_RAND(e); + ENGINE_register_pkey_meths(e); return 1; } diff --git a/src/lib/libssl/src/crypto/engine/eng_int.h b/src/lib/libssl/src/crypto/engine/eng_int.h index a66f107a44..451ef8feb8 100644 --- a/src/lib/libssl/src/crypto/engine/eng_int.h +++ b/src/lib/libssl/src/crypto/engine/eng_int.h @@ -127,6 +127,8 @@ ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) #endif +typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg); +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg); /* Internal versions of API functions that have control over locking. These are * used between C files when functionality needs to be shared but the caller may @@ -143,6 +145,11 @@ void engine_set_all_null(ENGINE *e); /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ +/* Free up dynamically allocated public key methods associated with ENGINE */ + +void engine_pkey_meths_free(ENGINE *e); +void engine_pkey_asn1_meths_free(ENGINE *e); + /* This is a structure for storing implementations of various crypto * algorithms and functions. */ struct engine_st @@ -160,7 +167,10 @@ struct engine_st ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ ENGINE_DIGESTS_PTR digests; - + /* Public key handling via this callback */ + ENGINE_PKEY_METHS_PTR pkey_meths; + /* ASN1 public key handling via this callback */ + ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; ENGINE_GEN_INT_FUNC_PTR destroy; diff --git a/src/lib/libssl/src/crypto/engine/eng_lib.c b/src/lib/libssl/src/crypto/engine/eng_lib.c index 5815b867f4..18a6664645 100644 --- a/src/lib/libssl/src/crypto/engine/eng_lib.c +++ b/src/lib/libssl/src/crypto/engine/eng_lib.c @@ -125,6 +125,9 @@ int engine_free_util(ENGINE *e, int locked) abort(); } #endif + /* Free up any dynamically allocated public key methods */ + engine_pkey_meths_free(e); + engine_pkey_asn1_meths_free(e); /* Give the ENGINE a chance to do any structural cleanup corresponding * to allocation it did in its constructor (eg. unload error strings) */ if(e->destroy) diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c index bd511944ba..27846edb1e 100644 --- a/src/lib/libssl/src/crypto/engine/eng_list.c +++ b/src/lib/libssl/src/crypto/engine/eng_list.c @@ -336,6 +336,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; + dest->pkey_meths = src->pkey_meths; dest->destroy = src->destroy; dest->init = src->init; dest->finish = src->finish; @@ -412,6 +413,7 @@ ENGINE *ENGINE_by_id(const char *id) return iterator; } notfound: + ENGINE_free(iterator); ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); ERR_add_error_data(2, "id=", id); return NULL; diff --git a/src/lib/libssl/src/crypto/engine/eng_openssl.c b/src/lib/libssl/src/crypto/engine/eng_openssl.c index 7c139ae2ef..9abb95cc22 100644 --- a/src/lib/libssl/src/crypto/engine/eng_openssl.c +++ b/src/lib/libssl/src/crypto/engine/eng_openssl.c @@ -238,7 +238,7 @@ static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); diff --git a/src/lib/libssl/src/crypto/engine/eng_table.c b/src/lib/libssl/src/crypto/engine/eng_table.c index 8879a267d1..4fde948185 100644 --- a/src/lib/libssl/src/crypto/engine/eng_table.c +++ b/src/lib/libssl/src/crypto/engine/eng_table.c @@ -70,12 +70,22 @@ typedef struct st_engine_pile int uptodate; } ENGINE_PILE; +DECLARE_LHASH_OF(ENGINE_PILE); + /* The type exposed in eng_int.h */ struct st_engine_table { - LHASH piles; + LHASH_OF(ENGINE_PILE) piles; }; /* ENGINE_TABLE */ + +typedef struct st_engine_pile_doall + { + engine_table_doall_cb *cb; + void *arg; + } ENGINE_PILE_DOALL; + + /* Global flags (ENGINE_TABLE_FLAG_***). */ static unsigned int table_flags = 0; @@ -84,6 +94,7 @@ unsigned int ENGINE_get_table_flags(void) { return table_flags; } + void ENGINE_set_table_flags(unsigned int flags) { table_flags = flags; @@ -94,19 +105,21 @@ static unsigned long engine_pile_hash(const ENGINE_PILE *c) { return c->nid; } + static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) { return a->nid - b->nid; } -static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) -static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) +static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE) +static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE) + static int int_table_check(ENGINE_TABLE **t, int create) { - LHASH *lh; + LHASH_OF(ENGINE_PILE) *lh; + if(*t) return 1; if(!create) return 0; - if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), - LHASH_COMP_FN(engine_pile_cmp))) == NULL) + if((lh = lh_ENGINE_PILE_new()) == NULL) return 0; *t = (ENGINE_TABLE *)lh; return 1; @@ -130,7 +143,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, while(num_nids--) { tmplate.nid = *nids; - fnd = lh_retrieve(&(*table)->piles, &tmplate); + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if(!fnd) { fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); @@ -144,7 +157,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, goto end; } fnd->funct = NULL; - lh_insert(&(*table)->piles, fnd); + (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); } /* A registration shouldn't add duplciate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); @@ -173,7 +186,7 @@ end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; } -static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) +static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e) { int n; /* Iterate the 'c->sk' stack removing any occurance of 'e' */ @@ -188,31 +201,35 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) pile->funct = NULL; } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE) + void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) { CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(int_table_check(table, 0)) - lh_doall_arg(&(*table)->piles, - LHASH_DOALL_ARG_FN(int_unregister_cb), e); + lh_ENGINE_PILE_doall_arg(&(*table)->piles, + LHASH_DOALL_ARG_FN(int_unregister_cb), + ENGINE, e); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); } -static void int_cleanup_cb(ENGINE_PILE *p) +static void int_cleanup_cb_doall(ENGINE_PILE *p) { sk_ENGINE_free(p->sk); if(p->funct) engine_unlocked_finish(p->funct, 0); OPENSSL_free(p); } -static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) +static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE) + void engine_table_cleanup(ENGINE_TABLE **table) { CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); if(*table) { - lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); - lh_free(&(*table)->piles); + lh_ENGINE_PILE_doall(&(*table)->piles, + LHASH_DOALL_FN(int_cleanup_cb)); + lh_ENGINE_PILE_free(&(*table)->piles); *table = NULL; } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); @@ -237,12 +254,13 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in #endif return NULL; } + ERR_set_mark(); CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ if(!int_table_check(table, 0)) goto end; tmplate.nid = nid; - fnd = lh_retrieve(&(*table)->piles, &tmplate); + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if(!fnd) goto end; if(fnd->funct && engine_unlocked_init(fnd->funct)) { @@ -310,6 +328,24 @@ end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Whatever happened, any failed init()s are not failures in this * context, so clear our error state. */ - ERR_clear_error(); + ERR_pop_to_mark(); return ret; } + +/* Table enumeration */ + +static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall) + { + dall->cb(pile->nid, pile->sk, pile->funct, dall->arg); + } +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL) + +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, + void *arg) + { + ENGINE_PILE_DOALL dall; + dall.cb = cb; + dall.arg = arg; + lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb), + ENGINE_PILE_DOALL, &dall); + } diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h index f503595ece..7fbd95f634 100644 --- a/src/lib/libssl/src/crypto/engine/engine.h +++ b/src/lib/libssl/src/crypto/engine/engine.h @@ -88,16 +88,15 @@ #include #endif #include -#include #include #include #endif -#include - #include #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -113,6 +112,8 @@ extern "C" { #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 #define ENGINE_METHOD_STORE (unsigned int)0x0100 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -297,7 +298,8 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, * parameter is non-NULL it is set to the size of the returned array. */ typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); - +typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int); /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE * structures where the pointers have a "structural reference". This means that * their reference is to allowed access to the structure but it does not imply @@ -329,19 +331,20 @@ void ENGINE_load_aep(void); void ENGINE_load_atalla(void); void ENGINE_load_chil(void); void ENGINE_load_cswift(void); -#ifndef OPENSSL_NO_GMP -void ENGINE_load_gmp(void); -#endif void ENGINE_load_nuron(void); void ENGINE_load_sureware(void); void ENGINE_load_ubsec(void); -#endif -void ENGINE_load_cryptodev(void); void ENGINE_load_padlock(void); -void ENGINE_load_builtin_engines(void); -#ifndef OPENSSL_NO_CAPIENG void ENGINE_load_capi(void); +#ifndef OPENSSL_NO_GMP +void ENGINE_load_gmp(void); +#endif +#ifndef OPENSSL_NO_GOST +void ENGINE_load_gost(void); +#endif #endif +void ENGINE_load_cryptodev(void); +void ENGINE_load_builtin_engines(void); /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ @@ -392,6 +395,14 @@ int ENGINE_register_digests(ENGINE *e); void ENGINE_unregister_digests(ENGINE *e); void ENGINE_register_all_digests(void); +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + /* These functions register all support from the above categories. Note, use of * these functions can result in static linkage of code your application may not * need. If you only need a subset of functionality, consider using more @@ -471,6 +482,8 @@ int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); /* These functions allow control over any per-structure ENGINE data. */ @@ -507,8 +520,16 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len); const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); int ENGINE_get_flags(const ENGINE *e); @@ -560,6 +581,8 @@ ENGINE *ENGINE_get_default_RAND(void); * ciphering or digesting corresponding to "nid". */ ENGINE *ENGINE_get_cipher_engine(int nid); ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); /* This sets a new default ENGINE structure for performing RSA * operations. If the result is non-zero (success) then the ENGINE @@ -575,6 +598,8 @@ int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); /* The combination "set" - the flags are bitwise "OR"d from the * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" @@ -703,7 +728,7 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, * values. */ void *ENGINE_get_static_state(void); -#if defined(__OpenBSD__) || defined(__FreeBSD__) +#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) void ENGINE_setup_bsd_cryptodev(void); #endif @@ -732,13 +757,15 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 #define ENGINE_F_ENGINE_GET_DIGEST 186 #define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +#define ENGINE_F_ENGINE_GET_PKEY_METH 192 #define ENGINE_F_ENGINE_GET_PREV 116 #define ENGINE_F_ENGINE_INIT 119 #define ENGINE_F_ENGINE_LIST_ADD 120 #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 @@ -767,6 +794,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_DSO_FAILURE 104 #define ENGINE_R_DSO_NOT_FOUND 132 #define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 #define ENGINE_R_ENGINE_SECTION_ERROR 149 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 @@ -793,6 +821,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_RSA_NOT_IMPLEMENTED 141 #define ENGINE_R_UNIMPLEMENTED_CIPHER 146 #define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 #define ENGINE_R_VERSION_INCOMPATIBILITY 145 #ifdef __cplusplus diff --git a/src/lib/libssl/src/crypto/engine/enginetest.c b/src/lib/libssl/src/crypto/engine/enginetest.c index e3834611db..f4d70e7e0a 100644 --- a/src/lib/libssl/src/crypto/engine/enginetest.c +++ b/src/lib/libssl/src/crypto/engine/enginetest.c @@ -276,7 +276,7 @@ end: ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); return to_return; } diff --git a/src/lib/libssl/src/crypto/err/Makefile b/src/lib/libssl/src/crypto/err/Makefile index 91d1379d41..862b23ba17 100644 --- a/src/lib/libssl/src/crypto/err/Makefile +++ b/src/lib/libssl/src/crypto/err/Makefile @@ -17,8 +17,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=err.c err_def.c err_all.c err_prn.c err_str.c err_bio.c -LIBOBJ=err.o err_def.o err_all.o err_prn.o err_str.o err_bio.o +LIBSRC=err.c err_all.c err_prn.c +LIBOBJ=err.o err_all.o err_prn.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,37 +83,24 @@ err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h err.o: ../cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -err_all.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h +err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +err_all.o: ../../include/openssl/ts.h ../../include/openssl/ui.h err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h err_all.o: ../../include/openssl/x509v3.h err_all.c -err_bio.o: ../../e_os.h ../../include/openssl/bio.h -err_bio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_bio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_bio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_bio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_bio.o: ../../include/openssl/symhacks.h ../cryptlib.h err_bio.c -err_def.o: ../../e_os.h ../../include/openssl/bio.h -err_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_def.o: ../../include/openssl/symhacks.h ../cryptlib.h err_def.c err_prn.o: ../../e_os.h ../../include/openssl/bio.h err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -121,10 +108,3 @@ err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c -err_str.o: ../../e_os.h ../../include/openssl/bio.h -err_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -err_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_str.o: ../../include/openssl/symhacks.h ../cryptlib.h err_str.c diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c index 292404a2fb..69713a6e2f 100644 --- a/src/lib/libssl/src/crypto/err/err.c +++ b/src/lib/libssl/src/crypto/err/err.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,9 +119,507 @@ #include #include -static unsigned long get_error_values(int inc,int top, - const char **file,int *line, - const char **data,int *flags); +DECLARE_LHASH_OF(ERR_STRING_DATA); +DECLARE_LHASH_OF(ERR_STATE); + +static void err_load_strings(int lib, ERR_STRING_DATA *str); + +static void ERR_STATE_free(ERR_STATE *s); +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA ERR_str_libraries[]= + { +{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, +{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, +{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, +{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, +{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, +{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, +{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, +{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, +{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, +{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, +{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, +{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, +{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, +{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, +{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, +{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, +{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, +{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, +{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, +{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, +{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, +{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, +{ERR_PACK(ERR_LIB_TS,0,0) ,"time stamp routines"}, +{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, +{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, +{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, +{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, +{ERR_PACK(ERR_LIB_HMAC,0,0) ,"HMAC routines"}, +{0,NULL}, + }; + +static ERR_STRING_DATA ERR_str_functs[]= + { + {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, + {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, + {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, + {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, + {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, + {ERR_PACK(0,SYS_F_BIND,0), "bind"}, + {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, + {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, +#ifdef OPENSSL_SYS_WINDOWS + {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, +#endif + {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, + {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, + {0,NULL}, + }; + +static ERR_STRING_DATA ERR_str_reasons[]= + { +{ERR_R_SYS_LIB ,"system lib"}, +{ERR_R_BN_LIB ,"BN lib"}, +{ERR_R_RSA_LIB ,"RSA lib"}, +{ERR_R_DH_LIB ,"DH lib"}, +{ERR_R_EVP_LIB ,"EVP lib"}, +{ERR_R_BUF_LIB ,"BUF lib"}, +{ERR_R_OBJ_LIB ,"OBJ lib"}, +{ERR_R_PEM_LIB ,"PEM lib"}, +{ERR_R_DSA_LIB ,"DSA lib"}, +{ERR_R_X509_LIB ,"X509 lib"}, +{ERR_R_ASN1_LIB ,"ASN1 lib"}, +{ERR_R_CONF_LIB ,"CONF lib"}, +{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, +{ERR_R_EC_LIB ,"EC lib"}, +{ERR_R_SSL_LIB ,"SSL lib"}, +{ERR_R_BIO_LIB ,"BIO lib"}, +{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, +{ERR_R_X509V3_LIB ,"X509V3 lib"}, +{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, +{ERR_R_RAND_LIB ,"RAND lib"}, +{ERR_R_DSO_LIB ,"DSO lib"}, +{ERR_R_ENGINE_LIB ,"ENGINE lib"}, +{ERR_R_OCSP_LIB ,"OCSP lib"}, +{ERR_R_TS_LIB ,"TS lib"}, + +{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, +{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, +{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, +{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, +{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, +{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, + +{ERR_R_FATAL ,"fatal"}, +{ERR_R_MALLOC_FAILURE ,"malloc failure"}, +{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, +{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, +{ERR_R_INTERNAL_ERROR ,"internal error"}, +{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, + +{0,NULL}, + }; +#endif + + +/* Define the predeclared (but externally opaque) "ERR_FNS" type */ +struct st_ERR_FNS + { + /* Works on the "error_hash" string table */ + LHASH_OF(ERR_STRING_DATA) *(*cb_err_get)(int create); + void (*cb_err_del)(void); + ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); + ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); + ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); + /* Works on the "thread_hash" error-state table */ + LHASH_OF(ERR_STATE) *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH_OF(ERR_STATE) **hash); + ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); + ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); + void (*cb_thread_del_item)(const ERR_STATE *); + /* Returns the next available error "library" numbers */ + int (*cb_get_next_lib)(void); + }; + +/* Predeclarations of the "err_defaults" functions */ +static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create); +static void int_err_del(void); +static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); +static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); +static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); +static LHASH_OF(ERR_STATE) *int_thread_get(int create); +static void int_thread_release(LHASH_OF(ERR_STATE) **hash); +static ERR_STATE *int_thread_get_item(const ERR_STATE *); +static ERR_STATE *int_thread_set_item(ERR_STATE *); +static void int_thread_del_item(const ERR_STATE *); +static int int_err_get_next_lib(void); +/* The static ERR_FNS table using these defaults functions */ +static const ERR_FNS err_defaults = + { + int_err_get, + int_err_del, + int_err_get_item, + int_err_set_item, + int_err_del_item, + int_thread_get, + int_thread_release, + int_thread_get_item, + int_thread_set_item, + int_thread_del_item, + int_err_get_next_lib + }; + +/* The replacable table of ERR_FNS functions we use at run-time */ +static const ERR_FNS *err_fns = NULL; + +/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ +#define ERRFN(a) err_fns->cb_##a + +/* The internal state used by "err_defaults" - as such, the setting, reading, + * creating, and deleting of this data should only be permitted via the + * "err_defaults" functions. This way, a linked module can completely defer all + * ERR state operation (together with requisite locking) to the implementations + * and state in the loading application. */ +static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; +static LHASH_OF(ERR_STATE) *int_thread_hash = NULL; +static int int_thread_hash_references = 0; +static int int_err_library_number= ERR_LIB_USER; + +/* Internal function that checks whether "err_fns" is set and if not, sets it to + * the defaults. */ +static void err_fns_check(void) + { + if (err_fns) return; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!err_fns) + err_fns = &err_defaults; + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + } + +/* API functions to get or set the underlying ERR functions. */ + +const ERR_FNS *ERR_get_implementation(void) + { + err_fns_check(); + return err_fns; + } + +int ERR_set_implementation(const ERR_FNS *fns) + { + int ret = 0; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting + * an error is there?! */ + if (!err_fns) + { + err_fns = fns; + ret = 1; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return ret; + } + +/* These are the callbacks provided to "lh_new()" when creating the LHASH tables + * internal to the "err_defaults" implementation. */ + +static unsigned long get_error_values(int inc,int top,const char **file,int *line, + const char **data,int *flags); + +/* The internal functions used in the "err_defaults" implementation */ + +static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) + { + unsigned long ret,l; + + l=a->error; + ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); + return(ret^ret%19*13); + } +static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA) + +static int err_string_data_cmp(const ERR_STRING_DATA *a, + const ERR_STRING_DATA *b) + { + return (int)(a->error - b->error); + } +static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) + +static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) + { + LHASH_OF(ERR_STRING_DATA) *ret = NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!int_error_hash && create) + { + CRYPTO_push_info("int_err_get (err.c)"); + int_error_hash = lh_ERR_STRING_DATA_new(); + CRYPTO_pop_info(); + } + if (int_error_hash) + ret = int_error_hash; + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + return ret; + } + +static void int_err_del(void) + { + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (int_error_hash) + { + lh_ERR_STRING_DATA_free(int_error_hash); + int_error_hash = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + } + +static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) + { + ERR_STRING_DATA *p; + LHASH_OF(ERR_STRING_DATA) *hash; + + err_fns_check(); + hash = ERRFN(err_get)(0); + if (!hash) + return NULL; + + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STRING_DATA_retrieve(hash, d); + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + + return p; + } + +static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) + { + ERR_STRING_DATA *p; + LHASH_OF(ERR_STRING_DATA) *hash; + + err_fns_check(); + hash = ERRFN(err_get)(1); + if (!hash) + return NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STRING_DATA_insert(hash, d); + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + return p; + } + +static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) + { + ERR_STRING_DATA *p; + LHASH_OF(ERR_STRING_DATA) *hash; + + err_fns_check(); + hash = ERRFN(err_get)(0); + if (!hash) + return NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STRING_DATA_delete(hash, d); + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + return p; + } + +static unsigned long err_state_hash(const ERR_STATE *a) + { + return CRYPTO_THREADID_hash(&a->tid) * 13; + } +static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE) + +static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) + { + return CRYPTO_THREADID_cmp(&a->tid, &b->tid); + } +static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) + +static LHASH_OF(ERR_STATE) *int_thread_get(int create) + { + LHASH_OF(ERR_STATE) *ret = NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!int_thread_hash && create) + { + CRYPTO_push_info("int_thread_get (err.c)"); + int_thread_hash = lh_ERR_STATE_new(); + CRYPTO_pop_info(); + } + if (int_thread_hash) + { + int_thread_hash_references++; + ret = int_thread_hash; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return ret; + } + +static void int_thread_release(LHASH_OF(ERR_STATE) **hash) + { + int i; + + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + +#ifdef REF_PRINT + fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"int_thread_release, bad reference count\n"); + abort(); /* ok */ + } +#endif + *hash = NULL; + } + +static ERR_STATE *int_thread_get_item(const ERR_STATE *d) + { + ERR_STATE *p; + LHASH_OF(ERR_STATE) *hash; + + err_fns_check(); + hash = ERRFN(thread_get)(0); + if (!hash) + return NULL; + + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STATE_retrieve(hash, d); + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + + ERRFN(thread_release)(&hash); + return p; + } + +static ERR_STATE *int_thread_set_item(ERR_STATE *d) + { + ERR_STATE *p; + LHASH_OF(ERR_STATE) *hash; + + err_fns_check(); + hash = ERRFN(thread_get)(1); + if (!hash) + return NULL; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STATE_insert(hash, d); + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + ERRFN(thread_release)(&hash); + return p; + } + +static void int_thread_del_item(const ERR_STATE *d) + { + ERR_STATE *p; + LHASH_OF(ERR_STATE) *hash; + + err_fns_check(); + hash = ERRFN(thread_get)(0); + if (!hash) + return; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + p = lh_ERR_STATE_delete(hash, d); + /* make sure we don't leak memory */ + if (int_thread_hash_references == 1 + && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) + { + lh_ERR_STATE_free(int_thread_hash); + int_thread_hash = NULL; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + ERRFN(thread_release)(&hash); + if (p) + ERR_STATE_free(p); + } + +static int int_err_get_next_lib(void) + { + int ret; + + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + ret = int_err_library_number++; + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + + return ret; + } + + +#ifndef OPENSSL_NO_ERR +#define NUM_SYS_STR_REASONS 127 +#define LEN_SYS_STR_REASON 32 + +static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; +/* SYS_str_reasons is filled with copies of strerror() results at + * initialization. + * 'errno' values up to 127 should cover all usual errors, + * others will be displayed numerically by ERR_error_string. + * It is crucial that we have something for each reason code + * that occurs in ERR_str_reasons, or bogus reason strings + * will be returned for SYSerr(), which always gets an errno + * value and never one of those 'standard' reason codes. */ + +static void build_SYS_str_reasons(void) + { + /* OPENSSL_malloc cannot be used here, use static storage instead */ + static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; + int i; + static int init = 1; + + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + return; + } + + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!init) + { + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return; + } + + for (i = 1; i <= NUM_SYS_STR_REASONS; i++) + { + ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; + + str->error = (unsigned long)i; + if (str->string == NULL) + { + char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); + char *src = strerror(i); + if (src != NULL) + { + strncpy(*dest, src, sizeof *dest); + (*dest)[sizeof *dest - 1] = '\0'; + str->string = *dest; + } + } + if (str->string == NULL) + str->string = "unknown"; + } + + /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, + * as required by ERR_load_strings. */ + + init = 0; + + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + } +#endif #define err_clear_data(p,i) \ do { \ @@ -143,6 +641,68 @@ static unsigned long get_error_values(int inc,int top, (p)->err_line[i]= -1; \ } while(0) +static void ERR_STATE_free(ERR_STATE *s) + { + int i; + + if (s == NULL) + return; + + for (i=0; ierror) + { + if (lib) + str->error|=ERR_PACK(lib,0,0); + ERRFN(err_set_item)(str); + str++; + } + } + +void ERR_load_strings(int lib, ERR_STRING_DATA *str) + { + ERR_load_ERR_strings(); + err_load_strings(lib, str); + } + +void ERR_unload_strings(int lib, ERR_STRING_DATA *str) + { + while (str->error) + { + if (lib) + str->error|=ERR_PACK(lib,0,0); + ERRFN(err_del_item)(str); + str++; + } + } + +void ERR_free_strings(void) + { + err_fns_check(); + ERRFN(err_del)(); + } + +/********************************************************/ + void ERR_put_error(int lib, int func, int reason, const char *file, int line) { @@ -297,6 +857,196 @@ static unsigned long get_error_values(int inc, int top, const char **file, int * return ret; } +void ERR_error_string_n(unsigned long e, char *buf, size_t len) + { + char lsbuf[64], fsbuf[64], rsbuf[64]; + const char *ls,*fs,*rs; + unsigned long l,f,r; + + l=ERR_GET_LIB(e); + f=ERR_GET_FUNC(e); + r=ERR_GET_REASON(e); + + ls=ERR_lib_error_string(e); + fs=ERR_func_error_string(e); + rs=ERR_reason_error_string(e); + + if (ls == NULL) + BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); + if (fs == NULL) + BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); + if (rs == NULL) + BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); + + BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, + fs?fs:fsbuf, rs?rs:rsbuf); + if (strlen(buf) == len-1) + { + /* output may be truncated; make sure we always have 5 + * colon-separated fields, i.e. 4 colons ... */ +#define NUM_COLONS 4 + if (len > NUM_COLONS) /* ... if possible */ + { + int i; + char *s = buf; + + for (i = 0; i < NUM_COLONS; i++) + { + char *colon = strchr(s, ':'); + if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) + { + /* set colon no. i at last possible position + * (buf[len-1] is the terminating 0)*/ + colon = &buf[len-1] - NUM_COLONS + i; + *colon = ':'; + } + s = colon + 1; + } + } + } + } + +/* BAD for multi-threading: uses a local buffer if ret == NULL */ +/* ERR_error_string_n should be used instead for ret != NULL + * as ERR_error_string cannot know how large the buffer is */ +char *ERR_error_string(unsigned long e, char *ret) + { + static char buf[256]; + + if (ret == NULL) ret=buf; + ERR_error_string_n(e, ret, 256); + + return ret; + } + +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void) + { + err_fns_check(); + return ERRFN(err_get)(0); + } + +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void) + { + err_fns_check(); + return ERRFN(thread_get)(0); + } + +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash) + { + err_fns_check(); + ERRFN(thread_release)(hash); + } + +const char *ERR_lib_error_string(unsigned long e) + { + ERR_STRING_DATA d,*p; + unsigned long l; + + err_fns_check(); + l=ERR_GET_LIB(e); + d.error=ERR_PACK(l,0,0); + p=ERRFN(err_get_item)(&d); + return((p == NULL)?NULL:p->string); + } + +const char *ERR_func_error_string(unsigned long e) + { + ERR_STRING_DATA d,*p; + unsigned long l,f; + + err_fns_check(); + l=ERR_GET_LIB(e); + f=ERR_GET_FUNC(e); + d.error=ERR_PACK(l,f,0); + p=ERRFN(err_get_item)(&d); + return((p == NULL)?NULL:p->string); + } + +const char *ERR_reason_error_string(unsigned long e) + { + ERR_STRING_DATA d,*p=NULL; + unsigned long l,r; + + err_fns_check(); + l=ERR_GET_LIB(e); + r=ERR_GET_REASON(e); + d.error=ERR_PACK(l,0,r); + p=ERRFN(err_get_item)(&d); + if (!p) + { + d.error=ERR_PACK(0,0,r); + p=ERRFN(err_get_item)(&d); + } + return((p == NULL)?NULL:p->string); + } + +void ERR_remove_thread_state(const CRYPTO_THREADID *id) + { + ERR_STATE tmp; + + if (id) + CRYPTO_THREADID_cpy(&tmp.tid, id); + else + CRYPTO_THREADID_current(&tmp.tid); + err_fns_check(); + /* thread_del_item automatically destroys the LHASH if the number of + * items reaches zero. */ + ERRFN(thread_del_item)(&tmp); + } + +#ifndef OPENSSL_NO_DEPRECATED +void ERR_remove_state(unsigned long pid) + { + ERR_remove_thread_state(NULL); + } +#endif + +ERR_STATE *ERR_get_state(void) + { + static ERR_STATE fallback; + ERR_STATE *ret,tmp,*tmpp=NULL; + int i; + CRYPTO_THREADID tid; + + err_fns_check(); + CRYPTO_THREADID_current(&tid); + CRYPTO_THREADID_cpy(&tmp.tid, &tid); + ret=ERRFN(thread_get_item)(&tmp); + + /* ret == the error state, if NULL, make a new one */ + if (ret == NULL) + { + ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); + if (ret == NULL) return(&fallback); + CRYPTO_THREADID_cpy(&ret->tid, &tid); + ret->top=0; + ret->bottom=0; + for (i=0; ierr_data[i]=NULL; + ret->err_data_flags[i]=0; + } + tmpp = ERRFN(thread_set_item)(ret); + /* To check if insertion failed, do a get. */ + if (ERRFN(thread_get_item)(ret) != ret) + { + ERR_STATE_free(ret); /* could not insert it */ + return(&fallback); + } + /* If a race occured in this function and we came second, tmpp + * is the first one that we just replaced. */ + if (tmpp) + ERR_STATE_free(tmpp); + } + return ret; + } + +int ERR_get_next_error_library(void) + { + err_fns_check(); + return ERRFN(get_next_lib)(); + } + void ERR_set_error_data(char *data, int flags) { ERR_STATE *es; @@ -383,34 +1133,3 @@ int ERR_pop_to_mark(void) es->err_flags[es->top]&=~ERR_FLAG_MARK; return 1; } - -#ifdef OPENSSL_FIPS - -static ERR_STATE *fget_state(void) - { - static ERR_STATE fstate; - return &fstate; - } - -ERR_STATE *(*get_state_func)(void) = fget_state; -void (*remove_state_func)(unsigned long pid); - -ERR_STATE *ERR_get_state(void) - { - return get_state_func(); - } - -void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), - void (*remove_func)(unsigned long pid)) - { - get_state_func = get_func; - remove_state_func = remove_func; - } - -void ERR_remove_state(unsigned long pid) - { - if (remove_state_func) - remove_state_func(pid); - } - -#endif diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h index dcac415231..b9f8c16d47 100644 --- a/src/lib/libssl/src/crypto/err/err.h +++ b/src/lib/libssl/src/crypto/err/err.h @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_ERR_H #define HEADER_ERR_H @@ -94,7 +147,7 @@ extern "C" { #define ERR_NUM_ERRORS 16 typedef struct err_state_st { - unsigned long pid; + CRYPTO_THREADID tid; int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; @@ -142,7 +195,9 @@ typedef struct err_state_st #define ERR_LIB_STORE 44 #define ERR_LIB_FIPS 45 #define ERR_LIB_CMS 46 -#define ERR_LIB_JPAKE 47 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 +#define ERR_LIB_JPAKE 49 #define ERR_LIB_USER 128 @@ -176,6 +231,8 @@ typedef struct err_state_st #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) +#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in @@ -232,6 +289,7 @@ typedef struct err_state_st #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ #define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ +#define ERR_R_TS_LIB ERR_LIB_TS /* 45 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 @@ -294,13 +352,16 @@ void ERR_load_ERR_strings(void); void ERR_load_crypto_strings(void); void ERR_free_strings(void); +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +#ifndef OPENSSL_NO_DEPRECATED void ERR_remove_state(unsigned long pid); /* if zero we look it up */ +#endif ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH -LHASH *ERR_get_string_table(void); -LHASH *ERR_get_err_state_table(void); -void ERR_release_err_state_table(LHASH **hash); +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); #endif int ERR_get_next_error_library(void); @@ -308,12 +369,6 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); -#ifdef OPENSSL_FIPS -void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), - void (*remove_func)(unsigned long pid)); -void int_ERR_lib_init(void); -#endif - /* Already defined in ossl_typ.h */ /* typedef struct st_ERR_FNS ERR_FNS; */ /* An application can use this function and provide the return value to loaded diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c index f21a5276ed..fc049e8e88 100644 --- a/src/lib/libssl/src/crypto/err/err_all.c +++ b/src/lib/libssl/src/crypto/err/err_all.c @@ -64,6 +64,7 @@ #endif #include #include +#include #ifndef OPENSSL_NO_RSA #include #endif @@ -94,16 +95,14 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif - +#include #ifndef OPENSSL_NO_CMS #include #endif #ifndef OPENSSL_NO_JPAKE #include #endif +#include void ERR_load_crypto_strings(void) { @@ -127,6 +126,7 @@ void ERR_load_crypto_strings(void) ERR_load_ASN1_strings(); ERR_load_CONF_strings(); ERR_load_CRYPTO_strings(); + ERR_load_COMP_strings(); #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); #endif @@ -143,19 +143,18 @@ void ERR_load_crypto_strings(void) ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); + ERR_load_TS_strings(); #ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); -#ifdef OPENSSL_FIPS - ERR_load_FIPS_strings(); -#endif #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif #ifndef OPENSSL_NO_JPAKE ERR_load_JPAKE_strings(); #endif + ERR_load_COMP_strings(); #endif } diff --git a/src/lib/libssl/src/crypto/err/err_prn.c b/src/lib/libssl/src/crypto/err/err_prn.c index 4cdf342fa6..a0168ac8ed 100644 --- a/src/lib/libssl/src/crypto/err/err_prn.c +++ b/src/lib/libssl/src/crypto/err/err_prn.c @@ -72,21 +72,29 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), const char *file,*data; int line,flags; unsigned long es; + CRYPTO_THREADID cur; - es=CRYPTO_thread_id(); + CRYPTO_THREADID_current(&cur); + es=CRYPTO_THREADID_hash(&cur); while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) { ERR_error_string_n(l, buf, sizeof buf); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); - cb(buf2, strlen(buf2), u); + if (cb(buf2, strlen(buf2), u) <= 0) + break; /* abort outputting the error report */ } } #ifndef OPENSSL_NO_FP_API static int print_fp(const char *str, size_t len, void *fp) { - return fwrite(str, 1, len, fp); + BIO bio; + + BIO_set(&bio,BIO_s_file()); + BIO_set_fp(&bio,fp,BIO_NOCLOSE); + + return BIO_printf(&bio, "%s", str); } void ERR_print_errors_fp(FILE *fp) { @@ -94,64 +102,13 @@ void ERR_print_errors_fp(FILE *fp) } #endif -void ERR_error_string_n(unsigned long e, char *buf, size_t len) +static int print_bio(const char *str, size_t len, void *bp) { - char lsbuf[64], fsbuf[64], rsbuf[64]; - const char *ls,*fs,*rs; - unsigned long l,f,r; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - r=ERR_GET_REASON(e); - - ls=ERR_lib_error_string(e); - fs=ERR_func_error_string(e); - rs=ERR_reason_error_string(e); - - if (ls == NULL) - BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - if (fs == NULL) - BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - if (rs == NULL) - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); - - BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, - fs?fs:fsbuf, rs?rs:rsbuf); - if (strlen(buf) == len-1) - { - /* output may be truncated; make sure we always have 5 - * colon-separated fields, i.e. 4 colons ... */ -#define NUM_COLONS 4 - if (len > NUM_COLONS) /* ... if possible */ - { - int i; - char *s = buf; - - for (i = 0; i < NUM_COLONS; i++) - { - char *colon = strchr(s, ':'); - if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) - { - /* set colon no. i at last possible position - * (buf[len-1] is the terminating 0)*/ - colon = &buf[len-1] - NUM_COLONS + i; - *colon = ':'; - } - s = colon + 1; - } - } - } + return BIO_write((BIO *)bp, str, len); } - -/* BAD for multi-threading: uses a local buffer if ret == NULL */ -/* ERR_error_string_n should be used instead for ret != NULL - * as ERR_error_string cannot know how large the buffer is */ -char *ERR_error_string(unsigned long e, char *ret) +void ERR_print_errors(BIO *bp) { - static char buf[256]; - - if (ret == NULL) ret=buf; - ERR_error_string_n(e, ret, 256); - - return ret; + ERR_print_errors_cb(print_bio, bp); } + + diff --git a/src/lib/libssl/src/crypto/err/openssl.ec b/src/lib/libssl/src/crypto/err/openssl.ec index 868826624d..e0554b4342 100644 --- a/src/lib/libssl/src/crypto/err/openssl.ec +++ b/src/lib/libssl/src/crypto/err/openssl.ec @@ -31,13 +31,15 @@ L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c L STORE crypto/store/store.h crypto/store/str_err.c -L FIPS fips/fips.h crypto/fips_err.h +L TS crypto/ts/ts.h crypto/ts/ts_err.c +L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c L CMS crypto/cms/cms.h crypto/cms/cms_err.c L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE +L NONE crypto/asn1/asn_lcl.h NONE L NONE crypto/cms/cms_lcl.h NONE @@ -71,6 +73,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 R RSAREF_R_CONTENT_ENCODING 0x0400 R RSAREF_R_DATA 0x0401 diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile index c204f84c1d..82825e5299 100644 --- a/src/lib/libssl/src/crypto/evp/Makefile +++ b/src/lib/libssl/src/crypto/evp/Makefile @@ -18,34 +18,34 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ +LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ + e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ + m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ - e_old.c + e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c -LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ - e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ + e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ + m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ - e_old.o + e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o SRC= $(LIBSRC) EXHEADER= evp.h -HEADER= $(EXHEADER) +HEADER= evp_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) @@ -55,7 +55,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -101,201 +101,185 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_b64.o: ../cryptlib.h bio_b64.c +bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_enc.o: ../cryptlib.h bio_enc.c +bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c +bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_md.o: ../cryptlib.h bio_md.c bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_ok.o: ../cryptlib.h bio_ok.c +bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_all.o: ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c +c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_allc.o: ../cryptlib.h c_allc.c c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c -dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h -dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h +c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +c_alld.o: ../cryptlib.h c_alld.c digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h +digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +digest.o: ../cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h +e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c +e_aes.o: evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_bf.o: ../cryptlib.h e_bf.c evp_locl.h -e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c +e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h +e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +e_camellia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_camellia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_camellia.o: ../../include/openssl/opensslconf.h +e_camellia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_camellia.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_camellia.o: ../../include/openssl/symhacks.h e_camellia.c evp_locl.h e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_cast.o: ../cryptlib.h e_cast.c evp_locl.h +e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -e_des.o: ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -e_des3.o: ../cryptlib.h e_des3.c evp_locl.h +e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_idea.o: ../cryptlib.h e_idea.c evp_locl.h +e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c +e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_null.o: ../cryptlib.h e_null.c e_old.o: e_old.c e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h +e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h +e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h +e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h +e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c e_rc5.o: ../../e_os.h ../../include/openssl/bio.h e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -306,256 +290,221 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/seed.h e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_seed.o: e_seed.c +e_seed.o: e_seed.c evp_locl.h e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_xcbc_d.o: ../../include/openssl/opensslconf.h +e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c -enc_min.o: ../../e_os.h ../../include/openssl/asn1.h -enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h -enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h +e_xcbc_d.o: evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c +encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +encode.o: ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_acnf.o: ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c -evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h -evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -evp_cnf.o: ../cryptlib.h evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_err.o: evp_err.c +evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_err.o: ../../include/openssl/symhacks.h evp_err.c evp_key.o: ../../e_os.h ../../include/openssl/asn1.h evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_key.o: ../cryptlib.h evp_key.c +evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h +evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_lib.o: ../cryptlib.h evp_lib.c +evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h +evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_pkey.o: ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c +evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c +m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss.o: ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c +m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_dss1.o: ../cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c -m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_md2.o: ../../e_os.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h -m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md2.o: ../cryptlib.h evp_locl.h m_md2.c +m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h -m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md4.o: ../cryptlib.h evp_locl.h m_md4.c +m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h +m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h -m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_md5.o: ../cryptlib.h evp_locl.h m_md5.c -m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h +m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h +m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c +m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h +m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h +m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_null.o: ../cryptlib.h m_null.c +m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_ripemd.o: ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -567,62 +516,87 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c +m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha.o: ../cryptlib.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c +m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_sha1.o: ../cryptlib.h m_sha1.c +m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h +m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +m_sigver.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +m_sigver.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +m_sigver.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +m_sigver.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sigver.o: ../../include/openssl/opensslconf.h +m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h +m_sigver.o: m_sigver.c +m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +m_wp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +m_wp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +m_wp.o: ../../include/openssl/err.h ../../include/openssl/evp.h +m_wp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_wp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_wp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h +m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_wp.o: ../cryptlib.h m_wp.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h names.o: ../../include/openssl/err.h ../../include/openssl/evp.h -names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -names.o: ../cryptlib.h names.c +names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c +p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_crpt.o: ../cryptlib.h p5_crpt.c p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_crpt2.o: ../../include/openssl/opensslconf.h +p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -633,37 +607,35 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_dec.o: ../cryptlib.h p_dec.c +p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_enc.o: ../cryptlib.h p_enc.c +p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c p_lib.o: ../../e_os.h ../../include/openssl/asn1.h p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -671,57 +643,91 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_lib.o: ../cryptlib.h p_lib.c +p_lib.o: ../asn1/asn1_locl.h ../cryptlib.h p_lib.c p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c +p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_open.o: ../cryptlib.h p_open.c p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_seal.o: ../cryptlib.h p_seal.c +p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_sign.o: ../cryptlib.h p_sign.c +p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_verify.o: ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c +pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pmeth_fn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h +pmeth_fn.o: pmeth_fn.c +pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +pmeth_gn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pmeth_gn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +pmeth_gn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pmeth_gn.o: ../../include/openssl/opensslconf.h +pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h +pmeth_gn.o: pmeth_gn.c +pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pmeth_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pmeth_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pmeth_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pmeth_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pmeth_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pmeth_lib.o: ../../include/openssl/objects.h +pmeth_lib.o: ../../include/openssl/opensslconf.h +pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pmeth_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pmeth_lib.o: evp_locl.h pmeth_lib.c diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c index fa5cbc7eb1..72a2a67277 100644 --- a/src/lib/libssl/src/crypto/evp/bio_b64.c +++ b/src/lib/libssl/src/crypto/evp/bio_b64.c @@ -64,7 +64,7 @@ static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); -/*static int b64_puts(BIO *h, const char *str); */ +static int b64_puts(BIO *h, const char *str); /*static int b64_gets(BIO *h, char *str, int size); */ static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); @@ -96,7 +96,7 @@ static BIO_METHOD methods_b64= BIO_TYPE_BASE64,"base64 encoding", b64_write, b64_read, - NULL, /* b64_puts, */ + b64_puts, NULL, /* b64_gets, */ b64_ctrl, b64_new, @@ -127,6 +127,7 @@ static int b64_new(BIO *bi) bi->init=1; bi->ptr=(char *)ctx; bi->flags=0; + bi->num = 0; return(1); } @@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl) if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + BIO_clear_retry_flags(b); + if (ctx->encode != B64_DECODE) { ctx->encode=B64_DECODE; @@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl) /* First check if there are bytes decoded/encoded */ if (ctx->buf_len > 0) { + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); @@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; @@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl) { ret_code=i; - /* Should be continue next time we are called? */ + /* Should we continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; @@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl) continue; } else + { ctx->tmp_len=0; } - /* If buffer isn't full and we can retry then - * restart to read in more data. - */ + } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + { + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ continue; + } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z,jj; +#if 0 jj=(i>>2)<<2; +#else + jj = i & ~3; /* process per 4 */ +#endif z=EVP_DecodeBlock((unsigned char *)ctx->buf, (unsigned char *)ctx->tmp,jj); if (jj > 2) @@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl) * number consumed */ if (jj != i) { - memcpy((unsigned char *)ctx->tmp, - (unsigned char *)&(ctx->tmp[jj]),i-jj); + memmove(ctx->tmp, &ctx->tmp[jj], i-jj); ctx->tmp_len=i-jj; } ctx->buf_len=0; if (z > 0) { ctx->buf_len=z; - i=1; } - else - i=z; + i=z; } else { @@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl) outl-=i; out+=i; } - BIO_clear_retry_flags(b); + /* BIO_clear_retry_flags(b); */ BIO_copy_next_retry(b); return((ret == 0)?ret_code:ret); } static int b64_write(BIO *b, const char *in, int inl) { - int ret=inl,n,i; + int ret=0; + int n; + int i; BIO_B64_CTX *ctx; ctx=(BIO_B64_CTX *)b->ptr; @@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeInit(&(ctx->base64)); } + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n=ctx->buf_len-ctx->buf_off; while (n > 0) { @@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return(i); } + OPENSSL_assert(i <= n); ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n-=i; } /* at this point all pending data has been written */ @@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl) { if (ctx->tmp_len > 0) { + OPENSSL_assert(ctx->tmp_len <= 3); n=3-ctx->tmp_len; - /* There's a teoretical possibility for this */ + /* There's a theoretical possibility for this */ if (n > inl) n=inl; memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); ctx->tmp_len+=n; + ret += n; if (ctx->tmp_len < 3) break; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); /* Since we're now done using the temporary buffer, the length should be 0'd */ ctx->tmp_len=0; @@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl) { if (n < 3) { - memcpy(&(ctx->tmp[0]),in,n); + memcpy(ctx->tmp,in,n); ctx->tmp_len=n; + ret += n; break; } n-=n%3; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)in,n); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } } else @@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } inl-=n; in+=n; @@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return((ret == 0)?i:ret); } + OPENSSL_assert(i <= n); n-=i; ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); } ctx->buf_len=0; ctx->buf_off=0; @@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_WPENDING: /* More to write in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if ((ret == 0) && (ctx->encode != B64_NONE) && (ctx->base64.num != 0)) @@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if (ret <= 0) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } +static int b64_puts(BIO *b, const char *str) + { + return b64_write(b,str,strlen(str)); + } diff --git a/src/lib/libssl/src/crypto/evp/bio_enc.c b/src/lib/libssl/src/crypto/evp/bio_enc.c index f6ac94c6e1..b6efb5fbc4 100644 --- a/src/lib/libssl/src/crypto/evp/bio_enc.c +++ b/src/lib/libssl/src/crypto/evp/bio_enc.c @@ -361,8 +361,10 @@ again: case BIO_CTRL_DUP: dbio=(BIO *)ptr; dctx=(BIO_ENC_CTX *)dbio->ptr; - memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); - dbio->init=1; + EVP_CIPHER_CTX_init(&dctx->cipher); + ret = EVP_CIPHER_CTX_copy(&dctx->cipher,&ctx->cipher); + if (ret) + dbio->init=1; break; default: ret=BIO_ctrl(b->next_bio,cmd,num,ptr); diff --git a/src/lib/libssl/src/crypto/evp/bio_md.c b/src/lib/libssl/src/crypto/evp/bio_md.c index ed5c1135fd..9841e32e1a 100644 --- a/src/lib/libssl/src/crypto/evp/bio_md.c +++ b/src/lib/libssl/src/crypto/evp/bio_md.c @@ -130,8 +130,8 @@ static int md_read(BIO *b, char *out, int outl) { if (ret > 0) { - EVP_DigestUpdate(ctx,(unsigned char *)out, - (unsigned int)ret); + if (EVP_DigestUpdate(ctx,(unsigned char *)out, + (unsigned int)ret)<=0) return (-1); } } BIO_clear_retry_flags(b); @@ -157,8 +157,11 @@ static int md_write(BIO *b, const char *in, int inl) (unsigned int)ret); } } - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); + if(b->next_bio != NULL) + { + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + } return(ret); } @@ -194,6 +197,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_MD_CTX: pctx=ptr; *pctx=ctx; + b->init = 1; break; case BIO_C_SET_MD_CTX: if (b->init) @@ -249,7 +253,9 @@ static int md_gets(BIO *bp, char *buf, int size) ctx=bp->ptr; if (size < ctx->digest->md_size) return(0); - EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); + if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0) + return -1; + return((int)ret); } diff --git a/src/lib/libssl/src/crypto/evp/c_all.c b/src/lib/libssl/src/crypto/evp/c_all.c index a5da52e62d..766c4cecdf 100644 --- a/src/lib/libssl/src/crypto/evp/c_all.c +++ b/src/lib/libssl/src/crypto/evp/c_all.c @@ -83,7 +83,7 @@ void OPENSSL_add_all_algorithms_noconf(void) OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); #ifndef OPENSSL_NO_ENGINE -# if defined(__OpenBSD__) || defined(__FreeBSD__) +# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) ENGINE_setup_bsd_cryptodev(); # endif #endif diff --git a/src/lib/libssl/src/crypto/evp/c_allc.c b/src/lib/libssl/src/crypto/evp/c_allc.c index 7054d8125d..c5f9268378 100644 --- a/src/lib/libssl/src/crypto/evp/c_allc.c +++ b/src/lib/libssl/src/crypto/evp/c_allc.c @@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb1()); + EVP_add_cipher(EVP_des_ede3_cfb8()); EVP_add_cipher(EVP_des_ofb()); EVP_add_cipher(EVP_des_ede_ofb()); @@ -219,7 +221,4 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); #endif - - PKCS12_PBE_add(); - PKCS5_PBE_add(); } diff --git a/src/lib/libssl/src/crypto/evp/c_alld.c b/src/lib/libssl/src/crypto/evp/c_alld.c index d270b0ee03..311e1fe2f8 100644 --- a/src/lib/libssl/src/crypto/evp/c_alld.c +++ b/src/lib/libssl/src/crypto/evp/c_alld.c @@ -64,9 +64,6 @@ void OpenSSL_add_all_digests(void) { -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif @@ -81,7 +78,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_dss()); #endif #endif -#ifndef OPENSSL_NO_SHA +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); @@ -110,5 +107,8 @@ void OpenSSL_add_all_digests(void) #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); +#endif +#ifndef OPENSSL_NO_WHIRLPOOL + EVP_add_digest(EVP_whirlpool()); #endif } diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c index 3bc2d1295c..982ba2b136 100644 --- a/src/lib/libssl/src/crypto/evp/digest.c +++ b/src/lib/libssl/src/crypto/evp/digest.c @@ -116,7 +116,6 @@ #ifndef OPENSSL_NO_ENGINE #include #endif -#include "evp_locl.h" void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -127,7 +126,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); - EVP_MD_CTX_init(ctx); + if (ctx) + EVP_MD_CTX_init(ctx); return ctx; } @@ -138,77 +138,18 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) return EVP_DigestInit_ex(ctx, type, NULL); } -#ifdef OPENSSL_FIPS - -/* The purpose of these is to trap programs that attempt to use non FIPS - * algorithms in FIPS mode and ignore the errors. - */ - -static int bad_init(EVP_MD_CTX *ctx) - { FIPS_ERROR_IGNORED("Digest init"); return 0;} - -static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) - { FIPS_ERROR_IGNORED("Digest update"); return 0;} - -static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) - { FIPS_ERROR_IGNORED("Digest Final"); return 0;} - -static const EVP_MD bad_md = +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { - 0, - 0, - 0, - 0, - bad_init, - bad_update, - bad_final, - NULL, - NULL, - NULL, - 0, - {0,0,0,0}, - }; - -#endif - + EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); #ifndef OPENSSL_NO_ENGINE - -#ifdef OPENSSL_FIPS - -static int do_engine_null(ENGINE *impl) { return 0;} -static int do_evp_md_engine_null(EVP_MD_CTX *ctx, - const EVP_MD **ptype, ENGINE *impl) - { return 1; } - -static int (*do_engine_init)(ENGINE *impl) - = do_engine_null; - -static int (*do_engine_finish)(ENGINE *impl) - = do_engine_null; - -static int (*do_evp_md_engine) - (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) - = do_evp_md_engine_null; - -void int_EVP_MD_set_engine_callbacks( - int (*eng_md_init)(ENGINE *impl), - int (*eng_md_fin)(ENGINE *impl), - int (*eng_md_evp) - (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) - { - do_engine_init = eng_md_init; - do_engine_finish = eng_md_fin; - do_evp_md_engine = eng_md_evp; - } - -#else - -#define do_engine_init ENGINE_init -#define do_engine_finish ENGINE_finish - -static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) - { - if (*ptype) + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->digest && (!type || + (type && (type->type == ctx->digest->type)))) + goto skip_to_init; + if (type) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same @@ -219,25 +160,26 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine((*ptype)->type); + impl = ENGINE_get_digest_engine(type->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); + const EVP_MD *d = ENGINE_get_digest(impl, type->type); if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(impl); return 0; } /* We'll use the ENGINE's private digest definition */ - *ptype = d; + type = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ @@ -249,71 +191,46 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); return 0; } - return 1; - } - -#endif - -#endif - -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - { - M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); -#ifdef OPENSSL_FIPS - if(FIPS_selftest_failed()) - { - FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); - ctx->digest = &bad_md; - return 0; - } -#endif -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (!do_evp_md_engine(ctx, &type, impl)) - return 0; #endif if (ctx->digest != type) { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) + if (ctx->digest && ctx->digest->ctx_size) + OPENSSL_free(ctx->md_data); + ctx->digest=type; + if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { - if (!(type->flags & EVP_MD_FLAG_FIPS) - && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + ctx->update = type->update; + ctx->md_data=OPENSSL_malloc(type->ctx_size); + if (ctx->md_data == NULL) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); - ctx->digest = &bad_md; + EVPerr(EVP_F_EVP_DIGESTINIT_EX, + ERR_R_MALLOC_FAILURE); return 0; } } -#endif - if (ctx->digest && ctx->digest->ctx_size) - OPENSSL_free(ctx->md_data); - ctx->digest=type; - if (type->ctx_size) - ctx->md_data=OPENSSL_malloc(type->ctx_size); } #ifndef OPENSSL_NO_ENGINE - skip_to_init: +skip_to_init: #endif + if (ctx->pctx) + { + int r; + r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); + if (r <= 0 && (r != -2)) + return 0; + } + if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) + return 1; return ctx->digest->init(ctx); } -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, - size_t count) +int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif - return ctx->digest->update(ctx,data,count); + return ctx->update(ctx,data,count); } /* The caller can assume that this removes any secret data from the context */ @@ -329,9 +246,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; -#ifdef OPENSSL_FIPS - FIPS_selftest_check(); -#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); @@ -340,7 +254,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); - M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); } memset(ctx->md_data,0,ctx->digest->ctx_size); return ret; @@ -362,7 +276,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !do_engine_init(in->engine)) + if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; @@ -372,19 +286,40 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (out->digest == in->digest) { tmp_buf = out->md_data; - M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); + EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); - if (out->digest->ctx_size) + if (in->md_data && out->digest->ctx_size) { - if (tmp_buf) out->md_data = tmp_buf; - else out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (tmp_buf) + out->md_data = tmp_buf; + else + { + out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (!out->md_data) + { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); + return 0; + } + } memcpy(out->md_data,in->md_data,out->digest->ctx_size); } + out->update = in->update; + + if (in->pctx) + { + out->pctx = EVP_PKEY_CTX_dup(in->pctx); + if (!out->pctx) + { + EVP_MD_CTX_cleanup(out); + return 0; + } + } + if (out->digest->copy) return out->digest->copy(out,in); @@ -398,7 +333,7 @@ int EVP_Digest(const void *data, size_t count, int ret; EVP_MD_CTX_init(&ctx); - M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); + EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); ret=EVP_DigestInit_ex(&ctx, type, impl) && EVP_DigestUpdate(&ctx, data, count) && EVP_DigestFinal_ex(&ctx, md, size); @@ -420,19 +355,21 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) * because sometimes only copies of the context are ever finalised. */ if (ctx->digest && ctx->digest->cleanup - && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } + if (ctx->pctx) + EVP_PKEY_CTX_free(ctx->pctx); #ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ - do_engine_finish(ctx->engine); + ENGINE_finish(ctx->engine); #endif memset(ctx,'\0',sizeof *ctx); diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c index c9a5ee8d75..bd6c0a3a62 100644 --- a/src/lib/libssl/src/crypto/evp/e_aes.c +++ b/src/lib/libssl/src/crypto/evp/e_aes.c @@ -69,29 +69,32 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 16, 16, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, - NULL, NULL, NULL, NULL) + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, NID_aes_192, 16, 24, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, - NULL, NULL, NULL, NULL) + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NID_aes_256, 16, 32, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, - NULL, NULL, NULL, NULL) + 0, aes_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) -#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) +#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) -IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(128,1) +IMPLEMENT_AES_CFBR(192,1) +IMPLEMENT_AES_CFBR(256,1) -IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(128,8) +IMPLEMENT_AES_CFBR(192,8) +IMPLEMENT_AES_CFBR(256,8) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/src/lib/libssl/src/crypto/evp/e_des.c b/src/lib/libssl/src/crypto/evp/e_des.c index 04376df232..ca009f2c52 100644 --- a/src/lib/libssl/src/crypto/evp/e_des.c +++ b/src/lib/libssl/src/crypto/evp/e_des.c @@ -72,7 +72,7 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); @@ -80,24 +80,52 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); + while(inl>=EVP_MAXCHUNK) + { + DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num); return 1; } static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + while(inl>=EVP_MAXCHUNK) + { + DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, + while(inl>=EVP_MAXCHUNK) + { + DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } @@ -105,45 +133,62 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Although we have a CFB-r implementation for DES, it doesn't pack the right way, so wrap it here */ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - unsigned int n; + size_t n,chunk=EVP_MAXCHUNK/8; unsigned char c[1],d[1]; - for(n=0 ; n < inl ; ++n) + if (inl=chunk) { - c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; - DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, + for(n=0 ; n < chunk*8; ++n) + { + c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; + DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, ctx->encrypt); - out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); + out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | + ((d[0]&0x80) >> (unsigned int)(n%8)); + } + inl-=chunk; + in +=chunk; + out+=chunk; + if (inlcipher_data,(DES_cblock *)ctx->iv, - ctx->encrypt); + while (inl>=EVP_MAXCHUNK) + { + DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data, + (DES_cblock *)ctx->iv,ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data, + (DES_cblock *)ctx->iv,ctx->encrypt); return 1; } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, - des_init_key, NULL, + EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, - EVP_CIPH_RAND_KEY, - des_init_key, NULL, + EVP_CIPH_RAND_KEY, des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, - EVP_CIPH_RAND_KEY, - des_init_key,NULL, + EVP_CIPH_RAND_KEY,des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c index f910af19b1..3232cfe024 100644 --- a/src/lib/libssl/src/crypto/evp/e_des3.c +++ b/src/lib/libssl/src/crypto/evp/e_des3.c @@ -85,7 +85,7 @@ typedef struct /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() DES_ecb3_encrypt((const_DES_cblock *)(in + i), @@ -97,48 +97,80 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_ede3_ofb64_encrypt(in, out, (long)inl, + if (inl>=EVP_MAXCHUNK) + { + DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ede3_ofb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num); + return 1; } static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { #ifdef KSSL_DEBUG { int i; - printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); + char *cp; + printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); printf("\t iv= "); for(i=0;i<8;i++) printf("%02X",ctx->iv[i]); printf("\n"); } #endif /* KSSL_DEBUG */ - DES_ede3_cbc_encrypt(in, out, (long)inl, + if (inl>=EVP_MAXCHUNK) + { + DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cbc_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_ede3_cfb64_encrypt(in, out, (long)inl, + if (inl>=EVP_MAXCHUNK) + { + DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cfb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } /* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right way, so wrap it here */ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - unsigned int n; + size_t n; unsigned char c[1],d[1]; for(n=0 ; n < inl ; ++n) @@ -147,25 +179,36 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, DES_ede3_cfb_encrypt(c,d,1,1, &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, (DES_cblock *)ctx->iv,ctx->encrypt); - out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); + out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) | + ((d[0]&0x80) >> (unsigned int)(n%8)); } return 1; } static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_ede3_cfb_encrypt(in,out,8,inl, + while (inl>=EVP_MAXCHUNK) + { + DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK, &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, (DES_cblock *)ctx->iv,ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cfb_encrypt(in,out,8,(long)inl, + &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, + (DES_cblock *)ctx->iv,ctx->encrypt); return 1; } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede_init_key, - NULL, NULL, NULL, + EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher @@ -174,21 +217,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, - NULL, NULL, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, - NULL, NULL, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, - NULL, NULL, NULL, + EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -215,7 +258,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef KSSL_DEBUG { int i; - printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); + printf("des_ede3_init_key(ctx=%lx)\n", ctx); printf("\tKEY= "); for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); printf("\t IV= "); diff --git a/src/lib/libssl/src/crypto/evp/e_idea.c b/src/lib/libssl/src/crypto/evp/e_idea.c index 48c33a774a..806b080360 100644 --- a/src/lib/libssl/src/crypto/evp/e_idea.c +++ b/src/lib/libssl/src/crypto/evp/e_idea.c @@ -73,7 +73,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, */ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c index 0872d733e4..7cf50e1416 100644 --- a/src/lib/libssl/src/crypto/evp/e_null.c +++ b/src/lib/libssl/src/crypto/evp/e_null.c @@ -64,12 +64,12 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, - EVP_CIPH_FLAG_FIPS, + 0, null_init_key, null_cipher, NULL, @@ -93,10 +93,10 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { if (in != out) - memcpy((char *)out,(const char *)in,(size_t)inl); + memcpy((char *)out,(const char *)in,inl); return 1; } diff --git a/src/lib/libssl/src/crypto/evp/e_rc2.c b/src/lib/libssl/src/crypto/evp/e_rc2.c index d37726ffae..f78d781129 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc2.c +++ b/src/lib/libssl/src/crypto/evp/e_rc2.c @@ -223,6 +223,11 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 1; } return 0; +#ifdef PBE_PRF_TEST + case EVP_CTRL_PBE_PRF_NID: + *(int *)ptr = NID_hmacWithMD5; + return 1; +#endif default: return -1; diff --git a/src/lib/libssl/src/crypto/evp/e_rc4.c b/src/lib/libssl/src/crypto/evp/e_rc4.c index 55baad7446..8b5175e0fd 100644 --- a/src/lib/libssl/src/crypto/evp/e_rc4.c +++ b/src/lib/libssl/src/crypto/evp/e_rc4.c @@ -64,7 +64,6 @@ #include #include #include -#include "evp_locl.h" /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 @@ -79,7 +78,7 @@ typedef struct static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); static const EVP_CIPHER r4_cipher= { NID_rc4, @@ -129,7 +128,7 @@ static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { RC4(&data(ctx)->ks,inl,in,out); return 1; diff --git a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c index 8832da2433..250e88c8c5 100644 --- a/src/lib/libssl/src/crypto/evp/e_xcbc_d.c +++ b/src/lib/libssl/src/crypto/evp/e_xcbc_d.c @@ -63,12 +63,13 @@ #include #include +#include "evp_locl.h" #include static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv,int enc); static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); typedef struct @@ -113,13 +114,25 @@ static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) + const unsigned char *in, size_t inl) { - DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, + while (inl>=EVP_MAXCHUNK) + { + DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks, (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + inl-=EVP_MAXCHUNK; + in +=EVP_MAXCHUNK; + out+=EVP_MAXCHUNK; + } + if (inl) + DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks, + (DES_cblock *)&(ctx->iv[0]), + &data(ctx)->inw, + &data(ctx)->outw, + ctx->encrypt); return 1; } #endif diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c index 5921f0d710..b42c747249 100644 --- a/src/lib/libssl/src/crypto/evp/encode.c +++ b/src/lib/libssl/src/crypto/evp/encode.c @@ -85,7 +85,7 @@ #define CHUNKS_PER_LINE (64/4) #define CHAR_PER_LINE (64+1) -static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ +static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz0123456789+/"; /* 0xF0 is a EOLN @@ -102,7 +102,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -static unsigned char data_ascii2bin[128]={ +static const unsigned char data_ascii2bin[128]={ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h index 79c097181f..9f9795e2d9 100644 --- a/src/lib/libssl/src/crypto/evp/evp.h +++ b/src/lib/libssl/src/crypto/evp/evp.h @@ -75,10 +75,6 @@ #include #endif -#ifdef OPENSSL_FIPS -#include -#endif - /* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -119,6 +115,7 @@ #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +#define EVP_PKEY_HMAC NID_hmac #ifdef __cplusplus extern "C" { @@ -132,6 +129,8 @@ struct evp_pkey_st int type; int save_type; int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; union { char *ptr; #ifndef OPENSSL_NO_RSA @@ -156,73 +155,6 @@ struct evp_pkey_st #define EVP_PKEY_MO_ENCRYPT 0x0004 #define EVP_PKEY_MO_DECRYPT 0x0008 -#if 0 -/* This structure is required to tie the message digest and signing together. - * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or - * oid, md and pkey. - * This is required because for various smart-card perform the digest and - * signing/verification on-board. To handle this case, the specific - * EVP_MD and EVP_PKEY_METHODs need to be closely associated. - * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. - * This can either be software or a token to provide the required low level - * routines. - */ -typedef struct evp_pkey_md_st - { - int oid; - EVP_MD *md; - EVP_PKEY_METHOD *pkey; - } EVP_PKEY_MD; - -#define EVP_rsa_md2() \ - EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md2()) -#define EVP_rsa_md5() \ - EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md5()) -#define EVP_rsa_sha0() \ - EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha()) -#define EVP_rsa_sha1() \ - EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha1()) -#define EVP_rsa_ripemd160() \ - EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ - EVP_rsa_pkcs1(),EVP_ripemd160()) -#define EVP_rsa_mdc2() \ - EVP_PKEY_MD_add(NID_mdc2WithRSA,\ - EVP_rsa_octet_string(),EVP_mdc2()) -#define EVP_dsa_sha() \ - EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_sha()) -#define EVP_dsa_sha1() \ - EVP_PKEY_MD_add(NID_dsaWithSHA1,\ - EVP_dsa(),EVP_sha1()) - -typedef struct evp_pkey_method_st - { - char *name; - int flags; - int type; /* RSA, DSA, an SSLeay specific constant */ - int oid; /* For the pub-key type */ - int encrypt_oid; /* pub/priv key encryption */ - - int (*sign)(); - int (*verify)(); - struct { - int (*set)(); /* get and/or set the underlying type */ - int (*get)(); - int (*encrypt)(); - int (*decrypt)(); - int (*i2d)(); - int (*d2i)(); - int (*dup)(); - } pub,priv; - int (*set_asn1_parameters)(); - int (*get_asn1_parameters)(); - } EVP_PKEY_METHOD; -#endif - #ifndef EVP_MD struct env_md_st { @@ -245,6 +177,8 @@ struct env_md_st int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ + /* control function */ + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); } /* EVP_MD */; typedef int evp_sign_method(int type,const unsigned char *m, @@ -254,18 +188,42 @@ typedef int evp_verify_method(int type,const unsigned char *m, unsigned int m_length,const unsigned char *sigbuf, unsigned int siglen, void *key); -typedef struct - { - EVP_MD_CTX *mctx; - void *key; - } EVP_MD_SVCTX; - #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ -#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ +#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc */ + +/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ + +#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 + +/* DigestAlgorithmIdentifier flags... */ + +#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 -#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ +/* NULL or absent parameter accepted. Use NULL */ + +#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +/* Digest ctrls */ + +#define EVP_MD_CTRL_DIGALGID 0x1 +#define EVP_MD_CTRL_MICALG 0x2 + +/* Minimum Algorithm specific ctrl value */ + +#define EVP_MD_CTRL_ALG_CTRL 0x1000 #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} @@ -307,6 +265,10 @@ struct env_md_ctx_st ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ unsigned long flags; void *md_data; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); } /* EVP_MD_CTX */; /* values for EVP_MD_CTX flags */ @@ -317,17 +279,23 @@ struct env_md_ctx_st * cleaned */ #define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data * in EVP_MD_CTX_cleanup */ +/* FIPS and pad options are ignored in 1.0.0, definitions are here + * so we don't accidentally reuse the values for other purposes. + */ + #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest * in FIPS mode */ +/* The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ #define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ #define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ #define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ #define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ -#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ - ((ctx->flags>>16) &0xFFFF) /* seed length */ -#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ -#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ + +#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ struct evp_cipher_st { @@ -339,7 +307,7 @@ struct evp_cipher_st int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); /* init key */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ + const unsigned char *in, size_t inl);/* encrypt/decrypt data */ int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ int ctx_size; /* how big ctx->cipher_data needs to be */ int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ @@ -357,7 +325,7 @@ struct evp_cipher_st #define EVP_CIPH_CBC_MODE 0x2 #define EVP_CIPH_CFB_MODE 0x3 #define EVP_CIPH_OFB_MODE 0x4 -#define EVP_CIPH_MODE 0x7 +#define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ #define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ @@ -372,10 +340,8 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 -/* Note if suitable for use in FIPS mode */ -#define EVP_CIPH_FLAG_FIPS 0x400 -/* Allow non FIPS cipher in FIPS mode */ -#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 +/* cipher has its own additional copying logic */ +#define EVP_CIPH_CUSTOM_COPY 0x400 /* Allow use default ASN1 get/set iv */ #define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 /* Buffer length in bits not bytes: CFB1 mode only */ @@ -390,6 +356,8 @@ struct evp_cipher_st #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 #define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 typedef struct evp_cipher_info_st { @@ -462,26 +430,15 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -/* Macros to reduce FIPS dependencies: do NOT use in applications */ -#define M_EVP_MD_size(e) ((e)->md_size) -#define M_EVP_MD_block_size(e) ((e)->block_size) -#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -#define M_EVP_MD_type(e) ((e)->type) -#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) -#define M_EVP_MD_CTX_md(e) ((e)->digest) - -#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) - int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); -const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); #define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) #define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) @@ -499,6 +456,7 @@ int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) @@ -516,6 +474,8 @@ unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) #define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #ifdef CONST_STRICT void BIO_set_md(BIO *,const EVP_MD *md); @@ -562,6 +522,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); +int EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify); void EVP_set_pw_prompt(const char *prompt); char * EVP_get_pw_prompt(void); @@ -608,6 +569,16 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, + unsigned char *sigret, size_t *siglen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, + unsigned char *sig, size_t siglen); + int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); @@ -680,6 +651,9 @@ const EVP_MD *EVP_mdc2(void); #ifndef OPENSSL_NO_RIPEMD const EVP_MD *EVP_ripemd160(void); #endif +#ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +#endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ #ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); @@ -847,16 +821,31 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key, +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *x), void *arg); +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key,int enc_key_len, EVP_PKEY *private_key); -int EVP_PKEY_encrypt(unsigned char *enc_key, +int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key,int key_len, EVP_PKEY *pub_key); int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); +int EVP_PKEY_set_type(EVP_PKEY *pkey,int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key); +void * EVP_PKEY_get0(EVP_PKEY *pkey); #ifndef OPENSSL_NO_RSA struct rsa_st; @@ -899,6 +888,15 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + int EVP_CIPHER_type(const EVP_CIPHER *ctx); /* calls methods */ @@ -916,6 +914,10 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, + int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); @@ -924,27 +926,260 @@ void PKCS5_PBE_add(void); int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +#define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +#define EVP_PBE_TYPE_PRF 0x1 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, + EVP_PBE_KEYGEN *keygen); int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, + int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen); void EVP_PBE_cleanup(void); -#ifdef OPENSSL_FIPS -#ifndef OPENSSL_NO_ENGINE -void int_EVP_MD_set_engine_callbacks( - int (*eng_md_init)(ENGINE *impl), - int (*eng_md_fin)(ENGINE *impl), - int (*eng_md_evp) - (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); -void int_EVP_MD_init_engine_callbacks(void); -void int_EVP_CIPHER_set_engine_callbacks( - int (*eng_ciph_fin)(ENGINE *impl), - int (*eng_ciph_evp) - (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); -void int_EVP_CIPHER_init_engine_callbacks(void); -#endif -#endif +#define ASN1_PKEY_ALIAS 0x1 +#define ASN1_PKEY_DYNAMIC 0x2 +#define ASN1_PKEY_SIGPARAM_NULL 0x4 + +#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, + const char **pinfo, const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode)(EVP_PKEY *pkey, + const unsigned char **pder, int derlen), + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free)(EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, + long arg1, void *arg2)); + + +#define EVP_PKEY_OP_UNDEFINED 0 +#define EVP_PKEY_OP_PARAMGEN (1<<1) +#define EVP_PKEY_OP_KEYGEN (1<<2) +#define EVP_PKEY_OP_SIGN (1<<3) +#define EVP_PKEY_OP_VERIFY (1<<4) +#define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +#define EVP_PKEY_OP_SIGNCTX (1<<6) +#define EVP_PKEY_OP_VERIFYCTX (1<<7) +#define EVP_PKEY_OP_ENCRYPT (1<<8) +#define EVP_PKEY_OP_DECRYPT (1<<9) +#define EVP_PKEY_OP_DERIVE (1<<10) + +#define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +#define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +#define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_PEER_KEY 2 + +#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +#define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +#define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +#define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +#define EVP_PKEY_CTRL_SET_IV 8 + +#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +#define EVP_PKEY_CTRL_CMS_DECRYPT 10 +#define EVP_PKEY_CTRL_CMS_SIGN 11 + +#define EVP_PKEY_ALG_CTRL 0x1000 + + +#define EVP_PKEY_FLAG_AUTOARGLEN 2 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int cmd, int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + unsigned char *key, int keylen); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); -void EVP_add_alg_module(void); +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, + const char *type, const char *value)); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -956,46 +1191,66 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 133 -#define EVP_F_ALG_MODULE_INIT 138 #define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 -#define EVP_F_DO_EVP_ENC_ENGINE 140 -#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 -#define EVP_F_DO_EVP_MD_ENGINE 139 -#define EVP_F_DO_EVP_MD_ENGINE_FULL 142 +#define EVP_F_DO_SIGVER_INIT 161 #define EVP_F_DSAPKEY2PKCS8 134 #define EVP_F_DSA_PKEY2PKCS8 135 #define EVP_F_ECDSA_PKEY2PKCS8 129 #define EVP_F_ECKEY_PKEY2PKCS8 132 -#define EVP_F_EVP_CIPHERINIT 137 #define EVP_F_EVP_CIPHERINIT_EX 123 +#define EVP_F_EVP_CIPHER_CTX_COPY 163 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL_EX 101 -#define EVP_F_EVP_DIGESTINIT 136 #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 #define EVP_F_EVP_MD_CTX_COPY_EX 110 +#define EVP_F_EVP_MD_SIZE 162 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 #define EVP_F_EVP_PBE_CIPHERINIT 116 #define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS82PKEY_BROKEN 136 #define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_CTX_CTRL 137 +#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +#define EVP_F_EVP_PKEY_CTX_DUP 156 #define EVP_F_EVP_PKEY_DECRYPT 104 +#define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +#define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +#define EVP_F_EVP_PKEY_DERIVE 153 +#define EVP_F_EVP_PKEY_DERIVE_INIT 154 +#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 #define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 #define EVP_F_EVP_PKEY_GET1_DH 119 #define EVP_F_EVP_PKEY_GET1_DSA 120 #define EVP_F_EVP_PKEY_GET1_ECDSA 130 #define EVP_F_EVP_PKEY_GET1_EC_KEY 131 #define EVP_F_EVP_PKEY_GET1_RSA 121 +#define EVP_F_EVP_PKEY_KEYGEN 146 +#define EVP_F_EVP_PKEY_KEYGEN_INIT 147 #define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_PKEY_PARAMGEN 148 +#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +#define EVP_F_EVP_PKEY_SIGN 140 +#define EVP_F_EVP_PKEY_SIGN_INIT 141 +#define EVP_F_EVP_PKEY_VERIFY 142 +#define EVP_F_EVP_PKEY_VERIFY_INIT 143 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 #define EVP_F_EVP_RIJNDAEL 126 #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_INT_CTX_NEW 157 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 #define EVP_F_PKCS8_SET_BROKEN 112 +#define EVP_F_PKEY_SET_TYPE 158 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 @@ -1007,41 +1262,52 @@ void ERR_load_EVP_strings(void); #define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_BUFFER_TOO_SMALL 155 #define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 #define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_COMMAND_NOT_SUPPORTED 147 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 -#define EVP_R_DISABLED_FOR_FIPS 144 +#define EVP_R_DIFFERENT_PARAMETERS 153 #define EVP_R_ENCODE_ERROR 115 -#define EVP_R_ERROR_LOADING_SECTION 145 -#define EVP_R_ERROR_SETTING_FIPS_MODE 146 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 -#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 -#define EVP_R_INVALID_FIPS_MODE 148 +#define EVP_R_INVALID_DIGEST 152 #define EVP_R_INVALID_KEY_LENGTH 130 +#define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +#define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 #define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DEFAULT_DIGEST 158 #define EVP_R_NO_DIGEST_SET 139 #define EVP_R_NO_DSA_PARAMETERS 116 +#define EVP_R_NO_KEY_SET 154 +#define EVP_R_NO_OPERATION_SET 149 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +#define EVP_R_OPERATON_NOT_INITIALIZED 151 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 -#define EVP_R_UNKNOWN_OPTION 149 +#define EVP_R_UNKNOWN_CIPHER 160 +#define EVP_R_UNKNOWN_DIGEST 161 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +#define EVP_R_UNSUPPORTED_ALGORITHM 156 #define EVP_R_UNSUPPORTED_CIPHER 107 #define EVP_R_UNSUPPORTED_KEYLENGTH 123 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 @@ -1051,7 +1317,6 @@ void ERR_load_EVP_strings(void); #define EVP_R_UNSUPPORTED_SALT_TYPE 126 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -#define EVP_R_SEED_KEY_SETUP_FAILED 162 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c index 30e0ca4d9f..bead6a2170 100644 --- a/src/lib/libssl/src/crypto/evp/evp_enc.c +++ b/src/lib/libssl/src/crypto/evp/evp_enc.c @@ -66,16 +66,14 @@ #endif #include "evp_locl.h" -#ifdef OPENSSL_FIPS - #define M_do_cipher(ctx, out, in, inl) \ - EVP_Cipher(ctx,out,in,inl) -#else - #define M_do_cipher(ctx, out, in, inl) \ - ctx->cipher->do_cipher(ctx,out,in,inl) -#endif - const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; +void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) + { + memset(ctx,0,sizeof(EVP_CIPHER_CTX)); + /* ctx->cipher=NULL; */ + } + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); @@ -92,6 +90,144 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv, int enc) + { + if (enc == -1) + enc = ctx->encrypt; + else + { + if (enc) + enc = 1; + ctx->encrypt = enc; + } +#ifndef OPENSSL_NO_ENGINE + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->cipher && (!cipher || + (cipher && (cipher->nid == ctx->cipher->nid)))) + goto skip_to_init; +#endif + if (cipher) + { + /* Ensure a context left lying around from last time is cleared + * (the previous check attempted to avoid this if the same + * ENGINE and EVP_CIPHER could be used). */ + EVP_CIPHER_CTX_cleanup(ctx); + + /* Restore encrypt field: it is zeroed by cleanup */ + ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_cipher_engine(cipher->nid); + if(impl) + { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); + if(!c) + { + /* One positive side-effect of US's export + * control history, is that we should at least + * be able to avoid using US mispellings of + * "initialisation"? */ + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + /* We'll use the ENGINE's private cipher definition */ + cipher = c; + /* Store the ENGINE functional reference so we know + * 'cipher' came from an ENGINE and we need to release + * it when done. */ + ctx->engine = impl; + } + else + ctx->engine = NULL; +#endif + + ctx->cipher=cipher; + if (ctx->cipher->ctx_size) + { + ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) + { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + { + ctx->cipher_data = NULL; + } + ctx->key_len = cipher->key_len; + ctx->flags = 0; + if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) + { + if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) + { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + } + else if(!ctx->cipher) + { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); + return 0; + } +#ifndef OPENSSL_NO_ENGINE +skip_to_init: +#endif + /* we assume block size is a power of 2 in *cryptUpdate */ + OPENSSL_assert(ctx->cipher->block_size == 1 + || ctx->cipher->block_size == 8 + || ctx->cipher->block_size == 16); + + if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch(EVP_CIPHER_CTX_mode(ctx)) { + + case EVP_CIPH_STREAM_CIPHER: + case EVP_CIPH_ECB_MODE: + break; + + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + + ctx->num = 0; + + case EVP_CIPH_CBC_MODE: + + OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= + (int)sizeof(ctx->iv)); + if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + break; + + default: + return 0; + break; + } + } + + if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; + } + ctx->buf_len=0; + ctx->final_used=0; + ctx->block_mask=ctx->cipher->block_size-1; + return 1; + } + int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { @@ -151,7 +287,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if(M_do_cipher(ctx,out,in,inl)) + if(ctx->cipher->do_cipher(ctx,out,in,inl)) { *outl=inl; return 1; @@ -178,7 +314,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { j=bl-i; memcpy(&(ctx->buf[i]),in,j); - if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; + if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; @@ -191,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, inl-=i; if (inl > 0) { - if(!M_do_cipher(ctx,out,in,inl)) return 0; + if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } @@ -235,7 +371,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n=b-bl; for (i=bl; ibuf[i]=n; - ret=M_do_cipher(ctx,out,ctx->buf,b); + ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); if(ret) @@ -357,6 +493,28 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) } } +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) + { + if (c->cipher != NULL) + { + if(c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Cleanse cipher context data */ + if (c->cipher_data) + OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); + } + if (c->cipher_data) + OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE + if (c->engine) + /* The EVP_CIPHER we used belongs to an ENGINE, release the + * functional reference we held for this reason. */ + ENGINE_finish(c->engine); +#endif + memset(c,0,sizeof(EVP_CIPHER_CTX)); + return 1; + } + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) @@ -378,6 +536,27 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) return 1; } +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + int ret; + if(!ctx->cipher) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); + return 0; + } + + if(!ctx->cipher->ctrl) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + ret = ctx->cipher->ctrl(ctx, type, arg, ptr); + if(ret == -1) { + EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } + return ret; +} + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) @@ -387,54 +566,38 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) return 1; } -#ifndef OPENSSL_NO_ENGINE - -#ifdef OPENSSL_FIPS - -static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { - if(impl) + if ((in == NULL) || (in->cipher == NULL)) { - if (!ENGINE_init(impl)) - { - EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); - return 0; - } + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); + return 0; } - else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine((*pcipher)->nid); - if(impl) +#ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a cipher context using an ENGINE */ + if (in->engine && !ENGINE_init(in->engine)) + { + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB); + return 0; + } +#endif + + EVP_CIPHER_CTX_cleanup(out); + memcpy(out,in,sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); - if(!c) + out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size); + if (!out->cipher_data) { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ - EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE); return 0; } - /* We'll use the ENGINE's private cipher definition */ - *pcipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; + memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size); } - else - ctx->engine = NULL; - return 1; - } -void int_EVP_CIPHER_init_engine_callbacks(void) - { - int_EVP_CIPHER_set_engine_callbacks( - ENGINE_finish, do_evp_enc_engine_full); + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + return 1; } -#endif - -#endif diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c index b5b900d4fe..d8bfec0959 100644 --- a/src/lib/libssl/src/crypto/evp/evp_err.c +++ b/src/lib/libssl/src/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,46 +71,66 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, -{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, -{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, -{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, -{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, -{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, +{ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, -{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, -{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, +{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, +{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, +{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, +{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, +{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP), "EVP_PKEY_CTX_dup"}, {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT), "EVP_PKEY_decrypt_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD), "EVP_PKEY_decrypt_old"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE), "EVP_PKEY_derive"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT), "EVP_PKEY_derive_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER), "EVP_PKEY_derive_set_peer"}, {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, +{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, +{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, +{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, +{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, +{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"}, +{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"}, +{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT), "EVP_PKEY_verify_init"}, +{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, +{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), "EVP_PKEY_verify_recover_init"}, {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, +{ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, +{ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, {0,NULL} @@ -125,42 +145,52 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, {ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +{ERR_REASON(EVP_R_BUFFER_TOO_SMALL) ,"buffer too small"}, {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, +{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) ,"command not supported"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, -{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, +{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) ,"different parameters"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, -{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, -{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, -{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, -{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, +{ERR_REASON(EVP_R_INVALID_DIGEST) ,"invalid digest"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +{ERR_REASON(EVP_R_INVALID_OPERATION) ,"invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, +{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"}, +{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, {ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, +{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST) ,"no default digest"}, {ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, {ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, +{ERR_REASON(EVP_R_NO_KEY_SET) ,"no key set"}, +{ERR_REASON(EVP_R_NO_OPERATION_SET) ,"no operation set"}, {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, +{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, +{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED),"operaton not initialized"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, +{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"}, +{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, -{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, -{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, +{ERR_REASON(EVP_R_UNKNOWN_CIPHER) ,"unknown cipher"}, +{ERR_REASON(EVP_R_UNKNOWN_DIGEST) ,"unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, +{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c index 361ea69ab6..839d6a3a16 100644 --- a/src/lib/libssl/src/crypto/evp/evp_key.c +++ b/src/lib/libssl/src/crypto/evp/evp_key.c @@ -89,6 +89,11 @@ char *EVP_get_pw_prompt(void) * in the DES library -- if someone ever wants to disable DES, * this function will fail */ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) + { + return EVP_read_pw_string_min(buf, 0, len, prompt, verify); + } + +int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { int ret; char buff[BUFSIZ]; @@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; ui = UI_new(); - UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); + UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len); if (verify) UI_add_verify_string(ui,prompt,0, - buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); + buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf); ret = UI_process(ui); UI_free(ui); OPENSSL_cleanse(buff,BUFSIZ); diff --git a/src/lib/libssl/src/crypto/evp/evp_lib.c b/src/lib/libssl/src/crypto/evp/evp_lib.c index 174cf6c594..40951a04f0 100644 --- a/src/lib/libssl/src/crypto/evp/evp_lib.c +++ b/src/lib/libssl/src/crypto/evp/evp_lib.c @@ -67,8 +67,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret=EVP_CIPHER_set_asn1_iv(c, type); else ret=-1; return(ret); @@ -80,8 +78,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret=EVP_CIPHER_get_asn1_iv(c, type); else ret=-1; return(ret); @@ -163,6 +159,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_des_cfb64; + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + + return NID_des_cfb64; + default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); @@ -182,6 +184,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) return ctx->cipher->block_size; } +int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) + { + return ctx->cipher->do_cipher(ctx,out,in,inl); + } + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { return ctx->cipher; @@ -192,6 +199,11 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) return cipher->flags; } +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->flags; + } + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) { return ctx->app_data; @@ -207,6 +219,11 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) return cipher->iv_len; } +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) + { + return ctx->cipher->iv_len; + } + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { return cipher->key_len; @@ -217,6 +234,11 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) return ctx->key_len; } +int EVP_CIPHER_nid(const EVP_CIPHER *cipher) + { + return cipher->nid; + } + int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; @@ -239,11 +261,23 @@ int EVP_MD_pkey_type(const EVP_MD *md) int EVP_MD_size(const EVP_MD *md) { + if (!md) + { + EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } return md->md_size; } -const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) +unsigned long EVP_MD_flags(const EVP_MD *md) + { + return md->flags; + } + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { + if (!ctx) + return NULL; return ctx->digest; } diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h index eabcc96f30..292d74c188 100644 --- a/src/lib/libssl/src/crypto/evp/evp_locl.h +++ b/src/lib/libssl/src/crypto/evp/evp_locl.h @@ -61,38 +61,66 @@ /* Wrapper functions for each cipher mode */ #define BLOCK_CIPHER_ecb_loop() \ - unsigned int i, bl; \ + size_t i, bl; \ bl = ctx->cipher->block_size;\ if(inl < bl) return 1;\ inl -= bl; \ for(i=0; i <= inl; i+=bl) #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ BLOCK_CIPHER_ecb_loop() \ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ return 1;\ } +#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) + #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ + while(inl>=EVP_MAXCHUNK)\ + {\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ return 1;\ } #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ + while(inl>=EVP_MAXCHUNK) \ + {\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ return 1;\ } #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + size_t chunk=EVP_MAXCHUNK;\ + if (cbits==1) chunk>>=3;\ + if (inl=chunk)\ + {\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + inl-=chunk;\ + in +=chunk;\ + out+=chunk;\ + if(inlcipher_data) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ - cipher##_init_key, NULL, NULL, NULL, NULL) - -#ifdef OPENSSL_FIPS -#define RC2_set_key private_RC2_set_key -#define RC4_set_key private_RC4_set_key -#define CAST_set_key private_CAST_set_key -#define RC5_32_set_key private_RC5_32_set_key -#define BF_set_key private_BF_set_key -#define Camellia_set_key private_Camellia_set_key -#define idea_set_encrypt_key private_idea_set_encrypt_key - -#define MD5_Init private_MD5_Init -#define MD4_Init private_MD4_Init -#define MD2_Init private_MD2_Init -#define MDC2_Init private_MDC2_Init -#define SHA_Init private_SHA_Init - -#endif + 0, cipher##_init_key, NULL, \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL) + +struct evp_pkey_ctx_st + { + /* Method associated with this operation */ + const EVP_PKEY_METHOD *pmeth; + /* Engine that implements this method or NULL if builtin */ + ENGINE *engine; + /* Key: may be NULL */ + EVP_PKEY *pkey; + /* Peer key for key agreement, may be NULL */ + EVP_PKEY *peerkey; + /* Actual operation */ + int operation; + /* Algorithm specific data */ + void *data; + /* Application specific data */ + void *app_data; + /* Keygen callback */ + EVP_PKEY_gen_cb *pkey_gencb; + /* implementation specific keygen data */ + int *keygen_info; + int keygen_info_count; + } /* EVP_PKEY_CTX */; + +#define EVP_PKEY_FLAG_DYNAMIC 1 + +struct evp_pkey_method_st + { + int pkey_id; + int flags; + + int (*init)(EVP_PKEY_CTX *ctx); + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup)(EVP_PKEY_CTX *ctx); + + int (*paramgen_init)(EVP_PKEY_CTX *ctx); + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + + int (*keygen_init)(EVP_PKEY_CTX *ctx); + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + + int (*sign_init)(EVP_PKEY_CTX *ctx); + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + + int (*verify_init)(EVP_PKEY_CTX *ctx); + int (*verify)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + + int (*verify_recover_init)(EVP_PKEY_CTX *ctx); + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen, + EVP_MD_CTX *mctx); + + int (*encrypt_init)(EVP_PKEY_CTX *ctx); + int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + + int (*decrypt_init)(EVP_PKEY_CTX *ctx); + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + + int (*derive_init)(EVP_PKEY_CTX *ctx); + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); + + + } /* EVP_PKEY_METHOD */; +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); diff --git a/src/lib/libssl/src/crypto/evp/evp_pbe.c b/src/lib/libssl/src/crypto/evp/evp_pbe.c index 5e830be65f..c9d932d205 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pbe.c +++ b/src/lib/libssl/src/crypto/evp/evp_pbe.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,79 +59,253 @@ #include #include "cryptlib.h" #include +#include #include /* Password based encryption (PBE) functions */ -static STACK *pbe_algs; +DECLARE_STACK_OF(EVP_PBE_CTL) +static STACK_OF(EVP_PBE_CTL) *pbe_algs; /* Setup a cipher context from a PBE algorithm */ -typedef struct { -int pbe_nid; -const EVP_CIPHER *cipher; -const EVP_MD *md; -EVP_PBE_KEYGEN *keygen; -} EVP_PBE_CTL; +typedef struct + { + int pbe_type; + int pbe_nid; + int cipher_nid; + int md_nid; + EVP_PBE_KEYGEN *keygen; + } EVP_PBE_CTL; -int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) -{ +static const EVP_PBE_CTL builtin_pbe[] = + { + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, + NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, + NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, + NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - EVP_PBE_CTL *pbetmp, pbelu; - int i; - pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); - if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); - else i = -1; + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, + NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, + NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, + NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, + NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, + NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + +#ifndef OPENSSL_NO_HMAC + {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, +#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, + NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, + NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, + NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, + + + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, + {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, + }; + +#ifdef TEST +int main(int argc, char **argv) + { + int i, nid_md, nid_cipher; + EVP_PBE_CTL *tpbe, *tpbe2; + /*OpenSSL_add_all_algorithms();*/ + + for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++) + { + tpbe = builtin_pbe + i; + fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, + OBJ_nid2sn(tpbe->pbe_nid)); + if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, + &nid_cipher ,&nid_md,0)) + fprintf(stderr, "Found %s %s\n", + OBJ_nid2sn(nid_cipher), + OBJ_nid2sn(nid_md)); + else + fprintf(stderr, "Find ERROR!!\n"); + } + + return 0; + } +#endif + + + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) + { + const EVP_CIPHER *cipher; + const EVP_MD *md; + int cipher_nid, md_nid; + EVP_PBE_KEYGEN *keygen; - if (i == -1) { + if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), + &cipher_nid, &md_nid, &keygen)) + { char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; - } - if(!pass) passlen = 0; - else if (passlen == -1) passlen = strlen(pass); - pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); - i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, - pbetmp->md, en_de); - if (!i) { + } + + if(!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); + + if (cipher_nid == -1) + cipher = NULL; + else + { + cipher = EVP_get_cipherbynid(cipher_nid); + if (!cipher) + { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER); + return 0; + } + } + + if (md_nid == -1) + md = NULL; + else + { + md = EVP_get_digestbynid(md_nid); + if (!md) + { + EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST); + return 0; + } + } + + if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) + { EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); return 0; - } + } return 1; } -static int pbe_cmp(const char * const *a, const char * const *b) -{ - const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, - * const *pbe2 = (const EVP_PBE_CTL * const *)b; - return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); -} +DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); + +static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) + { + int ret = pbe1->pbe_type - pbe2->pbe_type; + if (ret) + return ret; + else + return pbe1->pbe_nid - pbe2->pbe_nid; + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); + +static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b) + { + int ret = (*a)->pbe_type - (*b)->pbe_type; + if (ret) + return ret; + else + return (*a)->pbe_nid - (*b)->pbe_nid; + } /* Add a PBE algorithm */ -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) -{ +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, + EVP_PBE_KEYGEN *keygen) + { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); + if (!pbe_algs) + pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); + if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) + { + EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE); return 0; - } - pbe_tmp->pbe_nid = nid; - pbe_tmp->cipher = cipher; - pbe_tmp->md = md; + } + pbe_tmp->pbe_type = pbe_type; + pbe_tmp->pbe_nid = pbe_nid; + pbe_tmp->cipher_nid = cipher_nid; + pbe_tmp->md_nid = md_nid; pbe_tmp->keygen = keygen; - sk_push (pbe_algs, (char *)pbe_tmp); + + + sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp); return 1; -} + } + +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen) + { + int cipher_nid, md_nid; + if (cipher) + cipher_nid = EVP_CIPHER_type(cipher); + else + cipher_nid = -1; + if (md) + md_nid = EVP_MD_type(md); + else + md_nid = -1; + + return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, + cipher_nid, md_nid, keygen); + } + +int EVP_PBE_find(int type, int pbe_nid, + int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) + { + EVP_PBE_CTL *pbetmp = NULL, pbelu; + int i; + if (pbe_nid == NID_undef) + return 0; + + pbelu.pbe_type = type; + pbelu.pbe_nid = pbe_nid; + + if (pbe_algs) + { + i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); + if (i != -1) + pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i); + } + if (pbetmp == NULL) + { + pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, + sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL)); + } + if (pbetmp == NULL) + return 0; + if (pcnid) + *pcnid = pbetmp->cipher_nid; + if (pmnid) + *pmnid = pbetmp->md_nid; + if (pkeygen) + *pkeygen = pbetmp->keygen; + return 1; + } + +static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) + { + OPENSSL_freeFunc(pbe); + } void EVP_PBE_cleanup(void) -{ - sk_pop_free(pbe_algs, OPENSSL_freeFunc); + { + sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); pbe_algs = NULL; -} + } diff --git a/src/lib/libssl/src/crypto/evp/evp_pkey.c b/src/lib/libssl/src/crypto/evp/evp_pkey.c index 10d9e9e772..ceebf69284 100644 --- a/src/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/src/lib/libssl/src/crypto/evp/evp_pkey.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,287 +61,52 @@ #include "cryptlib.h" #include #include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#include - -#ifndef OPENSSL_NO_DSA -static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); -#endif -#ifndef OPENSSL_NO_EC -static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); -#endif +#include "asn1_locl.h" /* Extract a private key from a PKCS8 structure */ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; -#ifndef OPENSSL_NO_RSA - RSA *rsa = NULL; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa = NULL; - ASN1_TYPE *t1, *t2; - ASN1_INTEGER *privkey; - STACK_OF(ASN1_TYPE) *ndsa = NULL; -#endif -#ifndef OPENSSL_NO_EC - EC_KEY *eckey = NULL; - const unsigned char *p_tmp; -#endif -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) - ASN1_TYPE *param = NULL; - BN_CTX *ctx = NULL; - int plen; -#endif - X509_ALGOR *a; - const unsigned char *p; - const unsigned char *cp; - int pkeylen; - int nid; + ASN1_OBJECT *algoid; char obj_tmp[80]; - if(p8->pkey->type == V_ASN1_OCTET_STRING) { - p8->broken = PKCS8_OK; - p = p8->pkey->value.octet_string->data; - pkeylen = p8->pkey->value.octet_string->length; - } else { - p8->broken = PKCS8_NO_OCTET; - p = p8->pkey->value.sequence->data; - pkeylen = p8->pkey->value.sequence->length; - } + if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) + return NULL; + if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); return NULL; } - a = p8->pkeyalg; - nid = OBJ_obj2nid(a->algorithm); - switch(nid) - { -#ifndef OPENSSL_NO_RSA - case NID_rsaEncryption: - cp = p; - if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - return NULL; - } - EVP_PKEY_assign_RSA (pkey, rsa); - break; -#endif -#ifndef OPENSSL_NO_DSA - case NID_dsa: - /* PKCS#8 DSA is weird: you just get a private key integer - * and parameters in the AlgorithmIdentifier the pubkey must - * be recalculated. - */ - - /* Check for broken DSA PKCS#8, UGH! */ - if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { - if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, - d2i_ASN1_TYPE, - ASN1_TYPE_free))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - if(sk_ASN1_TYPE_num(ndsa) != 2 ) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - /* Handle Two broken types: - * SEQUENCE {parameters, priv_key} - * SEQUENCE {pub_key, priv_key} - */ - - t1 = sk_ASN1_TYPE_value(ndsa, 0); - t2 = sk_ASN1_TYPE_value(ndsa, 1); - if(t1->type == V_ASN1_SEQUENCE) { - p8->broken = PKCS8_EMBEDDED_PARAM; - param = t1; - } else if(a->parameter->type == V_ASN1_SEQUENCE) { - p8->broken = PKCS8_NS_DB; - param = a->parameter; - } else { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - - if(t2->type != V_ASN1_INTEGER) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - privkey = t2->value.integer; - } else { - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - param = p8->pkeyalg->parameter; - } - if (!param || (param->type != V_ASN1_SEQUENCE)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - cp = p = param->value.sequence->data; - plen = param->value.sequence->length; - if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); - goto dsaerr; - } - /* Calculate public key (ouch!) */ - if (!(dsa->pub_key = BN_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - if (!(ctx = BN_CTX_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - - if (!BN_mod_exp(dsa->pub_key, dsa->g, - dsa->priv_key, dsa->p, ctx)) { - - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); - goto dsaerr; - } - EVP_PKEY_assign_DSA(pkey, dsa); - BN_CTX_free (ctx); - if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - else ASN1_INTEGER_free(privkey); - break; - dsaerr: - BN_CTX_free (ctx); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - DSA_free(dsa); - EVP_PKEY_free(pkey); - return NULL; - break; -#endif -#ifndef OPENSSL_NO_EC - case NID_X9_62_id_ecPublicKey: - p_tmp = p; - /* extract the ec parameters */ - param = p8->pkeyalg->parameter; - - if (!param || ((param->type != V_ASN1_SEQUENCE) && - (param->type != V_ASN1_OBJECT))) + if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto ecerr; + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + i2t_ASN1_OBJECT(obj_tmp, 80, algoid); + ERR_add_error_data(2, "TYPE=", obj_tmp); + goto error; } - if (param->type == V_ASN1_SEQUENCE) + if (pkey->ameth->priv_decode) { - cp = p = param->value.sequence->data; - plen = param->value.sequence->length; - - if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) + if (!pkey->ameth->priv_decode(pkey, p8)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, - EVP_R_DECODE_ERROR); - goto ecerr; + EVPerr(EVP_F_EVP_PKCS82PKEY, + EVP_R_PRIVATE_KEY_DECODE_ERROR); + goto error; } } - else + else { - EC_GROUP *group; - cp = p = param->value.object->data; - plen = param->value.object->length; - - /* type == V_ASN1_OBJECT => the parameters are given - * by an asn1 OID - */ - if ((eckey = EC_KEY_new()) == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, - ERR_R_MALLOC_FAILURE); - goto ecerr; - } - group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); - if (group == NULL) - goto ecerr; - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(eckey, group) == 0) - goto ecerr; - EC_GROUP_free(group); - } - - /* We have parameters now set private key */ - if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto ecerr; - } - - /* calculate public key (if necessary) */ - if (EC_KEY_get0_public_key(eckey) == NULL) - { - const BIGNUM *priv_key; - const EC_GROUP *group; - EC_POINT *pub_key; - /* the public key was not included in the SEC1 private - * key => calculate the public key */ - group = EC_KEY_get0_group(eckey); - pub_key = EC_POINT_new(group); - if (pub_key == NULL) - { - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) - { - EC_POINT_free(pub_key); - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - priv_key = EC_KEY_get0_private_key(eckey); - if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) - { - EC_POINT_free(pub_key); - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - if (EC_KEY_set_public_key(eckey, pub_key) == 0) - { - EC_POINT_free(pub_key); - EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); - goto ecerr; - } - EC_POINT_free(pub_key); + EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED); + goto error; } - EVP_PKEY_assign_EC_KEY(pkey, eckey); - if (ctx) - BN_CTX_free(ctx); - break; -ecerr: - if (ctx) - BN_CTX_free(ctx); - if (eckey) - EC_KEY_free(eckey); - if (pkey) - EVP_PKEY_free(pkey); - return NULL; -#endif - default: - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); - else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); - ERR_add_error_data(2, "TYPE=", obj_tmp); - EVP_PKEY_free (pkey); - return NULL; - } return pkey; + + error: + EVP_PKEY_free (pkey); + return NULL; } PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) @@ -360,59 +125,37 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) return NULL; } p8->broken = broken; - if (!ASN1_INTEGER_set(p8->version, 0)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - p8->pkey->type = V_ASN1_OCTET_STRING; - switch (EVP_PKEY_type(pkey->type)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; - - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); - p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, - &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if(!dsa_pkey2pkcs8(p8, pkey)) { - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; + if (pkey->ameth) + { + if (pkey->ameth->priv_encode) + { + if (!pkey->ameth->priv_encode(p8, pkey)) + { + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, + EVP_R_PRIVATE_KEY_ENCODE_ERROR); + goto error; + } + } + else + { + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, + EVP_R_METHOD_NOT_SUPPORTED); + goto error; + } } - - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - if (!eckey_pkey2pkcs8(p8, pkey)) + else { - PKCS8_PRIV_KEY_INFO_free(p8); - return(NULL); + EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, + EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + goto error; } - break; -#endif - default: - EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } RAND_add(p8->pkey->value.octet_string->data, p8->pkey->value.octet_string->length, 0.0); return p8; + error: + PKCS8_PRIV_KEY_INFO_free(p8); + return NULL; } PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) @@ -436,301 +179,6 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) } } -#ifndef OPENSSL_NO_DSA -static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) -{ - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - ASN1_TYPE *ttmp = NULL; - STACK_OF(ASN1_TYPE) *ndsa = NULL; - unsigned char *p = NULL, *q; - int len; - - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); - len = i2d_DSAparams (pkey->pkey.dsa, NULL); - if (!(p = OPENSSL_malloc(len))) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - q = p; - i2d_DSAparams (pkey->pkey.dsa, &q); - if (!(params = ASN1_STRING_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!ASN1_STRING_set(params, p, len)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(p); - p = NULL; - /* Get private key into integer */ - if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - goto err; - } - - switch(p8->broken) { - - case PKCS8_OK: - case PKCS8_NO_OCTET: - - if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - - M_ASN1_INTEGER_free (prkey); - prkey = NULL; - p8->pkeyalg->parameter->value.sequence = params; - params = NULL; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - - break; - - case PKCS8_NS_DB: - - p8->pkeyalg->parameter->value.sequence = params; - params = NULL; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - if (!(ndsa = sk_ASN1_TYPE_new_null())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!(ttmp->value.integer = - BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - goto err; - } - ttmp->type = V_ASN1_INTEGER; - if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - ttmp->value.integer = prkey; - prkey = NULL; - ttmp->type = V_ASN1_INTEGER; - if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - ttmp = NULL; - - if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) { - - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - break; - - case PKCS8_EMBEDDED_PARAM: - - p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!(ndsa = sk_ASN1_TYPE_new_null())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - ttmp->value.sequence = params; - params = NULL; - ttmp->type = V_ASN1_SEQUENCE; - if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!(ttmp = ASN1_TYPE_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - ttmp->value.integer = prkey; - prkey = NULL; - ttmp->type = V_ASN1_INTEGER; - if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - ttmp = NULL; - - if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) { - - EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - goto err; - } - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - break; - } - return 1; -err: - if (p != NULL) OPENSSL_free(p); - if (params != NULL) ASN1_STRING_free(params); - if (prkey != NULL) M_ASN1_INTEGER_free(prkey); - if (ttmp != NULL) ASN1_TYPE_free(ttmp); - if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - return 0; -} -#endif - -#ifndef OPENSSL_NO_EC -static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) -{ - EC_KEY *ec_key; - const EC_GROUP *group; - unsigned char *p, *pp; - int nid, i, ret = 0; - unsigned int tmp_flags, old_flags; - - ec_key = pkey->pkey.ec; - if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); - return 0; - } - - /* set the ec parameters OID */ - if (p8->pkeyalg->algorithm) - ASN1_OBJECT_free(p8->pkeyalg->algorithm); - - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); - - /* set the ec parameters */ - - if (p8->pkeyalg->parameter) - { - ASN1_TYPE_free(p8->pkeyalg->parameter); - p8->pkeyalg->parameter = NULL; - } - - if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (EC_GROUP_get_asn1_flag(group) - && (nid = EC_GROUP_get_curve_name(group))) - { - /* we have a 'named curve' => just set the OID */ - p8->pkeyalg->parameter->type = V_ASN1_OBJECT; - p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); - } - else /* explicit parameters */ - { - if ((i = i2d_ECParameters(ec_key, NULL)) == 0) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); - return 0; - } - if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; - } - pp = p; - if (!i2d_ECParameters(ec_key, &pp)) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); - OPENSSL_free(p); - return 0; - } - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - if ((p8->pkeyalg->parameter->value.sequence - = ASN1_STRING_new()) == NULL) - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); - OPENSSL_free(p); - return 0; - } - ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); - OPENSSL_free(p); - } - - /* set the private key */ - - /* do not include the parameters in the SEC1 private key - * see PKCS#11 12.11 */ - old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); - tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; - EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); - i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); - if (!i) - { - EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); - return 0; - } - p = (unsigned char *) OPENSSL_malloc(i); - if (!p) - { - EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - return 0; - } - pp = p; - if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) - { - EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); - OPENSSL_free(p); - return 0; - } - /* restore old encoding flags */ - EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); - - switch(p8->broken) { - - case PKCS8_OK: - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); - if (!p8->pkey->value.octet_string || - !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, - (const void *)p, i)) - - { - EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); - } - else - ret = 1; - break; - case PKCS8_NO_OCTET: /* RSA specific */ - case PKCS8_NS_DB: /* DSA specific */ - case PKCS8_EMBEDDED_PARAM: /* DSA specific */ - default: - EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - } - OPENSSL_cleanse(p, (size_t)i); - OPENSSL_free(p); - return ret; -} -#endif - /* EVP_PKEY attribute functions */ int EVP_PKEY_get_attr_count(const EVP_PKEY *key) diff --git a/src/lib/libssl/src/crypto/evp/evp_test.c b/src/lib/libssl/src/crypto/evp/evp_test.c index 436be20bf1..902efac975 100644 --- a/src/lib/libssl/src/crypto/evp/evp_test.c +++ b/src/lib/libssl/src/crypto/evp/evp_test.c @@ -153,8 +153,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, if(kn != c->key_len) { - fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn, - c->key_len); + fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn, + (unsigned long)c->key_len); test1_exit(5); } EVP_CIPHER_CTX_init(&ctx); @@ -441,7 +441,7 @@ int main(int argc,char **argv) #endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks_fp(stderr); diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c index 6b0c0aa7a3..48c2689504 100644 --- a/src/lib/libssl/src/crypto/evp/m_dss.c +++ b/src/lib/libssl/src/crypto/evp/m_dss.c @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c index da8babc147..4f03fb70e0 100644 --- a/src/lib/libssl/src/crypto/evp/m_dss1.c +++ b/src/lib/libssl/src/crypto/evp/m_dss1.c @@ -68,8 +68,6 @@ #include #endif -#ifndef OPENSSL_FIPS - static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -84,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_DIGEST, init, update, final, @@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void) return(&dss1_md); } #endif -#endif diff --git a/src/lib/libssl/src/crypto/evp/m_md2.c b/src/lib/libssl/src/crypto/evp/m_md2.c index 8eee6236ba..5ce849f161 100644 --- a/src/lib/libssl/src/crypto/evp/m_md2.c +++ b/src/lib/libssl/src/crypto/evp/m_md2.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #ifndef OPENSSL_NO_MD2 diff --git a/src/lib/libssl/src/crypto/evp/m_md4.c b/src/lib/libssl/src/crypto/evp/m_md4.c index 5cd2ab5ade..1e0b7c5b42 100644 --- a/src/lib/libssl/src/crypto/evp/m_md4.c +++ b/src/lib/libssl/src/crypto/evp/m_md4.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #ifndef OPENSSL_NO_MD4 diff --git a/src/lib/libssl/src/crypto/evp/m_md5.c b/src/lib/libssl/src/crypto/evp/m_md5.c index 6455829671..63c142119e 100644 --- a/src/lib/libssl/src/crypto/evp/m_md5.c +++ b/src/lib/libssl/src/crypto/evp/m_md5.c @@ -62,7 +62,6 @@ #ifndef OPENSSL_NO_MD5 #include -#include "evp_locl.h" #include #include #include diff --git a/src/lib/libssl/src/crypto/evp/m_mdc2.c b/src/lib/libssl/src/crypto/evp/m_mdc2.c index 9f9bcf06ed..b08d559803 100644 --- a/src/lib/libssl/src/crypto/evp/m_mdc2.c +++ b/src/lib/libssl/src/crypto/evp/m_mdc2.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #ifndef OPENSSL_NO_MDC2 @@ -66,7 +65,9 @@ #include #include #include +#ifndef OPENSSL_NO_RSA #include +#endif static int init(EVP_MD_CTX *ctx) { return MDC2_Init(ctx->md_data); } diff --git a/src/lib/libssl/src/crypto/evp/m_sha.c b/src/lib/libssl/src/crypto/evp/m_sha.c index 3f30dfc579..acccc8f92d 100644 --- a/src/lib/libssl/src/crypto/evp/m_sha.c +++ b/src/lib/libssl/src/crypto/evp/m_sha.c @@ -58,7 +58,6 @@ #include #include "cryptlib.h" -#include "evp_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c index 471ec30be0..9a2790fdea 100644 --- a/src/lib/libssl/src/crypto/evp/m_sha1.c +++ b/src/lib/libssl/src/crypto/evp/m_sha1.c @@ -68,8 +68,6 @@ #include #endif -#ifndef OPENSSL_FIPS - static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -84,7 +82,7 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init, update, final, @@ -99,6 +97,7 @@ const EVP_MD *EVP_sha1(void) { return(&sha1_md); } +#endif #ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) @@ -120,7 +119,7 @@ static const EVP_MD sha224_md= NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init224, update256, final256, @@ -139,7 +138,7 @@ static const EVP_MD sha256_md= NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init256, update256, final256, @@ -170,7 +169,7 @@ static const EVP_MD sha384_md= NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init384, update512, final512, @@ -189,7 +188,7 @@ static const EVP_MD sha512_md= NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init512, update512, final512, @@ -203,7 +202,3 @@ static const EVP_MD sha512_md= const EVP_MD *EVP_sha512(void) { return(&sha512_md); } #endif /* ifndef OPENSSL_NO_SHA512 */ - -#endif - -#endif diff --git a/src/lib/libssl/src/crypto/evp/names.c b/src/lib/libssl/src/crypto/evp/names.c index e2e04c3570..f2869f5c78 100644 --- a/src/lib/libssl/src/crypto/evp/names.c +++ b/src/lib/libssl/src/crypto/evp/names.c @@ -66,35 +66,32 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; -#ifdef OPENSSL_FIPS - OPENSSL_init(); -#endif - r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); + check_defer(c->nid); r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); return(r); } + int EVP_add_digest(const EVP_MD *md) { int r; const char *name; -#ifdef OPENSSL_FIPS - OPENSSL_init(); -#endif name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); + check_defer(md->type); r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); - if (md->type != md->pkey_type) + if (md->pkey_type && md->type != md->pkey_type) { r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); if (r == 0) return(0); + check_defer(md->pkey_type); r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); } @@ -127,4 +124,78 @@ void EVP_cleanup(void) OBJ_NAME_cleanup(-1); EVP_PBE_cleanup(); + if (obj_cleanup_defer == 2) + { + obj_cleanup_defer = 0; + OBJ_cleanup(); + } + OBJ_sigid_free(); + } + +struct doall_cipher + { + void *arg; + void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *arg); + }; + +static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg) + { + struct doall_cipher *dc = arg; + if (nm->alias) + dc->fn(NULL, nm->name, nm->data, dc->arg); + else + dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); + } + +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg) + { + struct doall_cipher dc; + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); + } + +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg) + { + struct doall_cipher dc; + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn,&dc); + } + +struct doall_md + { + void *arg; + void (*fn)(const EVP_MD *ciph, + const char *from, const char *to, void *arg); + }; + +static void do_all_md_fn(const OBJ_NAME *nm, void *arg) + { + struct doall_md *dc = arg; + if (nm->alias) + dc->fn(NULL, nm->name, nm->data, dc->arg); + else + dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); + } + +void EVP_MD_do_all(void (*fn)(const EVP_MD *md, + const char *from, const char *to, void *x), void *arg) + { + struct doall_md dc; + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); + } + +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md, + const char *from, const char *to, void *x), void *arg) + { + struct doall_md dc; + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); } diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt.c b/src/lib/libssl/src/crypto/evp/p5_crpt.c index 2a265fdee2..7ecfa8dad9 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt.c @@ -62,42 +62,11 @@ #include #include -/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. +/* Doesn't do anything now: Builtin PBE algorithms in static table. */ void PKCS5_PBE_add(void) { -#ifndef OPENSSL_NO_DES -# ifndef OPENSSL_NO_MD5 -EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_MD2 -EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_SHA -EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -# endif -#endif -#ifndef OPENSSL_NO_RC2 -# ifndef OPENSSL_NO_MD5 -EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_MD2 -EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_SHA -EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -# endif -#endif -#ifndef OPENSSL_NO_HMAC -EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); -#endif } int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, @@ -112,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int saltlen, iter; unsigned char *salt; const unsigned char *pbuf; + int mdsize; /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -140,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestUpdate(&ctx, salt, saltlen); PBEPARAM_free(pbe); EVP_DigestFinal_ex(&ctx, md_tmp, NULL); + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; for (i = 1; i < iter; i++) { EVP_DigestInit_ex(&ctx, md, NULL); - EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); + EVP_DigestUpdate(&ctx, md_tmp, mdsize); EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c index 6bec77baf9..334379f310 100644 --- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,28 +71,38 @@ #endif /* This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2 using the only currently defined function HMAC - * with SHA1. Verified against test vectors posted by Peter Gutmann + * derivation function PBKDF2. + * SHA1 version verified against test vectors posted by Peter Gutmann * to the PKCS-TNG mailing list. */ -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, + const EVP_MD *digest, int keylen, unsigned char *out) -{ - unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; - int cplen, j, k, tkeylen; + { + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; HMAC_CTX hctx; + mdlen = EVP_MD_size(digest); + if (mdlen < 0) + return 0; + HMAC_CTX_init(&hctx); p = out; tkeylen = keylen; - if(!pass) passlen = 0; - else if(passlen == -1) passlen = strlen(pass); - while(tkeylen) { - if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; - else cplen = tkeylen; + if(!pass) + passlen = 0; + else if(passlen == -1) + passlen = strlen(pass); + while(tkeylen) + { + if(tkeylen > mdlen) + cplen = mdlen; + else + cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... */ @@ -100,20 +110,22 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); + HMAC_Init_ex(&hctx, pass, passlen, digest, NULL); HMAC_Update(&hctx, salt, saltlen); HMAC_Update(&hctx, itmp, 4); HMAC_Final(&hctx, digtmp, NULL); memcpy(p, digtmp, cplen); - for(j = 1; j < iter; j++) { - HMAC(EVP_sha1(), pass, passlen, - digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); - for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; - } + for(j = 1; j < iter; j++) + { + HMAC(digest, pass, passlen, + digtmp, mdlen, digtmp, NULL); + for(k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } tkeylen-= cplen; i++; p+= cplen; - } + } HMAC_CTX_cleanup(&hctx); #ifdef DEBUG_PKCS5V2 fprintf(stderr, "Password:\n"); @@ -125,7 +137,15 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, h__dump (out, keylen); #endif return 1; -} + } + +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, + int keylen, unsigned char *out) + { + return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(), + keylen, out); + } #ifdef DO_TEST main() @@ -155,6 +175,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; PBKDF2PARAM *kdf = NULL; + const EVP_MD *prfmd; + int prf_nid, hmac_md_nid; if (param == NULL || param->type != V_ASN1_SEQUENCE || param->value.sequence == NULL) { @@ -180,8 +202,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, /* lets see if we recognise the encryption algorithm. */ - cipher = EVP_get_cipherbyname( - OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm))); + cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); if(!cipher) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, @@ -226,10 +247,23 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, goto err; } - if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { + if (kdf->prf) + prf_nid = OBJ_obj2nid(kdf->prf->algorithm); + else + prf_nid = NID_hmacWithSHA1; + + if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) + { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); goto err; - } + } + + prfmd = EVP_get_digestbynid(hmac_md_nid); + if (prfmd == NULL) + { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); + goto err; + } if(kdf->salt->type != V_ASN1_OCTET_STRING) { EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, @@ -241,7 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, salt = kdf->salt->value.octet_string->data; saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); - PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); + if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, + keylen, key)) + goto err; EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); diff --git a/src/lib/libssl/src/crypto/evp/p_dec.c b/src/lib/libssl/src/crypto/evp/p_dec.c index f64901f653..4201dcbad9 100644 --- a/src/lib/libssl/src/crypto/evp/p_dec.c +++ b/src/lib/libssl/src/crypto/evp/p_dec.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, +int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) { int ret= -1; @@ -75,7 +75,7 @@ int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, if (priv->type != EVP_PKEY_RSA) { #endif - EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); + EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; } diff --git a/src/lib/libssl/src/crypto/evp/p_enc.c b/src/lib/libssl/src/crypto/evp/p_enc.c index c2dfdc52ad..b5a3a84c41 100644 --- a/src/lib/libssl/src/crypto/evp/p_enc.c +++ b/src/lib/libssl/src/crypto/evp/p_enc.c @@ -66,7 +66,7 @@ #include #include -int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, +int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) { int ret=0; @@ -75,7 +75,7 @@ int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, if (pubk->type != EVP_PKEY_RSA) { #endif - EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); + EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; } diff --git a/src/lib/libssl/src/crypto/evp/p_lib.c b/src/lib/libssl/src/crypto/evp/p_lib.c index 22155ecf62..1916c61699 100644 --- a/src/lib/libssl/src/crypto/evp/p_lib.c +++ b/src/lib/libssl/src/crypto/evp/p_lib.c @@ -74,66 +74,26 @@ #include #endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "asn1_locl.h" + static void EVP_PKEY_free_it(EVP_PKEY *x); int EVP_PKEY_bits(EVP_PKEY *pkey) { - if (0) - return 0; -#ifndef OPENSSL_NO_RSA - else if (pkey->type == EVP_PKEY_RSA) - return(BN_num_bits(pkey->pkey.rsa->n)); -#endif -#ifndef OPENSSL_NO_DSA - else if (pkey->type == EVP_PKEY_DSA) - return(BN_num_bits(pkey->pkey.dsa->p)); -#endif -#ifndef OPENSSL_NO_EC - else if (pkey->type == EVP_PKEY_EC) - { - BIGNUM *order = BN_new(); - const EC_GROUP *group; - int ret; - - if (!order) - { - ERR_clear_error(); - return 0; - } - group = EC_KEY_get0_group(pkey->pkey.ec); - if (!EC_GROUP_get_order(group, order, NULL)) - { - ERR_clear_error(); - return 0; - } - - ret = BN_num_bits(order); - BN_free(order); - return ret; - } -#endif - return(0); + if (pkey && pkey->ameth && pkey->ameth->pkey_bits) + return pkey->ameth->pkey_bits(pkey); + return 0; } int EVP_PKEY_size(EVP_PKEY *pkey) { - if (pkey == NULL) - return(0); -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - return(RSA_size(pkey->pkey.rsa)); - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - return(DSA_size(pkey->pkey.dsa)); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) - return(ECDSA_size(pkey->pkey.ec)); -#endif - - return(0); + if (pkey && pkey->ameth && pkey->ameth->pkey_size) + return pkey->ameth->pkey_size(pkey); + return 0; } int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) @@ -174,88 +134,26 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); goto err; } -#ifndef OPENSSL_NO_DSA - if (to->type == EVP_PKEY_DSA) - { - BIGNUM *a; - - if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err; - if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); - to->pkey.dsa->p=a; - - if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err; - if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); - to->pkey.dsa->q=a; - - if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err; - if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); - to->pkey.dsa->g=a; - } -#endif -#ifndef OPENSSL_NO_EC - if (to->type == EVP_PKEY_EC) - { - EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); - if (group == NULL) - goto err; - if (EC_KEY_set_group(to->pkey.ec, group) == 0) - goto err; - EC_GROUP_free(group); - } -#endif - return(1); + if (from->ameth && from->ameth->param_copy) + return from->ameth->param_copy(to, from); err: - return(0); + return 0; } int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - DSA *dsa; - - dsa=pkey->pkey.dsa; - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return(1); - } -#endif -#ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) - { - if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) - return(1); - } -#endif - - return(0); + if (pkey->ameth && pkey->ameth->param_missing) + return pkey->ameth->param_missing(pkey); + return 0; } int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { -#ifndef OPENSSL_NO_DSA - if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) - { - if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || - BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || - BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) - return(0); - else - return(1); - } -#endif -#ifndef OPENSSL_NO_EC - if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) - { - const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), - *group_b = EC_KEY_get0_group(b->pkey.ec); - if (EC_GROUP_cmp(group_a, group_b, NULL)) - return 0; - else - return 1; - } -#endif - return(-1); + if (a->type != b->type) + return -1; + if (a->ameth && a->ameth->param_cmp) + return a->ameth->param_cmp(a, b); + return -2; } int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) @@ -263,51 +161,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) if (a->type != b->type) return -1; - if (EVP_PKEY_cmp_parameters(a, b) == 0) - return 0; - - switch (a->type) + if (a->ameth) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 - || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) - return 0; - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) - return 0; - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - int r; - const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); - const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), - *pb = EC_KEY_get0_public_key(b->pkey.ec); - r = EC_POINT_cmp(group, pa, pb, NULL); - if (r != 0) + int ret; + /* Compare parameters if the algorithm has them */ + if (a->ameth->param_cmp) { - if (r == 1) - return 0; - else - return -2; + ret = a->ameth->param_cmp(a, b); + if (ret <= 0) + return ret; } - } - break; -#endif -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - return -2; -#endif - default: - return -2; + + if (a->ameth->pub_cmp) + return a->ameth->pub_cmp(a, b); } - return 1; + return -2; } EVP_PKEY *EVP_PKEY_new(void) @@ -321,22 +190,87 @@ EVP_PKEY *EVP_PKEY_new(void) return(NULL); } ret->type=EVP_PKEY_NONE; + ret->save_type=EVP_PKEY_NONE; ret->references=1; + ret->ameth=NULL; + ret->engine=NULL; ret->pkey.ptr=NULL; ret->attributes=NULL; ret->save_parameters=1; return(ret); } -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) +/* Setup a public key ASN1 method and ENGINE from a NID or a string. + * If pkey is NULL just return 1 or 0 if the algorithm exists. + */ + +static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) { - if (pkey == NULL) return(0); - if (pkey->pkey.ptr != NULL) - EVP_PKEY_free_it(pkey); - pkey->type=EVP_PKEY_type(type); - pkey->save_type=type; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *e = NULL; + if (pkey) + { + if (pkey->pkey.ptr) + EVP_PKEY_free_it(pkey); + /* If key type matches and a method exists then this + * lookup has succeeded once so just indicate success. + */ + if ((type == pkey->save_type) && pkey->ameth) + return 1; +#ifndef OPENSSL_NO_ENGINE + /* If we have an ENGINE release it */ + if (pkey->engine) + { + ENGINE_finish(pkey->engine); + pkey->engine = NULL; + } +#endif + } + if (str) + ameth = EVP_PKEY_asn1_find_str(&e, str, len); + else + ameth = EVP_PKEY_asn1_find(&e, type); +#ifndef OPENSSL_NO_ENGINE + if (!pkey && e) + ENGINE_finish(e); +#endif + if (!ameth) + { + EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + if (pkey) + { + pkey->ameth = ameth; + pkey->engine = e; + + pkey->type = pkey->ameth->pkey_id; + pkey->save_type=type; + } + return 1; + } + +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) + { + return pkey_set_type(pkey, type, NULL, -1); + } + +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) + { + return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); + } + +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) + { + if (!EVP_PKEY_set_type(pkey, type)) + return 0; pkey->pkey.ptr=key; - return(key != NULL); + return (key != NULL); + } + +void *EVP_PKEY_get0(EVP_PKEY *pkey) + { + return pkey->pkey.ptr; } #ifndef OPENSSL_NO_RSA @@ -425,24 +359,29 @@ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) int EVP_PKEY_type(int type) { - switch (type) - { - case EVP_PKEY_RSA: - case EVP_PKEY_RSA2: - return(EVP_PKEY_RSA); - case EVP_PKEY_DSA: - case EVP_PKEY_DSA1: - case EVP_PKEY_DSA2: - case EVP_PKEY_DSA3: - case EVP_PKEY_DSA4: - return(EVP_PKEY_DSA); - case EVP_PKEY_DH: - return(EVP_PKEY_DH); - case EVP_PKEY_EC: - return(EVP_PKEY_EC); - default: - return(NID_undef); - } + int ret; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *e; + ameth = EVP_PKEY_asn1_find(&e, type); + if (ameth) + ret = ameth->pkey_id; + else + ret = NID_undef; +#ifndef OPENSSL_NO_ENGINE + if (e) + ENGINE_finish(e); +#endif + return ret; + } + +int EVP_PKEY_id(const EVP_PKEY *pkey) + { + return pkey->type; + } + +int EVP_PKEY_base_id(const EVP_PKEY *pkey) + { + return EVP_PKEY_type(pkey->type); } void EVP_PKEY_free(EVP_PKEY *x) @@ -471,32 +410,57 @@ void EVP_PKEY_free(EVP_PKEY *x) static void EVP_PKEY_free_it(EVP_PKEY *x) { - switch (x->type) + if (x->ameth && x->ameth->pkey_free) + x->ameth->pkey_free(x); +#ifndef OPENSSL_NO_ENGINE + if (x->engine) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - case EVP_PKEY_RSA2: - RSA_free(x->pkey.rsa); - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - case EVP_PKEY_DSA2: - case EVP_PKEY_DSA3: - case EVP_PKEY_DSA4: - DSA_free(x->pkey.dsa); - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - EC_KEY_free(x->pkey.ec); - break; -#endif -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - DH_free(x->pkey.dh); - break; -#endif + ENGINE_finish(x->engine); + x->engine = NULL; } +#endif + } + +static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, + const char *kstr) + { + BIO_indent(out, indent, 128); + BIO_printf(out, "%s algorithm \"%s\" unsupported\n", + kstr, OBJ_nid2ln(pkey->type)); + return 1; + } + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx) + { + if (pkey->ameth && pkey->ameth->pub_print) + return pkey->ameth->pub_print(out, pkey, indent, pctx); + + return unsup_alg(out, pkey, indent, "Public Key"); + } + +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx) + { + if (pkey->ameth && pkey->ameth->priv_print) + return pkey->ameth->priv_print(out, pkey, indent, pctx); + + return unsup_alg(out, pkey, indent, "Private Key"); + } + +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx) + { + if (pkey->ameth && pkey->ameth->param_print) + return pkey->ameth->param_print(out, pkey, indent, pctx); + return unsup_alg(out, pkey, indent, "Parameters"); + } + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) + { + if (!pkey->ameth || !pkey->ameth->pkey_ctrl) + return -2; + return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, + 0, pnid); } diff --git a/src/lib/libssl/src/crypto/evp/p_open.c b/src/lib/libssl/src/crypto/evp/p_open.c index 9935206d0f..53a59a295c 100644 --- a/src/lib/libssl/src/crypto/evp/p_open.c +++ b/src/lib/libssl/src/crypto/evp/p_open.c @@ -95,7 +95,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, goto err; } - i=EVP_PKEY_decrypt(key,ek,ekl,priv); + i=EVP_PKEY_decrypt_old(key,ek,ekl,priv); if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { /* ERROR */ diff --git a/src/lib/libssl/src/crypto/evp/p_seal.c b/src/lib/libssl/src/crypto/evp/p_seal.c index 8cc8fcb0bd..d8324526e7 100644 --- a/src/lib/libssl/src/crypto/evp/p_seal.c +++ b/src/lib/libssl/src/crypto/evp/p_seal.c @@ -87,7 +87,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek for (i=0; idigest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) + { + EVP_PKEY_CTX *pkctx = NULL; + size_t sltmp = (size_t)EVP_PKEY_size(pkey); + i = 0; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pkctx) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + i = 1; + err: + EVP_PKEY_CTX_free(pkctx); + return i; + } + for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; @@ -99,28 +125,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(0); } + if (ctx->digest->sign == NULL) { EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); return(0); } - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) - { - EVP_MD_SVCTX sctmp; - sctmp.mctx = &tmp_ctx; - sctmp.key = pkey->pkey.ptr; - i = ctx->digest->sign(ctx->digest->type, - NULL, -1, sigret, siglen, &sctmp); - } - else - { - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, - pkey->pkey.ptr); - } - EVP_MD_CTX_cleanup(&tmp_ctx); - return i; + return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, + pkey->pkey.ptr)); } diff --git a/src/lib/libssl/src/crypto/evp/p_verify.c b/src/lib/libssl/src/crypto/evp/p_verify.c index 2d46dffe7e..8db46412f3 100644 --- a/src/lib/libssl/src/crypto/evp/p_verify.c +++ b/src/lib/libssl/src/crypto/evp/p_verify.c @@ -70,6 +70,28 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, int i,ok=0,v; MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + EVP_MD_CTX_cleanup(&tmp_ctx); + + if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) + { + EVP_PKEY_CTX *pkctx = NULL; + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pkctx) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); + err: + EVP_PKEY_CTX_free(pkctx); + return i; + } + for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; @@ -85,29 +107,13 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(-1); } - if (ctx->digest->verify == NULL) + if (ctx->digest->verify == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); return(0); } - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) - { - EVP_MD_SVCTX sctmp; - sctmp.mctx = &tmp_ctx; - sctmp.key = pkey->pkey.ptr; - i = ctx->digest->verify(ctx->digest->type, - NULL, -1, sigbuf, siglen, &sctmp); - } - else - { - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - i = ctx->digest->verify(ctx->digest->type,m,m_len, - sigbuf,siglen,pkey->pkey.ptr); - } - EVP_MD_CTX_cleanup(&tmp_ctx); - return i; + return(ctx->digest->verify(ctx->digest->type,m,m_len, + sigbuf,siglen,pkey->pkey.ptr)); } diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c index 3b11e7a556..e2bc8298d0 100644 --- a/src/lib/libssl/src/crypto/ex_data.c +++ b/src/lib/libssl/src/crypto/ex_data.c @@ -245,18 +245,21 @@ typedef struct st_ex_class_item { static int ex_class = CRYPTO_EX_INDEX_USER; /* The global hash table of EX_CLASS_ITEM items */ -static LHASH *ex_data = NULL; +DECLARE_LHASH_OF(EX_CLASS_ITEM); +static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; /* The callbacks required in the "ex_data" hash table */ -static unsigned long ex_hash_cb(const void *a_void) +static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a) { - return ((const EX_CLASS_ITEM *)a_void)->class_index; + return a->class_index; } -static int ex_cmp_cb(const void *a_void, const void *b_void) +static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) + +static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) { - return (((const EX_CLASS_ITEM *)a_void)->class_index - - ((const EX_CLASS_ITEM *)b_void)->class_index); + return a->class_index - b->class_index; } +static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) /* Internal functions used by the "impl_default" implementation to access the * state */ @@ -265,7 +268,8 @@ static int ex_data_check(void) { int toret = 1; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) + if(!ex_data + && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) toret = 0; CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; @@ -298,7 +302,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) EX_DATA_CHECK(return NULL;) d.class_index = class_index; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - p = lh_retrieve(ex_data, &d); + p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); if(!p) { gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); @@ -313,7 +317,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) { /* Because we're inside the ex_data lock, the * return value from the insert will be NULL */ - lh_insert(ex_data, gen); + (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); p = gen; } } @@ -375,8 +379,8 @@ static int int_new_class(void) static void int_cleanup(void) { EX_DATA_CHECK(return;) - lh_doall(ex_data, def_cleanup_cb); - lh_free(ex_data); + lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); + lh_EX_CLASS_ITEM_free(ex_data); ex_data = NULL; impl = NULL; } @@ -452,7 +456,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, return 0; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - j = sk_num(from->sk); + j = sk_void_num(from->sk); if(j < mx) mx = j; if(mx > 0) @@ -523,7 +527,7 @@ skip: OPENSSL_free(storage); if(ad->sk) { - sk_free(ad->sk); + sk_void_free(ad->sk); ad->sk=NULL; } } @@ -596,24 +600,24 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) if (ad->sk == NULL) { - if ((ad->sk=sk_new_null()) == NULL) + if ((ad->sk=sk_void_new_null()) == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); return(0); } } - i=sk_num(ad->sk); + i=sk_void_num(ad->sk); while (i <= idx) { - if (!sk_push(ad->sk,NULL)) + if (!sk_void_push(ad->sk,NULL)) { CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); return(0); } i++; } - sk_set(ad->sk,idx,val); + sk_void_set(ad->sk,idx,val); return(1); } @@ -623,10 +627,10 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) { if (ad->sk == NULL) return(0); - else if (idx >= sk_num(ad->sk)) + else if (idx >= sk_void_num(ad->sk)) return(0); else - return(sk_value(ad->sk,idx)); + return(sk_void_value(ad->sk,idx)); } IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) diff --git a/src/lib/libssl/src/crypto/hmac/Makefile b/src/lib/libssl/src/crypto/hmac/Makefile index 5cfa37d99c..0e91709f64 100644 --- a/src/lib/libssl/src/crypto/hmac/Makefile +++ b/src/lib/libssl/src/crypto/hmac/Makefile @@ -17,8 +17,8 @@ TEST=hmactest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=hmac.c -LIBOBJ=hmac.o +LIBSRC=hmac.c hm_ameth.c hm_pmeth.c +LIBOBJ=hmac.o hm_ameth.o hm_pmeth.o SRC= $(LIBSRC) @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,13 +74,37 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +hm_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_ameth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +hm_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hm_ameth.o: ../../include/openssl/symhacks.h ../asn1/asn1_locl.h ../cryptlib.h +hm_ameth.o: hm_ameth.c +hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +hm_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +hm_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +hm_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +hm_pmeth.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +hm_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +hm_pmeth.o: ../../include/openssl/opensslconf.h +hm_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +hm_pmeth.o: ../cryptlib.h ../evp/evp_locl.h hm_pmeth.c hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -hmac.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -hmac.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hmac.o: ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c index cbc1c76a57..45015fe754 100644 --- a/src/lib/libssl/src/crypto/hmac/hmac.c +++ b/src/lib/libssl/src/crypto/hmac/hmac.c @@ -61,9 +61,7 @@ #include "cryptlib.h" #include -#ifndef OPENSSL_FIPS - -void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { int i,j,reset=0; @@ -84,10 +82,13 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, OPENSSL_assert(j <= (int)sizeof(ctx->key)); if (j < len) { - EVP_DigestInit_ex(&ctx->md_ctx,md, impl); - EVP_DigestUpdate(&ctx->md_ctx,key,len); - EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, - &ctx->key_length); + if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx,key,len)) + goto err; + if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, + &ctx->key_length)) + goto err; } else { @@ -104,31 +105,38 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, { for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->i_ctx,md, impl); - EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); + if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md))) + goto err; for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->o_ctx,md, impl); - EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); + if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md))) + goto err; } - EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx)) + goto err; + return 1; + err: + return 0; } -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md) +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) { if(key && md) HMAC_CTX_init(ctx); - HMAC_Init_ex(ctx,key,len,md, NULL); + return HMAC_Init_ex(ctx,key,len,md, NULL); } -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { - EVP_DigestUpdate(&ctx->md_ctx,data,len); + return EVP_DigestUpdate(&ctx->md_ctx,data,len); } -void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { int j; unsigned int i; @@ -136,10 +144,17 @@ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) j=EVP_MD_block_size(ctx->md); - EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); - EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); - EVP_DigestUpdate(&ctx->md_ctx,buf,i); - EVP_DigestFinal_ex(&ctx->md_ctx,md,len); + if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i)) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len)) + goto err; + return 1; + err: + return 0; } void HMAC_CTX_init(HMAC_CTX *ctx) @@ -149,6 +164,22 @@ void HMAC_CTX_init(HMAC_CTX *ctx) EVP_MD_CTX_init(&ctx->md_ctx); } +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) + { + if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) + goto err; + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + dctx->md = sctx->md; + return 1; + err: + return 0; + } + void HMAC_CTX_cleanup(HMAC_CTX *ctx) { EVP_MD_CTX_cleanup(&ctx->i_ctx); @@ -166,11 +197,16 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, if (md == NULL) md=m; HMAC_CTX_init(&c); - HMAC_Init(&c,key,key_len,evp_md); - HMAC_Update(&c,d,n); - HMAC_Final(&c,md,md_len); + if (!HMAC_Init(&c,key,key_len,evp_md)) + goto err; + if (!HMAC_Update(&c,d,n)) + goto err; + if (!HMAC_Final(&c,md,md_len)) + goto err; HMAC_CTX_cleanup(&c); - return(md); + return md; + err: + return NULL; } void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) @@ -179,5 +215,3 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); } - -#endif diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h index fc38ffb52b..1be0022190 100644 --- a/src/lib/libssl/src/crypto/hmac/hmac.h +++ b/src/lib/libssl/src/crypto/hmac/hmac.h @@ -90,15 +90,16 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ -void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl); -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); -void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); diff --git a/src/lib/libssl/src/crypto/idea/Makefile b/src/lib/libssl/src/crypto/idea/Makefile index 55c0d4dbff..b2e7add666 100644 --- a/src/lib/libssl/src/crypto/idea/Makefile +++ b/src/lib/libssl/src/crypto/idea/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,9 +82,5 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_ofb64.o: i_ofb64.c idea_lcl.h -i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -i_skey.o: ../../include/openssl/fips.h ../../include/openssl/idea.h -i_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -i_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h i_skey.o: i_skey.c idea_lcl.h diff --git a/src/lib/libssl/src/crypto/idea/idea.h b/src/lib/libssl/src/crypto/idea/idea.h index a137d4cbce..5782e54b0f 100644 --- a/src/lib/libssl/src/crypto/idea/idea.h +++ b/src/lib/libssl/src/crypto/idea/idea.h @@ -83,11 +83,8 @@ typedef struct idea_key_st const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); -#ifdef OPENSSL_FIPS -void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -#endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); -void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, diff --git a/src/lib/libssl/src/crypto/install.com b/src/lib/libssl/src/crypto/install.com index ffad1f97a7..ad3e4d48c7 100644 --- a/src/lib/libssl/src/crypto/install.com +++ b/src/lib/libssl/src/crypto/install.com @@ -3,15 +3,26 @@ $! $! Author: Richard Levitte $! Time of creation: 22-MAY-1998 10:13 $! +$! Changes by Zoltan Arpadffy +$! $! P1 root of the directory tree $! $ IF P1 .EQS. "" $ THEN $ WRITE SYS$OUTPUT "First argument missing." -$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." +$ WRITE SYS$OUTPUT - + "It should be the directory where you want things installed." $ EXIT $ ENDIF $ +$ IF (F$GETSYI("CPU").LT.128) +$ THEN +$ ARCH := VAX +$ ELSE +$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE") +$ IF (ARCH .EQS. "") THEN ARCH = "UNK" +$ ENDIF +$ $ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" $ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - @@ -19,30 +30,28 @@ $ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - $ ROOT = ROOT_DEV + "[" + ROOT_DIR $ $ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] -$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB] +$ DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB] $ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] $ $ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLROOT:[000000] -$ IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLVLIB: -$ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLALIB: +$ IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN - + CREATE/DIR/LOG WRK_SSLLIB: $ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - CREATE/DIR/LOG WRK_SSLINCLUDE: $ $ SDIRS := ,- + _'ARCH',- OBJECTS,- - MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- + MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,- DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- UI,KRB5,- - STORE,PQUEUE,JPAKE -$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- - symhacks.h,ossl_typ.h + STORE,CMS,PQUEUE,TS,JPAKE +$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h +$ EXHEADER__'ARCH' := opensslconf.h $ EXHEADER_OBJECTS := objects.h,obj_mac.h $ EXHEADER_MD2 := md2.h $ EXHEADER_MD4 := md4.h @@ -51,6 +60,7 @@ $ EXHEADER_SHA := sha.h $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h +$ EXHEADER_WHRLPOOL := whrlpool.h $ EXHEADER_DES := des.h,des_old.h $ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h @@ -61,6 +71,7 @@ $ EXHEADER_BF := blowfish.h $ EXHEADER_CAST := cast.h $ EXHEADER_CAMELLIA := camellia.h $ EXHEADER_SEED := seed.h +$ EXHEADER_MODES := modes.h $ EXHEADER_BN := bn.h $ EXHEADER_EC := ec.h $ EXHEADER_RSA := rsa.h @@ -91,12 +102,13 @@ $ EXHEADER_UI := ui.h,ui_compat.h $ EXHEADER_KRB5 := krb5_asn.h $! EXHEADER_STORE := store.h,str_compat.h $ EXHEADER_STORE := store.h -$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h +$ EXHEADER_CMS := cms.h +$ EXHEADER_PQUEUE := pqueue.h +$ EXHEADER_TS := ts.h $ EXHEADER_JPAKE := jpake.h $ LIBS := LIBCRYPTO $ -$ VEXE_DIR := [-.VAX.EXE.CRYPTO] -$ AEXE_DIR := [-.AXP.EXE.CRYPTO] +$ EXE_DIR := [-.'ARCH'.EXE.CRYPTO] $ $ I = 0 $ LOOP_SDIRS: @@ -108,7 +120,12 @@ $ IF D .EQS. "" $ THEN $ COPY 'tmp' WRK_SSLINCLUDE: /LOG $ ELSE -$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG +$ IF D .EQS. "_''ARCH'" +$ THEN +$ COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG +$ ELSE +$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG +$ ENDIF $ ENDIF $ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp' $ GOTO LOOP_SDIRS @@ -120,27 +137,16 @@ $ E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM") $ I = I + 1 $ IF E .EQS. "," THEN GOTO LOOP_LIB_END $ SET NOON -$ IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB -$ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE -$ ENDIF -$ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. "" +$ IF F$SEARCH(EXE_DIR+E+".OLB") .NES. "" $ THEN -$ COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB +$ COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log +$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB $ ENDIF $ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" +$ IF F$SEARCH(EXE_DIR+E+".EXE") .NES. "" $ THEN -$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE +$ COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log +$ SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE $ ENDIF $ SET ON $ GOTO LOOP_LIB diff --git a/src/lib/libssl/src/crypto/krb5/Makefile b/src/lib/libssl/src/crypto/krb5/Makefile index 8efb9e8910..14077390d6 100644 --- a/src/lib/libssl/src/crypto/krb5/Makefile +++ b/src/lib/libssl/src/crypto/krb5/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/lhash/Makefile b/src/lib/libssl/src/crypto/lhash/Makefile index 35f0932971..82bddac474 100644 --- a/src/lib/libssl/src/crypto/lhash/Makefile +++ b/src/lib/libssl/src/crypto/lhash/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/lhash/lh_stats.c b/src/lib/libssl/src/crypto/lhash/lh_stats.c index 5aa7766aa6..815615e338 100644 --- a/src/lib/libssl/src/crypto/lhash/lh_stats.c +++ b/src/lib/libssl/src/crypto/lhash/lh_stats.c @@ -139,7 +139,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out) #else #ifndef OPENSSL_NO_FP_API -void lh_stats(const LHASH *lh, FILE *fp) +void lh_stats(const _LHASH *lh, FILE *fp) { BIO *bp; @@ -151,7 +151,7 @@ void lh_stats(const LHASH *lh, FILE *fp) end:; } -void lh_node_stats(const LHASH *lh, FILE *fp) +void lh_node_stats(const _LHASH *lh, FILE *fp) { BIO *bp; @@ -163,7 +163,7 @@ void lh_node_stats(const LHASH *lh, FILE *fp) end:; } -void lh_node_usage_stats(const LHASH *lh, FILE *fp) +void lh_node_usage_stats(const _LHASH *lh, FILE *fp) { BIO *bp; @@ -177,7 +177,7 @@ end:; #endif -void lh_stats_bio(const LHASH *lh, BIO *out) +void lh_stats_bio(const _LHASH *lh, BIO *out) { BIO_printf(out,"num_items = %lu\n",lh->num_items); BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); @@ -205,7 +205,7 @@ void lh_stats_bio(const LHASH *lh, BIO *out) #endif } -void lh_node_stats_bio(const LHASH *lh, BIO *out) +void lh_node_stats_bio(const _LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned int i,num; @@ -218,7 +218,7 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out) } } -void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) { LHASH_NODE *n; unsigned long num; diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c index 04ea80203c..47f748081b 100644 --- a/src/lib/libssl/src/crypto/lhash/lhash.c +++ b/src/lib/libssl/src/crypto/lhash/lhash.c @@ -107,18 +107,18 @@ const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT; #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ -static void expand(LHASH *lh); -static void contract(LHASH *lh); -static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); +static void expand(_LHASH *lh); +static void contract(_LHASH *lh); +static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); -LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) { - LHASH *ret; + _LHASH *ret; int i; - if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) + if ((ret=OPENSSL_malloc(sizeof(_LHASH))) == NULL) goto err0; - if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) + if ((ret->b=OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) goto err1; for (i=0; ib[i]=NULL; @@ -154,7 +154,7 @@ err0: return(NULL); } -void lh_free(LHASH *lh) +void lh_free(_LHASH *lh) { unsigned int i; LHASH_NODE *n,*nn; @@ -176,7 +176,7 @@ void lh_free(LHASH *lh) OPENSSL_free(lh); } -void *lh_insert(LHASH *lh, void *data) +void *lh_insert(_LHASH *lh, void *data) { unsigned long hash; LHASH_NODE *nn,**rn; @@ -214,7 +214,7 @@ void *lh_insert(LHASH *lh, void *data) return(ret); } -void *lh_delete(LHASH *lh, const void *data) +void *lh_delete(_LHASH *lh, const void *data) { unsigned long hash; LHASH_NODE *nn,**rn; @@ -245,7 +245,7 @@ void *lh_delete(LHASH *lh, const void *data) return(ret); } -void *lh_retrieve(LHASH *lh, const void *data) +void *lh_retrieve(_LHASH *lh, const void *data) { unsigned long hash; LHASH_NODE **rn; @@ -267,12 +267,15 @@ void *lh_retrieve(LHASH *lh, const void *data) return(ret); } -static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, +static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) { int i; LHASH_NODE *a,*n; + if (lh == NULL) + return; + /* reverse the order so we search from 'top to bottom' * We were having memory leaks otherwise */ for (i=lh->num_nodes-1; i>=0; i--) @@ -282,6 +285,8 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, { /* 28/05/91 - eay - n added so items can be deleted * via lh_doall */ + /* 22/05/08 - ben - eh? since a is not passed, + * this should not be needed */ n=a->next; if(use_arg) func_arg(a->data,arg); @@ -292,17 +297,17 @@ static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, } } -void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) { doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); } -void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) { doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); } -static void expand(LHASH *lh) +static void expand(_LHASH *lh) { LHASH_NODE **n,**n1,**n2,*np; unsigned int p,i,j; @@ -358,7 +363,7 @@ static void expand(LHASH *lh) } } -static void contract(LHASH *lh) +static void contract(_LHASH *lh) { LHASH_NODE **n,*n1,*np; @@ -397,7 +402,7 @@ static void contract(LHASH *lh) } } -static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) +static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) { LHASH_NODE **ret,*n1; unsigned long hash,nn; @@ -464,7 +469,7 @@ unsigned long lh_strhash(const char *c) return((ret>>16)^ret); } -unsigned long lh_num_items(const LHASH *lh) +unsigned long lh_num_items(const _LHASH *lh) { return lh ? lh->num_items : 0; } diff --git a/src/lib/libssl/src/crypto/lhash/lhash.h b/src/lib/libssl/src/crypto/lhash/lhash.h index d392d0cd80..e7d8763591 100644 --- a/src/lib/libssl/src/crypto/lhash/lhash.h +++ b/src/lib/libssl/src/crypto/lhash/lhash.h @@ -98,42 +98,42 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); * macros if the functions are strictly internal. */ /* First: "hash" functions */ -#define DECLARE_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *); -#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *arg) { \ - o_type a = (o_type)arg; \ - return f_name(a); } -#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +#define LHASH_HASH_FN(name) name##_LHASH_HASH /* Second: "compare" functions */ -#define DECLARE_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *, const void *); -#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ - o_type a = (o_type)arg1; \ - o_type b = (o_type)arg2; \ - return f_name(a,b); } -#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +#define LHASH_COMP_FN(name) name##_LHASH_COMP /* Third: "doall" functions */ -#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(void *); -#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(void *arg) { \ - o_type a = (o_type)arg; \ - f_name(a); } -#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +#define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +#define LHASH_DOALL_FN(name) name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ -#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(void *, void *); -#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ - o_type a = (o_type)arg1; \ - a_type b = (a_type)arg2; \ - f_name(a,b); } -#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG typedef struct lhash_st { @@ -163,7 +163,8 @@ typedef struct lhash_st unsigned long num_hash_comps; int error; - } LHASH; + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF + * and friends */ #define LH_LOAD_MULT 256 @@ -171,27 +172,67 @@ typedef struct lhash_st * in lh_insert(). */ #define lh_error(lh) ((lh)->error) -LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); -void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, void *data); -void *lh_delete(LHASH *lh, const void *data); -void *lh_retrieve(LHASH *lh, const void *data); -void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); -void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); -unsigned long lh_num_items(const LHASH *lh); +unsigned long lh_num_items(const _LHASH *lh); #ifndef OPENSSL_NO_FP_API -void lh_stats(const LHASH *lh, FILE *out); -void lh_node_stats(const LHASH *lh, FILE *out); -void lh_node_usage_stats(const LHASH *lh, FILE *out); +void lh_stats(const _LHASH *lh, FILE *out); +void lh_node_stats(const _LHASH *lh, FILE *out); +void lh_node_usage_stats(const _LHASH *lh, FILE *out); #endif #ifndef OPENSSL_NO_BIO -void lh_stats_bio(const LHASH *lh, BIO *out); -void lh_node_stats_bio(const LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); +void lh_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); #endif + +/* Type checking... */ + +#define LHASH_OF(type) struct lhash_st_##type + +#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } + +#define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +#define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +#define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +#define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) +#define LHM_lh_node_stats_bio(type, lh, out) \ + lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_node_usage_stats_bio(type, lh, out) \ + lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_stats_bio(type, lh, out) \ + lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + #ifdef __cplusplus } #endif diff --git a/src/lib/libssl/src/crypto/md2/Makefile b/src/lib/libssl/src/crypto/md2/Makefile index 7f43321ab2..17f878aeb7 100644 --- a/src/lib/libssl/src/crypto/md2/Makefile +++ b/src/lib/libssl/src/crypto/md2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -74,9 +74,7 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md2_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md2_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md2_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h diff --git a/src/lib/libssl/src/crypto/md2/md2.h b/src/lib/libssl/src/crypto/md2/md2.h index d59c9f2593..a46120e7d4 100644 --- a/src/lib/libssl/src/crypto/md2/md2.h +++ b/src/lib/libssl/src/crypto/md2/md2.h @@ -81,9 +81,6 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); -#ifdef OPENSSL_FIPS -int private_MD2_Init(MD2_CTX *c); -#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/src/lib/libssl/src/crypto/md2/md2_dgst.c b/src/lib/libssl/src/crypto/md2/md2_dgst.c index cc4eeaf7a7..c57b3da288 100644 --- a/src/lib/libssl/src/crypto/md2/md2_dgst.c +++ b/src/lib/libssl/src/crypto/md2/md2_dgst.c @@ -62,11 +62,6 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif - -#include const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; @@ -78,7 +73,7 @@ const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; static void md2_block(MD2_CTX *c, const unsigned char *d); /* The magic S table - I have converted it to hex since it is * basically just a random byte string. */ -static MD2_INT S[256]={ +static const MD2_INT S[256]={ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, @@ -121,7 +116,7 @@ const char *MD2_options(void) return("md2(int)"); } -FIPS_NON_FIPS_MD_Init(MD2) +int MD2_Init(MD2_CTX *c) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/src/lib/libssl/src/crypto/md32_common.h b/src/lib/libssl/src/crypto/md32_common.h index 61bcd9786f..1cb783944e 100644 --- a/src/lib/libssl/src/crypto/md32_common.h +++ b/src/lib/libssl/src/crypto/md32_common.h @@ -241,11 +241,11 @@ #ifndef PEDANTIC # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__s390x__) -# define HOST_c2l(c,l) ({ asm ("lrv %0,0(%1)" \ - :"=r"(l) : "r"(c)); \ +# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ + :"=d"(l) :"m"(*(const unsigned int *)(c)));\ (c)+=4; (l); }) -# define HOST_l2c(l,c) ({ asm ("strv %0,0(%1)" \ - : : "r"(l),"r"(c) : "memory"); \ +# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ + :"=m"(*(unsigned int *)(c)) :"d"(l));\ (c)+=4; (l); }) # endif # endif @@ -293,7 +293,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) * Wei Dai for pointing it out. */ if (l < c->Nl) /* overflow */ c->Nh++; - c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ + c->Nh+=(HASH_LONG)(len>>29); /* might cause compiler warning on 16-bit */ c->Nl=l; n = c->num; @@ -331,7 +331,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) if (len != 0) { p = (unsigned char *)c->data; - c->num = len; + c->num = (unsigned int)len; memcpy (p,data,len); } return 1; diff --git a/src/lib/libssl/src/crypto/md4/Makefile b/src/lib/libssl/src/crypto/md4/Makefile index 0bc4896585..c94a1398ed 100644 --- a/src/lib/libssl/src/crypto/md4/Makefile +++ b/src/lib/libssl/src/crypto/md4/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -69,19 +69,16 @@ depend: dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) + rm -f ../../include/openssl/$(EXHEADER) ../../test/$(TEST) ../../apps/$(APPS) clean: rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. -md4_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md4_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c +md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h +md4_dgst.o: ../../include/openssl/opensslconf.h +md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c md4_dgst.o: md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libssl/src/crypto/md4/md4.h b/src/lib/libssl/src/crypto/md4/md4.h index ba1fe4a6ee..c3ed9b3f75 100644 --- a/src/lib/libssl/src/crypto/md4/md4.h +++ b/src/lib/libssl/src/crypto/md4/md4.h @@ -77,7 +77,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define MD4_LONG unsigned long #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD4_LONG unsigned long @@ -105,9 +105,6 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; -#ifdef OPENSSL_FIPS -int private_MD4_Init(MD4_CTX *c); -#endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/src/lib/libssl/src/crypto/md4/md4_dgst.c b/src/lib/libssl/src/crypto/md4/md4_dgst.c index 0f5448601d..e0c42e8596 100644 --- a/src/lib/libssl/src/crypto/md4/md4_dgst.c +++ b/src/lib/libssl/src/crypto/md4/md4_dgst.c @@ -59,11 +59,6 @@ #include #include "md4_locl.h" #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; @@ -75,15 +70,13 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -FIPS_NON_FIPS_MD_Init(MD4) +int MD4_Init(MD4_CTX *c) { + memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; c->B=INIT_DATA_B; c->C=INIT_DATA_C; c->D=INIT_DATA_D; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } diff --git a/src/lib/libssl/src/crypto/md5/Makefile b/src/lib/libssl/src/crypto/md5/Makefile index 3c450fcfc0..9858d53d31 100644 --- a/src/lib/libssl/src/crypto/md5/Makefile +++ b/src/lib/libssl/src/crypto/md5/Makefile @@ -38,21 +38,19 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@) -# COFF -mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@) -# a.out -mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@) +md5-586.s: asm/md5-586.pl ../perlasm/x86asm.pl + $(PERL) asm/md5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -md5-x86_64.s: asm/md5-x86_64.pl; $(PERL) asm/md5-x86_64.pl $@ +md5-x86_64.s: asm/md5-x86_64.pl + $(PERL) asm/md5-x86_64.pl $(PERLASM_SCHEME) > $@ + +md5-ia64.s: asm/md5-ia64.S + $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ + $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -91,13 +89,9 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -md5_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md5_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c +md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h +md5_dgst.o: ../../include/openssl/opensslconf.h +md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c md5_dgst.o: md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h diff --git a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl index 76ac235f7d..6cb66bb499 100644 --- a/src/lib/libssl/src/crypto/md5/asm/md5-586.pl +++ b/src/lib/libssl/src/crypto/md5/asm/md5-586.pl @@ -7,7 +7,8 @@ $normal=0; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); diff --git a/src/lib/libssl/src/crypto/md5/md5.h b/src/lib/libssl/src/crypto/md5/md5.h index 0761f84a27..4cbf84386b 100644 --- a/src/lib/libssl/src/crypto/md5/md5.h +++ b/src/lib/libssl/src/crypto/md5/md5.h @@ -77,7 +77,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define MD5_LONG unsigned long #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD5_LONG unsigned long @@ -105,9 +105,6 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; -#ifdef OPENSSL_FIPS -int private_MD5_Init(MD5_CTX *c); -#endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/src/lib/libssl/src/crypto/md5/md5_dgst.c b/src/lib/libssl/src/crypto/md5/md5_dgst.c index 47bb9020ee..beace632e3 100644 --- a/src/lib/libssl/src/crypto/md5/md5_dgst.c +++ b/src/lib/libssl/src/crypto/md5/md5_dgst.c @@ -59,11 +59,6 @@ #include #include "md5_locl.h" #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; @@ -75,15 +70,13 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -FIPS_NON_FIPS_MD_Init(MD5) +int MD5_Init(MD5_CTX *c) { + memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; c->B=INIT_DATA_B; c->C=INIT_DATA_C; c->D=INIT_DATA_D; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } diff --git a/src/lib/libssl/src/crypto/md5/md5_locl.h b/src/lib/libssl/src/crypto/md5/md5_locl.h index 84e81b960d..968d577995 100644 --- a/src/lib/libssl/src/crypto/md5/md5_locl.h +++ b/src/lib/libssl/src/crypto/md5/md5_locl.h @@ -69,6 +69,8 @@ # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) # define md5_block_data_order md5_block_asm_data_order +# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +# define md5_block_data_order md5_block_asm_data_order # endif #endif diff --git a/src/lib/libssl/src/crypto/mdc2/Makefile b/src/lib/libssl/src/crypto/mdc2/Makefile index ea25688d88..1d064f17a6 100644 --- a/src/lib/libssl/src/crypto/mdc2/Makefile +++ b/src/lib/libssl/src/crypto/mdc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h index 7e1354116a..72778a5212 100644 --- a/src/lib/libssl/src/crypto/mdc2/mdc2.h +++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h @@ -80,9 +80,7 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; -#ifdef OPENSSL_FIPS -int private_MDC2_Init(MDC2_CTX *c); -#endif + int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c index 00ebaf0b9b..6f80dd33eb 100644 --- a/src/lib/libssl/src/crypto/mem.c +++ b/src/lib/libssl/src/crypto/mem.c @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) = free; /* may be changed as long as 'allow_customize_debug' is set */ /* XXX use correct function pointer types */ -#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) +#ifdef CRYPTO_MDEBUG /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; @@ -110,14 +110,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; - -static int (*push_info_func)(const char *info, const char *file, int line) - = CRYPTO_dbg_push_info; -static int (*pop_info_func)(void) - = CRYPTO_dbg_pop_info; -static int (*remove_all_info_func)(void) - = CRYPTO_dbg_remove_all_info; - #else /* applications can use CRYPTO_malloc_debug_init() to select above case * at run-time */ @@ -127,13 +119,6 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = NULL; static void (*set_debug_options_func)(long) = NULL; static long (*get_debug_options_func)(void) = NULL; - - -static int (*push_info_func)(const char *info, const char *file, int line) - = NULL; -static int (*pop_info_func)(void) = NULL; -static int (*remove_all_info_func)(void) = NULL; - #endif @@ -209,15 +194,6 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), return 1; } -void CRYPTO_set_mem_info_functions( - int (*push_info_fn)(const char *info, const char *file, int line), - int (*pop_info_fn)(void), - int (*remove_all_info_fn)(void)) - { - push_info_func = push_info_fn; - pop_info_func = pop_info_fn; - remove_all_info_func = remove_all_info_fn; - } void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), void (**f)(void *)) @@ -274,7 +250,6 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line) { void *ret = NULL; - extern unsigned char cleanse_ctr; if (num <= 0) return NULL; @@ -291,11 +266,15 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); +#ifndef OPENSSL_CPUID_OBJ /* Create a dependency on the value of 'cleanse_ctr' so our memory * sanitisation function can't be optimised out. NB: We only do * this for >2Kb so the overhead doesn't bother us. */ if(ret && (num > 2048)) + { extern unsigned char cleanse_ctr; ((unsigned char *)ret)[0] = cleanse_ctr; + } +#endif return ret; } @@ -315,7 +294,6 @@ void CRYPTO_free_locked(void *str) void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; - extern unsigned char cleanse_ctr; if (num <= 0) return NULL; @@ -332,12 +310,23 @@ void *CRYPTO_malloc(int num, const char *file, int line) if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); +#ifndef OPENSSL_CPUID_OBJ /* Create a dependency on the value of 'cleanse_ctr' so our memory * sanitisation function can't be optimised out. NB: We only do * this for >2Kb so the overhead doesn't bother us. */ if(ret && (num > 2048)) + { extern unsigned char cleanse_ctr; ((unsigned char *)ret)[0] = cleanse_ctr; + } +#endif + + return ret; + } +char *CRYPTO_strdup(const char *str, const char *file, int line) + { + char *ret = CRYPTO_malloc(strlen(str)+1, file, line); + strcpy(ret, str); return ret; } @@ -423,24 +412,3 @@ long CRYPTO_get_mem_debug_options(void) return get_debug_options_func(); return 0; } - -int CRYPTO_push_info_(const char *info, const char *file, int line) - { - if (push_info_func) - return push_info_func(info, file, line); - return 1; - } - -int CRYPTO_pop_info(void) - { - if (pop_info_func) - return pop_info_func(); - return 1; - } - -int CRYPTO_remove_all_info(void) - { - if (remove_all_info_func) - return remove_all_info_func(); - return 1; - } diff --git a/src/lib/libssl/src/crypto/mem_dbg.c b/src/lib/libssl/src/crypto/mem_dbg.c index dfeb084799..ac793397f1 100644 --- a/src/lib/libssl/src/crypto/mem_dbg.c +++ b/src/lib/libssl/src/crypto/mem_dbg.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include @@ -81,8 +134,11 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF; */ static unsigned long order = 0; /* number of memory requests */ -static LHASH *mh=NULL; /* hash-table of memory requests (address as key); - * access requires MALLOC2 lock */ + +DECLARE_LHASH_OF(MEM); +static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests + * (address as key); access requires + * MALLOC2 lock */ typedef struct app_mem_info_st @@ -93,8 +149,8 @@ typedef struct app_mem_info_st * CRYPTO_pop_info() to pop an entry, * CRYPTO_remove_all_info() to pop all entries. */ - { - unsigned long thread; + { + CRYPTO_THREADID threadid; const char *file; int line; const char *info; @@ -104,10 +160,13 @@ typedef struct app_mem_info_st static void app_info_free(APP_INFO *); -static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's - * that are at the top of their thread's stack - * (with `thread' as key); - * access requires MALLOC2 lock */ +DECLARE_LHASH_OF(APP_INFO); +static LHASH_OF(APP_INFO) *amih=NULL; /* hash-table with those + * app_mem_info_st's that are at + * the top of their thread's + * stack (with `thread' as key); + * access requires MALLOC2 + * lock */ typedef struct mem_st /* memory-block description */ @@ -116,7 +175,7 @@ typedef struct mem_st int num; const char *file; int line; - unsigned long thread; + CRYPTO_THREADID threadid; unsigned long order; time_t time; APP_INFO *app_info; @@ -136,11 +195,11 @@ static unsigned int num_disable = 0; /* num_disable > 0 * iff * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ -static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. - * CRYPTO_LOCK_MALLOC2 is locked - * exactly in this case (by the - * thread named in disabling_thread). - */ + +/* Valid iff num_disable > 0. CRYPTO_LOCK_MALLOC2 is locked exactly in this + * case (by the thread named in disabling_thread). + */ +static CRYPTO_THREADID disabling_threadid; static void app_info_free(APP_INFO *inf) { @@ -177,7 +236,9 @@ int CRYPTO_mem_ctrl(int mode) case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ if (mh_mode & CRYPTO_MEM_CHECK_ON) { - if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); + if (!num_disable || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) /* otherwise we already have the MALLOC2 lock */ { /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if @@ -195,7 +256,7 @@ int CRYPTO_mem_ctrl(int mode) CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; - disabling_thread=CRYPTO_thread_id(); + CRYPTO_THREADID_cpy(&disabling_threadid, &cur); } num_disable++; } @@ -228,10 +289,12 @@ int CRYPTO_is_mem_check_on(void) if (mh_mode & CRYPTO_MEM_CHECK_ON) { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) - || (disabling_thread != CRYPTO_thread_id()); + || CRYPTO_THREADID_cmp(&disabling_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); } @@ -249,49 +312,49 @@ long CRYPTO_dbg_get_options(void) return options; } -/* static int mem_cmp(MEM *a, MEM *b) */ -static int mem_cmp(const void *a_void, const void *b_void) +static int mem_cmp(const MEM *a, const MEM *b) { #ifdef _WIN64 - const char *a=(const char *)((const MEM *)a_void)->addr, - *b=(const char *)((const MEM *)b_void)->addr; - if (a==b) return 0; - else if (a>b) return 1; + const char *ap=(const char *)a->addr, + *bp=(const char *)b->addr; + if (ap==bp) return 0; + else if (ap>bp) return 1; else return -1; #else - return((const char *)((const MEM *)a_void)->addr - - (const char *)((const MEM *)b_void)->addr); + return (const char *)a->addr - (const char *)b->addr; #endif } +static IMPLEMENT_LHASH_COMP_FN(mem, MEM) -/* static unsigned long mem_hash(MEM *a) */ -static unsigned long mem_hash(const void *a_void) +static unsigned long mem_hash(const MEM *a) { unsigned long ret; - ret=(unsigned long)((const MEM *)a_void)->addr; + ret=(unsigned long)a->addr; ret=ret*17851+(ret>>14)*7+(ret>>4)*251; return(ret); } +static IMPLEMENT_LHASH_HASH_FN(mem, MEM) /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ static int app_info_cmp(const void *a_void, const void *b_void) { - return(((const APP_INFO *)a_void)->thread - != ((const APP_INFO *)b_void)->thread); + return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid, + &((const APP_INFO *)b_void)->threadid); } +static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO) -/* static unsigned long app_info_hash(APP_INFO *a) */ -static unsigned long app_info_hash(const void *a_void) +static unsigned long app_info_hash(const APP_INFO *a) { unsigned long ret; - ret=(unsigned long)((const APP_INFO *)a_void)->thread; - + ret = CRYPTO_THREADID_hash(&a->threadid); + /* This is left in as a "who am I to question legacy?" measure */ ret=ret*17851+(ret>>14)*7+(ret>>4)*251; return(ret); } +static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO) static APP_INFO *pop_info(void) { @@ -300,21 +363,22 @@ static APP_INFO *pop_info(void) if (amih != NULL) { - tmp.thread=CRYPTO_thread_id(); - if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL) + CRYPTO_THREADID_current(&tmp.threadid); + if ((ret=lh_APP_INFO_delete(amih,&tmp)) != NULL) { APP_INFO *next=ret->next; if (next != NULL) { next->references++; - lh_insert(amih,(char *)next); + (void)lh_APP_INFO_insert(amih,next); } #ifdef LEVITTE_DEBUG_MEM - if (ret->thread != tmp.thread) + if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid)) { fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", - ret->thread, tmp.thread); + CRYPTO_THREADID_hash(&ret->threadid), + CRYPTO_THREADID_hash(&tmp.threadid)); abort(); } #endif @@ -330,7 +394,7 @@ static APP_INFO *pop_info(void) return(ret); } -int CRYPTO_dbg_push_info(const char *info, const char *file, int line) +int CRYPTO_push_info_(const char *info, const char *file, int line) { APP_INFO *ami, *amim; int ret=0; @@ -346,7 +410,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line) } if (amih == NULL) { - if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL) + if ((amih=lh_APP_INFO_new()) == NULL) { OPENSSL_free(ami); ret=0; @@ -354,20 +418,21 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line) } } - ami->thread=CRYPTO_thread_id(); + CRYPTO_THREADID_current(&ami->threadid); ami->file=file; ami->line=line; ami->info=info; ami->references=1; ami->next=NULL; - if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) + if ((amim=lh_APP_INFO_insert(amih,ami)) != NULL) { #ifdef LEVITTE_DEBUG_MEM - if (ami->thread != amim->thread) + if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid)) { fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", - amim->thread, ami->thread); + CRYPTO_THREADID_hash(&amim->threadid), + CRYPTO_THREADID_hash(&ami->threadid)); abort(); } #endif @@ -380,7 +445,7 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line) return(ret); } -int CRYPTO_dbg_pop_info(void) +int CRYPTO_pop_info(void) { int ret=0; @@ -395,7 +460,7 @@ int CRYPTO_dbg_pop_info(void) return(ret); } -int CRYPTO_dbg_remove_all_info(void) +int CRYPTO_remove_all_info(void) { int ret=0; @@ -439,7 +504,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, } if (mh == NULL) { - if ((mh=lh_new(mem_hash, mem_cmp)) == NULL) + if ((mh=lh_MEM_new()) == NULL) { OPENSSL_free(addr); OPENSSL_free(m); @@ -453,9 +518,9 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, m->line=line; m->num=num; if (options & V_CRYPTO_MDEBUG_THREAD) - m->thread=CRYPTO_thread_id(); + CRYPTO_THREADID_current(&m->threadid); else - m->thread=0; + memset(&m->threadid, 0, sizeof(m->threadid)); if (order == break_order_num) { @@ -464,7 +529,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, } m->order=order++; #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n", m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); @@ -474,16 +539,16 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, else m->time=0; - tmp.thread=CRYPTO_thread_id(); + CRYPTO_THREADID_current(&tmp.threadid); m->app_info=NULL; if (amih != NULL - && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL) + && (amim=lh_APP_INFO_retrieve(amih,&tmp)) != NULL) { m->app_info = amim; amim->references++; } - if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL) + if ((mm=lh_MEM_insert(mh, m)) != NULL) { /* Not good, but don't sweat it */ if (mm->app_info != NULL) @@ -516,11 +581,11 @@ void CRYPTO_dbg_free(void *addr, int before_p) MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr; - mp=(MEM *)lh_delete(mh,(char *)&m); + mp=lh_MEM_delete(mh,&m); if (mp != NULL) { #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n", mp->order, mp->addr, mp->num); #endif if (mp->app_info != NULL) @@ -566,18 +631,18 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, MemCheck_off(); /* make sure we hold MALLOC2 lock */ m.addr=addr1; - mp=(MEM *)lh_delete(mh,(char *)&m); + mp=lh_MEM_delete(mh,&m); if (mp != NULL) { #ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", + fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n", mp->order, mp->addr, mp->num, addr2, num); #endif mp->addr=addr2; mp->num=num; - lh_insert(mh,(char *)mp); + (void)lh_MEM_insert(mh,mp); } MemCheck_on(); /* release MALLOC2 lock @@ -596,14 +661,14 @@ typedef struct mem_leak_st long bytes; } MEM_LEAK; -static void print_leak(const MEM *m, MEM_LEAK *l) +static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) { char buf[1024]; char *bufp = buf; APP_INFO *amip; int ami_cnt; struct tm *lcl = NULL; - unsigned long ti; + CRYPTO_THREADID ti; #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) @@ -625,7 +690,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) if (options & V_CRYPTO_MDEBUG_THREAD) { - BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); + BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", + CRYPTO_THREADID_hash(&m->threadid)); bufp += strlen(bufp); } @@ -642,8 +708,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) ami_cnt=0; if (!amip) return; - ti=amip->thread; - + CRYPTO_THREADID_cpy(&ti, &amip->threadid); + do { int buf_len; @@ -653,7 +719,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) memset(buf,'>',ami_cnt); BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", - amip->thread, amip->file, amip->line); + CRYPTO_THREADID_hash(&amip->threadid), amip->file, + amip->line); buf_len=strlen(buf); info_len=strlen(amip->info); if (128 - buf_len - 3 < info_len) @@ -673,8 +740,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) amip = amip->next; } - while(amip && amip->thread == ti); - + while(amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); + #ifdef LEVITTE_DEBUG_MEM if (amip) { @@ -684,7 +751,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) #endif } -static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK) void CRYPTO_mem_leaks(BIO *b) { @@ -699,12 +766,15 @@ void CRYPTO_mem_leaks(BIO *b) ml.bytes=0; ml.chunks=0; if (mh != NULL) - lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), - (char *)&ml); + lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK, + &ml); if (ml.chunks != 0) { BIO_printf(b,"%ld bytes leaked in %d chunks\n", ml.bytes,ml.chunks); +#ifdef CRYPTO_MDEBUG_ABORT + abort(); +#endif } else { @@ -717,7 +787,7 @@ void CRYPTO_mem_leaks(BIO *b) * XXX This should be in CRYPTO_mem_leaks_cb, * and CRYPTO_mem_leaks should be implemented by * using CRYPTO_mem_leaks_cb. - * (Also their should be a variant of lh_doall_arg + * (Also there should be a variant of lh_doall_arg * that takes a function pointer instead of a void *; * this would obviate the ugly and illegal * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. @@ -734,14 +804,14 @@ void CRYPTO_mem_leaks(BIO *b) if (mh != NULL) { - lh_free(mh); + lh_MEM_free(mh); mh = NULL; } if (amih != NULL) { - if (lh_num_items(amih) == 0) + if (lh_APP_INFO_num_items(amih) == 0) { - lh_free(amih); + lh_APP_INFO_free(amih); amih = NULL; } } @@ -779,39 +849,26 @@ void CRYPTO_mem_leaks_fp(FILE *fp) /* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h * If this code is restructured, remove the callback type if it is no longer * needed. -- Geoff Thorpe */ -static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) + +/* Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it + * is a function pointer and conversion to void * is prohibited. Instead + * pass its address + */ + +typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB; + +static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb) { - (**cb)(m->order,m->file,m->line,m->num,m->addr); + (*cb)(m->order,m->file,m->line,m->num,m->addr); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **) +static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB) void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) { if (mh == NULL) return; CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); - lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); + lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB, + &cb); CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); } - -void CRYPTO_malloc_debug_init(void) - { - CRYPTO_set_mem_debug_functions( - CRYPTO_dbg_malloc, - CRYPTO_dbg_realloc, - CRYPTO_dbg_free, - CRYPTO_dbg_set_options, - CRYPTO_dbg_get_options); - CRYPTO_set_mem_info_functions( - CRYPTO_dbg_push_info, - CRYPTO_dbg_pop_info, - CRYPTO_dbg_remove_all_info); - } - -char *CRYPTO_strdup(const char *str, const char *file, int line) - { - char *ret = CRYPTO_malloc(strlen(str)+1, file, line); - - strcpy(ret, str); - return ret; - } diff --git a/src/lib/libssl/src/crypto/o_str.c b/src/lib/libssl/src/crypto/o_str.c index 59cc25094b..56104a6c34 100644 --- a/src/lib/libssl/src/crypto/o_str.c +++ b/src/lib/libssl/src/crypto/o_str.c @@ -60,7 +60,9 @@ #include #include "o_str.h" -#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32) +#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ + !defined(OPENSSL_SYSNAME_WIN32) && \ + !defined(NETWARE_CLIB) # include #endif diff --git a/src/lib/libssl/src/crypto/o_time.c b/src/lib/libssl/src/crypto/o_time.c index e29091d650..eecbdd19f0 100644 --- a/src/lib/libssl/src/crypto/o_time.c +++ b/src/lib/libssl/src/crypto/o_time.c @@ -2,6 +2,9 @@ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2008. + */ /* ==================================================================== * Copyright (c) 2001 The OpenSSL Project. All rights reserved. * @@ -73,7 +76,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) /* should return &data, but doesn't on some systems, so we don't even look at the return value */ gmtime_r(timer,result); @@ -214,4 +217,150 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) } #endif return ts; - } + } + +/* Take a tm structure and add an offset to it. This avoids any OS issues + * with restricted date types and overflows which cause the year 2038 + * problem. + */ + +#define SECS_PER_DAY (24 * 60 * 60) + +static long date_to_julian(int y, int m, int d); +static void julian_to_date(long jd, int *y, int *m, int *d); + +int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) + { + int offset_hms, offset_day; + long time_jd; + int time_year, time_month, time_day; + /* split offset into days and day seconds */ + offset_day = offset_sec / SECS_PER_DAY; + /* Avoid sign issues with % operator */ + offset_hms = offset_sec - (offset_day * SECS_PER_DAY); + offset_day += off_day; + /* Add current time seconds to offset */ + offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; + /* Adjust day seconds if overflow */ + if (offset_hms >= SECS_PER_DAY) + { + offset_day++; + offset_hms -= SECS_PER_DAY; + } + else if (offset_hms < 0) + { + offset_day--; + offset_hms += SECS_PER_DAY; + } + + /* Convert date of time structure into a Julian day number. + */ + + time_year = tm->tm_year + 1900; + time_month = tm->tm_mon + 1; + time_day = tm->tm_mday; + + time_jd = date_to_julian(time_year, time_month, time_day); + + /* Work out Julian day of new date */ + time_jd += offset_day; + + if (time_jd < 0) + return 0; + + /* Convert Julian day back to date */ + + julian_to_date(time_jd, &time_year, &time_month, &time_day); + + if (time_year < 1900 || time_year > 9999) + return 0; + + /* Update tm structure */ + + tm->tm_year = time_year - 1900; + tm->tm_mon = time_month - 1; + tm->tm_mday = time_day; + + tm->tm_hour = offset_hms / 3600; + tm->tm_min = (offset_hms / 60) % 60; + tm->tm_sec = offset_hms % 60; + + return 1; + +} + +/* Convert date to and from julian day + * Uses Fliegel & Van Flandern algorithm + */ +static long date_to_julian(int y, int m, int d) +{ + return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + + (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - + (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + + d - 32075; +} + +static void julian_to_date(long jd, int *y, int *m, int *d) + { + long L = jd + 68569; + long n = (4 * L) / 146097; + long i, j; + + L = L - (146097 * n + 3) / 4; + i = (4000 * (L + 1)) / 1461001; + L = L - (1461 * i) / 4 + 31; + j = (80 * L) / 2447; + *d = L - (2447 * j) / 80; + L = j / 11; + *m = j + 2 - (12 * L); + *y = 100 * (n - 49) + i + L; + } + +#ifdef OPENSSL_TIME_TEST + +#include + +/* Time checking test code. Check times are identical for a wide range of + * offsets. This should be run on a machine with 64 bit time_t or it will + * trigger the very errors the routines fix. + */ + +int main(int argc, char **argv) + { + long offset; + for (offset = 0; offset < 1000000; offset++) + { + check_time(offset); + check_time(-offset); + check_time(offset * 1000); + check_time(-offset * 1000); + } + } + +int check_time(long offset) + { + struct tm tm1, tm2; + time_t t1, t2; + time(&t1); + t2 = t1 + offset; + OPENSSL_gmtime(&t2, &tm2); + OPENSSL_gmtime(&t1, &tm1); + OPENSSL_gmtime_adj(&tm1, 0, offset); + if ((tm1.tm_year == tm2.tm_year) && + (tm1.tm_mon == tm2.tm_mon) && + (tm1.tm_mday == tm2.tm_mday) && + (tm1.tm_hour == tm2.tm_hour) && + (tm1.tm_min == tm2.tm_min) && + (tm1.tm_sec == tm2.tm_sec)) + return 1; + fprintf(stderr, "TIME ERROR!!\n"); + fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", + tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, + tm2.tm_hour, tm2.tm_min, tm2.tm_sec); + fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", + tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, + tm1.tm_hour, tm1.tm_min, tm1.tm_sec); + return 0; + } + +#endif diff --git a/src/lib/libssl/src/crypto/o_time.h b/src/lib/libssl/src/crypto/o_time.h index e66044626d..e391da7508 100644 --- a/src/lib/libssl/src/crypto/o_time.h +++ b/src/lib/libssl/src/crypto/o_time.h @@ -62,5 +62,6 @@ #include struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); #endif diff --git a/src/lib/libssl/src/crypto/objects/Makefile b/src/lib/libssl/src/crypto/objects/Makefile index 25e8b23b5d..a8aedbd422 100644 --- a/src/lib/libssl/src/crypto/objects/Makefile +++ b/src/lib/libssl/src/crypto/objects/Makefile @@ -18,23 +18,23 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c -LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o +LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c +LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o obj_xref.o SRC= $(LIBSRC) EXHEADER= objects.h obj_mac.h -HEADER= $(EXHEADER) obj_dat.h +HEADER= $(EXHEADER) obj_dat.h obj_xref.h ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) -all: obj_dat.h lib +all: obj_dat.h obj_xref.h lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -46,6 +46,10 @@ obj_mac.h: objects.pl objects.txt obj_mac.num $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h @sleep 1; touch obj_mac.h; sleep 1 +obj_xref.h: objxref.pl obj_xref.txt obj_mac.num + $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h + @sleep 1; touch obj_xref.h; sleep 1 + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -117,3 +121,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h obj_lib.o: ../cryptlib.h obj_lib.c +obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +obj_xref.o: ../../include/openssl/opensslconf.h +obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c index adb5731f76..84380a96a9 100644 --- a/src/lib/libssl/src/crypto/objects/o_names.c +++ b/src/lib/libssl/src/crypto/objects/o_names.c @@ -22,7 +22,8 @@ /* I use the ex_data stuff to manage the identifiers for the obj_name_types * that applications may define. I only really use the free function field. */ -static LHASH *names_lh=NULL; +DECLARE_LHASH_OF(OBJ_NAME); +static LHASH_OF(OBJ_NAME) *names_lh=NULL; static int names_type_num=OBJ_NAME_TYPE_NUM; typedef struct name_funcs_st @@ -46,11 +47,14 @@ static unsigned long obj_name_hash(const void *a_void); /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ static int obj_name_cmp(const void *a_void,const void *b_void); +static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) +static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) + int OBJ_NAME_init(void) { if (names_lh != NULL) return(1); MemCheck_off(); - names_lh=lh_new(obj_name_hash, obj_name_cmp); + names_lh=lh_OBJ_NAME_new(); MemCheck_on(); return(names_lh != NULL); } @@ -164,7 +168,7 @@ const char *OBJ_NAME_get(const char *name, int type) for (;;) { - ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); + ret=lh_OBJ_NAME_retrieve(names_lh,&on); if (ret == NULL) return(NULL); if ((ret->alias) && !alias) { @@ -200,7 +204,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) onp->type=type; onp->data=data; - ret=(OBJ_NAME *)lh_insert(names_lh,onp); + ret=lh_OBJ_NAME_insert(names_lh,onp); if (ret != NULL) { /* free things */ @@ -217,7 +221,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) } else { - if (lh_error(names_lh)) + if (lh_OBJ_NAME_error(names_lh)) { /* ERROR */ return(0); @@ -235,7 +239,7 @@ int OBJ_NAME_remove(const char *name, int type) type&= ~OBJ_NAME_ALIAS; on.name=name; on.type=type; - ret=(OBJ_NAME *)lh_delete(names_lh,&on); + ret=lh_OBJ_NAME_delete(names_lh,&on); if (ret != NULL) { /* free things */ @@ -262,13 +266,13 @@ struct doall void *arg; }; -static void do_all_fn(const OBJ_NAME *name,struct doall *d) +static void do_all_fn_doall_arg(const OBJ_NAME *name,struct doall *d) { if(name->type == d->type) d->fn(name,d->arg); } -static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) { @@ -278,7 +282,8 @@ void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) d.fn=fn; d.arg=arg; - lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d); + lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), + struct doall, &d); } struct doall_sorted @@ -313,7 +318,7 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), int n; d.type=type; - d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); + d.names=OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names); d.n=0; OBJ_NAME_do_all(type,do_all_sorted_fn,&d); @@ -327,18 +332,16 @@ void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), static int free_type; -static void names_lh_free(OBJ_NAME *onp) -{ - if(onp == NULL) +static void names_lh_free_doall(OBJ_NAME *onp) + { + if (onp == NULL) return; - if ((free_type < 0) || (free_type == onp->type)) - { + if (free_type < 0 || free_type == onp->type) OBJ_NAME_remove(onp->name,onp->type); - } } -static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) +static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) static void name_funcs_free(NAME_FUNCS *ptr) { @@ -352,18 +355,18 @@ void OBJ_NAME_cleanup(int type) if (names_lh == NULL) return; free_type=type; - down_load=names_lh->down_load; - names_lh->down_load=0; + down_load=lh_OBJ_NAME_down_load(names_lh); + lh_OBJ_NAME_down_load(names_lh)=0; - lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); + lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); if (type < 0) { - lh_free(names_lh); + lh_OBJ_NAME_free(names_lh); sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free); names_lh=NULL; name_funcs_stack = NULL; } else - names_lh->down_load=down_load; + lh_OBJ_NAME_down_load(names_lh)=down_load; } diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.c b/src/lib/libssl/src/crypto/objects/obj_dat.c index 7fd7433241..8a342ba3eb 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.c +++ b/src/lib/libssl/src/crypto/objects/obj_dat.c @@ -74,16 +74,17 @@ #define NUM_SN 0 #define NUM_LN 0 #define NUM_OBJ 0 -static unsigned char lvalues[1]; -static ASN1_OBJECT nid_objs[1]; -static ASN1_OBJECT *sn_objs[1]; -static ASN1_OBJECT *ln_objs[1]; -static ASN1_OBJECT *obj_objs[1]; +static const unsigned char lvalues[1]; +static const ASN1_OBJECT nid_objs[1]; +static const unsigned int sn_objs[1]; +static const unsigned int ln_objs[1]; +static const unsigned int obj_objs[1]; #endif -static int sn_cmp(const void *a, const void *b); -static int ln_cmp(const void *a, const void *b); -static int obj_cmp(const void *a, const void *b); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); +DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); + #define ADDED_DATA 0 #define ADDED_SNAME 1 #define ADDED_LNAME 2 @@ -94,30 +95,27 @@ typedef struct added_obj_st int type; ASN1_OBJECT *obj; } ADDED_OBJ; +DECLARE_LHASH_OF(ADDED_OBJ); static int new_nid=NUM_NID; -static LHASH *added=NULL; +static LHASH_OF(ADDED_OBJ) *added=NULL; -static int sn_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a, * const *bp = b; - return(strcmp((*ap)->sn,(*bp)->sn)); - } +static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) + { return(strcmp((*a)->sn,nid_objs[*b].sn)); } -static int ln_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a, * const *bp = b; - return(strcmp((*ap)->ln,(*bp)->ln)); - } +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); + +static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) + { return(strcmp((*a)->ln,nid_objs[*b].ln)); } -/* static unsigned long add_hash(ADDED_OBJ *ca) */ -static unsigned long add_hash(const void *ca_void) +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); + +static unsigned long added_obj_hash(const ADDED_OBJ *ca) { const ASN1_OBJECT *a; int i; unsigned long ret=0; unsigned char *p; - const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; a=ca->obj; switch (ca->type) @@ -145,14 +143,12 @@ static unsigned long add_hash(const void *ca_void) ret|=ca->type<<30L; return(ret); } +static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ) -/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ -static int add_cmp(const void *ca_void, const void *cb_void) +static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) { ASN1_OBJECT *a,*b; int i; - const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; - const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; i=ca->type-cb->type; if (i) return(i); @@ -179,15 +175,16 @@ static int add_cmp(const void *ca_void, const void *cb_void) return 0; } } +static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ) static int init_added(void) { if (added != NULL) return(1); - added=lh_new(add_hash,add_cmp); + added=lh_ADDED_OBJ_new(); return(added != NULL); } -static void cleanup1(ADDED_OBJ *a) +static void cleanup1_doall(ADDED_OBJ *a) { a->obj->nid=0; a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| @@ -195,28 +192,46 @@ static void cleanup1(ADDED_OBJ *a) ASN1_OBJECT_FLAG_DYNAMIC_DATA; } -static void cleanup2(ADDED_OBJ *a) +static void cleanup2_doall(ADDED_OBJ *a) { a->obj->nid++; } -static void cleanup3(ADDED_OBJ *a) +static void cleanup3_doall(ADDED_OBJ *a) { if (--a->obj->nid == 0) ASN1_OBJECT_free(a->obj); OPENSSL_free(a); } -static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) -static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) -static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) +static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) +static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) +static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) + +/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting + * to use freed up OIDs. If neccessary the actual freeing up of OIDs is + * delayed. + */ + +int obj_cleanup_defer = 0; + +void check_defer(int nid) + { + if (!obj_cleanup_defer && nid >= NUM_NID) + obj_cleanup_defer = 1; + } void OBJ_cleanup(void) { + if (obj_cleanup_defer) + { + obj_cleanup_defer = 2; + return ; + } if (added == NULL) return; - added->down_load=0; - lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ - lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ - lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ - lh_free(added); + lh_ADDED_OBJ_down_load(added) = 0; + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ + lh_ADDED_OBJ_free(added); added=NULL; } @@ -252,7 +267,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) { ao[i]->type=i; ao[i]->obj=o; - aop=(ADDED_OBJ *)lh_insert(added,ao[i]); + aop=lh_ADDED_OBJ_insert(added,ao[i]); /* memory leak, buit should not normally matter */ if (aop != NULL) OPENSSL_free(aop); @@ -292,7 +307,7 @@ ASN1_OBJECT *OBJ_nid2obj(int n) ad.type=ADDED_NID; ad.obj= &ob; ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return(adp->obj); else @@ -324,7 +339,7 @@ const char *OBJ_nid2sn(int n) ad.type=ADDED_NID; ad.obj= &ob; ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return(adp->obj->sn); else @@ -356,7 +371,7 @@ const char *OBJ_nid2ln(int n) ad.type=ADDED_NID; ad.obj= &ob; ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return(adp->obj->ln); else @@ -367,9 +382,22 @@ const char *OBJ_nid2ln(int n) } } +static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp) + { + int j; + const ASN1_OBJECT *a= *ap; + const ASN1_OBJECT *b= &nid_objs[*bp]; + + j=(a->length - b->length); + if (j) return(j); + return(memcmp(a->data,b->data,a->length)); + } + +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); + int OBJ_obj2nid(const ASN1_OBJECT *a) { - ASN1_OBJECT **op; + const unsigned int *op; ADDED_OBJ ad,*adp; if (a == NULL) @@ -381,14 +409,13 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) { ad.type=ADDED_DATA; ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs, - NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp); + op=OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); if (op == NULL) return(NID_undef); - return((*op)->nid); + return(nid_objs[*op].nid); } /* Convert an object name into an ASN1_OBJECT @@ -441,7 +468,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) int i,n=0,len,nid, first, use_bn; BIGNUM *bl; unsigned long l; - unsigned char *p; + const unsigned char *p; char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; if ((a == NULL) || (a->data == NULL)) { @@ -456,10 +483,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) s=OBJ_nid2ln(nid); if (s == NULL) s=OBJ_nid2sn(nid); - if (buf) - BUF_strlcpy(buf,s,buf_len); - n=strlen(s); - return n; + if (s) + { + if (buf) + BUF_strlcpy(buf,s,buf_len); + n=strlen(s); + return n; + } } @@ -607,62 +637,56 @@ int OBJ_txt2nid(const char *s) int OBJ_ln2nid(const char *s) { - ASN1_OBJECT o,*oo= &o,**op; + ASN1_OBJECT o; + const ASN1_OBJECT *oo= &o; ADDED_OBJ ad,*adp; + const unsigned int *op; o.ln=s; if (added != NULL) { ad.type=ADDED_LNAME; ad.obj= &o; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, - sizeof(ASN1_OBJECT *),ln_cmp); + op=OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); if (op == NULL) return(NID_undef); - return((*op)->nid); + return(nid_objs[*op].nid); } int OBJ_sn2nid(const char *s) { - ASN1_OBJECT o,*oo= &o,**op; + ASN1_OBJECT o; + const ASN1_OBJECT *oo= &o; ADDED_OBJ ad,*adp; + const unsigned int *op; o.sn=s; if (added != NULL) { ad.type=ADDED_SNAME; ad.obj= &o; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + adp=lh_ADDED_OBJ_retrieve(added,&ad); if (adp != NULL) return (adp->obj->nid); } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, - sizeof(ASN1_OBJECT *),sn_cmp); + op=OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); if (op == NULL) return(NID_undef); - return((*op)->nid); + return(nid_objs[*op].nid); } -static int obj_cmp(const void *ap, const void *bp) - { - int j; - const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; - const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp; - - j=(a->length - b->length); - if (j) return(j); - return(memcmp(a->data,b->data,a->length)); - } - -const char *OBJ_bsearch(const char *key, const char *base, int num, int size, - int (*cmp)(const void *, const void *)) +const void *OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp)(const void *, const void *)) { - return OBJ_bsearch_ex(key, base, num, size, cmp, 0); + return OBJ_bsearch_ex_(key, base, num, size, cmp, 0); } -const char *OBJ_bsearch_ex(const char *key, const char *base, int num, - int size, int (*cmp)(const void *, const void *), int flags) +const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, + int size, + int (*cmp)(const void *, const void *), + int flags) { + const char *base=base_; int l,h,i=0,c=0; const char *p = NULL; diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.h b/src/lib/libssl/src/crypto/objects/obj_dat.h index dccc15e03c..6449be6071 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.h +++ b/src/lib/libssl/src/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 859 -#define NUM_SN 852 -#define NUM_LN 852 -#define NUM_OBJ 806 +#define NUM_NID 893 +#define NUM_SN 886 +#define NUM_LN 886 +#define NUM_OBJ 840 -static unsigned char lvalues[5722]={ +static const unsigned char lvalues[5824]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -707,7 +707,7 @@ static unsigned char lvalues[5722]={ 0x2B, /* [4582] OBJ_identified_organization */ 0x2B,0x81,0x04, /* [4583] OBJ_certicom_arc */ 0x67,0x2B, /* [4586] OBJ_wap */ -0x67,0x2B,0x0D, /* [4588] OBJ_wap_wsg */ +0x67,0x2B,0x01, /* [4588] OBJ_wap_wsg */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4591] OBJ_X9_62_id_characteristic_two_basis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4599] OBJ_X9_62_onBasis */ 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4608] OBJ_X9_62_tpBasis */ @@ -763,17 +763,17 @@ static unsigned char lvalues[5722]={ 0x2B,0x81,0x04,0x00,0x25, /* [4926] OBJ_sect409r1 */ 0x2B,0x81,0x04,0x00,0x26, /* [4931] OBJ_sect571k1 */ 0x2B,0x81,0x04,0x00,0x27, /* [4936] OBJ_sect571r1 */ -0x67,0x2B,0x0D,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x0D,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x0D,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x0D,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x0D,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x0D,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x0D,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x0D,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x0D,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x0D,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x0D,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x67,0x2B,0x01,0x04,0x01, /* [4941] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4946] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4951] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4956] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4961] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4966] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4971] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4976] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4981] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4986] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4991] OBJ_wap_wsg_idm_ecid_wtls12 */ 0x55,0x1D,0x20,0x00, /* [4996] OBJ_any_policy */ 0x55,0x1D,0x21, /* [5000] OBJ_policy_mappings */ 0x55,0x1D,0x36, /* [5003] OBJ_inhibit_any_policy */ @@ -874,9 +874,43 @@ static unsigned char lvalues[5722]={ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */ 0x55,0x1D,0x2E, /* [5710] OBJ_freshest_crl */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5713] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5721] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5724] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5727] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5730] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5733] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5736] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5739] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5742] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5745] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5748] OBJ_x121Address */ +0x55,0x04,0x19, /* [5751] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5754] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5757] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5760] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5763] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5766] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5769] OBJ_member */ +0x55,0x04,0x20, /* [5772] OBJ_owner */ +0x55,0x04,0x21, /* [5775] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5778] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5781] OBJ_userPassword */ +0x55,0x04,0x24, /* [5784] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5787] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5790] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5793] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5796] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5799] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5802] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5805] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5808] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5811] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5814] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5817] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5820] OBJ_dmdName */ }; -static ASN1_OBJECT nid_objs[NUM_NID]={ +static const ASN1_OBJECT nid_objs[NUM_NID]={ {"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0}, {"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0}, {"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0}, @@ -1928,7 +1962,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"streetAddress","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4462]),0}, {"postalCode","postalCode",NID_postalCode,3,&(lvalues[4465]),0}, {"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4468]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, @@ -2262,2524 +2296,2681 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[5710]),0}, {"id-on-permanentIdentifier","Permanent Identifier", NID_id_on_permanentIdentifier,8,&(lvalues[5713]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5721]),0}, +{"businessCategory","businessCategory",NID_businessCategory,3, + &(lvalues[5724]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5727]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5730]),0}, +{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", + NID_physicalDeliveryOfficeName,3,&(lvalues[5733]),0}, +{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, + &(lvalues[5736]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5739]),0}, +{"teletexTerminalIdentifier","teletexTerminalIdentifier", + NID_teletexTerminalIdentifier,3,&(lvalues[5742]),0}, +{"facsimileTelephoneNumber","facsimileTelephoneNumber", + NID_facsimileTelephoneNumber,3,&(lvalues[5745]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5748]),0}, +{"internationaliSDNNumber","internationaliSDNNumber", + NID_internationaliSDNNumber,3,&(lvalues[5751]),0}, +{"registeredAddress","registeredAddress",NID_registeredAddress,3, + &(lvalues[5754]),0}, +{"destinationIndicator","destinationIndicator", + NID_destinationIndicator,3,&(lvalues[5757]),0}, +{"preferredDeliveryMethod","preferredDeliveryMethod", + NID_preferredDeliveryMethod,3,&(lvalues[5760]),0}, +{"presentationAddress","presentationAddress",NID_presentationAddress, + 3,&(lvalues[5763]),0}, +{"supportedApplicationContext","supportedApplicationContext", + NID_supportedApplicationContext,3,&(lvalues[5766]),0}, +{"member","member",NID_member,3,&(lvalues[5769]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5772]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5775]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5778]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5781]),0}, +{"userCertificate","userCertificate",NID_userCertificate,3, + &(lvalues[5784]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5787]),0}, +{"authorityRevocationList","authorityRevocationList", + NID_authorityRevocationList,3,&(lvalues[5790]),0}, +{"certificateRevocationList","certificateRevocationList", + NID_certificateRevocationList,3,&(lvalues[5793]),0}, +{"crossCertificatePair","crossCertificatePair", + NID_crossCertificatePair,3,&(lvalues[5796]),0}, +{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, + 3,&(lvalues[5799]),0}, +{"protocolInformation","protocolInformation",NID_protocolInformation, + 3,&(lvalues[5802]),0}, +{"distinguishedName","distinguishedName",NID_distinguishedName,3, + &(lvalues[5805]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5808]),0}, +{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, + &(lvalues[5811]),0}, +{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, + 3,&(lvalues[5814]),0}, +{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, + 3,&(lvalues[5817]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0}, }; -static ASN1_OBJECT *sn_objs[NUM_SN]={ -&(nid_objs[364]),/* "AD_DVCS" */ -&(nid_objs[419]),/* "AES-128-CBC" */ -&(nid_objs[421]),/* "AES-128-CFB" */ -&(nid_objs[650]),/* "AES-128-CFB1" */ -&(nid_objs[653]),/* "AES-128-CFB8" */ -&(nid_objs[418]),/* "AES-128-ECB" */ -&(nid_objs[420]),/* "AES-128-OFB" */ -&(nid_objs[423]),/* "AES-192-CBC" */ -&(nid_objs[425]),/* "AES-192-CFB" */ -&(nid_objs[651]),/* "AES-192-CFB1" */ -&(nid_objs[654]),/* "AES-192-CFB8" */ -&(nid_objs[422]),/* "AES-192-ECB" */ -&(nid_objs[424]),/* "AES-192-OFB" */ -&(nid_objs[427]),/* "AES-256-CBC" */ -&(nid_objs[429]),/* "AES-256-CFB" */ -&(nid_objs[652]),/* "AES-256-CFB1" */ -&(nid_objs[655]),/* "AES-256-CFB8" */ -&(nid_objs[426]),/* "AES-256-ECB" */ -&(nid_objs[428]),/* "AES-256-OFB" */ -&(nid_objs[91]),/* "BF-CBC" */ -&(nid_objs[93]),/* "BF-CFB" */ -&(nid_objs[92]),/* "BF-ECB" */ -&(nid_objs[94]),/* "BF-OFB" */ -&(nid_objs[14]),/* "C" */ -&(nid_objs[751]),/* "CAMELLIA-128-CBC" */ -&(nid_objs[757]),/* "CAMELLIA-128-CFB" */ -&(nid_objs[760]),/* "CAMELLIA-128-CFB1" */ -&(nid_objs[763]),/* "CAMELLIA-128-CFB8" */ -&(nid_objs[754]),/* "CAMELLIA-128-ECB" */ -&(nid_objs[766]),/* "CAMELLIA-128-OFB" */ -&(nid_objs[752]),/* "CAMELLIA-192-CBC" */ -&(nid_objs[758]),/* "CAMELLIA-192-CFB" */ -&(nid_objs[761]),/* "CAMELLIA-192-CFB1" */ -&(nid_objs[764]),/* "CAMELLIA-192-CFB8" */ -&(nid_objs[755]),/* "CAMELLIA-192-ECB" */ -&(nid_objs[767]),/* "CAMELLIA-192-OFB" */ -&(nid_objs[753]),/* "CAMELLIA-256-CBC" */ -&(nid_objs[759]),/* "CAMELLIA-256-CFB" */ -&(nid_objs[762]),/* "CAMELLIA-256-CFB1" */ -&(nid_objs[765]),/* "CAMELLIA-256-CFB8" */ -&(nid_objs[756]),/* "CAMELLIA-256-ECB" */ -&(nid_objs[768]),/* "CAMELLIA-256-OFB" */ -&(nid_objs[108]),/* "CAST5-CBC" */ -&(nid_objs[110]),/* "CAST5-CFB" */ -&(nid_objs[109]),/* "CAST5-ECB" */ -&(nid_objs[111]),/* "CAST5-OFB" */ -&(nid_objs[13]),/* "CN" */ -&(nid_objs[141]),/* "CRLReason" */ -&(nid_objs[417]),/* "CSPName" */ -&(nid_objs[367]),/* "CrlID" */ -&(nid_objs[391]),/* "DC" */ -&(nid_objs[31]),/* "DES-CBC" */ -&(nid_objs[643]),/* "DES-CDMF" */ -&(nid_objs[30]),/* "DES-CFB" */ -&(nid_objs[656]),/* "DES-CFB1" */ -&(nid_objs[657]),/* "DES-CFB8" */ -&(nid_objs[29]),/* "DES-ECB" */ -&(nid_objs[32]),/* "DES-EDE" */ -&(nid_objs[43]),/* "DES-EDE-CBC" */ -&(nid_objs[60]),/* "DES-EDE-CFB" */ -&(nid_objs[62]),/* "DES-EDE-OFB" */ -&(nid_objs[33]),/* "DES-EDE3" */ -&(nid_objs[44]),/* "DES-EDE3-CBC" */ -&(nid_objs[61]),/* "DES-EDE3-CFB" */ -&(nid_objs[658]),/* "DES-EDE3-CFB1" */ -&(nid_objs[659]),/* "DES-EDE3-CFB8" */ -&(nid_objs[63]),/* "DES-EDE3-OFB" */ -&(nid_objs[45]),/* "DES-OFB" */ -&(nid_objs[80]),/* "DESX-CBC" */ -&(nid_objs[380]),/* "DOD" */ -&(nid_objs[116]),/* "DSA" */ -&(nid_objs[66]),/* "DSA-SHA" */ -&(nid_objs[113]),/* "DSA-SHA1" */ -&(nid_objs[70]),/* "DSA-SHA1-old" */ -&(nid_objs[67]),/* "DSA-old" */ -&(nid_objs[297]),/* "DVCS" */ -&(nid_objs[99]),/* "GN" */ -&(nid_objs[855]),/* "HMAC" */ -&(nid_objs[780]),/* "HMAC-MD5" */ -&(nid_objs[781]),/* "HMAC-SHA1" */ -&(nid_objs[381]),/* "IANA" */ -&(nid_objs[34]),/* "IDEA-CBC" */ -&(nid_objs[35]),/* "IDEA-CFB" */ -&(nid_objs[36]),/* "IDEA-ECB" */ -&(nid_objs[46]),/* "IDEA-OFB" */ -&(nid_objs[181]),/* "ISO" */ -&(nid_objs[183]),/* "ISO-US" */ -&(nid_objs[645]),/* "ITU-T" */ -&(nid_objs[646]),/* "JOINT-ISO-ITU-T" */ -&(nid_objs[773]),/* "KISA" */ -&(nid_objs[15]),/* "L" */ -&(nid_objs[856]),/* "LocalKeySet" */ -&(nid_objs[ 3]),/* "MD2" */ -&(nid_objs[257]),/* "MD4" */ -&(nid_objs[ 4]),/* "MD5" */ -&(nid_objs[114]),/* "MD5-SHA1" */ -&(nid_objs[95]),/* "MDC2" */ -&(nid_objs[388]),/* "Mail" */ -&(nid_objs[393]),/* "NULL" */ -&(nid_objs[404]),/* "NULL" */ -&(nid_objs[57]),/* "Netscape" */ -&(nid_objs[366]),/* "Nonce" */ -&(nid_objs[17]),/* "O" */ -&(nid_objs[178]),/* "OCSP" */ -&(nid_objs[180]),/* "OCSPSigning" */ -&(nid_objs[379]),/* "ORG" */ -&(nid_objs[18]),/* "OU" */ -&(nid_objs[749]),/* "Oakley-EC2N-3" */ -&(nid_objs[750]),/* "Oakley-EC2N-4" */ -&(nid_objs[ 9]),/* "PBE-MD2-DES" */ -&(nid_objs[168]),/* "PBE-MD2-RC2-64" */ -&(nid_objs[10]),/* "PBE-MD5-DES" */ -&(nid_objs[169]),/* "PBE-MD5-RC2-64" */ -&(nid_objs[147]),/* "PBE-SHA1-2DES" */ -&(nid_objs[146]),/* "PBE-SHA1-3DES" */ -&(nid_objs[170]),/* "PBE-SHA1-DES" */ -&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */ -&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */ -&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */ -&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */ -&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */ -&(nid_objs[161]),/* "PBES2" */ -&(nid_objs[69]),/* "PBKDF2" */ -&(nid_objs[162]),/* "PBMAC1" */ -&(nid_objs[127]),/* "PKIX" */ -&(nid_objs[98]),/* "RC2-40-CBC" */ -&(nid_objs[166]),/* "RC2-64-CBC" */ -&(nid_objs[37]),/* "RC2-CBC" */ -&(nid_objs[39]),/* "RC2-CFB" */ -&(nid_objs[38]),/* "RC2-ECB" */ -&(nid_objs[40]),/* "RC2-OFB" */ -&(nid_objs[ 5]),/* "RC4" */ -&(nid_objs[97]),/* "RC4-40" */ -&(nid_objs[120]),/* "RC5-CBC" */ -&(nid_objs[122]),/* "RC5-CFB" */ -&(nid_objs[121]),/* "RC5-ECB" */ -&(nid_objs[123]),/* "RC5-OFB" */ -&(nid_objs[117]),/* "RIPEMD160" */ -&(nid_objs[124]),/* "RLE" */ -&(nid_objs[19]),/* "RSA" */ -&(nid_objs[ 7]),/* "RSA-MD2" */ -&(nid_objs[396]),/* "RSA-MD4" */ -&(nid_objs[ 8]),/* "RSA-MD5" */ -&(nid_objs[96]),/* "RSA-MDC2" */ -&(nid_objs[104]),/* "RSA-NP-MD5" */ -&(nid_objs[119]),/* "RSA-RIPEMD160" */ -&(nid_objs[42]),/* "RSA-SHA" */ -&(nid_objs[65]),/* "RSA-SHA1" */ -&(nid_objs[115]),/* "RSA-SHA1-2" */ -&(nid_objs[671]),/* "RSA-SHA224" */ -&(nid_objs[668]),/* "RSA-SHA256" */ -&(nid_objs[669]),/* "RSA-SHA384" */ -&(nid_objs[670]),/* "RSA-SHA512" */ -&(nid_objs[777]),/* "SEED-CBC" */ -&(nid_objs[779]),/* "SEED-CFB" */ -&(nid_objs[776]),/* "SEED-ECB" */ -&(nid_objs[778]),/* "SEED-OFB" */ -&(nid_objs[41]),/* "SHA" */ -&(nid_objs[64]),/* "SHA1" */ -&(nid_objs[675]),/* "SHA224" */ -&(nid_objs[672]),/* "SHA256" */ -&(nid_objs[673]),/* "SHA384" */ -&(nid_objs[674]),/* "SHA512" */ -&(nid_objs[188]),/* "SMIME" */ -&(nid_objs[167]),/* "SMIME-CAPS" */ -&(nid_objs[100]),/* "SN" */ -&(nid_objs[16]),/* "ST" */ -&(nid_objs[143]),/* "SXNetID" */ -&(nid_objs[458]),/* "UID" */ -&(nid_objs[ 0]),/* "UNDEF" */ -&(nid_objs[11]),/* "X500" */ -&(nid_objs[378]),/* "X500algorithms" */ -&(nid_objs[12]),/* "X509" */ -&(nid_objs[184]),/* "X9-57" */ -&(nid_objs[185]),/* "X9cm" */ -&(nid_objs[125]),/* "ZLIB" */ -&(nid_objs[478]),/* "aRecord" */ -&(nid_objs[289]),/* "aaControls" */ -&(nid_objs[287]),/* "ac-auditEntity" */ -&(nid_objs[397]),/* "ac-proxying" */ -&(nid_objs[288]),/* "ac-targeting" */ -&(nid_objs[368]),/* "acceptableResponses" */ -&(nid_objs[446]),/* "account" */ -&(nid_objs[363]),/* "ad_timestamping" */ -&(nid_objs[376]),/* "algorithm" */ -&(nid_objs[405]),/* "ansi-X9-62" */ -&(nid_objs[746]),/* "anyPolicy" */ -&(nid_objs[370]),/* "archiveCutoff" */ -&(nid_objs[484]),/* "associatedDomain" */ -&(nid_objs[485]),/* "associatedName" */ -&(nid_objs[501]),/* "audio" */ -&(nid_objs[177]),/* "authorityInfoAccess" */ -&(nid_objs[90]),/* "authorityKeyIdentifier" */ -&(nid_objs[87]),/* "basicConstraints" */ -&(nid_objs[365]),/* "basicOCSPResponse" */ -&(nid_objs[285]),/* "biometricInfo" */ -&(nid_objs[494]),/* "buildingName" */ -&(nid_objs[691]),/* "c2onb191v4" */ -&(nid_objs[692]),/* "c2onb191v5" */ -&(nid_objs[697]),/* "c2onb239v4" */ -&(nid_objs[698]),/* "c2onb239v5" */ -&(nid_objs[684]),/* "c2pnb163v1" */ -&(nid_objs[685]),/* "c2pnb163v2" */ -&(nid_objs[686]),/* "c2pnb163v3" */ -&(nid_objs[687]),/* "c2pnb176v1" */ -&(nid_objs[693]),/* "c2pnb208w1" */ -&(nid_objs[699]),/* "c2pnb272w1" */ -&(nid_objs[700]),/* "c2pnb304w1" */ -&(nid_objs[702]),/* "c2pnb368w1" */ -&(nid_objs[688]),/* "c2tnb191v1" */ -&(nid_objs[689]),/* "c2tnb191v2" */ -&(nid_objs[690]),/* "c2tnb191v3" */ -&(nid_objs[694]),/* "c2tnb239v1" */ -&(nid_objs[695]),/* "c2tnb239v2" */ -&(nid_objs[696]),/* "c2tnb239v3" */ -&(nid_objs[701]),/* "c2tnb359v1" */ -&(nid_objs[703]),/* "c2tnb431r1" */ -&(nid_objs[483]),/* "cNAMERecord" */ -&(nid_objs[179]),/* "caIssuers" */ -&(nid_objs[785]),/* "caRepository" */ -&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ -&(nid_objs[152]),/* "certBag" */ -&(nid_objs[677]),/* "certicom-arc" */ -&(nid_objs[771]),/* "certificateIssuer" */ -&(nid_objs[89]),/* "certificatePolicies" */ -&(nid_objs[54]),/* "challengePassword" */ -&(nid_objs[407]),/* "characteristic-two-field" */ -&(nid_objs[395]),/* "clearance" */ -&(nid_objs[130]),/* "clientAuth" */ -&(nid_objs[131]),/* "codeSigning" */ -&(nid_objs[50]),/* "contentType" */ -&(nid_objs[53]),/* "countersignature" */ -&(nid_objs[153]),/* "crlBag" */ -&(nid_objs[103]),/* "crlDistributionPoints" */ -&(nid_objs[88]),/* "crlNumber" */ -&(nid_objs[806]),/* "cryptocom" */ -&(nid_objs[805]),/* "cryptopro" */ -&(nid_objs[500]),/* "dITRedirect" */ -&(nid_objs[451]),/* "dNSDomain" */ -&(nid_objs[495]),/* "dSAQuality" */ -&(nid_objs[434]),/* "data" */ -&(nid_objs[390]),/* "dcobject" */ -&(nid_objs[140]),/* "deltaCRL" */ -&(nid_objs[107]),/* "description" */ -&(nid_objs[28]),/* "dhKeyAgreement" */ -&(nid_objs[382]),/* "directory" */ -&(nid_objs[174]),/* "dnQualifier" */ -&(nid_objs[447]),/* "document" */ -&(nid_objs[471]),/* "documentAuthor" */ -&(nid_objs[468]),/* "documentIdentifier" */ -&(nid_objs[472]),/* "documentLocation" */ -&(nid_objs[502]),/* "documentPublisher" */ -&(nid_objs[449]),/* "documentSeries" */ -&(nid_objs[469]),/* "documentTitle" */ -&(nid_objs[470]),/* "documentVersion" */ -&(nid_objs[392]),/* "domain" */ -&(nid_objs[452]),/* "domainRelatedObject" */ -&(nid_objs[802]),/* "dsa_with_SHA224" */ -&(nid_objs[803]),/* "dsa_with_SHA256" */ -&(nid_objs[791]),/* "ecdsa-with-Recommended" */ -&(nid_objs[416]),/* "ecdsa-with-SHA1" */ -&(nid_objs[793]),/* "ecdsa-with-SHA224" */ -&(nid_objs[794]),/* "ecdsa-with-SHA256" */ -&(nid_objs[795]),/* "ecdsa-with-SHA384" */ -&(nid_objs[796]),/* "ecdsa-with-SHA512" */ -&(nid_objs[792]),/* "ecdsa-with-Specified" */ -&(nid_objs[48]),/* "emailAddress" */ -&(nid_objs[132]),/* "emailProtection" */ -&(nid_objs[389]),/* "enterprises" */ -&(nid_objs[384]),/* "experimental" */ -&(nid_objs[172]),/* "extReq" */ -&(nid_objs[56]),/* "extendedCertificateAttributes" */ -&(nid_objs[126]),/* "extendedKeyUsage" */ -&(nid_objs[372]),/* "extendedStatus" */ -&(nid_objs[462]),/* "favouriteDrink" */ -&(nid_objs[857]),/* "freshestCRL" */ -&(nid_objs[453]),/* "friendlyCountry" */ -&(nid_objs[490]),/* "friendlyCountryName" */ -&(nid_objs[156]),/* "friendlyName" */ -&(nid_objs[509]),/* "generationQualifier" */ -&(nid_objs[815]),/* "gost-mac" */ -&(nid_objs[811]),/* "gost2001" */ -&(nid_objs[851]),/* "gost2001cc" */ -&(nid_objs[813]),/* "gost89" */ -&(nid_objs[814]),/* "gost89-cnt" */ -&(nid_objs[812]),/* "gost94" */ -&(nid_objs[850]),/* "gost94cc" */ -&(nid_objs[797]),/* "hmacWithMD5" */ -&(nid_objs[163]),/* "hmacWithSHA1" */ -&(nid_objs[798]),/* "hmacWithSHA224" */ -&(nid_objs[799]),/* "hmacWithSHA256" */ -&(nid_objs[800]),/* "hmacWithSHA384" */ -&(nid_objs[801]),/* "hmacWithSHA512" */ -&(nid_objs[432]),/* "holdInstructionCallIssuer" */ -&(nid_objs[430]),/* "holdInstructionCode" */ -&(nid_objs[431]),/* "holdInstructionNone" */ -&(nid_objs[433]),/* "holdInstructionReject" */ -&(nid_objs[486]),/* "homePostalAddress" */ -&(nid_objs[473]),/* "homeTelephoneNumber" */ -&(nid_objs[466]),/* "host" */ -&(nid_objs[442]),/* "iA5StringSyntax" */ -&(nid_objs[783]),/* "id-DHBasedMac" */ -&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ -&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ -&(nid_objs[849]),/* "id-Gost28147-89-cc" */ -&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -&(nid_objs[854]),/* "id-GostR3410-2001-ParamSet-cc" */ -&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ -&(nid_objs[817]),/* "id-GostR3410-2001DH" */ -&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ -&(nid_objs[845]),/* "id-GostR3410-94-a" */ -&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ -&(nid_objs[847]),/* "id-GostR3410-94-b" */ -&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ -&(nid_objs[818]),/* "id-GostR3410-94DH" */ -&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ -&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ -&(nid_objs[807]),/* "id-GostR3411-94-with-GostR3410-2001" */ -&(nid_objs[853]),/* "id-GostR3411-94-with-GostR3410-2001-cc" */ -&(nid_objs[808]),/* "id-GostR3411-94-with-GostR3410-94" */ -&(nid_objs[852]),/* "id-GostR3411-94-with-GostR3410-94-cc" */ -&(nid_objs[810]),/* "id-HMACGostR3411-94" */ -&(nid_objs[782]),/* "id-PasswordBasedMAC" */ -&(nid_objs[266]),/* "id-aca" */ -&(nid_objs[355]),/* "id-aca-accessIdentity" */ -&(nid_objs[354]),/* "id-aca-authenticationInfo" */ -&(nid_objs[356]),/* "id-aca-chargingIdentity" */ -&(nid_objs[399]),/* "id-aca-encAttrs" */ -&(nid_objs[357]),/* "id-aca-group" */ -&(nid_objs[358]),/* "id-aca-role" */ -&(nid_objs[176]),/* "id-ad" */ -&(nid_objs[788]),/* "id-aes128-wrap" */ -&(nid_objs[789]),/* "id-aes192-wrap" */ -&(nid_objs[790]),/* "id-aes256-wrap" */ -&(nid_objs[262]),/* "id-alg" */ -&(nid_objs[323]),/* "id-alg-des40" */ -&(nid_objs[326]),/* "id-alg-dh-pop" */ -&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ -&(nid_objs[324]),/* "id-alg-noSignature" */ -&(nid_objs[268]),/* "id-cct" */ -&(nid_objs[361]),/* "id-cct-PKIData" */ -&(nid_objs[362]),/* "id-cct-PKIResponse" */ -&(nid_objs[360]),/* "id-cct-crs" */ -&(nid_objs[81]),/* "id-ce" */ -&(nid_objs[680]),/* "id-characteristic-two-basis" */ -&(nid_objs[263]),/* "id-cmc" */ -&(nid_objs[334]),/* "id-cmc-addExtensions" */ -&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ -&(nid_objs[330]),/* "id-cmc-dataReturn" */ -&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ -&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ -&(nid_objs[339]),/* "id-cmc-getCRL" */ -&(nid_objs[338]),/* "id-cmc-getCert" */ -&(nid_objs[328]),/* "id-cmc-identification" */ -&(nid_objs[329]),/* "id-cmc-identityProof" */ -&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ -&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ -&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ -&(nid_objs[343]),/* "id-cmc-queryPending" */ -&(nid_objs[333]),/* "id-cmc-recipientNonce" */ -&(nid_objs[341]),/* "id-cmc-regInfo" */ -&(nid_objs[342]),/* "id-cmc-responseInfo" */ -&(nid_objs[340]),/* "id-cmc-revokeRequest" */ -&(nid_objs[332]),/* "id-cmc-senderNonce" */ -&(nid_objs[327]),/* "id-cmc-statusInfo" */ -&(nid_objs[331]),/* "id-cmc-transactionId" */ -&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ -&(nid_objs[408]),/* "id-ecPublicKey" */ -&(nid_objs[508]),/* "id-hex-multipart-message" */ -&(nid_objs[507]),/* "id-hex-partial-message" */ -&(nid_objs[260]),/* "id-it" */ -&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ -&(nid_objs[298]),/* "id-it-caProtEncCert" */ -&(nid_objs[311]),/* "id-it-confirmWaitTime" */ -&(nid_objs[303]),/* "id-it-currentCRL" */ -&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ -&(nid_objs[310]),/* "id-it-implicitConfirm" */ -&(nid_objs[308]),/* "id-it-keyPairParamRep" */ -&(nid_objs[307]),/* "id-it-keyPairParamReq" */ -&(nid_objs[312]),/* "id-it-origPKIMessage" */ -&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ -&(nid_objs[309]),/* "id-it-revPassphrase" */ -&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ -&(nid_objs[305]),/* "id-it-subscriptionRequest" */ -&(nid_objs[306]),/* "id-it-subscriptionResponse" */ -&(nid_objs[784]),/* "id-it-suppLangTags" */ -&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ -&(nid_objs[128]),/* "id-kp" */ -&(nid_objs[280]),/* "id-mod-attribute-cert" */ -&(nid_objs[274]),/* "id-mod-cmc" */ -&(nid_objs[277]),/* "id-mod-cmp" */ -&(nid_objs[284]),/* "id-mod-cmp2000" */ -&(nid_objs[273]),/* "id-mod-crmf" */ -&(nid_objs[283]),/* "id-mod-dvcs" */ -&(nid_objs[275]),/* "id-mod-kea-profile-88" */ -&(nid_objs[276]),/* "id-mod-kea-profile-93" */ -&(nid_objs[282]),/* "id-mod-ocsp" */ -&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ -&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ -&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ -&(nid_objs[264]),/* "id-on" */ -&(nid_objs[858]),/* "id-on-permanentIdentifier" */ -&(nid_objs[347]),/* "id-on-personalData" */ -&(nid_objs[265]),/* "id-pda" */ -&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ -&(nid_objs[353]),/* "id-pda-countryOfResidence" */ -&(nid_objs[348]),/* "id-pda-dateOfBirth" */ -&(nid_objs[351]),/* "id-pda-gender" */ -&(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[175]),/* "id-pe" */ -&(nid_objs[261]),/* "id-pkip" */ -&(nid_objs[258]),/* "id-pkix-mod" */ -&(nid_objs[269]),/* "id-pkix1-explicit-88" */ -&(nid_objs[271]),/* "id-pkix1-explicit-93" */ -&(nid_objs[270]),/* "id-pkix1-implicit-88" */ -&(nid_objs[272]),/* "id-pkix1-implicit-93" */ -&(nid_objs[662]),/* "id-ppl" */ -&(nid_objs[664]),/* "id-ppl-anyLanguage" */ -&(nid_objs[667]),/* "id-ppl-independent" */ -&(nid_objs[665]),/* "id-ppl-inheritAll" */ -&(nid_objs[267]),/* "id-qcs" */ -&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ -&(nid_objs[259]),/* "id-qt" */ -&(nid_objs[164]),/* "id-qt-cps" */ -&(nid_objs[165]),/* "id-qt-unotice" */ -&(nid_objs[313]),/* "id-regCtrl" */ -&(nid_objs[316]),/* "id-regCtrl-authenticator" */ -&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ -&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ -&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ -&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ -&(nid_objs[315]),/* "id-regCtrl-regToken" */ -&(nid_objs[314]),/* "id-regInfo" */ -&(nid_objs[322]),/* "id-regInfo-certReq" */ -&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ -&(nid_objs[512]),/* "id-set" */ -&(nid_objs[191]),/* "id-smime-aa" */ -&(nid_objs[215]),/* "id-smime-aa-contentHint" */ -&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ -&(nid_objs[221]),/* "id-smime-aa-contentReference" */ -&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ -&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ -&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ -&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ -&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ -&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ -&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ -&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ -&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ -&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ -&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ -&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ -&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ -&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ -&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ -&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ -&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ -&(nid_objs[219]),/* "id-smime-aa-macValue" */ -&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ -&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ -&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ -&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ -&(nid_objs[239]),/* "id-smime-aa-signatureType" */ -&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ -&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ -&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ -&(nid_objs[192]),/* "id-smime-alg" */ -&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ -&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ -&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ -&(nid_objs[245]),/* "id-smime-alg-ESDH" */ -&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ -&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ -&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ -&(nid_objs[193]),/* "id-smime-cd" */ -&(nid_objs[248]),/* "id-smime-cd-ldap" */ -&(nid_objs[190]),/* "id-smime-ct" */ -&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ -&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ -&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ -&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ -&(nid_objs[205]),/* "id-smime-ct-authData" */ -&(nid_objs[786]),/* "id-smime-ct-compressedData" */ -&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ -&(nid_objs[206]),/* "id-smime-ct-publishCert" */ -&(nid_objs[204]),/* "id-smime-ct-receipt" */ -&(nid_objs[195]),/* "id-smime-cti" */ -&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ -&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ -&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ -&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ -&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ -&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ -&(nid_objs[189]),/* "id-smime-mod" */ -&(nid_objs[196]),/* "id-smime-mod-cms" */ -&(nid_objs[197]),/* "id-smime-mod-ess" */ -&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ -&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ -&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ -&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ -&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ -&(nid_objs[198]),/* "id-smime-mod-oid" */ -&(nid_objs[194]),/* "id-smime-spq" */ -&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ -&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ -&(nid_objs[676]),/* "identified-organization" */ -&(nid_objs[461]),/* "info" */ -&(nid_objs[748]),/* "inhibitAnyPolicy" */ -&(nid_objs[101]),/* "initials" */ -&(nid_objs[647]),/* "international-organizations" */ -&(nid_objs[142]),/* "invalidityDate" */ -&(nid_objs[294]),/* "ipsecEndSystem" */ -&(nid_objs[295]),/* "ipsecTunnel" */ -&(nid_objs[296]),/* "ipsecUser" */ -&(nid_objs[86]),/* "issuerAltName" */ -&(nid_objs[770]),/* "issuingDistributionPoint" */ -&(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[150]),/* "keyBag" */ -&(nid_objs[83]),/* "keyUsage" */ -&(nid_objs[477]),/* "lastModifiedBy" */ -&(nid_objs[476]),/* "lastModifiedTime" */ -&(nid_objs[157]),/* "localKeyID" */ -&(nid_objs[480]),/* "mXRecord" */ -&(nid_objs[460]),/* "mail" */ -&(nid_objs[493]),/* "mailPreferenceOption" */ -&(nid_objs[467]),/* "manager" */ -&(nid_objs[809]),/* "md_gost94" */ -&(nid_objs[182]),/* "member-body" */ -&(nid_objs[51]),/* "messageDigest" */ -&(nid_objs[383]),/* "mgmt" */ -&(nid_objs[504]),/* "mime-mhs" */ -&(nid_objs[506]),/* "mime-mhs-bodies" */ -&(nid_objs[505]),/* "mime-mhs-headings" */ -&(nid_objs[488]),/* "mobileTelephoneNumber" */ -&(nid_objs[136]),/* "msCTLSign" */ -&(nid_objs[135]),/* "msCodeCom" */ -&(nid_objs[134]),/* "msCodeInd" */ -&(nid_objs[138]),/* "msEFS" */ -&(nid_objs[171]),/* "msExtReq" */ -&(nid_objs[137]),/* "msSGC" */ -&(nid_objs[648]),/* "msSmartcardLogin" */ -&(nid_objs[649]),/* "msUPN" */ -&(nid_objs[481]),/* "nSRecord" */ -&(nid_objs[173]),/* "name" */ -&(nid_objs[666]),/* "nameConstraints" */ -&(nid_objs[369]),/* "noCheck" */ -&(nid_objs[403]),/* "noRevAvail" */ -&(nid_objs[72]),/* "nsBaseUrl" */ -&(nid_objs[76]),/* "nsCaPolicyUrl" */ -&(nid_objs[74]),/* "nsCaRevocationUrl" */ -&(nid_objs[58]),/* "nsCertExt" */ -&(nid_objs[79]),/* "nsCertSequence" */ -&(nid_objs[71]),/* "nsCertType" */ -&(nid_objs[78]),/* "nsComment" */ -&(nid_objs[59]),/* "nsDataType" */ -&(nid_objs[75]),/* "nsRenewalUrl" */ -&(nid_objs[73]),/* "nsRevocationUrl" */ -&(nid_objs[139]),/* "nsSGC" */ -&(nid_objs[77]),/* "nsSslServerName" */ -&(nid_objs[681]),/* "onBasis" */ -&(nid_objs[491]),/* "organizationalStatus" */ -&(nid_objs[475]),/* "otherMailbox" */ -&(nid_objs[489]),/* "pagerTelephoneNumber" */ -&(nid_objs[374]),/* "path" */ -&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ -&(nid_objs[499]),/* "personalSignature" */ -&(nid_objs[487]),/* "personalTitle" */ -&(nid_objs[464]),/* "photo" */ -&(nid_objs[437]),/* "pilot" */ -&(nid_objs[439]),/* "pilotAttributeSyntax" */ -&(nid_objs[438]),/* "pilotAttributeType" */ -&(nid_objs[479]),/* "pilotAttributeType27" */ -&(nid_objs[456]),/* "pilotDSA" */ -&(nid_objs[441]),/* "pilotGroups" */ -&(nid_objs[444]),/* "pilotObject" */ -&(nid_objs[440]),/* "pilotObjectClass" */ -&(nid_objs[455]),/* "pilotOrganization" */ -&(nid_objs[445]),/* "pilotPerson" */ -&(nid_objs[ 2]),/* "pkcs" */ -&(nid_objs[186]),/* "pkcs1" */ -&(nid_objs[27]),/* "pkcs3" */ -&(nid_objs[187]),/* "pkcs5" */ -&(nid_objs[20]),/* "pkcs7" */ -&(nid_objs[21]),/* "pkcs7-data" */ -&(nid_objs[25]),/* "pkcs7-digestData" */ -&(nid_objs[26]),/* "pkcs7-encryptedData" */ -&(nid_objs[23]),/* "pkcs7-envelopedData" */ -&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ -&(nid_objs[22]),/* "pkcs7-signedData" */ -&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ -&(nid_objs[47]),/* "pkcs9" */ -&(nid_objs[401]),/* "policyConstraints" */ -&(nid_objs[747]),/* "policyMappings" */ -&(nid_objs[661]),/* "postalCode" */ -&(nid_objs[683]),/* "ppBasis" */ -&(nid_objs[816]),/* "prf-gostr3411-94" */ -&(nid_objs[406]),/* "prime-field" */ -&(nid_objs[409]),/* "prime192v1" */ -&(nid_objs[410]),/* "prime192v2" */ -&(nid_objs[411]),/* "prime192v3" */ -&(nid_objs[412]),/* "prime239v1" */ -&(nid_objs[413]),/* "prime239v2" */ -&(nid_objs[414]),/* "prime239v3" */ -&(nid_objs[415]),/* "prime256v1" */ -&(nid_objs[385]),/* "private" */ -&(nid_objs[84]),/* "privateKeyUsagePeriod" */ -&(nid_objs[663]),/* "proxyCertInfo" */ -&(nid_objs[510]),/* "pseudonym" */ -&(nid_objs[435]),/* "pss" */ -&(nid_objs[286]),/* "qcStatements" */ -&(nid_objs[457]),/* "qualityLabelledData" */ -&(nid_objs[450]),/* "rFC822localPart" */ -&(nid_objs[400]),/* "role" */ -&(nid_objs[448]),/* "room" */ -&(nid_objs[463]),/* "roomNumber" */ -&(nid_objs[ 6]),/* "rsaEncryption" */ -&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ -&(nid_objs[377]),/* "rsaSignature" */ -&(nid_objs[ 1]),/* "rsadsi" */ -&(nid_objs[482]),/* "sOARecord" */ -&(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbgp-routerIdentifier" */ -&(nid_objs[159]),/* "sdsiCertificate" */ -&(nid_objs[704]),/* "secp112r1" */ -&(nid_objs[705]),/* "secp112r2" */ -&(nid_objs[706]),/* "secp128r1" */ -&(nid_objs[707]),/* "secp128r2" */ -&(nid_objs[708]),/* "secp160k1" */ -&(nid_objs[709]),/* "secp160r1" */ -&(nid_objs[710]),/* "secp160r2" */ -&(nid_objs[711]),/* "secp192k1" */ -&(nid_objs[712]),/* "secp224k1" */ -&(nid_objs[713]),/* "secp224r1" */ -&(nid_objs[714]),/* "secp256k1" */ -&(nid_objs[715]),/* "secp384r1" */ -&(nid_objs[716]),/* "secp521r1" */ -&(nid_objs[154]),/* "secretBag" */ -&(nid_objs[474]),/* "secretary" */ -&(nid_objs[717]),/* "sect113r1" */ -&(nid_objs[718]),/* "sect113r2" */ -&(nid_objs[719]),/* "sect131r1" */ -&(nid_objs[720]),/* "sect131r2" */ -&(nid_objs[721]),/* "sect163k1" */ -&(nid_objs[722]),/* "sect163r1" */ -&(nid_objs[723]),/* "sect163r2" */ -&(nid_objs[724]),/* "sect193r1" */ -&(nid_objs[725]),/* "sect193r2" */ -&(nid_objs[726]),/* "sect233k1" */ -&(nid_objs[727]),/* "sect233r1" */ -&(nid_objs[728]),/* "sect239k1" */ -&(nid_objs[729]),/* "sect283k1" */ -&(nid_objs[730]),/* "sect283r1" */ -&(nid_objs[731]),/* "sect409k1" */ -&(nid_objs[732]),/* "sect409r1" */ -&(nid_objs[733]),/* "sect571k1" */ -&(nid_objs[734]),/* "sect571r1" */ -&(nid_objs[386]),/* "security" */ -&(nid_objs[394]),/* "selected-attribute-types" */ -&(nid_objs[105]),/* "serialNumber" */ -&(nid_objs[129]),/* "serverAuth" */ -&(nid_objs[371]),/* "serviceLocator" */ -&(nid_objs[625]),/* "set-addPolicy" */ -&(nid_objs[515]),/* "set-attr" */ -&(nid_objs[518]),/* "set-brand" */ -&(nid_objs[638]),/* "set-brand-AmericanExpress" */ -&(nid_objs[637]),/* "set-brand-Diners" */ -&(nid_objs[636]),/* "set-brand-IATA-ATA" */ -&(nid_objs[639]),/* "set-brand-JCB" */ -&(nid_objs[641]),/* "set-brand-MasterCard" */ -&(nid_objs[642]),/* "set-brand-Novus" */ -&(nid_objs[640]),/* "set-brand-Visa" */ -&(nid_objs[517]),/* "set-certExt" */ -&(nid_objs[513]),/* "set-ctype" */ -&(nid_objs[514]),/* "set-msgExt" */ -&(nid_objs[516]),/* "set-policy" */ -&(nid_objs[607]),/* "set-policy-root" */ -&(nid_objs[624]),/* "set-rootKeyThumb" */ -&(nid_objs[620]),/* "setAttr-Cert" */ -&(nid_objs[631]),/* "setAttr-GenCryptgrm" */ -&(nid_objs[623]),/* "setAttr-IssCap" */ -&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ -&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ -&(nid_objs[629]),/* "setAttr-IssCap-T2" */ -&(nid_objs[621]),/* "setAttr-PGWYcap" */ -&(nid_objs[635]),/* "setAttr-SecDevSig" */ -&(nid_objs[632]),/* "setAttr-T2Enc" */ -&(nid_objs[633]),/* "setAttr-T2cleartxt" */ -&(nid_objs[634]),/* "setAttr-TokICCsig" */ -&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ -&(nid_objs[626]),/* "setAttr-Token-EMV" */ -&(nid_objs[622]),/* "setAttr-TokenType" */ -&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ -&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ -&(nid_objs[616]),/* "setCext-TokenIdentifier" */ -&(nid_objs[618]),/* "setCext-TokenType" */ -&(nid_objs[617]),/* "setCext-Track2Data" */ -&(nid_objs[611]),/* "setCext-cCertRequired" */ -&(nid_objs[609]),/* "setCext-certType" */ -&(nid_objs[608]),/* "setCext-hashedRoot" */ -&(nid_objs[610]),/* "setCext-merchData" */ -&(nid_objs[613]),/* "setCext-setExt" */ -&(nid_objs[614]),/* "setCext-setQualf" */ -&(nid_objs[612]),/* "setCext-tunneling" */ -&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ -&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ -&(nid_objs[570]),/* "setct-AuthReqTBE" */ -&(nid_objs[534]),/* "setct-AuthReqTBS" */ -&(nid_objs[527]),/* "setct-AuthResBaggage" */ -&(nid_objs[571]),/* "setct-AuthResTBE" */ -&(nid_objs[572]),/* "setct-AuthResTBEX" */ -&(nid_objs[535]),/* "setct-AuthResTBS" */ -&(nid_objs[536]),/* "setct-AuthResTBSX" */ -&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ -&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ -&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ -&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ -&(nid_objs[542]),/* "setct-AuthRevResData" */ -&(nid_objs[578]),/* "setct-AuthRevResTBE" */ -&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ -&(nid_objs[543]),/* "setct-AuthRevResTBS" */ -&(nid_objs[573]),/* "setct-AuthTokenTBE" */ -&(nid_objs[537]),/* "setct-AuthTokenTBS" */ -&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ -&(nid_objs[558]),/* "setct-BatchAdminReqData" */ -&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ -&(nid_objs[559]),/* "setct-BatchAdminResData" */ -&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ -&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ -&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ -&(nid_objs[580]),/* "setct-CapReqTBE" */ -&(nid_objs[581]),/* "setct-CapReqTBEX" */ -&(nid_objs[544]),/* "setct-CapReqTBS" */ -&(nid_objs[545]),/* "setct-CapReqTBSX" */ -&(nid_objs[546]),/* "setct-CapResData" */ -&(nid_objs[582]),/* "setct-CapResTBE" */ -&(nid_objs[583]),/* "setct-CapRevReqTBE" */ -&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ -&(nid_objs[547]),/* "setct-CapRevReqTBS" */ -&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ -&(nid_objs[549]),/* "setct-CapRevResData" */ -&(nid_objs[585]),/* "setct-CapRevResTBE" */ -&(nid_objs[538]),/* "setct-CapTokenData" */ -&(nid_objs[530]),/* "setct-CapTokenSeq" */ -&(nid_objs[574]),/* "setct-CapTokenTBE" */ -&(nid_objs[575]),/* "setct-CapTokenTBEX" */ -&(nid_objs[539]),/* "setct-CapTokenTBS" */ -&(nid_objs[560]),/* "setct-CardCInitResTBS" */ -&(nid_objs[566]),/* "setct-CertInqReqTBS" */ -&(nid_objs[563]),/* "setct-CertReqData" */ -&(nid_objs[595]),/* "setct-CertReqTBE" */ -&(nid_objs[596]),/* "setct-CertReqTBEX" */ -&(nid_objs[564]),/* "setct-CertReqTBS" */ -&(nid_objs[565]),/* "setct-CertResData" */ -&(nid_objs[597]),/* "setct-CertResTBE" */ -&(nid_objs[586]),/* "setct-CredReqTBE" */ -&(nid_objs[587]),/* "setct-CredReqTBEX" */ -&(nid_objs[550]),/* "setct-CredReqTBS" */ -&(nid_objs[551]),/* "setct-CredReqTBSX" */ -&(nid_objs[552]),/* "setct-CredResData" */ -&(nid_objs[588]),/* "setct-CredResTBE" */ -&(nid_objs[589]),/* "setct-CredRevReqTBE" */ -&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ -&(nid_objs[553]),/* "setct-CredRevReqTBS" */ -&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ -&(nid_objs[555]),/* "setct-CredRevResData" */ -&(nid_objs[591]),/* "setct-CredRevResTBE" */ -&(nid_objs[567]),/* "setct-ErrorTBS" */ -&(nid_objs[526]),/* "setct-HODInput" */ -&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ -&(nid_objs[522]),/* "setct-OIData" */ -&(nid_objs[519]),/* "setct-PANData" */ -&(nid_objs[521]),/* "setct-PANOnly" */ -&(nid_objs[520]),/* "setct-PANToken" */ -&(nid_objs[556]),/* "setct-PCertReqData" */ -&(nid_objs[557]),/* "setct-PCertResTBS" */ -&(nid_objs[523]),/* "setct-PI" */ -&(nid_objs[532]),/* "setct-PI-TBS" */ -&(nid_objs[524]),/* "setct-PIData" */ -&(nid_objs[525]),/* "setct-PIDataUnsigned" */ -&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ -&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ -&(nid_objs[531]),/* "setct-PInitResData" */ -&(nid_objs[533]),/* "setct-PResData" */ -&(nid_objs[594]),/* "setct-RegFormReqTBE" */ -&(nid_objs[562]),/* "setct-RegFormResTBS" */ -&(nid_objs[606]),/* "setext-cv" */ -&(nid_objs[601]),/* "setext-genCrypt" */ -&(nid_objs[602]),/* "setext-miAuth" */ -&(nid_objs[604]),/* "setext-pinAny" */ -&(nid_objs[603]),/* "setext-pinSecure" */ -&(nid_objs[605]),/* "setext-track2" */ -&(nid_objs[52]),/* "signingTime" */ -&(nid_objs[454]),/* "simpleSecurityObject" */ -&(nid_objs[496]),/* "singleLevelQuality" */ -&(nid_objs[387]),/* "snmpv2" */ -&(nid_objs[660]),/* "streetAddress" */ -&(nid_objs[85]),/* "subjectAltName" */ -&(nid_objs[769]),/* "subjectDirectoryAttributes" */ -&(nid_objs[398]),/* "subjectInfoAccess" */ -&(nid_objs[82]),/* "subjectKeyIdentifier" */ -&(nid_objs[498]),/* "subtreeMaximumQuality" */ -&(nid_objs[497]),/* "subtreeMinimumQuality" */ -&(nid_objs[402]),/* "targetInformation" */ -&(nid_objs[459]),/* "textEncodedORAddress" */ -&(nid_objs[293]),/* "textNotice" */ -&(nid_objs[133]),/* "timeStamping" */ -&(nid_objs[106]),/* "title" */ -&(nid_objs[682]),/* "tpBasis" */ -&(nid_objs[375]),/* "trustRoot" */ -&(nid_objs[436]),/* "ucl" */ -&(nid_objs[55]),/* "unstructuredAddress" */ -&(nid_objs[49]),/* "unstructuredName" */ -&(nid_objs[465]),/* "userClass" */ -&(nid_objs[373]),/* "valid" */ -&(nid_objs[678]),/* "wap" */ -&(nid_objs[679]),/* "wap-wsg" */ -&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ -&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ -&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ -&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ -&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ -&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ -&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ -&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ -&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ -&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ -&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ -&(nid_objs[804]),/* "whirlpool" */ -&(nid_objs[503]),/* "x500UniqueIdentifier" */ -&(nid_objs[158]),/* "x509Certificate" */ -&(nid_objs[160]),/* "x509Crl" */ +static const unsigned int sn_objs[NUM_SN]={ +364, /* "AD_DVCS" */ +419, /* "AES-128-CBC" */ +421, /* "AES-128-CFB" */ +650, /* "AES-128-CFB1" */ +653, /* "AES-128-CFB8" */ +418, /* "AES-128-ECB" */ +420, /* "AES-128-OFB" */ +423, /* "AES-192-CBC" */ +425, /* "AES-192-CFB" */ +651, /* "AES-192-CFB1" */ +654, /* "AES-192-CFB8" */ +422, /* "AES-192-ECB" */ +424, /* "AES-192-OFB" */ +427, /* "AES-256-CBC" */ +429, /* "AES-256-CFB" */ +652, /* "AES-256-CFB1" */ +655, /* "AES-256-CFB8" */ +426, /* "AES-256-ECB" */ +428, /* "AES-256-OFB" */ +91, /* "BF-CBC" */ +93, /* "BF-CFB" */ +92, /* "BF-ECB" */ +94, /* "BF-OFB" */ +14, /* "C" */ +751, /* "CAMELLIA-128-CBC" */ +757, /* "CAMELLIA-128-CFB" */ +760, /* "CAMELLIA-128-CFB1" */ +763, /* "CAMELLIA-128-CFB8" */ +754, /* "CAMELLIA-128-ECB" */ +766, /* "CAMELLIA-128-OFB" */ +752, /* "CAMELLIA-192-CBC" */ +758, /* "CAMELLIA-192-CFB" */ +761, /* "CAMELLIA-192-CFB1" */ +764, /* "CAMELLIA-192-CFB8" */ +755, /* "CAMELLIA-192-ECB" */ +767, /* "CAMELLIA-192-OFB" */ +753, /* "CAMELLIA-256-CBC" */ +759, /* "CAMELLIA-256-CFB" */ +762, /* "CAMELLIA-256-CFB1" */ +765, /* "CAMELLIA-256-CFB8" */ +756, /* "CAMELLIA-256-ECB" */ +768, /* "CAMELLIA-256-OFB" */ +108, /* "CAST5-CBC" */ +110, /* "CAST5-CFB" */ +109, /* "CAST5-ECB" */ +111, /* "CAST5-OFB" */ +13, /* "CN" */ +141, /* "CRLReason" */ +417, /* "CSPName" */ +367, /* "CrlID" */ +391, /* "DC" */ +31, /* "DES-CBC" */ +643, /* "DES-CDMF" */ +30, /* "DES-CFB" */ +656, /* "DES-CFB1" */ +657, /* "DES-CFB8" */ +29, /* "DES-ECB" */ +32, /* "DES-EDE" */ +43, /* "DES-EDE-CBC" */ +60, /* "DES-EDE-CFB" */ +62, /* "DES-EDE-OFB" */ +33, /* "DES-EDE3" */ +44, /* "DES-EDE3-CBC" */ +61, /* "DES-EDE3-CFB" */ +658, /* "DES-EDE3-CFB1" */ +659, /* "DES-EDE3-CFB8" */ +63, /* "DES-EDE3-OFB" */ +45, /* "DES-OFB" */ +80, /* "DESX-CBC" */ +380, /* "DOD" */ +116, /* "DSA" */ +66, /* "DSA-SHA" */ +113, /* "DSA-SHA1" */ +70, /* "DSA-SHA1-old" */ +67, /* "DSA-old" */ +297, /* "DVCS" */ +99, /* "GN" */ +855, /* "HMAC" */ +780, /* "HMAC-MD5" */ +781, /* "HMAC-SHA1" */ +381, /* "IANA" */ +34, /* "IDEA-CBC" */ +35, /* "IDEA-CFB" */ +36, /* "IDEA-ECB" */ +46, /* "IDEA-OFB" */ +181, /* "ISO" */ +183, /* "ISO-US" */ +645, /* "ITU-T" */ +646, /* "JOINT-ISO-ITU-T" */ +773, /* "KISA" */ +15, /* "L" */ +856, /* "LocalKeySet" */ + 3, /* "MD2" */ +257, /* "MD4" */ + 4, /* "MD5" */ +114, /* "MD5-SHA1" */ +95, /* "MDC2" */ +388, /* "Mail" */ +393, /* "NULL" */ +404, /* "NULL" */ +57, /* "Netscape" */ +366, /* "Nonce" */ +17, /* "O" */ +178, /* "OCSP" */ +180, /* "OCSPSigning" */ +379, /* "ORG" */ +18, /* "OU" */ +749, /* "Oakley-EC2N-3" */ +750, /* "Oakley-EC2N-4" */ + 9, /* "PBE-MD2-DES" */ +168, /* "PBE-MD2-RC2-64" */ +10, /* "PBE-MD5-DES" */ +169, /* "PBE-MD5-RC2-64" */ +147, /* "PBE-SHA1-2DES" */ +146, /* "PBE-SHA1-3DES" */ +170, /* "PBE-SHA1-DES" */ +148, /* "PBE-SHA1-RC2-128" */ +149, /* "PBE-SHA1-RC2-40" */ +68, /* "PBE-SHA1-RC2-64" */ +144, /* "PBE-SHA1-RC4-128" */ +145, /* "PBE-SHA1-RC4-40" */ +161, /* "PBES2" */ +69, /* "PBKDF2" */ +162, /* "PBMAC1" */ +127, /* "PKIX" */ +98, /* "RC2-40-CBC" */ +166, /* "RC2-64-CBC" */ +37, /* "RC2-CBC" */ +39, /* "RC2-CFB" */ +38, /* "RC2-ECB" */ +40, /* "RC2-OFB" */ + 5, /* "RC4" */ +97, /* "RC4-40" */ +120, /* "RC5-CBC" */ +122, /* "RC5-CFB" */ +121, /* "RC5-ECB" */ +123, /* "RC5-OFB" */ +117, /* "RIPEMD160" */ +124, /* "RLE" */ +19, /* "RSA" */ + 7, /* "RSA-MD2" */ +396, /* "RSA-MD4" */ + 8, /* "RSA-MD5" */ +96, /* "RSA-MDC2" */ +104, /* "RSA-NP-MD5" */ +119, /* "RSA-RIPEMD160" */ +42, /* "RSA-SHA" */ +65, /* "RSA-SHA1" */ +115, /* "RSA-SHA1-2" */ +671, /* "RSA-SHA224" */ +668, /* "RSA-SHA256" */ +669, /* "RSA-SHA384" */ +670, /* "RSA-SHA512" */ +777, /* "SEED-CBC" */ +779, /* "SEED-CFB" */ +776, /* "SEED-ECB" */ +778, /* "SEED-OFB" */ +41, /* "SHA" */ +64, /* "SHA1" */ +675, /* "SHA224" */ +672, /* "SHA256" */ +673, /* "SHA384" */ +674, /* "SHA512" */ +188, /* "SMIME" */ +167, /* "SMIME-CAPS" */ +100, /* "SN" */ +16, /* "ST" */ +143, /* "SXNetID" */ +458, /* "UID" */ + 0, /* "UNDEF" */ +11, /* "X500" */ +378, /* "X500algorithms" */ +12, /* "X509" */ +184, /* "X9-57" */ +185, /* "X9cm" */ +125, /* "ZLIB" */ +478, /* "aRecord" */ +289, /* "aaControls" */ +287, /* "ac-auditEntity" */ +397, /* "ac-proxying" */ +288, /* "ac-targeting" */ +368, /* "acceptableResponses" */ +446, /* "account" */ +363, /* "ad_timestamping" */ +376, /* "algorithm" */ +405, /* "ansi-X9-62" */ +746, /* "anyPolicy" */ +370, /* "archiveCutoff" */ +484, /* "associatedDomain" */ +485, /* "associatedName" */ +501, /* "audio" */ +177, /* "authorityInfoAccess" */ +90, /* "authorityKeyIdentifier" */ +882, /* "authorityRevocationList" */ +87, /* "basicConstraints" */ +365, /* "basicOCSPResponse" */ +285, /* "biometricInfo" */ +494, /* "buildingName" */ +860, /* "businessCategory" */ +691, /* "c2onb191v4" */ +692, /* "c2onb191v5" */ +697, /* "c2onb239v4" */ +698, /* "c2onb239v5" */ +684, /* "c2pnb163v1" */ +685, /* "c2pnb163v2" */ +686, /* "c2pnb163v3" */ +687, /* "c2pnb176v1" */ +693, /* "c2pnb208w1" */ +699, /* "c2pnb272w1" */ +700, /* "c2pnb304w1" */ +702, /* "c2pnb368w1" */ +688, /* "c2tnb191v1" */ +689, /* "c2tnb191v2" */ +690, /* "c2tnb191v3" */ +694, /* "c2tnb239v1" */ +695, /* "c2tnb239v2" */ +696, /* "c2tnb239v3" */ +701, /* "c2tnb359v1" */ +703, /* "c2tnb431r1" */ +881, /* "cACertificate" */ +483, /* "cNAMERecord" */ +179, /* "caIssuers" */ +785, /* "caRepository" */ +443, /* "caseIgnoreIA5StringSyntax" */ +152, /* "certBag" */ +677, /* "certicom-arc" */ +771, /* "certificateIssuer" */ +89, /* "certificatePolicies" */ +883, /* "certificateRevocationList" */ +54, /* "challengePassword" */ +407, /* "characteristic-two-field" */ +395, /* "clearance" */ +130, /* "clientAuth" */ +131, /* "codeSigning" */ +50, /* "contentType" */ +53, /* "countersignature" */ +153, /* "crlBag" */ +103, /* "crlDistributionPoints" */ +88, /* "crlNumber" */ +884, /* "crossCertificatePair" */ +806, /* "cryptocom" */ +805, /* "cryptopro" */ +500, /* "dITRedirect" */ +451, /* "dNSDomain" */ +495, /* "dSAQuality" */ +434, /* "data" */ +390, /* "dcobject" */ +140, /* "deltaCRL" */ +891, /* "deltaRevocationList" */ +107, /* "description" */ +871, /* "destinationIndicator" */ +28, /* "dhKeyAgreement" */ +382, /* "directory" */ +887, /* "distinguishedName" */ +892, /* "dmdName" */ +174, /* "dnQualifier" */ +447, /* "document" */ +471, /* "documentAuthor" */ +468, /* "documentIdentifier" */ +472, /* "documentLocation" */ +502, /* "documentPublisher" */ +449, /* "documentSeries" */ +469, /* "documentTitle" */ +470, /* "documentVersion" */ +392, /* "domain" */ +452, /* "domainRelatedObject" */ +802, /* "dsa_with_SHA224" */ +803, /* "dsa_with_SHA256" */ +791, /* "ecdsa-with-Recommended" */ +416, /* "ecdsa-with-SHA1" */ +793, /* "ecdsa-with-SHA224" */ +794, /* "ecdsa-with-SHA256" */ +795, /* "ecdsa-with-SHA384" */ +796, /* "ecdsa-with-SHA512" */ +792, /* "ecdsa-with-Specified" */ +48, /* "emailAddress" */ +132, /* "emailProtection" */ +885, /* "enhancedSearchGuide" */ +389, /* "enterprises" */ +384, /* "experimental" */ +172, /* "extReq" */ +56, /* "extendedCertificateAttributes" */ +126, /* "extendedKeyUsage" */ +372, /* "extendedStatus" */ +867, /* "facsimileTelephoneNumber" */ +462, /* "favouriteDrink" */ +857, /* "freshestCRL" */ +453, /* "friendlyCountry" */ +490, /* "friendlyCountryName" */ +156, /* "friendlyName" */ +509, /* "generationQualifier" */ +815, /* "gost-mac" */ +811, /* "gost2001" */ +851, /* "gost2001cc" */ +813, /* "gost89" */ +814, /* "gost89-cnt" */ +812, /* "gost94" */ +850, /* "gost94cc" */ +797, /* "hmacWithMD5" */ +163, /* "hmacWithSHA1" */ +798, /* "hmacWithSHA224" */ +799, /* "hmacWithSHA256" */ +800, /* "hmacWithSHA384" */ +801, /* "hmacWithSHA512" */ +432, /* "holdInstructionCallIssuer" */ +430, /* "holdInstructionCode" */ +431, /* "holdInstructionNone" */ +433, /* "holdInstructionReject" */ +486, /* "homePostalAddress" */ +473, /* "homeTelephoneNumber" */ +466, /* "host" */ +889, /* "houseIdentifier" */ +442, /* "iA5StringSyntax" */ +783, /* "id-DHBasedMac" */ +824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +820, /* "id-Gost28147-89-None-KeyMeshing" */ +823, /* "id-Gost28147-89-TestParamSet" */ +849, /* "id-Gost28147-89-cc" */ +840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +854, /* "id-GostR3410-2001-ParamSet-cc" */ +839, /* "id-GostR3410-2001-TestParamSet" */ +817, /* "id-GostR3410-2001DH" */ +832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +831, /* "id-GostR3410-94-TestParamSet" */ +845, /* "id-GostR3410-94-a" */ +846, /* "id-GostR3410-94-aBis" */ +847, /* "id-GostR3410-94-b" */ +848, /* "id-GostR3410-94-bBis" */ +818, /* "id-GostR3410-94DH" */ +822, /* "id-GostR3411-94-CryptoProParamSet" */ +821, /* "id-GostR3411-94-TestParamSet" */ +807, /* "id-GostR3411-94-with-GostR3410-2001" */ +853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ +808, /* "id-GostR3411-94-with-GostR3410-94" */ +852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ +810, /* "id-HMACGostR3411-94" */ +782, /* "id-PasswordBasedMAC" */ +266, /* "id-aca" */ +355, /* "id-aca-accessIdentity" */ +354, /* "id-aca-authenticationInfo" */ +356, /* "id-aca-chargingIdentity" */ +399, /* "id-aca-encAttrs" */ +357, /* "id-aca-group" */ +358, /* "id-aca-role" */ +176, /* "id-ad" */ +788, /* "id-aes128-wrap" */ +789, /* "id-aes192-wrap" */ +790, /* "id-aes256-wrap" */ +262, /* "id-alg" */ +323, /* "id-alg-des40" */ +326, /* "id-alg-dh-pop" */ +325, /* "id-alg-dh-sig-hmac-sha1" */ +324, /* "id-alg-noSignature" */ +268, /* "id-cct" */ +361, /* "id-cct-PKIData" */ +362, /* "id-cct-PKIResponse" */ +360, /* "id-cct-crs" */ +81, /* "id-ce" */ +680, /* "id-characteristic-two-basis" */ +263, /* "id-cmc" */ +334, /* "id-cmc-addExtensions" */ +346, /* "id-cmc-confirmCertAcceptance" */ +330, /* "id-cmc-dataReturn" */ +336, /* "id-cmc-decryptedPOP" */ +335, /* "id-cmc-encryptedPOP" */ +339, /* "id-cmc-getCRL" */ +338, /* "id-cmc-getCert" */ +328, /* "id-cmc-identification" */ +329, /* "id-cmc-identityProof" */ +337, /* "id-cmc-lraPOPWitness" */ +344, /* "id-cmc-popLinkRandom" */ +345, /* "id-cmc-popLinkWitness" */ +343, /* "id-cmc-queryPending" */ +333, /* "id-cmc-recipientNonce" */ +341, /* "id-cmc-regInfo" */ +342, /* "id-cmc-responseInfo" */ +340, /* "id-cmc-revokeRequest" */ +332, /* "id-cmc-senderNonce" */ +327, /* "id-cmc-statusInfo" */ +331, /* "id-cmc-transactionId" */ +787, /* "id-ct-asciiTextWithCRLF" */ +408, /* "id-ecPublicKey" */ +508, /* "id-hex-multipart-message" */ +507, /* "id-hex-partial-message" */ +260, /* "id-it" */ +302, /* "id-it-caKeyUpdateInfo" */ +298, /* "id-it-caProtEncCert" */ +311, /* "id-it-confirmWaitTime" */ +303, /* "id-it-currentCRL" */ +300, /* "id-it-encKeyPairTypes" */ +310, /* "id-it-implicitConfirm" */ +308, /* "id-it-keyPairParamRep" */ +307, /* "id-it-keyPairParamReq" */ +312, /* "id-it-origPKIMessage" */ +301, /* "id-it-preferredSymmAlg" */ +309, /* "id-it-revPassphrase" */ +299, /* "id-it-signKeyPairTypes" */ +305, /* "id-it-subscriptionRequest" */ +306, /* "id-it-subscriptionResponse" */ +784, /* "id-it-suppLangTags" */ +304, /* "id-it-unsupportedOIDs" */ +128, /* "id-kp" */ +280, /* "id-mod-attribute-cert" */ +274, /* "id-mod-cmc" */ +277, /* "id-mod-cmp" */ +284, /* "id-mod-cmp2000" */ +273, /* "id-mod-crmf" */ +283, /* "id-mod-dvcs" */ +275, /* "id-mod-kea-profile-88" */ +276, /* "id-mod-kea-profile-93" */ +282, /* "id-mod-ocsp" */ +278, /* "id-mod-qualified-cert-88" */ +279, /* "id-mod-qualified-cert-93" */ +281, /* "id-mod-timestamp-protocol" */ +264, /* "id-on" */ +858, /* "id-on-permanentIdentifier" */ +347, /* "id-on-personalData" */ +265, /* "id-pda" */ +352, /* "id-pda-countryOfCitizenship" */ +353, /* "id-pda-countryOfResidence" */ +348, /* "id-pda-dateOfBirth" */ +351, /* "id-pda-gender" */ +349, /* "id-pda-placeOfBirth" */ +175, /* "id-pe" */ +261, /* "id-pkip" */ +258, /* "id-pkix-mod" */ +269, /* "id-pkix1-explicit-88" */ +271, /* "id-pkix1-explicit-93" */ +270, /* "id-pkix1-implicit-88" */ +272, /* "id-pkix1-implicit-93" */ +662, /* "id-ppl" */ +664, /* "id-ppl-anyLanguage" */ +667, /* "id-ppl-independent" */ +665, /* "id-ppl-inheritAll" */ +267, /* "id-qcs" */ +359, /* "id-qcs-pkixQCSyntax-v1" */ +259, /* "id-qt" */ +164, /* "id-qt-cps" */ +165, /* "id-qt-unotice" */ +313, /* "id-regCtrl" */ +316, /* "id-regCtrl-authenticator" */ +319, /* "id-regCtrl-oldCertID" */ +318, /* "id-regCtrl-pkiArchiveOptions" */ +317, /* "id-regCtrl-pkiPublicationInfo" */ +320, /* "id-regCtrl-protocolEncrKey" */ +315, /* "id-regCtrl-regToken" */ +314, /* "id-regInfo" */ +322, /* "id-regInfo-certReq" */ +321, /* "id-regInfo-utf8Pairs" */ +512, /* "id-set" */ +191, /* "id-smime-aa" */ +215, /* "id-smime-aa-contentHint" */ +218, /* "id-smime-aa-contentIdentifier" */ +221, /* "id-smime-aa-contentReference" */ +240, /* "id-smime-aa-dvcs-dvc" */ +217, /* "id-smime-aa-encapContentType" */ +222, /* "id-smime-aa-encrypKeyPref" */ +220, /* "id-smime-aa-equivalentLabels" */ +232, /* "id-smime-aa-ets-CertificateRefs" */ +233, /* "id-smime-aa-ets-RevocationRefs" */ +238, /* "id-smime-aa-ets-archiveTimeStamp" */ +237, /* "id-smime-aa-ets-certCRLTimestamp" */ +234, /* "id-smime-aa-ets-certValues" */ +227, /* "id-smime-aa-ets-commitmentType" */ +231, /* "id-smime-aa-ets-contentTimestamp" */ +236, /* "id-smime-aa-ets-escTimeStamp" */ +230, /* "id-smime-aa-ets-otherSigCert" */ +235, /* "id-smime-aa-ets-revocationValues" */ +226, /* "id-smime-aa-ets-sigPolicyId" */ +229, /* "id-smime-aa-ets-signerAttr" */ +228, /* "id-smime-aa-ets-signerLocation" */ +219, /* "id-smime-aa-macValue" */ +214, /* "id-smime-aa-mlExpandHistory" */ +216, /* "id-smime-aa-msgSigDigest" */ +212, /* "id-smime-aa-receiptRequest" */ +213, /* "id-smime-aa-securityLabel" */ +239, /* "id-smime-aa-signatureType" */ +223, /* "id-smime-aa-signingCertificate" */ +224, /* "id-smime-aa-smimeEncryptCerts" */ +225, /* "id-smime-aa-timeStampToken" */ +192, /* "id-smime-alg" */ +243, /* "id-smime-alg-3DESwrap" */ +246, /* "id-smime-alg-CMS3DESwrap" */ +247, /* "id-smime-alg-CMSRC2wrap" */ +245, /* "id-smime-alg-ESDH" */ +241, /* "id-smime-alg-ESDHwith3DES" */ +242, /* "id-smime-alg-ESDHwithRC2" */ +244, /* "id-smime-alg-RC2wrap" */ +193, /* "id-smime-cd" */ +248, /* "id-smime-cd-ldap" */ +190, /* "id-smime-ct" */ +210, /* "id-smime-ct-DVCSRequestData" */ +211, /* "id-smime-ct-DVCSResponseData" */ +208, /* "id-smime-ct-TDTInfo" */ +207, /* "id-smime-ct-TSTInfo" */ +205, /* "id-smime-ct-authData" */ +786, /* "id-smime-ct-compressedData" */ +209, /* "id-smime-ct-contentInfo" */ +206, /* "id-smime-ct-publishCert" */ +204, /* "id-smime-ct-receipt" */ +195, /* "id-smime-cti" */ +255, /* "id-smime-cti-ets-proofOfApproval" */ +256, /* "id-smime-cti-ets-proofOfCreation" */ +253, /* "id-smime-cti-ets-proofOfDelivery" */ +251, /* "id-smime-cti-ets-proofOfOrigin" */ +252, /* "id-smime-cti-ets-proofOfReceipt" */ +254, /* "id-smime-cti-ets-proofOfSender" */ +189, /* "id-smime-mod" */ +196, /* "id-smime-mod-cms" */ +197, /* "id-smime-mod-ess" */ +202, /* "id-smime-mod-ets-eSigPolicy-88" */ +203, /* "id-smime-mod-ets-eSigPolicy-97" */ +200, /* "id-smime-mod-ets-eSignature-88" */ +201, /* "id-smime-mod-ets-eSignature-97" */ +199, /* "id-smime-mod-msg-v3" */ +198, /* "id-smime-mod-oid" */ +194, /* "id-smime-spq" */ +250, /* "id-smime-spq-ets-sqt-unotice" */ +249, /* "id-smime-spq-ets-sqt-uri" */ +676, /* "identified-organization" */ +461, /* "info" */ +748, /* "inhibitAnyPolicy" */ +101, /* "initials" */ +647, /* "international-organizations" */ +869, /* "internationaliSDNNumber" */ +142, /* "invalidityDate" */ +294, /* "ipsecEndSystem" */ +295, /* "ipsecTunnel" */ +296, /* "ipsecUser" */ +86, /* "issuerAltName" */ +770, /* "issuingDistributionPoint" */ +492, /* "janetMailbox" */ +150, /* "keyBag" */ +83, /* "keyUsage" */ +477, /* "lastModifiedBy" */ +476, /* "lastModifiedTime" */ +157, /* "localKeyID" */ +480, /* "mXRecord" */ +460, /* "mail" */ +493, /* "mailPreferenceOption" */ +467, /* "manager" */ +809, /* "md_gost94" */ +875, /* "member" */ +182, /* "member-body" */ +51, /* "messageDigest" */ +383, /* "mgmt" */ +504, /* "mime-mhs" */ +506, /* "mime-mhs-bodies" */ +505, /* "mime-mhs-headings" */ +488, /* "mobileTelephoneNumber" */ +136, /* "msCTLSign" */ +135, /* "msCodeCom" */ +134, /* "msCodeInd" */ +138, /* "msEFS" */ +171, /* "msExtReq" */ +137, /* "msSGC" */ +648, /* "msSmartcardLogin" */ +649, /* "msUPN" */ +481, /* "nSRecord" */ +173, /* "name" */ +666, /* "nameConstraints" */ +369, /* "noCheck" */ +403, /* "noRevAvail" */ +72, /* "nsBaseUrl" */ +76, /* "nsCaPolicyUrl" */ +74, /* "nsCaRevocationUrl" */ +58, /* "nsCertExt" */ +79, /* "nsCertSequence" */ +71, /* "nsCertType" */ +78, /* "nsComment" */ +59, /* "nsDataType" */ +75, /* "nsRenewalUrl" */ +73, /* "nsRevocationUrl" */ +139, /* "nsSGC" */ +77, /* "nsSslServerName" */ +681, /* "onBasis" */ +491, /* "organizationalStatus" */ +475, /* "otherMailbox" */ +876, /* "owner" */ +489, /* "pagerTelephoneNumber" */ +374, /* "path" */ +112, /* "pbeWithMD5AndCast5CBC" */ +499, /* "personalSignature" */ +487, /* "personalTitle" */ +464, /* "photo" */ +863, /* "physicalDeliveryOfficeName" */ +437, /* "pilot" */ +439, /* "pilotAttributeSyntax" */ +438, /* "pilotAttributeType" */ +479, /* "pilotAttributeType27" */ +456, /* "pilotDSA" */ +441, /* "pilotGroups" */ +444, /* "pilotObject" */ +440, /* "pilotObjectClass" */ +455, /* "pilotOrganization" */ +445, /* "pilotPerson" */ + 2, /* "pkcs" */ +186, /* "pkcs1" */ +27, /* "pkcs3" */ +187, /* "pkcs5" */ +20, /* "pkcs7" */ +21, /* "pkcs7-data" */ +25, /* "pkcs7-digestData" */ +26, /* "pkcs7-encryptedData" */ +23, /* "pkcs7-envelopedData" */ +24, /* "pkcs7-signedAndEnvelopedData" */ +22, /* "pkcs7-signedData" */ +151, /* "pkcs8ShroudedKeyBag" */ +47, /* "pkcs9" */ +401, /* "policyConstraints" */ +747, /* "policyMappings" */ +862, /* "postOfficeBox" */ +861, /* "postalAddress" */ +661, /* "postalCode" */ +683, /* "ppBasis" */ +872, /* "preferredDeliveryMethod" */ +873, /* "presentationAddress" */ +816, /* "prf-gostr3411-94" */ +406, /* "prime-field" */ +409, /* "prime192v1" */ +410, /* "prime192v2" */ +411, /* "prime192v3" */ +412, /* "prime239v1" */ +413, /* "prime239v2" */ +414, /* "prime239v3" */ +415, /* "prime256v1" */ +385, /* "private" */ +84, /* "privateKeyUsagePeriod" */ +886, /* "protocolInformation" */ +663, /* "proxyCertInfo" */ +510, /* "pseudonym" */ +435, /* "pss" */ +286, /* "qcStatements" */ +457, /* "qualityLabelledData" */ +450, /* "rFC822localPart" */ +870, /* "registeredAddress" */ +400, /* "role" */ +877, /* "roleOccupant" */ +448, /* "room" */ +463, /* "roomNumber" */ + 6, /* "rsaEncryption" */ +644, /* "rsaOAEPEncryptionSET" */ +377, /* "rsaSignature" */ + 1, /* "rsadsi" */ +482, /* "sOARecord" */ +155, /* "safeContentsBag" */ +291, /* "sbgp-autonomousSysNum" */ +290, /* "sbgp-ipAddrBlock" */ +292, /* "sbgp-routerIdentifier" */ +159, /* "sdsiCertificate" */ +859, /* "searchGuide" */ +704, /* "secp112r1" */ +705, /* "secp112r2" */ +706, /* "secp128r1" */ +707, /* "secp128r2" */ +708, /* "secp160k1" */ +709, /* "secp160r1" */ +710, /* "secp160r2" */ +711, /* "secp192k1" */ +712, /* "secp224k1" */ +713, /* "secp224r1" */ +714, /* "secp256k1" */ +715, /* "secp384r1" */ +716, /* "secp521r1" */ +154, /* "secretBag" */ +474, /* "secretary" */ +717, /* "sect113r1" */ +718, /* "sect113r2" */ +719, /* "sect131r1" */ +720, /* "sect131r2" */ +721, /* "sect163k1" */ +722, /* "sect163r1" */ +723, /* "sect163r2" */ +724, /* "sect193r1" */ +725, /* "sect193r2" */ +726, /* "sect233k1" */ +727, /* "sect233r1" */ +728, /* "sect239k1" */ +729, /* "sect283k1" */ +730, /* "sect283r1" */ +731, /* "sect409k1" */ +732, /* "sect409r1" */ +733, /* "sect571k1" */ +734, /* "sect571r1" */ +386, /* "security" */ +878, /* "seeAlso" */ +394, /* "selected-attribute-types" */ +105, /* "serialNumber" */ +129, /* "serverAuth" */ +371, /* "serviceLocator" */ +625, /* "set-addPolicy" */ +515, /* "set-attr" */ +518, /* "set-brand" */ +638, /* "set-brand-AmericanExpress" */ +637, /* "set-brand-Diners" */ +636, /* "set-brand-IATA-ATA" */ +639, /* "set-brand-JCB" */ +641, /* "set-brand-MasterCard" */ +642, /* "set-brand-Novus" */ +640, /* "set-brand-Visa" */ +517, /* "set-certExt" */ +513, /* "set-ctype" */ +514, /* "set-msgExt" */ +516, /* "set-policy" */ +607, /* "set-policy-root" */ +624, /* "set-rootKeyThumb" */ +620, /* "setAttr-Cert" */ +631, /* "setAttr-GenCryptgrm" */ +623, /* "setAttr-IssCap" */ +628, /* "setAttr-IssCap-CVM" */ +630, /* "setAttr-IssCap-Sig" */ +629, /* "setAttr-IssCap-T2" */ +621, /* "setAttr-PGWYcap" */ +635, /* "setAttr-SecDevSig" */ +632, /* "setAttr-T2Enc" */ +633, /* "setAttr-T2cleartxt" */ +634, /* "setAttr-TokICCsig" */ +627, /* "setAttr-Token-B0Prime" */ +626, /* "setAttr-Token-EMV" */ +622, /* "setAttr-TokenType" */ +619, /* "setCext-IssuerCapabilities" */ +615, /* "setCext-PGWYcapabilities" */ +616, /* "setCext-TokenIdentifier" */ +618, /* "setCext-TokenType" */ +617, /* "setCext-Track2Data" */ +611, /* "setCext-cCertRequired" */ +609, /* "setCext-certType" */ +608, /* "setCext-hashedRoot" */ +610, /* "setCext-merchData" */ +613, /* "setCext-setExt" */ +614, /* "setCext-setQualf" */ +612, /* "setCext-tunneling" */ +540, /* "setct-AcqCardCodeMsg" */ +576, /* "setct-AcqCardCodeMsgTBE" */ +570, /* "setct-AuthReqTBE" */ +534, /* "setct-AuthReqTBS" */ +527, /* "setct-AuthResBaggage" */ +571, /* "setct-AuthResTBE" */ +572, /* "setct-AuthResTBEX" */ +535, /* "setct-AuthResTBS" */ +536, /* "setct-AuthResTBSX" */ +528, /* "setct-AuthRevReqBaggage" */ +577, /* "setct-AuthRevReqTBE" */ +541, /* "setct-AuthRevReqTBS" */ +529, /* "setct-AuthRevResBaggage" */ +542, /* "setct-AuthRevResData" */ +578, /* "setct-AuthRevResTBE" */ +579, /* "setct-AuthRevResTBEB" */ +543, /* "setct-AuthRevResTBS" */ +573, /* "setct-AuthTokenTBE" */ +537, /* "setct-AuthTokenTBS" */ +600, /* "setct-BCIDistributionTBS" */ +558, /* "setct-BatchAdminReqData" */ +592, /* "setct-BatchAdminReqTBE" */ +559, /* "setct-BatchAdminResData" */ +593, /* "setct-BatchAdminResTBE" */ +599, /* "setct-CRLNotificationResTBS" */ +598, /* "setct-CRLNotificationTBS" */ +580, /* "setct-CapReqTBE" */ +581, /* "setct-CapReqTBEX" */ +544, /* "setct-CapReqTBS" */ +545, /* "setct-CapReqTBSX" */ +546, /* "setct-CapResData" */ +582, /* "setct-CapResTBE" */ +583, /* "setct-CapRevReqTBE" */ +584, /* "setct-CapRevReqTBEX" */ +547, /* "setct-CapRevReqTBS" */ +548, /* "setct-CapRevReqTBSX" */ +549, /* "setct-CapRevResData" */ +585, /* "setct-CapRevResTBE" */ +538, /* "setct-CapTokenData" */ +530, /* "setct-CapTokenSeq" */ +574, /* "setct-CapTokenTBE" */ +575, /* "setct-CapTokenTBEX" */ +539, /* "setct-CapTokenTBS" */ +560, /* "setct-CardCInitResTBS" */ +566, /* "setct-CertInqReqTBS" */ +563, /* "setct-CertReqData" */ +595, /* "setct-CertReqTBE" */ +596, /* "setct-CertReqTBEX" */ +564, /* "setct-CertReqTBS" */ +565, /* "setct-CertResData" */ +597, /* "setct-CertResTBE" */ +586, /* "setct-CredReqTBE" */ +587, /* "setct-CredReqTBEX" */ +550, /* "setct-CredReqTBS" */ +551, /* "setct-CredReqTBSX" */ +552, /* "setct-CredResData" */ +588, /* "setct-CredResTBE" */ +589, /* "setct-CredRevReqTBE" */ +590, /* "setct-CredRevReqTBEX" */ +553, /* "setct-CredRevReqTBS" */ +554, /* "setct-CredRevReqTBSX" */ +555, /* "setct-CredRevResData" */ +591, /* "setct-CredRevResTBE" */ +567, /* "setct-ErrorTBS" */ +526, /* "setct-HODInput" */ +561, /* "setct-MeAqCInitResTBS" */ +522, /* "setct-OIData" */ +519, /* "setct-PANData" */ +521, /* "setct-PANOnly" */ +520, /* "setct-PANToken" */ +556, /* "setct-PCertReqData" */ +557, /* "setct-PCertResTBS" */ +523, /* "setct-PI" */ +532, /* "setct-PI-TBS" */ +524, /* "setct-PIData" */ +525, /* "setct-PIDataUnsigned" */ +568, /* "setct-PIDualSignedTBE" */ +569, /* "setct-PIUnsignedTBE" */ +531, /* "setct-PInitResData" */ +533, /* "setct-PResData" */ +594, /* "setct-RegFormReqTBE" */ +562, /* "setct-RegFormResTBS" */ +606, /* "setext-cv" */ +601, /* "setext-genCrypt" */ +602, /* "setext-miAuth" */ +604, /* "setext-pinAny" */ +603, /* "setext-pinSecure" */ +605, /* "setext-track2" */ +52, /* "signingTime" */ +454, /* "simpleSecurityObject" */ +496, /* "singleLevelQuality" */ +387, /* "snmpv2" */ +660, /* "street" */ +85, /* "subjectAltName" */ +769, /* "subjectDirectoryAttributes" */ +398, /* "subjectInfoAccess" */ +82, /* "subjectKeyIdentifier" */ +498, /* "subtreeMaximumQuality" */ +497, /* "subtreeMinimumQuality" */ +890, /* "supportedAlgorithms" */ +874, /* "supportedApplicationContext" */ +402, /* "targetInformation" */ +864, /* "telephoneNumber" */ +866, /* "teletexTerminalIdentifier" */ +865, /* "telexNumber" */ +459, /* "textEncodedORAddress" */ +293, /* "textNotice" */ +133, /* "timeStamping" */ +106, /* "title" */ +682, /* "tpBasis" */ +375, /* "trustRoot" */ +436, /* "ucl" */ +888, /* "uniqueMember" */ +55, /* "unstructuredAddress" */ +49, /* "unstructuredName" */ +880, /* "userCertificate" */ +465, /* "userClass" */ +879, /* "userPassword" */ +373, /* "valid" */ +678, /* "wap" */ +679, /* "wap-wsg" */ +735, /* "wap-wsg-idm-ecid-wtls1" */ +743, /* "wap-wsg-idm-ecid-wtls10" */ +744, /* "wap-wsg-idm-ecid-wtls11" */ +745, /* "wap-wsg-idm-ecid-wtls12" */ +736, /* "wap-wsg-idm-ecid-wtls3" */ +737, /* "wap-wsg-idm-ecid-wtls4" */ +738, /* "wap-wsg-idm-ecid-wtls5" */ +739, /* "wap-wsg-idm-ecid-wtls6" */ +740, /* "wap-wsg-idm-ecid-wtls7" */ +741, /* "wap-wsg-idm-ecid-wtls8" */ +742, /* "wap-wsg-idm-ecid-wtls9" */ +804, /* "whirlpool" */ +868, /* "x121Address" */ +503, /* "x500UniqueIdentifier" */ +158, /* "x509Certificate" */ +160, /* "x509Crl" */ }; -static ASN1_OBJECT *ln_objs[NUM_LN]={ -&(nid_objs[363]),/* "AD Time Stamping" */ -&(nid_objs[405]),/* "ANSI X9.62" */ -&(nid_objs[368]),/* "Acceptable OCSP Responses" */ -&(nid_objs[664]),/* "Any language" */ -&(nid_objs[177]),/* "Authority Information Access" */ -&(nid_objs[365]),/* "Basic OCSP Response" */ -&(nid_objs[285]),/* "Biometric Info" */ -&(nid_objs[179]),/* "CA Issuers" */ -&(nid_objs[785]),/* "CA Repository" */ -&(nid_objs[131]),/* "Code Signing" */ -&(nid_objs[783]),/* "Diffie-Hellman based MAC" */ -&(nid_objs[382]),/* "Directory" */ -&(nid_objs[392]),/* "Domain" */ -&(nid_objs[132]),/* "E-mail Protection" */ -&(nid_objs[389]),/* "Enterprises" */ -&(nid_objs[384]),/* "Experimental" */ -&(nid_objs[372]),/* "Extended OCSP Status" */ -&(nid_objs[172]),/* "Extension Request" */ -&(nid_objs[813]),/* "GOST 28147-89" */ -&(nid_objs[849]),/* "GOST 28147-89 Cryptocom ParamSet" */ -&(nid_objs[815]),/* "GOST 28147-89 MAC" */ -&(nid_objs[851]),/* "GOST 34.10-2001 Cryptocom" */ -&(nid_objs[850]),/* "GOST 34.10-94 Cryptocom" */ -&(nid_objs[811]),/* "GOST R 34.10-2001" */ -&(nid_objs[817]),/* "GOST R 34.10-2001 DH" */ -&(nid_objs[812]),/* "GOST R 34.10-94" */ -&(nid_objs[818]),/* "GOST R 34.10-94 DH" */ -&(nid_objs[809]),/* "GOST R 34.11-94" */ -&(nid_objs[816]),/* "GOST R 34.11-94 PRF" */ -&(nid_objs[807]),/* "GOST R 34.11-94 with GOST R 34.10-2001" */ -&(nid_objs[853]),/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ -&(nid_objs[808]),/* "GOST R 34.11-94 with GOST R 34.10-94" */ -&(nid_objs[852]),/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ -&(nid_objs[854]),/* "GOST R 3410-2001 Parameter Set Cryptocom" */ -&(nid_objs[810]),/* "HMAC GOST 34.11-94" */ -&(nid_objs[432]),/* "Hold Instruction Call Issuer" */ -&(nid_objs[430]),/* "Hold Instruction Code" */ -&(nid_objs[431]),/* "Hold Instruction None" */ -&(nid_objs[433]),/* "Hold Instruction Reject" */ -&(nid_objs[634]),/* "ICC or token signature" */ -&(nid_objs[294]),/* "IPSec End System" */ -&(nid_objs[295]),/* "IPSec Tunnel" */ -&(nid_objs[296]),/* "IPSec User" */ -&(nid_objs[182]),/* "ISO Member Body" */ -&(nid_objs[183]),/* "ISO US Member Body" */ -&(nid_objs[667]),/* "Independent" */ -&(nid_objs[665]),/* "Inherit all" */ -&(nid_objs[647]),/* "International Organizations" */ -&(nid_objs[142]),/* "Invalidity Date" */ -&(nid_objs[504]),/* "MIME MHS" */ -&(nid_objs[388]),/* "Mail" */ -&(nid_objs[383]),/* "Management" */ -&(nid_objs[417]),/* "Microsoft CSP Name" */ -&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */ -&(nid_objs[138]),/* "Microsoft Encrypted File System" */ -&(nid_objs[171]),/* "Microsoft Extension Request" */ -&(nid_objs[134]),/* "Microsoft Individual Code Signing" */ -&(nid_objs[856]),/* "Microsoft Local Key set" */ -&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */ -&(nid_objs[648]),/* "Microsoft Smartcardlogin" */ -&(nid_objs[136]),/* "Microsoft Trust List Signing" */ -&(nid_objs[649]),/* "Microsoft Universal Principal Name" */ -&(nid_objs[393]),/* "NULL" */ -&(nid_objs[404]),/* "NULL" */ -&(nid_objs[72]),/* "Netscape Base Url" */ -&(nid_objs[76]),/* "Netscape CA Policy Url" */ -&(nid_objs[74]),/* "Netscape CA Revocation Url" */ -&(nid_objs[71]),/* "Netscape Cert Type" */ -&(nid_objs[58]),/* "Netscape Certificate Extension" */ -&(nid_objs[79]),/* "Netscape Certificate Sequence" */ -&(nid_objs[78]),/* "Netscape Comment" */ -&(nid_objs[57]),/* "Netscape Communications Corp." */ -&(nid_objs[59]),/* "Netscape Data Type" */ -&(nid_objs[75]),/* "Netscape Renewal Url" */ -&(nid_objs[73]),/* "Netscape Revocation Url" */ -&(nid_objs[77]),/* "Netscape SSL Server Name" */ -&(nid_objs[139]),/* "Netscape Server Gated Crypto" */ -&(nid_objs[178]),/* "OCSP" */ -&(nid_objs[370]),/* "OCSP Archive Cutoff" */ -&(nid_objs[367]),/* "OCSP CRL ID" */ -&(nid_objs[369]),/* "OCSP No Check" */ -&(nid_objs[366]),/* "OCSP Nonce" */ -&(nid_objs[371]),/* "OCSP Service Locator" */ -&(nid_objs[180]),/* "OCSP Signing" */ -&(nid_objs[161]),/* "PBES2" */ -&(nid_objs[69]),/* "PBKDF2" */ -&(nid_objs[162]),/* "PBMAC1" */ -&(nid_objs[127]),/* "PKIX" */ -&(nid_objs[858]),/* "Permanent Identifier" */ -&(nid_objs[164]),/* "Policy Qualifier CPS" */ -&(nid_objs[165]),/* "Policy Qualifier User Notice" */ -&(nid_objs[385]),/* "Private" */ -&(nid_objs[663]),/* "Proxy Certificate Information" */ -&(nid_objs[ 1]),/* "RSA Data Security, Inc." */ -&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */ -&(nid_objs[188]),/* "S/MIME" */ -&(nid_objs[167]),/* "S/MIME Capabilities" */ -&(nid_objs[387]),/* "SNMPv2" */ -&(nid_objs[512]),/* "Secure Electronic Transactions" */ -&(nid_objs[386]),/* "Security" */ -&(nid_objs[394]),/* "Selected Attribute Types" */ -&(nid_objs[143]),/* "Strong Extranet ID" */ -&(nid_objs[398]),/* "Subject Information Access" */ -&(nid_objs[130]),/* "TLS Web Client Authentication" */ -&(nid_objs[129]),/* "TLS Web Server Authentication" */ -&(nid_objs[133]),/* "Time Stamping" */ -&(nid_objs[375]),/* "Trust Root" */ -&(nid_objs[12]),/* "X509" */ -&(nid_objs[402]),/* "X509v3 AC Targeting" */ -&(nid_objs[746]),/* "X509v3 Any Policy" */ -&(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ -&(nid_objs[87]),/* "X509v3 Basic Constraints" */ -&(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ -&(nid_objs[88]),/* "X509v3 CRL Number" */ -&(nid_objs[141]),/* "X509v3 CRL Reason Code" */ -&(nid_objs[771]),/* "X509v3 Certificate Issuer" */ -&(nid_objs[89]),/* "X509v3 Certificate Policies" */ -&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ -&(nid_objs[126]),/* "X509v3 Extended Key Usage" */ -&(nid_objs[857]),/* "X509v3 Freshest CRL" */ -&(nid_objs[748]),/* "X509v3 Inhibit Any Policy" */ -&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ -&(nid_objs[770]),/* "X509v3 Issuing Distrubution Point" */ -&(nid_objs[83]),/* "X509v3 Key Usage" */ -&(nid_objs[666]),/* "X509v3 Name Constraints" */ -&(nid_objs[403]),/* "X509v3 No Revocation Available" */ -&(nid_objs[401]),/* "X509v3 Policy Constraints" */ -&(nid_objs[747]),/* "X509v3 Policy Mappings" */ -&(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ -&(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ -&(nid_objs[769]),/* "X509v3 Subject Directory Attributes" */ -&(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ -&(nid_objs[184]),/* "X9.57" */ -&(nid_objs[185]),/* "X9.57 CM ?" */ -&(nid_objs[478]),/* "aRecord" */ -&(nid_objs[289]),/* "aaControls" */ -&(nid_objs[287]),/* "ac-auditEntity" */ -&(nid_objs[397]),/* "ac-proxying" */ -&(nid_objs[288]),/* "ac-targeting" */ -&(nid_objs[446]),/* "account" */ -&(nid_objs[364]),/* "ad dvcs" */ -&(nid_objs[606]),/* "additional verification" */ -&(nid_objs[419]),/* "aes-128-cbc" */ -&(nid_objs[421]),/* "aes-128-cfb" */ -&(nid_objs[650]),/* "aes-128-cfb1" */ -&(nid_objs[653]),/* "aes-128-cfb8" */ -&(nid_objs[418]),/* "aes-128-ecb" */ -&(nid_objs[420]),/* "aes-128-ofb" */ -&(nid_objs[423]),/* "aes-192-cbc" */ -&(nid_objs[425]),/* "aes-192-cfb" */ -&(nid_objs[651]),/* "aes-192-cfb1" */ -&(nid_objs[654]),/* "aes-192-cfb8" */ -&(nid_objs[422]),/* "aes-192-ecb" */ -&(nid_objs[424]),/* "aes-192-ofb" */ -&(nid_objs[427]),/* "aes-256-cbc" */ -&(nid_objs[429]),/* "aes-256-cfb" */ -&(nid_objs[652]),/* "aes-256-cfb1" */ -&(nid_objs[655]),/* "aes-256-cfb8" */ -&(nid_objs[426]),/* "aes-256-ecb" */ -&(nid_objs[428]),/* "aes-256-ofb" */ -&(nid_objs[376]),/* "algorithm" */ -&(nid_objs[484]),/* "associatedDomain" */ -&(nid_objs[485]),/* "associatedName" */ -&(nid_objs[501]),/* "audio" */ -&(nid_objs[91]),/* "bf-cbc" */ -&(nid_objs[93]),/* "bf-cfb" */ -&(nid_objs[92]),/* "bf-ecb" */ -&(nid_objs[94]),/* "bf-ofb" */ -&(nid_objs[494]),/* "buildingName" */ -&(nid_objs[691]),/* "c2onb191v4" */ -&(nid_objs[692]),/* "c2onb191v5" */ -&(nid_objs[697]),/* "c2onb239v4" */ -&(nid_objs[698]),/* "c2onb239v5" */ -&(nid_objs[684]),/* "c2pnb163v1" */ -&(nid_objs[685]),/* "c2pnb163v2" */ -&(nid_objs[686]),/* "c2pnb163v3" */ -&(nid_objs[687]),/* "c2pnb176v1" */ -&(nid_objs[693]),/* "c2pnb208w1" */ -&(nid_objs[699]),/* "c2pnb272w1" */ -&(nid_objs[700]),/* "c2pnb304w1" */ -&(nid_objs[702]),/* "c2pnb368w1" */ -&(nid_objs[688]),/* "c2tnb191v1" */ -&(nid_objs[689]),/* "c2tnb191v2" */ -&(nid_objs[690]),/* "c2tnb191v3" */ -&(nid_objs[694]),/* "c2tnb239v1" */ -&(nid_objs[695]),/* "c2tnb239v2" */ -&(nid_objs[696]),/* "c2tnb239v3" */ -&(nid_objs[701]),/* "c2tnb359v1" */ -&(nid_objs[703]),/* "c2tnb431r1" */ -&(nid_objs[483]),/* "cNAMERecord" */ -&(nid_objs[751]),/* "camellia-128-cbc" */ -&(nid_objs[757]),/* "camellia-128-cfb" */ -&(nid_objs[760]),/* "camellia-128-cfb1" */ -&(nid_objs[763]),/* "camellia-128-cfb8" */ -&(nid_objs[754]),/* "camellia-128-ecb" */ -&(nid_objs[766]),/* "camellia-128-ofb" */ -&(nid_objs[752]),/* "camellia-192-cbc" */ -&(nid_objs[758]),/* "camellia-192-cfb" */ -&(nid_objs[761]),/* "camellia-192-cfb1" */ -&(nid_objs[764]),/* "camellia-192-cfb8" */ -&(nid_objs[755]),/* "camellia-192-ecb" */ -&(nid_objs[767]),/* "camellia-192-ofb" */ -&(nid_objs[753]),/* "camellia-256-cbc" */ -&(nid_objs[759]),/* "camellia-256-cfb" */ -&(nid_objs[762]),/* "camellia-256-cfb1" */ -&(nid_objs[765]),/* "camellia-256-cfb8" */ -&(nid_objs[756]),/* "camellia-256-ecb" */ -&(nid_objs[768]),/* "camellia-256-ofb" */ -&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */ -&(nid_objs[108]),/* "cast5-cbc" */ -&(nid_objs[110]),/* "cast5-cfb" */ -&(nid_objs[109]),/* "cast5-ecb" */ -&(nid_objs[111]),/* "cast5-ofb" */ -&(nid_objs[152]),/* "certBag" */ -&(nid_objs[677]),/* "certicom-arc" */ -&(nid_objs[517]),/* "certificate extensions" */ -&(nid_objs[54]),/* "challengePassword" */ -&(nid_objs[407]),/* "characteristic-two-field" */ -&(nid_objs[395]),/* "clearance" */ -&(nid_objs[633]),/* "cleartext track 2" */ -&(nid_objs[13]),/* "commonName" */ -&(nid_objs[513]),/* "content types" */ -&(nid_objs[50]),/* "contentType" */ -&(nid_objs[53]),/* "countersignature" */ -&(nid_objs[14]),/* "countryName" */ -&(nid_objs[153]),/* "crlBag" */ -&(nid_objs[806]),/* "cryptocom" */ -&(nid_objs[805]),/* "cryptopro" */ -&(nid_objs[500]),/* "dITRedirect" */ -&(nid_objs[451]),/* "dNSDomain" */ -&(nid_objs[495]),/* "dSAQuality" */ -&(nid_objs[434]),/* "data" */ -&(nid_objs[390]),/* "dcObject" */ -&(nid_objs[31]),/* "des-cbc" */ -&(nid_objs[643]),/* "des-cdmf" */ -&(nid_objs[30]),/* "des-cfb" */ -&(nid_objs[656]),/* "des-cfb1" */ -&(nid_objs[657]),/* "des-cfb8" */ -&(nid_objs[29]),/* "des-ecb" */ -&(nid_objs[32]),/* "des-ede" */ -&(nid_objs[43]),/* "des-ede-cbc" */ -&(nid_objs[60]),/* "des-ede-cfb" */ -&(nid_objs[62]),/* "des-ede-ofb" */ -&(nid_objs[33]),/* "des-ede3" */ -&(nid_objs[44]),/* "des-ede3-cbc" */ -&(nid_objs[61]),/* "des-ede3-cfb" */ -&(nid_objs[658]),/* "des-ede3-cfb1" */ -&(nid_objs[659]),/* "des-ede3-cfb8" */ -&(nid_objs[63]),/* "des-ede3-ofb" */ -&(nid_objs[45]),/* "des-ofb" */ -&(nid_objs[107]),/* "description" */ -&(nid_objs[80]),/* "desx-cbc" */ -&(nid_objs[28]),/* "dhKeyAgreement" */ -&(nid_objs[11]),/* "directory services (X.500)" */ -&(nid_objs[378]),/* "directory services - algorithms" */ -&(nid_objs[174]),/* "dnQualifier" */ -&(nid_objs[447]),/* "document" */ -&(nid_objs[471]),/* "documentAuthor" */ -&(nid_objs[468]),/* "documentIdentifier" */ -&(nid_objs[472]),/* "documentLocation" */ -&(nid_objs[502]),/* "documentPublisher" */ -&(nid_objs[449]),/* "documentSeries" */ -&(nid_objs[469]),/* "documentTitle" */ -&(nid_objs[470]),/* "documentVersion" */ -&(nid_objs[380]),/* "dod" */ -&(nid_objs[391]),/* "domainComponent" */ -&(nid_objs[452]),/* "domainRelatedObject" */ -&(nid_objs[116]),/* "dsaEncryption" */ -&(nid_objs[67]),/* "dsaEncryption-old" */ -&(nid_objs[66]),/* "dsaWithSHA" */ -&(nid_objs[113]),/* "dsaWithSHA1" */ -&(nid_objs[70]),/* "dsaWithSHA1-old" */ -&(nid_objs[802]),/* "dsa_with_SHA224" */ -&(nid_objs[803]),/* "dsa_with_SHA256" */ -&(nid_objs[297]),/* "dvcs" */ -&(nid_objs[791]),/* "ecdsa-with-Recommended" */ -&(nid_objs[416]),/* "ecdsa-with-SHA1" */ -&(nid_objs[793]),/* "ecdsa-with-SHA224" */ -&(nid_objs[794]),/* "ecdsa-with-SHA256" */ -&(nid_objs[795]),/* "ecdsa-with-SHA384" */ -&(nid_objs[796]),/* "ecdsa-with-SHA512" */ -&(nid_objs[792]),/* "ecdsa-with-Specified" */ -&(nid_objs[48]),/* "emailAddress" */ -&(nid_objs[632]),/* "encrypted track 2" */ -&(nid_objs[56]),/* "extendedCertificateAttributes" */ -&(nid_objs[462]),/* "favouriteDrink" */ -&(nid_objs[453]),/* "friendlyCountry" */ -&(nid_objs[490]),/* "friendlyCountryName" */ -&(nid_objs[156]),/* "friendlyName" */ -&(nid_objs[631]),/* "generate cryptogram" */ -&(nid_objs[509]),/* "generationQualifier" */ -&(nid_objs[601]),/* "generic cryptogram" */ -&(nid_objs[99]),/* "givenName" */ -&(nid_objs[814]),/* "gost89-cnt" */ -&(nid_objs[855]),/* "hmac" */ -&(nid_objs[780]),/* "hmac-md5" */ -&(nid_objs[781]),/* "hmac-sha1" */ -&(nid_objs[797]),/* "hmacWithMD5" */ -&(nid_objs[163]),/* "hmacWithSHA1" */ -&(nid_objs[798]),/* "hmacWithSHA224" */ -&(nid_objs[799]),/* "hmacWithSHA256" */ -&(nid_objs[800]),/* "hmacWithSHA384" */ -&(nid_objs[801]),/* "hmacWithSHA512" */ -&(nid_objs[486]),/* "homePostalAddress" */ -&(nid_objs[473]),/* "homeTelephoneNumber" */ -&(nid_objs[466]),/* "host" */ -&(nid_objs[442]),/* "iA5StringSyntax" */ -&(nid_objs[381]),/* "iana" */ -&(nid_objs[824]),/* "id-Gost28147-89-CryptoPro-A-ParamSet" */ -&(nid_objs[825]),/* "id-Gost28147-89-CryptoPro-B-ParamSet" */ -&(nid_objs[826]),/* "id-Gost28147-89-CryptoPro-C-ParamSet" */ -&(nid_objs[827]),/* "id-Gost28147-89-CryptoPro-D-ParamSet" */ -&(nid_objs[819]),/* "id-Gost28147-89-CryptoPro-KeyMeshing" */ -&(nid_objs[829]),/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ -&(nid_objs[828]),/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ -&(nid_objs[830]),/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ -&(nid_objs[820]),/* "id-Gost28147-89-None-KeyMeshing" */ -&(nid_objs[823]),/* "id-Gost28147-89-TestParamSet" */ -&(nid_objs[840]),/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ -&(nid_objs[841]),/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ -&(nid_objs[842]),/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ -&(nid_objs[843]),/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ -&(nid_objs[844]),/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ -&(nid_objs[839]),/* "id-GostR3410-2001-TestParamSet" */ -&(nid_objs[832]),/* "id-GostR3410-94-CryptoPro-A-ParamSet" */ -&(nid_objs[833]),/* "id-GostR3410-94-CryptoPro-B-ParamSet" */ -&(nid_objs[834]),/* "id-GostR3410-94-CryptoPro-C-ParamSet" */ -&(nid_objs[835]),/* "id-GostR3410-94-CryptoPro-D-ParamSet" */ -&(nid_objs[836]),/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ -&(nid_objs[837]),/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ -&(nid_objs[838]),/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ -&(nid_objs[831]),/* "id-GostR3410-94-TestParamSet" */ -&(nid_objs[845]),/* "id-GostR3410-94-a" */ -&(nid_objs[846]),/* "id-GostR3410-94-aBis" */ -&(nid_objs[847]),/* "id-GostR3410-94-b" */ -&(nid_objs[848]),/* "id-GostR3410-94-bBis" */ -&(nid_objs[822]),/* "id-GostR3411-94-CryptoProParamSet" */ -&(nid_objs[821]),/* "id-GostR3411-94-TestParamSet" */ -&(nid_objs[266]),/* "id-aca" */ -&(nid_objs[355]),/* "id-aca-accessIdentity" */ -&(nid_objs[354]),/* "id-aca-authenticationInfo" */ -&(nid_objs[356]),/* "id-aca-chargingIdentity" */ -&(nid_objs[399]),/* "id-aca-encAttrs" */ -&(nid_objs[357]),/* "id-aca-group" */ -&(nid_objs[358]),/* "id-aca-role" */ -&(nid_objs[176]),/* "id-ad" */ -&(nid_objs[788]),/* "id-aes128-wrap" */ -&(nid_objs[789]),/* "id-aes192-wrap" */ -&(nid_objs[790]),/* "id-aes256-wrap" */ -&(nid_objs[262]),/* "id-alg" */ -&(nid_objs[323]),/* "id-alg-des40" */ -&(nid_objs[326]),/* "id-alg-dh-pop" */ -&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */ -&(nid_objs[324]),/* "id-alg-noSignature" */ -&(nid_objs[268]),/* "id-cct" */ -&(nid_objs[361]),/* "id-cct-PKIData" */ -&(nid_objs[362]),/* "id-cct-PKIResponse" */ -&(nid_objs[360]),/* "id-cct-crs" */ -&(nid_objs[81]),/* "id-ce" */ -&(nid_objs[680]),/* "id-characteristic-two-basis" */ -&(nid_objs[263]),/* "id-cmc" */ -&(nid_objs[334]),/* "id-cmc-addExtensions" */ -&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */ -&(nid_objs[330]),/* "id-cmc-dataReturn" */ -&(nid_objs[336]),/* "id-cmc-decryptedPOP" */ -&(nid_objs[335]),/* "id-cmc-encryptedPOP" */ -&(nid_objs[339]),/* "id-cmc-getCRL" */ -&(nid_objs[338]),/* "id-cmc-getCert" */ -&(nid_objs[328]),/* "id-cmc-identification" */ -&(nid_objs[329]),/* "id-cmc-identityProof" */ -&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */ -&(nid_objs[344]),/* "id-cmc-popLinkRandom" */ -&(nid_objs[345]),/* "id-cmc-popLinkWitness" */ -&(nid_objs[343]),/* "id-cmc-queryPending" */ -&(nid_objs[333]),/* "id-cmc-recipientNonce" */ -&(nid_objs[341]),/* "id-cmc-regInfo" */ -&(nid_objs[342]),/* "id-cmc-responseInfo" */ -&(nid_objs[340]),/* "id-cmc-revokeRequest" */ -&(nid_objs[332]),/* "id-cmc-senderNonce" */ -&(nid_objs[327]),/* "id-cmc-statusInfo" */ -&(nid_objs[331]),/* "id-cmc-transactionId" */ -&(nid_objs[787]),/* "id-ct-asciiTextWithCRLF" */ -&(nid_objs[408]),/* "id-ecPublicKey" */ -&(nid_objs[508]),/* "id-hex-multipart-message" */ -&(nid_objs[507]),/* "id-hex-partial-message" */ -&(nid_objs[260]),/* "id-it" */ -&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */ -&(nid_objs[298]),/* "id-it-caProtEncCert" */ -&(nid_objs[311]),/* "id-it-confirmWaitTime" */ -&(nid_objs[303]),/* "id-it-currentCRL" */ -&(nid_objs[300]),/* "id-it-encKeyPairTypes" */ -&(nid_objs[310]),/* "id-it-implicitConfirm" */ -&(nid_objs[308]),/* "id-it-keyPairParamRep" */ -&(nid_objs[307]),/* "id-it-keyPairParamReq" */ -&(nid_objs[312]),/* "id-it-origPKIMessage" */ -&(nid_objs[301]),/* "id-it-preferredSymmAlg" */ -&(nid_objs[309]),/* "id-it-revPassphrase" */ -&(nid_objs[299]),/* "id-it-signKeyPairTypes" */ -&(nid_objs[305]),/* "id-it-subscriptionRequest" */ -&(nid_objs[306]),/* "id-it-subscriptionResponse" */ -&(nid_objs[784]),/* "id-it-suppLangTags" */ -&(nid_objs[304]),/* "id-it-unsupportedOIDs" */ -&(nid_objs[128]),/* "id-kp" */ -&(nid_objs[280]),/* "id-mod-attribute-cert" */ -&(nid_objs[274]),/* "id-mod-cmc" */ -&(nid_objs[277]),/* "id-mod-cmp" */ -&(nid_objs[284]),/* "id-mod-cmp2000" */ -&(nid_objs[273]),/* "id-mod-crmf" */ -&(nid_objs[283]),/* "id-mod-dvcs" */ -&(nid_objs[275]),/* "id-mod-kea-profile-88" */ -&(nid_objs[276]),/* "id-mod-kea-profile-93" */ -&(nid_objs[282]),/* "id-mod-ocsp" */ -&(nid_objs[278]),/* "id-mod-qualified-cert-88" */ -&(nid_objs[279]),/* "id-mod-qualified-cert-93" */ -&(nid_objs[281]),/* "id-mod-timestamp-protocol" */ -&(nid_objs[264]),/* "id-on" */ -&(nid_objs[347]),/* "id-on-personalData" */ -&(nid_objs[265]),/* "id-pda" */ -&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */ -&(nid_objs[353]),/* "id-pda-countryOfResidence" */ -&(nid_objs[348]),/* "id-pda-dateOfBirth" */ -&(nid_objs[351]),/* "id-pda-gender" */ -&(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[175]),/* "id-pe" */ -&(nid_objs[261]),/* "id-pkip" */ -&(nid_objs[258]),/* "id-pkix-mod" */ -&(nid_objs[269]),/* "id-pkix1-explicit-88" */ -&(nid_objs[271]),/* "id-pkix1-explicit-93" */ -&(nid_objs[270]),/* "id-pkix1-implicit-88" */ -&(nid_objs[272]),/* "id-pkix1-implicit-93" */ -&(nid_objs[662]),/* "id-ppl" */ -&(nid_objs[267]),/* "id-qcs" */ -&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */ -&(nid_objs[259]),/* "id-qt" */ -&(nid_objs[313]),/* "id-regCtrl" */ -&(nid_objs[316]),/* "id-regCtrl-authenticator" */ -&(nid_objs[319]),/* "id-regCtrl-oldCertID" */ -&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */ -&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */ -&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */ -&(nid_objs[315]),/* "id-regCtrl-regToken" */ -&(nid_objs[314]),/* "id-regInfo" */ -&(nid_objs[322]),/* "id-regInfo-certReq" */ -&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */ -&(nid_objs[191]),/* "id-smime-aa" */ -&(nid_objs[215]),/* "id-smime-aa-contentHint" */ -&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */ -&(nid_objs[221]),/* "id-smime-aa-contentReference" */ -&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */ -&(nid_objs[217]),/* "id-smime-aa-encapContentType" */ -&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */ -&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */ -&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */ -&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */ -&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */ -&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */ -&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */ -&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */ -&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */ -&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */ -&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */ -&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */ -&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */ -&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */ -&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */ -&(nid_objs[219]),/* "id-smime-aa-macValue" */ -&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */ -&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */ -&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */ -&(nid_objs[213]),/* "id-smime-aa-securityLabel" */ -&(nid_objs[239]),/* "id-smime-aa-signatureType" */ -&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */ -&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */ -&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */ -&(nid_objs[192]),/* "id-smime-alg" */ -&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */ -&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */ -&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */ -&(nid_objs[245]),/* "id-smime-alg-ESDH" */ -&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */ -&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */ -&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */ -&(nid_objs[193]),/* "id-smime-cd" */ -&(nid_objs[248]),/* "id-smime-cd-ldap" */ -&(nid_objs[190]),/* "id-smime-ct" */ -&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */ -&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */ -&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */ -&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */ -&(nid_objs[205]),/* "id-smime-ct-authData" */ -&(nid_objs[786]),/* "id-smime-ct-compressedData" */ -&(nid_objs[209]),/* "id-smime-ct-contentInfo" */ -&(nid_objs[206]),/* "id-smime-ct-publishCert" */ -&(nid_objs[204]),/* "id-smime-ct-receipt" */ -&(nid_objs[195]),/* "id-smime-cti" */ -&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */ -&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */ -&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */ -&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */ -&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */ -&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */ -&(nid_objs[189]),/* "id-smime-mod" */ -&(nid_objs[196]),/* "id-smime-mod-cms" */ -&(nid_objs[197]),/* "id-smime-mod-ess" */ -&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */ -&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */ -&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */ -&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */ -&(nid_objs[199]),/* "id-smime-mod-msg-v3" */ -&(nid_objs[198]),/* "id-smime-mod-oid" */ -&(nid_objs[194]),/* "id-smime-spq" */ -&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */ -&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ -&(nid_objs[34]),/* "idea-cbc" */ -&(nid_objs[35]),/* "idea-cfb" */ -&(nid_objs[36]),/* "idea-ecb" */ -&(nid_objs[46]),/* "idea-ofb" */ -&(nid_objs[676]),/* "identified-organization" */ -&(nid_objs[461]),/* "info" */ -&(nid_objs[101]),/* "initials" */ -&(nid_objs[749]),/* "ipsec3" */ -&(nid_objs[750]),/* "ipsec4" */ -&(nid_objs[181]),/* "iso" */ -&(nid_objs[623]),/* "issuer capabilities" */ -&(nid_objs[645]),/* "itu-t" */ -&(nid_objs[492]),/* "janetMailbox" */ -&(nid_objs[646]),/* "joint-iso-itu-t" */ -&(nid_objs[150]),/* "keyBag" */ -&(nid_objs[773]),/* "kisa" */ -&(nid_objs[477]),/* "lastModifiedBy" */ -&(nid_objs[476]),/* "lastModifiedTime" */ -&(nid_objs[157]),/* "localKeyID" */ -&(nid_objs[15]),/* "localityName" */ -&(nid_objs[480]),/* "mXRecord" */ -&(nid_objs[493]),/* "mailPreferenceOption" */ -&(nid_objs[467]),/* "manager" */ -&(nid_objs[ 3]),/* "md2" */ -&(nid_objs[ 7]),/* "md2WithRSAEncryption" */ -&(nid_objs[257]),/* "md4" */ -&(nid_objs[396]),/* "md4WithRSAEncryption" */ -&(nid_objs[ 4]),/* "md5" */ -&(nid_objs[114]),/* "md5-sha1" */ -&(nid_objs[104]),/* "md5WithRSA" */ -&(nid_objs[ 8]),/* "md5WithRSAEncryption" */ -&(nid_objs[95]),/* "mdc2" */ -&(nid_objs[96]),/* "mdc2WithRSA" */ -&(nid_objs[602]),/* "merchant initiated auth" */ -&(nid_objs[514]),/* "message extensions" */ -&(nid_objs[51]),/* "messageDigest" */ -&(nid_objs[506]),/* "mime-mhs-bodies" */ -&(nid_objs[505]),/* "mime-mhs-headings" */ -&(nid_objs[488]),/* "mobileTelephoneNumber" */ -&(nid_objs[481]),/* "nSRecord" */ -&(nid_objs[173]),/* "name" */ -&(nid_objs[681]),/* "onBasis" */ -&(nid_objs[379]),/* "org" */ -&(nid_objs[17]),/* "organizationName" */ -&(nid_objs[491]),/* "organizationalStatus" */ -&(nid_objs[18]),/* "organizationalUnitName" */ -&(nid_objs[475]),/* "otherMailbox" */ -&(nid_objs[489]),/* "pagerTelephoneNumber" */ -&(nid_objs[782]),/* "password based MAC" */ -&(nid_objs[374]),/* "path" */ -&(nid_objs[621]),/* "payment gateway capabilities" */ -&(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */ -&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */ -&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */ -&(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */ -&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */ -&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */ -&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */ -&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */ -&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */ -&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */ -&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */ -&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */ -&(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */ -&(nid_objs[499]),/* "personalSignature" */ -&(nid_objs[487]),/* "personalTitle" */ -&(nid_objs[464]),/* "photo" */ -&(nid_objs[437]),/* "pilot" */ -&(nid_objs[439]),/* "pilotAttributeSyntax" */ -&(nid_objs[438]),/* "pilotAttributeType" */ -&(nid_objs[479]),/* "pilotAttributeType27" */ -&(nid_objs[456]),/* "pilotDSA" */ -&(nid_objs[441]),/* "pilotGroups" */ -&(nid_objs[444]),/* "pilotObject" */ -&(nid_objs[440]),/* "pilotObjectClass" */ -&(nid_objs[455]),/* "pilotOrganization" */ -&(nid_objs[445]),/* "pilotPerson" */ -&(nid_objs[186]),/* "pkcs1" */ -&(nid_objs[27]),/* "pkcs3" */ -&(nid_objs[187]),/* "pkcs5" */ -&(nid_objs[20]),/* "pkcs7" */ -&(nid_objs[21]),/* "pkcs7-data" */ -&(nid_objs[25]),/* "pkcs7-digestData" */ -&(nid_objs[26]),/* "pkcs7-encryptedData" */ -&(nid_objs[23]),/* "pkcs7-envelopedData" */ -&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */ -&(nid_objs[22]),/* "pkcs7-signedData" */ -&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ -&(nid_objs[47]),/* "pkcs9" */ -&(nid_objs[661]),/* "postalCode" */ -&(nid_objs[683]),/* "ppBasis" */ -&(nid_objs[406]),/* "prime-field" */ -&(nid_objs[409]),/* "prime192v1" */ -&(nid_objs[410]),/* "prime192v2" */ -&(nid_objs[411]),/* "prime192v3" */ -&(nid_objs[412]),/* "prime239v1" */ -&(nid_objs[413]),/* "prime239v2" */ -&(nid_objs[414]),/* "prime239v3" */ -&(nid_objs[415]),/* "prime256v1" */ -&(nid_objs[510]),/* "pseudonym" */ -&(nid_objs[435]),/* "pss" */ -&(nid_objs[286]),/* "qcStatements" */ -&(nid_objs[457]),/* "qualityLabelledData" */ -&(nid_objs[450]),/* "rFC822localPart" */ -&(nid_objs[98]),/* "rc2-40-cbc" */ -&(nid_objs[166]),/* "rc2-64-cbc" */ -&(nid_objs[37]),/* "rc2-cbc" */ -&(nid_objs[39]),/* "rc2-cfb" */ -&(nid_objs[38]),/* "rc2-ecb" */ -&(nid_objs[40]),/* "rc2-ofb" */ -&(nid_objs[ 5]),/* "rc4" */ -&(nid_objs[97]),/* "rc4-40" */ -&(nid_objs[120]),/* "rc5-cbc" */ -&(nid_objs[122]),/* "rc5-cfb" */ -&(nid_objs[121]),/* "rc5-ecb" */ -&(nid_objs[123]),/* "rc5-ofb" */ -&(nid_objs[460]),/* "rfc822Mailbox" */ -&(nid_objs[117]),/* "ripemd160" */ -&(nid_objs[119]),/* "ripemd160WithRSA" */ -&(nid_objs[400]),/* "role" */ -&(nid_objs[448]),/* "room" */ -&(nid_objs[463]),/* "roomNumber" */ -&(nid_objs[19]),/* "rsa" */ -&(nid_objs[ 6]),/* "rsaEncryption" */ -&(nid_objs[644]),/* "rsaOAEPEncryptionSET" */ -&(nid_objs[377]),/* "rsaSignature" */ -&(nid_objs[124]),/* "run length compression" */ -&(nid_objs[482]),/* "sOARecord" */ -&(nid_objs[155]),/* "safeContentsBag" */ -&(nid_objs[291]),/* "sbgp-autonomousSysNum" */ -&(nid_objs[290]),/* "sbgp-ipAddrBlock" */ -&(nid_objs[292]),/* "sbgp-routerIdentifier" */ -&(nid_objs[159]),/* "sdsiCertificate" */ -&(nid_objs[704]),/* "secp112r1" */ -&(nid_objs[705]),/* "secp112r2" */ -&(nid_objs[706]),/* "secp128r1" */ -&(nid_objs[707]),/* "secp128r2" */ -&(nid_objs[708]),/* "secp160k1" */ -&(nid_objs[709]),/* "secp160r1" */ -&(nid_objs[710]),/* "secp160r2" */ -&(nid_objs[711]),/* "secp192k1" */ -&(nid_objs[712]),/* "secp224k1" */ -&(nid_objs[713]),/* "secp224r1" */ -&(nid_objs[714]),/* "secp256k1" */ -&(nid_objs[715]),/* "secp384r1" */ -&(nid_objs[716]),/* "secp521r1" */ -&(nid_objs[154]),/* "secretBag" */ -&(nid_objs[474]),/* "secretary" */ -&(nid_objs[717]),/* "sect113r1" */ -&(nid_objs[718]),/* "sect113r2" */ -&(nid_objs[719]),/* "sect131r1" */ -&(nid_objs[720]),/* "sect131r2" */ -&(nid_objs[721]),/* "sect163k1" */ -&(nid_objs[722]),/* "sect163r1" */ -&(nid_objs[723]),/* "sect163r2" */ -&(nid_objs[724]),/* "sect193r1" */ -&(nid_objs[725]),/* "sect193r2" */ -&(nid_objs[726]),/* "sect233k1" */ -&(nid_objs[727]),/* "sect233r1" */ -&(nid_objs[728]),/* "sect239k1" */ -&(nid_objs[729]),/* "sect283k1" */ -&(nid_objs[730]),/* "sect283r1" */ -&(nid_objs[731]),/* "sect409k1" */ -&(nid_objs[732]),/* "sect409r1" */ -&(nid_objs[733]),/* "sect571k1" */ -&(nid_objs[734]),/* "sect571r1" */ -&(nid_objs[635]),/* "secure device signature" */ -&(nid_objs[777]),/* "seed-cbc" */ -&(nid_objs[779]),/* "seed-cfb" */ -&(nid_objs[776]),/* "seed-ecb" */ -&(nid_objs[778]),/* "seed-ofb" */ -&(nid_objs[105]),/* "serialNumber" */ -&(nid_objs[625]),/* "set-addPolicy" */ -&(nid_objs[515]),/* "set-attr" */ -&(nid_objs[518]),/* "set-brand" */ -&(nid_objs[638]),/* "set-brand-AmericanExpress" */ -&(nid_objs[637]),/* "set-brand-Diners" */ -&(nid_objs[636]),/* "set-brand-IATA-ATA" */ -&(nid_objs[639]),/* "set-brand-JCB" */ -&(nid_objs[641]),/* "set-brand-MasterCard" */ -&(nid_objs[642]),/* "set-brand-Novus" */ -&(nid_objs[640]),/* "set-brand-Visa" */ -&(nid_objs[516]),/* "set-policy" */ -&(nid_objs[607]),/* "set-policy-root" */ -&(nid_objs[624]),/* "set-rootKeyThumb" */ -&(nid_objs[620]),/* "setAttr-Cert" */ -&(nid_objs[628]),/* "setAttr-IssCap-CVM" */ -&(nid_objs[630]),/* "setAttr-IssCap-Sig" */ -&(nid_objs[629]),/* "setAttr-IssCap-T2" */ -&(nid_objs[627]),/* "setAttr-Token-B0Prime" */ -&(nid_objs[626]),/* "setAttr-Token-EMV" */ -&(nid_objs[622]),/* "setAttr-TokenType" */ -&(nid_objs[619]),/* "setCext-IssuerCapabilities" */ -&(nid_objs[615]),/* "setCext-PGWYcapabilities" */ -&(nid_objs[616]),/* "setCext-TokenIdentifier" */ -&(nid_objs[618]),/* "setCext-TokenType" */ -&(nid_objs[617]),/* "setCext-Track2Data" */ -&(nid_objs[611]),/* "setCext-cCertRequired" */ -&(nid_objs[609]),/* "setCext-certType" */ -&(nid_objs[608]),/* "setCext-hashedRoot" */ -&(nid_objs[610]),/* "setCext-merchData" */ -&(nid_objs[613]),/* "setCext-setExt" */ -&(nid_objs[614]),/* "setCext-setQualf" */ -&(nid_objs[612]),/* "setCext-tunneling" */ -&(nid_objs[540]),/* "setct-AcqCardCodeMsg" */ -&(nid_objs[576]),/* "setct-AcqCardCodeMsgTBE" */ -&(nid_objs[570]),/* "setct-AuthReqTBE" */ -&(nid_objs[534]),/* "setct-AuthReqTBS" */ -&(nid_objs[527]),/* "setct-AuthResBaggage" */ -&(nid_objs[571]),/* "setct-AuthResTBE" */ -&(nid_objs[572]),/* "setct-AuthResTBEX" */ -&(nid_objs[535]),/* "setct-AuthResTBS" */ -&(nid_objs[536]),/* "setct-AuthResTBSX" */ -&(nid_objs[528]),/* "setct-AuthRevReqBaggage" */ -&(nid_objs[577]),/* "setct-AuthRevReqTBE" */ -&(nid_objs[541]),/* "setct-AuthRevReqTBS" */ -&(nid_objs[529]),/* "setct-AuthRevResBaggage" */ -&(nid_objs[542]),/* "setct-AuthRevResData" */ -&(nid_objs[578]),/* "setct-AuthRevResTBE" */ -&(nid_objs[579]),/* "setct-AuthRevResTBEB" */ -&(nid_objs[543]),/* "setct-AuthRevResTBS" */ -&(nid_objs[573]),/* "setct-AuthTokenTBE" */ -&(nid_objs[537]),/* "setct-AuthTokenTBS" */ -&(nid_objs[600]),/* "setct-BCIDistributionTBS" */ -&(nid_objs[558]),/* "setct-BatchAdminReqData" */ -&(nid_objs[592]),/* "setct-BatchAdminReqTBE" */ -&(nid_objs[559]),/* "setct-BatchAdminResData" */ -&(nid_objs[593]),/* "setct-BatchAdminResTBE" */ -&(nid_objs[599]),/* "setct-CRLNotificationResTBS" */ -&(nid_objs[598]),/* "setct-CRLNotificationTBS" */ -&(nid_objs[580]),/* "setct-CapReqTBE" */ -&(nid_objs[581]),/* "setct-CapReqTBEX" */ -&(nid_objs[544]),/* "setct-CapReqTBS" */ -&(nid_objs[545]),/* "setct-CapReqTBSX" */ -&(nid_objs[546]),/* "setct-CapResData" */ -&(nid_objs[582]),/* "setct-CapResTBE" */ -&(nid_objs[583]),/* "setct-CapRevReqTBE" */ -&(nid_objs[584]),/* "setct-CapRevReqTBEX" */ -&(nid_objs[547]),/* "setct-CapRevReqTBS" */ -&(nid_objs[548]),/* "setct-CapRevReqTBSX" */ -&(nid_objs[549]),/* "setct-CapRevResData" */ -&(nid_objs[585]),/* "setct-CapRevResTBE" */ -&(nid_objs[538]),/* "setct-CapTokenData" */ -&(nid_objs[530]),/* "setct-CapTokenSeq" */ -&(nid_objs[574]),/* "setct-CapTokenTBE" */ -&(nid_objs[575]),/* "setct-CapTokenTBEX" */ -&(nid_objs[539]),/* "setct-CapTokenTBS" */ -&(nid_objs[560]),/* "setct-CardCInitResTBS" */ -&(nid_objs[566]),/* "setct-CertInqReqTBS" */ -&(nid_objs[563]),/* "setct-CertReqData" */ -&(nid_objs[595]),/* "setct-CertReqTBE" */ -&(nid_objs[596]),/* "setct-CertReqTBEX" */ -&(nid_objs[564]),/* "setct-CertReqTBS" */ -&(nid_objs[565]),/* "setct-CertResData" */ -&(nid_objs[597]),/* "setct-CertResTBE" */ -&(nid_objs[586]),/* "setct-CredReqTBE" */ -&(nid_objs[587]),/* "setct-CredReqTBEX" */ -&(nid_objs[550]),/* "setct-CredReqTBS" */ -&(nid_objs[551]),/* "setct-CredReqTBSX" */ -&(nid_objs[552]),/* "setct-CredResData" */ -&(nid_objs[588]),/* "setct-CredResTBE" */ -&(nid_objs[589]),/* "setct-CredRevReqTBE" */ -&(nid_objs[590]),/* "setct-CredRevReqTBEX" */ -&(nid_objs[553]),/* "setct-CredRevReqTBS" */ -&(nid_objs[554]),/* "setct-CredRevReqTBSX" */ -&(nid_objs[555]),/* "setct-CredRevResData" */ -&(nid_objs[591]),/* "setct-CredRevResTBE" */ -&(nid_objs[567]),/* "setct-ErrorTBS" */ -&(nid_objs[526]),/* "setct-HODInput" */ -&(nid_objs[561]),/* "setct-MeAqCInitResTBS" */ -&(nid_objs[522]),/* "setct-OIData" */ -&(nid_objs[519]),/* "setct-PANData" */ -&(nid_objs[521]),/* "setct-PANOnly" */ -&(nid_objs[520]),/* "setct-PANToken" */ -&(nid_objs[556]),/* "setct-PCertReqData" */ -&(nid_objs[557]),/* "setct-PCertResTBS" */ -&(nid_objs[523]),/* "setct-PI" */ -&(nid_objs[532]),/* "setct-PI-TBS" */ -&(nid_objs[524]),/* "setct-PIData" */ -&(nid_objs[525]),/* "setct-PIDataUnsigned" */ -&(nid_objs[568]),/* "setct-PIDualSignedTBE" */ -&(nid_objs[569]),/* "setct-PIUnsignedTBE" */ -&(nid_objs[531]),/* "setct-PInitResData" */ -&(nid_objs[533]),/* "setct-PResData" */ -&(nid_objs[594]),/* "setct-RegFormReqTBE" */ -&(nid_objs[562]),/* "setct-RegFormResTBS" */ -&(nid_objs[604]),/* "setext-pinAny" */ -&(nid_objs[603]),/* "setext-pinSecure" */ -&(nid_objs[605]),/* "setext-track2" */ -&(nid_objs[41]),/* "sha" */ -&(nid_objs[64]),/* "sha1" */ -&(nid_objs[115]),/* "sha1WithRSA" */ -&(nid_objs[65]),/* "sha1WithRSAEncryption" */ -&(nid_objs[675]),/* "sha224" */ -&(nid_objs[671]),/* "sha224WithRSAEncryption" */ -&(nid_objs[672]),/* "sha256" */ -&(nid_objs[668]),/* "sha256WithRSAEncryption" */ -&(nid_objs[673]),/* "sha384" */ -&(nid_objs[669]),/* "sha384WithRSAEncryption" */ -&(nid_objs[674]),/* "sha512" */ -&(nid_objs[670]),/* "sha512WithRSAEncryption" */ -&(nid_objs[42]),/* "shaWithRSAEncryption" */ -&(nid_objs[52]),/* "signingTime" */ -&(nid_objs[454]),/* "simpleSecurityObject" */ -&(nid_objs[496]),/* "singleLevelQuality" */ -&(nid_objs[16]),/* "stateOrProvinceName" */ -&(nid_objs[660]),/* "streetAddress" */ -&(nid_objs[498]),/* "subtreeMaximumQuality" */ -&(nid_objs[497]),/* "subtreeMinimumQuality" */ -&(nid_objs[100]),/* "surname" */ -&(nid_objs[459]),/* "textEncodedORAddress" */ -&(nid_objs[293]),/* "textNotice" */ -&(nid_objs[106]),/* "title" */ -&(nid_objs[682]),/* "tpBasis" */ -&(nid_objs[436]),/* "ucl" */ -&(nid_objs[ 0]),/* "undefined" */ -&(nid_objs[55]),/* "unstructuredAddress" */ -&(nid_objs[49]),/* "unstructuredName" */ -&(nid_objs[465]),/* "userClass" */ -&(nid_objs[458]),/* "userId" */ -&(nid_objs[373]),/* "valid" */ -&(nid_objs[678]),/* "wap" */ -&(nid_objs[679]),/* "wap-wsg" */ -&(nid_objs[735]),/* "wap-wsg-idm-ecid-wtls1" */ -&(nid_objs[743]),/* "wap-wsg-idm-ecid-wtls10" */ -&(nid_objs[744]),/* "wap-wsg-idm-ecid-wtls11" */ -&(nid_objs[745]),/* "wap-wsg-idm-ecid-wtls12" */ -&(nid_objs[736]),/* "wap-wsg-idm-ecid-wtls3" */ -&(nid_objs[737]),/* "wap-wsg-idm-ecid-wtls4" */ -&(nid_objs[738]),/* "wap-wsg-idm-ecid-wtls5" */ -&(nid_objs[739]),/* "wap-wsg-idm-ecid-wtls6" */ -&(nid_objs[740]),/* "wap-wsg-idm-ecid-wtls7" */ -&(nid_objs[741]),/* "wap-wsg-idm-ecid-wtls8" */ -&(nid_objs[742]),/* "wap-wsg-idm-ecid-wtls9" */ -&(nid_objs[804]),/* "whirlpool" */ -&(nid_objs[503]),/* "x500UniqueIdentifier" */ -&(nid_objs[158]),/* "x509Certificate" */ -&(nid_objs[160]),/* "x509Crl" */ -&(nid_objs[125]),/* "zlib compression" */ +static const unsigned int ln_objs[NUM_LN]={ +363, /* "AD Time Stamping" */ +405, /* "ANSI X9.62" */ +368, /* "Acceptable OCSP Responses" */ +664, /* "Any language" */ +177, /* "Authority Information Access" */ +365, /* "Basic OCSP Response" */ +285, /* "Biometric Info" */ +179, /* "CA Issuers" */ +785, /* "CA Repository" */ +131, /* "Code Signing" */ +783, /* "Diffie-Hellman based MAC" */ +382, /* "Directory" */ +392, /* "Domain" */ +132, /* "E-mail Protection" */ +389, /* "Enterprises" */ +384, /* "Experimental" */ +372, /* "Extended OCSP Status" */ +172, /* "Extension Request" */ +813, /* "GOST 28147-89" */ +849, /* "GOST 28147-89 Cryptocom ParamSet" */ +815, /* "GOST 28147-89 MAC" */ +851, /* "GOST 34.10-2001 Cryptocom" */ +850, /* "GOST 34.10-94 Cryptocom" */ +811, /* "GOST R 34.10-2001" */ +817, /* "GOST R 34.10-2001 DH" */ +812, /* "GOST R 34.10-94" */ +818, /* "GOST R 34.10-94 DH" */ +809, /* "GOST R 34.11-94" */ +816, /* "GOST R 34.11-94 PRF" */ +807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ +853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ +808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ +852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ +854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ +810, /* "HMAC GOST 34.11-94" */ +432, /* "Hold Instruction Call Issuer" */ +430, /* "Hold Instruction Code" */ +431, /* "Hold Instruction None" */ +433, /* "Hold Instruction Reject" */ +634, /* "ICC or token signature" */ +294, /* "IPSec End System" */ +295, /* "IPSec Tunnel" */ +296, /* "IPSec User" */ +182, /* "ISO Member Body" */ +183, /* "ISO US Member Body" */ +667, /* "Independent" */ +665, /* "Inherit all" */ +647, /* "International Organizations" */ +142, /* "Invalidity Date" */ +504, /* "MIME MHS" */ +388, /* "Mail" */ +383, /* "Management" */ +417, /* "Microsoft CSP Name" */ +135, /* "Microsoft Commercial Code Signing" */ +138, /* "Microsoft Encrypted File System" */ +171, /* "Microsoft Extension Request" */ +134, /* "Microsoft Individual Code Signing" */ +856, /* "Microsoft Local Key set" */ +137, /* "Microsoft Server Gated Crypto" */ +648, /* "Microsoft Smartcardlogin" */ +136, /* "Microsoft Trust List Signing" */ +649, /* "Microsoft Universal Principal Name" */ +393, /* "NULL" */ +404, /* "NULL" */ +72, /* "Netscape Base Url" */ +76, /* "Netscape CA Policy Url" */ +74, /* "Netscape CA Revocation Url" */ +71, /* "Netscape Cert Type" */ +58, /* "Netscape Certificate Extension" */ +79, /* "Netscape Certificate Sequence" */ +78, /* "Netscape Comment" */ +57, /* "Netscape Communications Corp." */ +59, /* "Netscape Data Type" */ +75, /* "Netscape Renewal Url" */ +73, /* "Netscape Revocation Url" */ +77, /* "Netscape SSL Server Name" */ +139, /* "Netscape Server Gated Crypto" */ +178, /* "OCSP" */ +370, /* "OCSP Archive Cutoff" */ +367, /* "OCSP CRL ID" */ +369, /* "OCSP No Check" */ +366, /* "OCSP Nonce" */ +371, /* "OCSP Service Locator" */ +180, /* "OCSP Signing" */ +161, /* "PBES2" */ +69, /* "PBKDF2" */ +162, /* "PBMAC1" */ +127, /* "PKIX" */ +858, /* "Permanent Identifier" */ +164, /* "Policy Qualifier CPS" */ +165, /* "Policy Qualifier User Notice" */ +385, /* "Private" */ +663, /* "Proxy Certificate Information" */ + 1, /* "RSA Data Security, Inc." */ + 2, /* "RSA Data Security, Inc. PKCS" */ +188, /* "S/MIME" */ +167, /* "S/MIME Capabilities" */ +387, /* "SNMPv2" */ +512, /* "Secure Electronic Transactions" */ +386, /* "Security" */ +394, /* "Selected Attribute Types" */ +143, /* "Strong Extranet ID" */ +398, /* "Subject Information Access" */ +130, /* "TLS Web Client Authentication" */ +129, /* "TLS Web Server Authentication" */ +133, /* "Time Stamping" */ +375, /* "Trust Root" */ +12, /* "X509" */ +402, /* "X509v3 AC Targeting" */ +746, /* "X509v3 Any Policy" */ +90, /* "X509v3 Authority Key Identifier" */ +87, /* "X509v3 Basic Constraints" */ +103, /* "X509v3 CRL Distribution Points" */ +88, /* "X509v3 CRL Number" */ +141, /* "X509v3 CRL Reason Code" */ +771, /* "X509v3 Certificate Issuer" */ +89, /* "X509v3 Certificate Policies" */ +140, /* "X509v3 Delta CRL Indicator" */ +126, /* "X509v3 Extended Key Usage" */ +857, /* "X509v3 Freshest CRL" */ +748, /* "X509v3 Inhibit Any Policy" */ +86, /* "X509v3 Issuer Alternative Name" */ +770, /* "X509v3 Issuing Distrubution Point" */ +83, /* "X509v3 Key Usage" */ +666, /* "X509v3 Name Constraints" */ +403, /* "X509v3 No Revocation Available" */ +401, /* "X509v3 Policy Constraints" */ +747, /* "X509v3 Policy Mappings" */ +84, /* "X509v3 Private Key Usage Period" */ +85, /* "X509v3 Subject Alternative Name" */ +769, /* "X509v3 Subject Directory Attributes" */ +82, /* "X509v3 Subject Key Identifier" */ +184, /* "X9.57" */ +185, /* "X9.57 CM ?" */ +478, /* "aRecord" */ +289, /* "aaControls" */ +287, /* "ac-auditEntity" */ +397, /* "ac-proxying" */ +288, /* "ac-targeting" */ +446, /* "account" */ +364, /* "ad dvcs" */ +606, /* "additional verification" */ +419, /* "aes-128-cbc" */ +421, /* "aes-128-cfb" */ +650, /* "aes-128-cfb1" */ +653, /* "aes-128-cfb8" */ +418, /* "aes-128-ecb" */ +420, /* "aes-128-ofb" */ +423, /* "aes-192-cbc" */ +425, /* "aes-192-cfb" */ +651, /* "aes-192-cfb1" */ +654, /* "aes-192-cfb8" */ +422, /* "aes-192-ecb" */ +424, /* "aes-192-ofb" */ +427, /* "aes-256-cbc" */ +429, /* "aes-256-cfb" */ +652, /* "aes-256-cfb1" */ +655, /* "aes-256-cfb8" */ +426, /* "aes-256-ecb" */ +428, /* "aes-256-ofb" */ +376, /* "algorithm" */ +484, /* "associatedDomain" */ +485, /* "associatedName" */ +501, /* "audio" */ +882, /* "authorityRevocationList" */ +91, /* "bf-cbc" */ +93, /* "bf-cfb" */ +92, /* "bf-ecb" */ +94, /* "bf-ofb" */ +494, /* "buildingName" */ +860, /* "businessCategory" */ +691, /* "c2onb191v4" */ +692, /* "c2onb191v5" */ +697, /* "c2onb239v4" */ +698, /* "c2onb239v5" */ +684, /* "c2pnb163v1" */ +685, /* "c2pnb163v2" */ +686, /* "c2pnb163v3" */ +687, /* "c2pnb176v1" */ +693, /* "c2pnb208w1" */ +699, /* "c2pnb272w1" */ +700, /* "c2pnb304w1" */ +702, /* "c2pnb368w1" */ +688, /* "c2tnb191v1" */ +689, /* "c2tnb191v2" */ +690, /* "c2tnb191v3" */ +694, /* "c2tnb239v1" */ +695, /* "c2tnb239v2" */ +696, /* "c2tnb239v3" */ +701, /* "c2tnb359v1" */ +703, /* "c2tnb431r1" */ +881, /* "cACertificate" */ +483, /* "cNAMERecord" */ +751, /* "camellia-128-cbc" */ +757, /* "camellia-128-cfb" */ +760, /* "camellia-128-cfb1" */ +763, /* "camellia-128-cfb8" */ +754, /* "camellia-128-ecb" */ +766, /* "camellia-128-ofb" */ +752, /* "camellia-192-cbc" */ +758, /* "camellia-192-cfb" */ +761, /* "camellia-192-cfb1" */ +764, /* "camellia-192-cfb8" */ +755, /* "camellia-192-ecb" */ +767, /* "camellia-192-ofb" */ +753, /* "camellia-256-cbc" */ +759, /* "camellia-256-cfb" */ +762, /* "camellia-256-cfb1" */ +765, /* "camellia-256-cfb8" */ +756, /* "camellia-256-ecb" */ +768, /* "camellia-256-ofb" */ +443, /* "caseIgnoreIA5StringSyntax" */ +108, /* "cast5-cbc" */ +110, /* "cast5-cfb" */ +109, /* "cast5-ecb" */ +111, /* "cast5-ofb" */ +152, /* "certBag" */ +677, /* "certicom-arc" */ +517, /* "certificate extensions" */ +883, /* "certificateRevocationList" */ +54, /* "challengePassword" */ +407, /* "characteristic-two-field" */ +395, /* "clearance" */ +633, /* "cleartext track 2" */ +13, /* "commonName" */ +513, /* "content types" */ +50, /* "contentType" */ +53, /* "countersignature" */ +14, /* "countryName" */ +153, /* "crlBag" */ +884, /* "crossCertificatePair" */ +806, /* "cryptocom" */ +805, /* "cryptopro" */ +500, /* "dITRedirect" */ +451, /* "dNSDomain" */ +495, /* "dSAQuality" */ +434, /* "data" */ +390, /* "dcObject" */ +891, /* "deltaRevocationList" */ +31, /* "des-cbc" */ +643, /* "des-cdmf" */ +30, /* "des-cfb" */ +656, /* "des-cfb1" */ +657, /* "des-cfb8" */ +29, /* "des-ecb" */ +32, /* "des-ede" */ +43, /* "des-ede-cbc" */ +60, /* "des-ede-cfb" */ +62, /* "des-ede-ofb" */ +33, /* "des-ede3" */ +44, /* "des-ede3-cbc" */ +61, /* "des-ede3-cfb" */ +658, /* "des-ede3-cfb1" */ +659, /* "des-ede3-cfb8" */ +63, /* "des-ede3-ofb" */ +45, /* "des-ofb" */ +107, /* "description" */ +871, /* "destinationIndicator" */ +80, /* "desx-cbc" */ +28, /* "dhKeyAgreement" */ +11, /* "directory services (X.500)" */ +378, /* "directory services - algorithms" */ +887, /* "distinguishedName" */ +892, /* "dmdName" */ +174, /* "dnQualifier" */ +447, /* "document" */ +471, /* "documentAuthor" */ +468, /* "documentIdentifier" */ +472, /* "documentLocation" */ +502, /* "documentPublisher" */ +449, /* "documentSeries" */ +469, /* "documentTitle" */ +470, /* "documentVersion" */ +380, /* "dod" */ +391, /* "domainComponent" */ +452, /* "domainRelatedObject" */ +116, /* "dsaEncryption" */ +67, /* "dsaEncryption-old" */ +66, /* "dsaWithSHA" */ +113, /* "dsaWithSHA1" */ +70, /* "dsaWithSHA1-old" */ +802, /* "dsa_with_SHA224" */ +803, /* "dsa_with_SHA256" */ +297, /* "dvcs" */ +791, /* "ecdsa-with-Recommended" */ +416, /* "ecdsa-with-SHA1" */ +793, /* "ecdsa-with-SHA224" */ +794, /* "ecdsa-with-SHA256" */ +795, /* "ecdsa-with-SHA384" */ +796, /* "ecdsa-with-SHA512" */ +792, /* "ecdsa-with-Specified" */ +48, /* "emailAddress" */ +632, /* "encrypted track 2" */ +885, /* "enhancedSearchGuide" */ +56, /* "extendedCertificateAttributes" */ +867, /* "facsimileTelephoneNumber" */ +462, /* "favouriteDrink" */ +453, /* "friendlyCountry" */ +490, /* "friendlyCountryName" */ +156, /* "friendlyName" */ +631, /* "generate cryptogram" */ +509, /* "generationQualifier" */ +601, /* "generic cryptogram" */ +99, /* "givenName" */ +814, /* "gost89-cnt" */ +855, /* "hmac" */ +780, /* "hmac-md5" */ +781, /* "hmac-sha1" */ +797, /* "hmacWithMD5" */ +163, /* "hmacWithSHA1" */ +798, /* "hmacWithSHA224" */ +799, /* "hmacWithSHA256" */ +800, /* "hmacWithSHA384" */ +801, /* "hmacWithSHA512" */ +486, /* "homePostalAddress" */ +473, /* "homeTelephoneNumber" */ +466, /* "host" */ +889, /* "houseIdentifier" */ +442, /* "iA5StringSyntax" */ +381, /* "iana" */ +824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +820, /* "id-Gost28147-89-None-KeyMeshing" */ +823, /* "id-Gost28147-89-TestParamSet" */ +840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +839, /* "id-GostR3410-2001-TestParamSet" */ +832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +831, /* "id-GostR3410-94-TestParamSet" */ +845, /* "id-GostR3410-94-a" */ +846, /* "id-GostR3410-94-aBis" */ +847, /* "id-GostR3410-94-b" */ +848, /* "id-GostR3410-94-bBis" */ +822, /* "id-GostR3411-94-CryptoProParamSet" */ +821, /* "id-GostR3411-94-TestParamSet" */ +266, /* "id-aca" */ +355, /* "id-aca-accessIdentity" */ +354, /* "id-aca-authenticationInfo" */ +356, /* "id-aca-chargingIdentity" */ +399, /* "id-aca-encAttrs" */ +357, /* "id-aca-group" */ +358, /* "id-aca-role" */ +176, /* "id-ad" */ +788, /* "id-aes128-wrap" */ +789, /* "id-aes192-wrap" */ +790, /* "id-aes256-wrap" */ +262, /* "id-alg" */ +323, /* "id-alg-des40" */ +326, /* "id-alg-dh-pop" */ +325, /* "id-alg-dh-sig-hmac-sha1" */ +324, /* "id-alg-noSignature" */ +268, /* "id-cct" */ +361, /* "id-cct-PKIData" */ +362, /* "id-cct-PKIResponse" */ +360, /* "id-cct-crs" */ +81, /* "id-ce" */ +680, /* "id-characteristic-two-basis" */ +263, /* "id-cmc" */ +334, /* "id-cmc-addExtensions" */ +346, /* "id-cmc-confirmCertAcceptance" */ +330, /* "id-cmc-dataReturn" */ +336, /* "id-cmc-decryptedPOP" */ +335, /* "id-cmc-encryptedPOP" */ +339, /* "id-cmc-getCRL" */ +338, /* "id-cmc-getCert" */ +328, /* "id-cmc-identification" */ +329, /* "id-cmc-identityProof" */ +337, /* "id-cmc-lraPOPWitness" */ +344, /* "id-cmc-popLinkRandom" */ +345, /* "id-cmc-popLinkWitness" */ +343, /* "id-cmc-queryPending" */ +333, /* "id-cmc-recipientNonce" */ +341, /* "id-cmc-regInfo" */ +342, /* "id-cmc-responseInfo" */ +340, /* "id-cmc-revokeRequest" */ +332, /* "id-cmc-senderNonce" */ +327, /* "id-cmc-statusInfo" */ +331, /* "id-cmc-transactionId" */ +787, /* "id-ct-asciiTextWithCRLF" */ +408, /* "id-ecPublicKey" */ +508, /* "id-hex-multipart-message" */ +507, /* "id-hex-partial-message" */ +260, /* "id-it" */ +302, /* "id-it-caKeyUpdateInfo" */ +298, /* "id-it-caProtEncCert" */ +311, /* "id-it-confirmWaitTime" */ +303, /* "id-it-currentCRL" */ +300, /* "id-it-encKeyPairTypes" */ +310, /* "id-it-implicitConfirm" */ +308, /* "id-it-keyPairParamRep" */ +307, /* "id-it-keyPairParamReq" */ +312, /* "id-it-origPKIMessage" */ +301, /* "id-it-preferredSymmAlg" */ +309, /* "id-it-revPassphrase" */ +299, /* "id-it-signKeyPairTypes" */ +305, /* "id-it-subscriptionRequest" */ +306, /* "id-it-subscriptionResponse" */ +784, /* "id-it-suppLangTags" */ +304, /* "id-it-unsupportedOIDs" */ +128, /* "id-kp" */ +280, /* "id-mod-attribute-cert" */ +274, /* "id-mod-cmc" */ +277, /* "id-mod-cmp" */ +284, /* "id-mod-cmp2000" */ +273, /* "id-mod-crmf" */ +283, /* "id-mod-dvcs" */ +275, /* "id-mod-kea-profile-88" */ +276, /* "id-mod-kea-profile-93" */ +282, /* "id-mod-ocsp" */ +278, /* "id-mod-qualified-cert-88" */ +279, /* "id-mod-qualified-cert-93" */ +281, /* "id-mod-timestamp-protocol" */ +264, /* "id-on" */ +347, /* "id-on-personalData" */ +265, /* "id-pda" */ +352, /* "id-pda-countryOfCitizenship" */ +353, /* "id-pda-countryOfResidence" */ +348, /* "id-pda-dateOfBirth" */ +351, /* "id-pda-gender" */ +349, /* "id-pda-placeOfBirth" */ +175, /* "id-pe" */ +261, /* "id-pkip" */ +258, /* "id-pkix-mod" */ +269, /* "id-pkix1-explicit-88" */ +271, /* "id-pkix1-explicit-93" */ +270, /* "id-pkix1-implicit-88" */ +272, /* "id-pkix1-implicit-93" */ +662, /* "id-ppl" */ +267, /* "id-qcs" */ +359, /* "id-qcs-pkixQCSyntax-v1" */ +259, /* "id-qt" */ +313, /* "id-regCtrl" */ +316, /* "id-regCtrl-authenticator" */ +319, /* "id-regCtrl-oldCertID" */ +318, /* "id-regCtrl-pkiArchiveOptions" */ +317, /* "id-regCtrl-pkiPublicationInfo" */ +320, /* "id-regCtrl-protocolEncrKey" */ +315, /* "id-regCtrl-regToken" */ +314, /* "id-regInfo" */ +322, /* "id-regInfo-certReq" */ +321, /* "id-regInfo-utf8Pairs" */ +191, /* "id-smime-aa" */ +215, /* "id-smime-aa-contentHint" */ +218, /* "id-smime-aa-contentIdentifier" */ +221, /* "id-smime-aa-contentReference" */ +240, /* "id-smime-aa-dvcs-dvc" */ +217, /* "id-smime-aa-encapContentType" */ +222, /* "id-smime-aa-encrypKeyPref" */ +220, /* "id-smime-aa-equivalentLabels" */ +232, /* "id-smime-aa-ets-CertificateRefs" */ +233, /* "id-smime-aa-ets-RevocationRefs" */ +238, /* "id-smime-aa-ets-archiveTimeStamp" */ +237, /* "id-smime-aa-ets-certCRLTimestamp" */ +234, /* "id-smime-aa-ets-certValues" */ +227, /* "id-smime-aa-ets-commitmentType" */ +231, /* "id-smime-aa-ets-contentTimestamp" */ +236, /* "id-smime-aa-ets-escTimeStamp" */ +230, /* "id-smime-aa-ets-otherSigCert" */ +235, /* "id-smime-aa-ets-revocationValues" */ +226, /* "id-smime-aa-ets-sigPolicyId" */ +229, /* "id-smime-aa-ets-signerAttr" */ +228, /* "id-smime-aa-ets-signerLocation" */ +219, /* "id-smime-aa-macValue" */ +214, /* "id-smime-aa-mlExpandHistory" */ +216, /* "id-smime-aa-msgSigDigest" */ +212, /* "id-smime-aa-receiptRequest" */ +213, /* "id-smime-aa-securityLabel" */ +239, /* "id-smime-aa-signatureType" */ +223, /* "id-smime-aa-signingCertificate" */ +224, /* "id-smime-aa-smimeEncryptCerts" */ +225, /* "id-smime-aa-timeStampToken" */ +192, /* "id-smime-alg" */ +243, /* "id-smime-alg-3DESwrap" */ +246, /* "id-smime-alg-CMS3DESwrap" */ +247, /* "id-smime-alg-CMSRC2wrap" */ +245, /* "id-smime-alg-ESDH" */ +241, /* "id-smime-alg-ESDHwith3DES" */ +242, /* "id-smime-alg-ESDHwithRC2" */ +244, /* "id-smime-alg-RC2wrap" */ +193, /* "id-smime-cd" */ +248, /* "id-smime-cd-ldap" */ +190, /* "id-smime-ct" */ +210, /* "id-smime-ct-DVCSRequestData" */ +211, /* "id-smime-ct-DVCSResponseData" */ +208, /* "id-smime-ct-TDTInfo" */ +207, /* "id-smime-ct-TSTInfo" */ +205, /* "id-smime-ct-authData" */ +786, /* "id-smime-ct-compressedData" */ +209, /* "id-smime-ct-contentInfo" */ +206, /* "id-smime-ct-publishCert" */ +204, /* "id-smime-ct-receipt" */ +195, /* "id-smime-cti" */ +255, /* "id-smime-cti-ets-proofOfApproval" */ +256, /* "id-smime-cti-ets-proofOfCreation" */ +253, /* "id-smime-cti-ets-proofOfDelivery" */ +251, /* "id-smime-cti-ets-proofOfOrigin" */ +252, /* "id-smime-cti-ets-proofOfReceipt" */ +254, /* "id-smime-cti-ets-proofOfSender" */ +189, /* "id-smime-mod" */ +196, /* "id-smime-mod-cms" */ +197, /* "id-smime-mod-ess" */ +202, /* "id-smime-mod-ets-eSigPolicy-88" */ +203, /* "id-smime-mod-ets-eSigPolicy-97" */ +200, /* "id-smime-mod-ets-eSignature-88" */ +201, /* "id-smime-mod-ets-eSignature-97" */ +199, /* "id-smime-mod-msg-v3" */ +198, /* "id-smime-mod-oid" */ +194, /* "id-smime-spq" */ +250, /* "id-smime-spq-ets-sqt-unotice" */ +249, /* "id-smime-spq-ets-sqt-uri" */ +34, /* "idea-cbc" */ +35, /* "idea-cfb" */ +36, /* "idea-ecb" */ +46, /* "idea-ofb" */ +676, /* "identified-organization" */ +461, /* "info" */ +101, /* "initials" */ +869, /* "internationaliSDNNumber" */ +749, /* "ipsec3" */ +750, /* "ipsec4" */ +181, /* "iso" */ +623, /* "issuer capabilities" */ +645, /* "itu-t" */ +492, /* "janetMailbox" */ +646, /* "joint-iso-itu-t" */ +150, /* "keyBag" */ +773, /* "kisa" */ +477, /* "lastModifiedBy" */ +476, /* "lastModifiedTime" */ +157, /* "localKeyID" */ +15, /* "localityName" */ +480, /* "mXRecord" */ +493, /* "mailPreferenceOption" */ +467, /* "manager" */ + 3, /* "md2" */ + 7, /* "md2WithRSAEncryption" */ +257, /* "md4" */ +396, /* "md4WithRSAEncryption" */ + 4, /* "md5" */ +114, /* "md5-sha1" */ +104, /* "md5WithRSA" */ + 8, /* "md5WithRSAEncryption" */ +95, /* "mdc2" */ +96, /* "mdc2WithRSA" */ +875, /* "member" */ +602, /* "merchant initiated auth" */ +514, /* "message extensions" */ +51, /* "messageDigest" */ +506, /* "mime-mhs-bodies" */ +505, /* "mime-mhs-headings" */ +488, /* "mobileTelephoneNumber" */ +481, /* "nSRecord" */ +173, /* "name" */ +681, /* "onBasis" */ +379, /* "org" */ +17, /* "organizationName" */ +491, /* "organizationalStatus" */ +18, /* "organizationalUnitName" */ +475, /* "otherMailbox" */ +876, /* "owner" */ +489, /* "pagerTelephoneNumber" */ +782, /* "password based MAC" */ +374, /* "path" */ +621, /* "payment gateway capabilities" */ + 9, /* "pbeWithMD2AndDES-CBC" */ +168, /* "pbeWithMD2AndRC2-CBC" */ +112, /* "pbeWithMD5AndCast5CBC" */ +10, /* "pbeWithMD5AndDES-CBC" */ +169, /* "pbeWithMD5AndRC2-CBC" */ +148, /* "pbeWithSHA1And128BitRC2-CBC" */ +144, /* "pbeWithSHA1And128BitRC4" */ +147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ +146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ +149, /* "pbeWithSHA1And40BitRC2-CBC" */ +145, /* "pbeWithSHA1And40BitRC4" */ +170, /* "pbeWithSHA1AndDES-CBC" */ +68, /* "pbeWithSHA1AndRC2-CBC" */ +499, /* "personalSignature" */ +487, /* "personalTitle" */ +464, /* "photo" */ +863, /* "physicalDeliveryOfficeName" */ +437, /* "pilot" */ +439, /* "pilotAttributeSyntax" */ +438, /* "pilotAttributeType" */ +479, /* "pilotAttributeType27" */ +456, /* "pilotDSA" */ +441, /* "pilotGroups" */ +444, /* "pilotObject" */ +440, /* "pilotObjectClass" */ +455, /* "pilotOrganization" */ +445, /* "pilotPerson" */ +186, /* "pkcs1" */ +27, /* "pkcs3" */ +187, /* "pkcs5" */ +20, /* "pkcs7" */ +21, /* "pkcs7-data" */ +25, /* "pkcs7-digestData" */ +26, /* "pkcs7-encryptedData" */ +23, /* "pkcs7-envelopedData" */ +24, /* "pkcs7-signedAndEnvelopedData" */ +22, /* "pkcs7-signedData" */ +151, /* "pkcs8ShroudedKeyBag" */ +47, /* "pkcs9" */ +862, /* "postOfficeBox" */ +861, /* "postalAddress" */ +661, /* "postalCode" */ +683, /* "ppBasis" */ +872, /* "preferredDeliveryMethod" */ +873, /* "presentationAddress" */ +406, /* "prime-field" */ +409, /* "prime192v1" */ +410, /* "prime192v2" */ +411, /* "prime192v3" */ +412, /* "prime239v1" */ +413, /* "prime239v2" */ +414, /* "prime239v3" */ +415, /* "prime256v1" */ +886, /* "protocolInformation" */ +510, /* "pseudonym" */ +435, /* "pss" */ +286, /* "qcStatements" */ +457, /* "qualityLabelledData" */ +450, /* "rFC822localPart" */ +98, /* "rc2-40-cbc" */ +166, /* "rc2-64-cbc" */ +37, /* "rc2-cbc" */ +39, /* "rc2-cfb" */ +38, /* "rc2-ecb" */ +40, /* "rc2-ofb" */ + 5, /* "rc4" */ +97, /* "rc4-40" */ +120, /* "rc5-cbc" */ +122, /* "rc5-cfb" */ +121, /* "rc5-ecb" */ +123, /* "rc5-ofb" */ +870, /* "registeredAddress" */ +460, /* "rfc822Mailbox" */ +117, /* "ripemd160" */ +119, /* "ripemd160WithRSA" */ +400, /* "role" */ +877, /* "roleOccupant" */ +448, /* "room" */ +463, /* "roomNumber" */ +19, /* "rsa" */ + 6, /* "rsaEncryption" */ +644, /* "rsaOAEPEncryptionSET" */ +377, /* "rsaSignature" */ +124, /* "run length compression" */ +482, /* "sOARecord" */ +155, /* "safeContentsBag" */ +291, /* "sbgp-autonomousSysNum" */ +290, /* "sbgp-ipAddrBlock" */ +292, /* "sbgp-routerIdentifier" */ +159, /* "sdsiCertificate" */ +859, /* "searchGuide" */ +704, /* "secp112r1" */ +705, /* "secp112r2" */ +706, /* "secp128r1" */ +707, /* "secp128r2" */ +708, /* "secp160k1" */ +709, /* "secp160r1" */ +710, /* "secp160r2" */ +711, /* "secp192k1" */ +712, /* "secp224k1" */ +713, /* "secp224r1" */ +714, /* "secp256k1" */ +715, /* "secp384r1" */ +716, /* "secp521r1" */ +154, /* "secretBag" */ +474, /* "secretary" */ +717, /* "sect113r1" */ +718, /* "sect113r2" */ +719, /* "sect131r1" */ +720, /* "sect131r2" */ +721, /* "sect163k1" */ +722, /* "sect163r1" */ +723, /* "sect163r2" */ +724, /* "sect193r1" */ +725, /* "sect193r2" */ +726, /* "sect233k1" */ +727, /* "sect233r1" */ +728, /* "sect239k1" */ +729, /* "sect283k1" */ +730, /* "sect283r1" */ +731, /* "sect409k1" */ +732, /* "sect409r1" */ +733, /* "sect571k1" */ +734, /* "sect571r1" */ +635, /* "secure device signature" */ +878, /* "seeAlso" */ +777, /* "seed-cbc" */ +779, /* "seed-cfb" */ +776, /* "seed-ecb" */ +778, /* "seed-ofb" */ +105, /* "serialNumber" */ +625, /* "set-addPolicy" */ +515, /* "set-attr" */ +518, /* "set-brand" */ +638, /* "set-brand-AmericanExpress" */ +637, /* "set-brand-Diners" */ +636, /* "set-brand-IATA-ATA" */ +639, /* "set-brand-JCB" */ +641, /* "set-brand-MasterCard" */ +642, /* "set-brand-Novus" */ +640, /* "set-brand-Visa" */ +516, /* "set-policy" */ +607, /* "set-policy-root" */ +624, /* "set-rootKeyThumb" */ +620, /* "setAttr-Cert" */ +628, /* "setAttr-IssCap-CVM" */ +630, /* "setAttr-IssCap-Sig" */ +629, /* "setAttr-IssCap-T2" */ +627, /* "setAttr-Token-B0Prime" */ +626, /* "setAttr-Token-EMV" */ +622, /* "setAttr-TokenType" */ +619, /* "setCext-IssuerCapabilities" */ +615, /* "setCext-PGWYcapabilities" */ +616, /* "setCext-TokenIdentifier" */ +618, /* "setCext-TokenType" */ +617, /* "setCext-Track2Data" */ +611, /* "setCext-cCertRequired" */ +609, /* "setCext-certType" */ +608, /* "setCext-hashedRoot" */ +610, /* "setCext-merchData" */ +613, /* "setCext-setExt" */ +614, /* "setCext-setQualf" */ +612, /* "setCext-tunneling" */ +540, /* "setct-AcqCardCodeMsg" */ +576, /* "setct-AcqCardCodeMsgTBE" */ +570, /* "setct-AuthReqTBE" */ +534, /* "setct-AuthReqTBS" */ +527, /* "setct-AuthResBaggage" */ +571, /* "setct-AuthResTBE" */ +572, /* "setct-AuthResTBEX" */ +535, /* "setct-AuthResTBS" */ +536, /* "setct-AuthResTBSX" */ +528, /* "setct-AuthRevReqBaggage" */ +577, /* "setct-AuthRevReqTBE" */ +541, /* "setct-AuthRevReqTBS" */ +529, /* "setct-AuthRevResBaggage" */ +542, /* "setct-AuthRevResData" */ +578, /* "setct-AuthRevResTBE" */ +579, /* "setct-AuthRevResTBEB" */ +543, /* "setct-AuthRevResTBS" */ +573, /* "setct-AuthTokenTBE" */ +537, /* "setct-AuthTokenTBS" */ +600, /* "setct-BCIDistributionTBS" */ +558, /* "setct-BatchAdminReqData" */ +592, /* "setct-BatchAdminReqTBE" */ +559, /* "setct-BatchAdminResData" */ +593, /* "setct-BatchAdminResTBE" */ +599, /* "setct-CRLNotificationResTBS" */ +598, /* "setct-CRLNotificationTBS" */ +580, /* "setct-CapReqTBE" */ +581, /* "setct-CapReqTBEX" */ +544, /* "setct-CapReqTBS" */ +545, /* "setct-CapReqTBSX" */ +546, /* "setct-CapResData" */ +582, /* "setct-CapResTBE" */ +583, /* "setct-CapRevReqTBE" */ +584, /* "setct-CapRevReqTBEX" */ +547, /* "setct-CapRevReqTBS" */ +548, /* "setct-CapRevReqTBSX" */ +549, /* "setct-CapRevResData" */ +585, /* "setct-CapRevResTBE" */ +538, /* "setct-CapTokenData" */ +530, /* "setct-CapTokenSeq" */ +574, /* "setct-CapTokenTBE" */ +575, /* "setct-CapTokenTBEX" */ +539, /* "setct-CapTokenTBS" */ +560, /* "setct-CardCInitResTBS" */ +566, /* "setct-CertInqReqTBS" */ +563, /* "setct-CertReqData" */ +595, /* "setct-CertReqTBE" */ +596, /* "setct-CertReqTBEX" */ +564, /* "setct-CertReqTBS" */ +565, /* "setct-CertResData" */ +597, /* "setct-CertResTBE" */ +586, /* "setct-CredReqTBE" */ +587, /* "setct-CredReqTBEX" */ +550, /* "setct-CredReqTBS" */ +551, /* "setct-CredReqTBSX" */ +552, /* "setct-CredResData" */ +588, /* "setct-CredResTBE" */ +589, /* "setct-CredRevReqTBE" */ +590, /* "setct-CredRevReqTBEX" */ +553, /* "setct-CredRevReqTBS" */ +554, /* "setct-CredRevReqTBSX" */ +555, /* "setct-CredRevResData" */ +591, /* "setct-CredRevResTBE" */ +567, /* "setct-ErrorTBS" */ +526, /* "setct-HODInput" */ +561, /* "setct-MeAqCInitResTBS" */ +522, /* "setct-OIData" */ +519, /* "setct-PANData" */ +521, /* "setct-PANOnly" */ +520, /* "setct-PANToken" */ +556, /* "setct-PCertReqData" */ +557, /* "setct-PCertResTBS" */ +523, /* "setct-PI" */ +532, /* "setct-PI-TBS" */ +524, /* "setct-PIData" */ +525, /* "setct-PIDataUnsigned" */ +568, /* "setct-PIDualSignedTBE" */ +569, /* "setct-PIUnsignedTBE" */ +531, /* "setct-PInitResData" */ +533, /* "setct-PResData" */ +594, /* "setct-RegFormReqTBE" */ +562, /* "setct-RegFormResTBS" */ +604, /* "setext-pinAny" */ +603, /* "setext-pinSecure" */ +605, /* "setext-track2" */ +41, /* "sha" */ +64, /* "sha1" */ +115, /* "sha1WithRSA" */ +65, /* "sha1WithRSAEncryption" */ +675, /* "sha224" */ +671, /* "sha224WithRSAEncryption" */ +672, /* "sha256" */ +668, /* "sha256WithRSAEncryption" */ +673, /* "sha384" */ +669, /* "sha384WithRSAEncryption" */ +674, /* "sha512" */ +670, /* "sha512WithRSAEncryption" */ +42, /* "shaWithRSAEncryption" */ +52, /* "signingTime" */ +454, /* "simpleSecurityObject" */ +496, /* "singleLevelQuality" */ +16, /* "stateOrProvinceName" */ +660, /* "streetAddress" */ +498, /* "subtreeMaximumQuality" */ +497, /* "subtreeMinimumQuality" */ +890, /* "supportedAlgorithms" */ +874, /* "supportedApplicationContext" */ +100, /* "surname" */ +864, /* "telephoneNumber" */ +866, /* "teletexTerminalIdentifier" */ +865, /* "telexNumber" */ +459, /* "textEncodedORAddress" */ +293, /* "textNotice" */ +106, /* "title" */ +682, /* "tpBasis" */ +436, /* "ucl" */ + 0, /* "undefined" */ +888, /* "uniqueMember" */ +55, /* "unstructuredAddress" */ +49, /* "unstructuredName" */ +880, /* "userCertificate" */ +465, /* "userClass" */ +458, /* "userId" */ +879, /* "userPassword" */ +373, /* "valid" */ +678, /* "wap" */ +679, /* "wap-wsg" */ +735, /* "wap-wsg-idm-ecid-wtls1" */ +743, /* "wap-wsg-idm-ecid-wtls10" */ +744, /* "wap-wsg-idm-ecid-wtls11" */ +745, /* "wap-wsg-idm-ecid-wtls12" */ +736, /* "wap-wsg-idm-ecid-wtls3" */ +737, /* "wap-wsg-idm-ecid-wtls4" */ +738, /* "wap-wsg-idm-ecid-wtls5" */ +739, /* "wap-wsg-idm-ecid-wtls6" */ +740, /* "wap-wsg-idm-ecid-wtls7" */ +741, /* "wap-wsg-idm-ecid-wtls8" */ +742, /* "wap-wsg-idm-ecid-wtls9" */ +804, /* "whirlpool" */ +868, /* "x121Address" */ +503, /* "x500UniqueIdentifier" */ +158, /* "x509Certificate" */ +160, /* "x509Crl" */ +125, /* "zlib compression" */ }; -static ASN1_OBJECT *obj_objs[NUM_OBJ]={ -&(nid_objs[ 0]),/* OBJ_undef 0 */ -&(nid_objs[393]),/* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ -&(nid_objs[404]),/* OBJ_ccitt OBJ_itu_t */ -&(nid_objs[645]),/* OBJ_itu_t 0 */ -&(nid_objs[434]),/* OBJ_data 0 9 */ -&(nid_objs[181]),/* OBJ_iso 1 */ -&(nid_objs[182]),/* OBJ_member_body 1 2 */ -&(nid_objs[379]),/* OBJ_org 1 3 */ -&(nid_objs[676]),/* OBJ_identified_organization 1 3 */ -&(nid_objs[646]),/* OBJ_joint_iso_itu_t 2 */ -&(nid_objs[11]),/* OBJ_X500 2 5 */ -&(nid_objs[647]),/* OBJ_international_organizations 2 23 */ -&(nid_objs[380]),/* OBJ_dod 1 3 6 */ -&(nid_objs[12]),/* OBJ_X509 2 5 4 */ -&(nid_objs[378]),/* OBJ_X500algorithms 2 5 8 */ -&(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ -&(nid_objs[512]),/* OBJ_id_set 2 23 42 */ -&(nid_objs[678]),/* OBJ_wap 2 23 43 */ -&(nid_objs[435]),/* OBJ_pss 0 9 2342 */ -&(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ -&(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ -&(nid_objs[677]),/* OBJ_certicom_arc 1 3 132 */ -&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ -&(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ -&(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ -&(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */ -&(nid_objs[14]),/* OBJ_countryName 2 5 4 6 */ -&(nid_objs[15]),/* OBJ_localityName 2 5 4 7 */ -&(nid_objs[16]),/* OBJ_stateOrProvinceName 2 5 4 8 */ -&(nid_objs[660]),/* OBJ_streetAddress 2 5 4 9 */ -&(nid_objs[17]),/* OBJ_organizationName 2 5 4 10 */ -&(nid_objs[18]),/* OBJ_organizationalUnitName 2 5 4 11 */ -&(nid_objs[106]),/* OBJ_title 2 5 4 12 */ -&(nid_objs[107]),/* OBJ_description 2 5 4 13 */ -&(nid_objs[661]),/* OBJ_postalCode 2 5 4 17 */ -&(nid_objs[173]),/* OBJ_name 2 5 4 41 */ -&(nid_objs[99]),/* OBJ_givenName 2 5 4 42 */ -&(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ -&(nid_objs[509]),/* OBJ_generationQualifier 2 5 4 44 */ -&(nid_objs[503]),/* OBJ_x500UniqueIdentifier 2 5 4 45 */ -&(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ -&(nid_objs[510]),/* OBJ_pseudonym 2 5 4 65 */ -&(nid_objs[400]),/* OBJ_role 2 5 4 72 */ -&(nid_objs[769]),/* OBJ_subject_directory_attributes 2 5 29 9 */ -&(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ -&(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ -&(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */ -&(nid_objs[85]),/* OBJ_subject_alt_name 2 5 29 17 */ -&(nid_objs[86]),/* OBJ_issuer_alt_name 2 5 29 18 */ -&(nid_objs[87]),/* OBJ_basic_constraints 2 5 29 19 */ -&(nid_objs[88]),/* OBJ_crl_number 2 5 29 20 */ -&(nid_objs[141]),/* OBJ_crl_reason 2 5 29 21 */ -&(nid_objs[430]),/* OBJ_hold_instruction_code 2 5 29 23 */ -&(nid_objs[142]),/* OBJ_invalidity_date 2 5 29 24 */ -&(nid_objs[140]),/* OBJ_delta_crl 2 5 29 27 */ -&(nid_objs[770]),/* OBJ_issuing_distribution_point 2 5 29 28 */ -&(nid_objs[771]),/* OBJ_certificate_issuer 2 5 29 29 */ -&(nid_objs[666]),/* OBJ_name_constraints 2 5 29 30 */ -&(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ -&(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ -&(nid_objs[747]),/* OBJ_policy_mappings 2 5 29 33 */ -&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ -&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ -&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ -&(nid_objs[857]),/* OBJ_freshest_crl 2 5 29 46 */ -&(nid_objs[748]),/* OBJ_inhibit_any_policy 2 5 29 54 */ -&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ -&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ -&(nid_objs[513]),/* OBJ_set_ctype 2 23 42 0 */ -&(nid_objs[514]),/* OBJ_set_msgExt 2 23 42 1 */ -&(nid_objs[515]),/* OBJ_set_attr 2 23 42 3 */ -&(nid_objs[516]),/* OBJ_set_policy 2 23 42 5 */ -&(nid_objs[517]),/* OBJ_set_certExt 2 23 42 7 */ -&(nid_objs[518]),/* OBJ_set_brand 2 23 42 8 */ -&(nid_objs[679]),/* OBJ_wap_wsg 2 23 43 13 */ -&(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ -&(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ -&(nid_objs[384]),/* OBJ_Experimental 1 3 6 1 3 */ -&(nid_objs[385]),/* OBJ_Private 1 3 6 1 4 */ -&(nid_objs[386]),/* OBJ_Security 1 3 6 1 5 */ -&(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */ -&(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */ -&(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */ -&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */ -&(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ -&(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ -&(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ -&(nid_objs[746]),/* OBJ_any_policy 2 5 29 32 0 */ -&(nid_objs[519]),/* OBJ_setct_PANData 2 23 42 0 0 */ -&(nid_objs[520]),/* OBJ_setct_PANToken 2 23 42 0 1 */ -&(nid_objs[521]),/* OBJ_setct_PANOnly 2 23 42 0 2 */ -&(nid_objs[522]),/* OBJ_setct_OIData 2 23 42 0 3 */ -&(nid_objs[523]),/* OBJ_setct_PI 2 23 42 0 4 */ -&(nid_objs[524]),/* OBJ_setct_PIData 2 23 42 0 5 */ -&(nid_objs[525]),/* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ -&(nid_objs[526]),/* OBJ_setct_HODInput 2 23 42 0 7 */ -&(nid_objs[527]),/* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ -&(nid_objs[528]),/* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ -&(nid_objs[529]),/* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ -&(nid_objs[530]),/* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ -&(nid_objs[531]),/* OBJ_setct_PInitResData 2 23 42 0 12 */ -&(nid_objs[532]),/* OBJ_setct_PI_TBS 2 23 42 0 13 */ -&(nid_objs[533]),/* OBJ_setct_PResData 2 23 42 0 14 */ -&(nid_objs[534]),/* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ -&(nid_objs[535]),/* OBJ_setct_AuthResTBS 2 23 42 0 17 */ -&(nid_objs[536]),/* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ -&(nid_objs[537]),/* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ -&(nid_objs[538]),/* OBJ_setct_CapTokenData 2 23 42 0 20 */ -&(nid_objs[539]),/* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ -&(nid_objs[540]),/* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ -&(nid_objs[541]),/* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ -&(nid_objs[542]),/* OBJ_setct_AuthRevResData 2 23 42 0 24 */ -&(nid_objs[543]),/* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ -&(nid_objs[544]),/* OBJ_setct_CapReqTBS 2 23 42 0 26 */ -&(nid_objs[545]),/* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ -&(nid_objs[546]),/* OBJ_setct_CapResData 2 23 42 0 28 */ -&(nid_objs[547]),/* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ -&(nid_objs[548]),/* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ -&(nid_objs[549]),/* OBJ_setct_CapRevResData 2 23 42 0 31 */ -&(nid_objs[550]),/* OBJ_setct_CredReqTBS 2 23 42 0 32 */ -&(nid_objs[551]),/* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ -&(nid_objs[552]),/* OBJ_setct_CredResData 2 23 42 0 34 */ -&(nid_objs[553]),/* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ -&(nid_objs[554]),/* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ -&(nid_objs[555]),/* OBJ_setct_CredRevResData 2 23 42 0 37 */ -&(nid_objs[556]),/* OBJ_setct_PCertReqData 2 23 42 0 38 */ -&(nid_objs[557]),/* OBJ_setct_PCertResTBS 2 23 42 0 39 */ -&(nid_objs[558]),/* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ -&(nid_objs[559]),/* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ -&(nid_objs[560]),/* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ -&(nid_objs[561]),/* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ -&(nid_objs[562]),/* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ -&(nid_objs[563]),/* OBJ_setct_CertReqData 2 23 42 0 45 */ -&(nid_objs[564]),/* OBJ_setct_CertReqTBS 2 23 42 0 46 */ -&(nid_objs[565]),/* OBJ_setct_CertResData 2 23 42 0 47 */ -&(nid_objs[566]),/* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ -&(nid_objs[567]),/* OBJ_setct_ErrorTBS 2 23 42 0 49 */ -&(nid_objs[568]),/* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ -&(nid_objs[569]),/* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ -&(nid_objs[570]),/* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ -&(nid_objs[571]),/* OBJ_setct_AuthResTBE 2 23 42 0 53 */ -&(nid_objs[572]),/* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ -&(nid_objs[573]),/* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ -&(nid_objs[574]),/* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ -&(nid_objs[575]),/* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ -&(nid_objs[576]),/* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ -&(nid_objs[577]),/* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ -&(nid_objs[578]),/* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ -&(nid_objs[579]),/* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ -&(nid_objs[580]),/* OBJ_setct_CapReqTBE 2 23 42 0 62 */ -&(nid_objs[581]),/* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ -&(nid_objs[582]),/* OBJ_setct_CapResTBE 2 23 42 0 64 */ -&(nid_objs[583]),/* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ -&(nid_objs[584]),/* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ -&(nid_objs[585]),/* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ -&(nid_objs[586]),/* OBJ_setct_CredReqTBE 2 23 42 0 68 */ -&(nid_objs[587]),/* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ -&(nid_objs[588]),/* OBJ_setct_CredResTBE 2 23 42 0 70 */ -&(nid_objs[589]),/* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ -&(nid_objs[590]),/* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ -&(nid_objs[591]),/* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ -&(nid_objs[592]),/* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ -&(nid_objs[593]),/* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ -&(nid_objs[594]),/* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ -&(nid_objs[595]),/* OBJ_setct_CertReqTBE 2 23 42 0 77 */ -&(nid_objs[596]),/* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ -&(nid_objs[597]),/* OBJ_setct_CertResTBE 2 23 42 0 79 */ -&(nid_objs[598]),/* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ -&(nid_objs[599]),/* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ -&(nid_objs[600]),/* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ -&(nid_objs[601]),/* OBJ_setext_genCrypt 2 23 42 1 1 */ -&(nid_objs[602]),/* OBJ_setext_miAuth 2 23 42 1 3 */ -&(nid_objs[603]),/* OBJ_setext_pinSecure 2 23 42 1 4 */ -&(nid_objs[604]),/* OBJ_setext_pinAny 2 23 42 1 5 */ -&(nid_objs[605]),/* OBJ_setext_track2 2 23 42 1 7 */ -&(nid_objs[606]),/* OBJ_setext_cv 2 23 42 1 8 */ -&(nid_objs[620]),/* OBJ_setAttr_Cert 2 23 42 3 0 */ -&(nid_objs[621]),/* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ -&(nid_objs[622]),/* OBJ_setAttr_TokenType 2 23 42 3 2 */ -&(nid_objs[623]),/* OBJ_setAttr_IssCap 2 23 42 3 3 */ -&(nid_objs[607]),/* OBJ_set_policy_root 2 23 42 5 0 */ -&(nid_objs[608]),/* OBJ_setCext_hashedRoot 2 23 42 7 0 */ -&(nid_objs[609]),/* OBJ_setCext_certType 2 23 42 7 1 */ -&(nid_objs[610]),/* OBJ_setCext_merchData 2 23 42 7 2 */ -&(nid_objs[611]),/* OBJ_setCext_cCertRequired 2 23 42 7 3 */ -&(nid_objs[612]),/* OBJ_setCext_tunneling 2 23 42 7 4 */ -&(nid_objs[613]),/* OBJ_setCext_setExt 2 23 42 7 5 */ -&(nid_objs[614]),/* OBJ_setCext_setQualf 2 23 42 7 6 */ -&(nid_objs[615]),/* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ -&(nid_objs[616]),/* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ -&(nid_objs[617]),/* OBJ_setCext_Track2Data 2 23 42 7 9 */ -&(nid_objs[618]),/* OBJ_setCext_TokenType 2 23 42 7 10 */ -&(nid_objs[619]),/* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ -&(nid_objs[636]),/* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ -&(nid_objs[640]),/* OBJ_set_brand_Visa 2 23 42 8 4 */ -&(nid_objs[641]),/* OBJ_set_brand_MasterCard 2 23 42 8 5 */ -&(nid_objs[637]),/* OBJ_set_brand_Diners 2 23 42 8 30 */ -&(nid_objs[638]),/* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ -&(nid_objs[639]),/* OBJ_set_brand_JCB 2 23 42 8 35 */ -&(nid_objs[805]),/* OBJ_cryptopro 1 2 643 2 2 */ -&(nid_objs[806]),/* OBJ_cryptocom 1 2 643 2 9 */ -&(nid_objs[184]),/* OBJ_X9_57 1 2 840 10040 */ -&(nid_objs[405]),/* OBJ_ansi_X9_62 1 2 840 10045 */ -&(nid_objs[389]),/* OBJ_Enterprises 1 3 6 1 4 1 */ -&(nid_objs[504]),/* OBJ_mime_mhs 1 3 6 1 7 1 */ -&(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ -&(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ -&(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ -&(nid_objs[45]),/* OBJ_des_ofb64 1 3 14 3 2 8 */ -&(nid_objs[30]),/* OBJ_des_cfb64 1 3 14 3 2 9 */ -&(nid_objs[377]),/* OBJ_rsaSignature 1 3 14 3 2 11 */ -&(nid_objs[67]),/* OBJ_dsa_2 1 3 14 3 2 12 */ -&(nid_objs[66]),/* OBJ_dsaWithSHA 1 3 14 3 2 13 */ -&(nid_objs[42]),/* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ -&(nid_objs[32]),/* OBJ_des_ede_ecb 1 3 14 3 2 17 */ -&(nid_objs[41]),/* OBJ_sha 1 3 14 3 2 18 */ -&(nid_objs[64]),/* OBJ_sha1 1 3 14 3 2 26 */ -&(nid_objs[70]),/* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ -&(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ -&(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ -&(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ -&(nid_objs[721]),/* OBJ_sect163k1 1 3 132 0 1 */ -&(nid_objs[722]),/* OBJ_sect163r1 1 3 132 0 2 */ -&(nid_objs[728]),/* OBJ_sect239k1 1 3 132 0 3 */ -&(nid_objs[717]),/* OBJ_sect113r1 1 3 132 0 4 */ -&(nid_objs[718]),/* OBJ_sect113r2 1 3 132 0 5 */ -&(nid_objs[704]),/* OBJ_secp112r1 1 3 132 0 6 */ -&(nid_objs[705]),/* OBJ_secp112r2 1 3 132 0 7 */ -&(nid_objs[709]),/* OBJ_secp160r1 1 3 132 0 8 */ -&(nid_objs[708]),/* OBJ_secp160k1 1 3 132 0 9 */ -&(nid_objs[714]),/* OBJ_secp256k1 1 3 132 0 10 */ -&(nid_objs[723]),/* OBJ_sect163r2 1 3 132 0 15 */ -&(nid_objs[729]),/* OBJ_sect283k1 1 3 132 0 16 */ -&(nid_objs[730]),/* OBJ_sect283r1 1 3 132 0 17 */ -&(nid_objs[719]),/* OBJ_sect131r1 1 3 132 0 22 */ -&(nid_objs[720]),/* OBJ_sect131r2 1 3 132 0 23 */ -&(nid_objs[724]),/* OBJ_sect193r1 1 3 132 0 24 */ -&(nid_objs[725]),/* OBJ_sect193r2 1 3 132 0 25 */ -&(nid_objs[726]),/* OBJ_sect233k1 1 3 132 0 26 */ -&(nid_objs[727]),/* OBJ_sect233r1 1 3 132 0 27 */ -&(nid_objs[706]),/* OBJ_secp128r1 1 3 132 0 28 */ -&(nid_objs[707]),/* OBJ_secp128r2 1 3 132 0 29 */ -&(nid_objs[710]),/* OBJ_secp160r2 1 3 132 0 30 */ -&(nid_objs[711]),/* OBJ_secp192k1 1 3 132 0 31 */ -&(nid_objs[712]),/* OBJ_secp224k1 1 3 132 0 32 */ -&(nid_objs[713]),/* OBJ_secp224r1 1 3 132 0 33 */ -&(nid_objs[715]),/* OBJ_secp384r1 1 3 132 0 34 */ -&(nid_objs[716]),/* OBJ_secp521r1 1 3 132 0 35 */ -&(nid_objs[731]),/* OBJ_sect409k1 1 3 132 0 36 */ -&(nid_objs[732]),/* OBJ_sect409r1 1 3 132 0 37 */ -&(nid_objs[733]),/* OBJ_sect571k1 1 3 132 0 38 */ -&(nid_objs[734]),/* OBJ_sect571r1 1 3 132 0 39 */ -&(nid_objs[624]),/* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ -&(nid_objs[625]),/* OBJ_set_addPolicy 2 23 42 3 0 1 */ -&(nid_objs[626]),/* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ -&(nid_objs[627]),/* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ -&(nid_objs[628]),/* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ -&(nid_objs[629]),/* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ -&(nid_objs[630]),/* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ -&(nid_objs[642]),/* OBJ_set_brand_Novus 2 23 42 8 6011 */ -&(nid_objs[735]),/* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 13 4 1 */ -&(nid_objs[736]),/* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 13 4 3 */ -&(nid_objs[737]),/* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 13 4 4 */ -&(nid_objs[738]),/* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 13 4 5 */ -&(nid_objs[739]),/* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 13 4 6 */ -&(nid_objs[740]),/* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 13 4 7 */ -&(nid_objs[741]),/* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 13 4 8 */ -&(nid_objs[742]),/* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 13 4 9 */ -&(nid_objs[743]),/* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 13 4 10 */ -&(nid_objs[744]),/* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 13 4 11 */ -&(nid_objs[745]),/* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 13 4 12 */ -&(nid_objs[804]),/* OBJ_whirlpool 1 0 10118 3 0 55 */ -&(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666 1 */ -&(nid_objs[773]),/* OBJ_kisa 1 2 410 200004 */ -&(nid_objs[807]),/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ -&(nid_objs[808]),/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ -&(nid_objs[809]),/* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ -&(nid_objs[810]),/* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ -&(nid_objs[811]),/* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ -&(nid_objs[812]),/* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ -&(nid_objs[813]),/* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ -&(nid_objs[815]),/* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ -&(nid_objs[816]),/* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ -&(nid_objs[817]),/* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ -&(nid_objs[818]),/* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ -&(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ -&(nid_objs[185]),/* OBJ_X9cm 1 2 840 10040 4 */ -&(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ -&(nid_objs[505]),/* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ -&(nid_objs[506]),/* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ -&(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ -&(nid_objs[631]),/* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ -&(nid_objs[632]),/* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ -&(nid_objs[633]),/* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ -&(nid_objs[634]),/* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ -&(nid_objs[635]),/* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ -&(nid_objs[436]),/* OBJ_ucl 0 9 2342 19200300 */ -&(nid_objs[820]),/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ -&(nid_objs[819]),/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ -&(nid_objs[845]),/* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ -&(nid_objs[846]),/* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ -&(nid_objs[847]),/* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ -&(nid_objs[848]),/* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ -&(nid_objs[821]),/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ -&(nid_objs[822]),/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ -&(nid_objs[823]),/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ -&(nid_objs[824]),/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ -&(nid_objs[825]),/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ -&(nid_objs[826]),/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ -&(nid_objs[827]),/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ -&(nid_objs[828]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ -&(nid_objs[829]),/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ -&(nid_objs[830]),/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ -&(nid_objs[831]),/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ -&(nid_objs[832]),/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ -&(nid_objs[833]),/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ -&(nid_objs[834]),/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ -&(nid_objs[835]),/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ -&(nid_objs[836]),/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ -&(nid_objs[837]),/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ -&(nid_objs[838]),/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ -&(nid_objs[839]),/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ -&(nid_objs[840]),/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ -&(nid_objs[841]),/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ -&(nid_objs[842]),/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ -&(nid_objs[843]),/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ -&(nid_objs[844]),/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ -&(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ -&(nid_objs[431]),/* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ -&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ -&(nid_objs[433]),/* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ -&(nid_objs[116]),/* OBJ_dsa 1 2 840 10040 4 1 */ -&(nid_objs[113]),/* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ -&(nid_objs[406]),/* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ -&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ -&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ -&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ -&(nid_objs[791]),/* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ -&(nid_objs[792]),/* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ -&(nid_objs[258]),/* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ -&(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ -&(nid_objs[259]),/* OBJ_id_qt 1 3 6 1 5 5 7 2 */ -&(nid_objs[128]),/* OBJ_id_kp 1 3 6 1 5 5 7 3 */ -&(nid_objs[260]),/* OBJ_id_it 1 3 6 1 5 5 7 4 */ -&(nid_objs[261]),/* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ -&(nid_objs[262]),/* OBJ_id_alg 1 3 6 1 5 5 7 6 */ -&(nid_objs[263]),/* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ -&(nid_objs[264]),/* OBJ_id_on 1 3 6 1 5 5 7 8 */ -&(nid_objs[265]),/* OBJ_id_pda 1 3 6 1 5 5 7 9 */ -&(nid_objs[266]),/* OBJ_id_aca 1 3 6 1 5 5 7 10 */ -&(nid_objs[267]),/* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ -&(nid_objs[268]),/* OBJ_id_cct 1 3 6 1 5 5 7 12 */ -&(nid_objs[662]),/* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ -&(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ -&(nid_objs[507]),/* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ -&(nid_objs[508]),/* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ -&(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ -&(nid_objs[754]),/* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ -&(nid_objs[766]),/* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ -&(nid_objs[757]),/* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ -&(nid_objs[755]),/* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ -&(nid_objs[767]),/* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ -&(nid_objs[758]),/* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ -&(nid_objs[756]),/* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ -&(nid_objs[768]),/* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ -&(nid_objs[759]),/* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ -&(nid_objs[437]),/* OBJ_pilot 0 9 2342 19200300 100 */ -&(nid_objs[776]),/* OBJ_seed_ecb 1 2 410 200004 1 3 */ -&(nid_objs[777]),/* OBJ_seed_cbc 1 2 410 200004 1 4 */ -&(nid_objs[779]),/* OBJ_seed_cfb128 1 2 410 200004 1 5 */ -&(nid_objs[778]),/* OBJ_seed_ofb128 1 2 410 200004 1 6 */ -&(nid_objs[852]),/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ -&(nid_objs[853]),/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ -&(nid_objs[850]),/* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ -&(nid_objs[851]),/* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ -&(nid_objs[849]),/* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ -&(nid_objs[854]),/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ -&(nid_objs[186]),/* OBJ_pkcs1 1 2 840 113549 1 1 */ -&(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ -&(nid_objs[187]),/* OBJ_pkcs5 1 2 840 113549 1 5 */ -&(nid_objs[20]),/* OBJ_pkcs7 1 2 840 113549 1 7 */ -&(nid_objs[47]),/* OBJ_pkcs9 1 2 840 113549 1 9 */ -&(nid_objs[ 3]),/* OBJ_md2 1 2 840 113549 2 2 */ -&(nid_objs[257]),/* OBJ_md4 1 2 840 113549 2 4 */ -&(nid_objs[ 4]),/* OBJ_md5 1 2 840 113549 2 5 */ -&(nid_objs[797]),/* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ -&(nid_objs[163]),/* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ -&(nid_objs[798]),/* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ -&(nid_objs[799]),/* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ -&(nid_objs[800]),/* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ -&(nid_objs[801]),/* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ -&(nid_objs[37]),/* OBJ_rc2_cbc 1 2 840 113549 3 2 */ -&(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ -&(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ -&(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ -&(nid_objs[643]),/* OBJ_des_cdmf 1 2 840 113549 3 10 */ -&(nid_objs[680]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ -&(nid_objs[684]),/* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ -&(nid_objs[685]),/* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ -&(nid_objs[686]),/* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ -&(nid_objs[687]),/* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ -&(nid_objs[688]),/* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ -&(nid_objs[689]),/* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ -&(nid_objs[690]),/* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ -&(nid_objs[691]),/* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ -&(nid_objs[692]),/* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ -&(nid_objs[693]),/* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ -&(nid_objs[694]),/* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ -&(nid_objs[695]),/* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ -&(nid_objs[696]),/* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ -&(nid_objs[697]),/* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ -&(nid_objs[698]),/* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ -&(nid_objs[699]),/* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ -&(nid_objs[700]),/* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ -&(nid_objs[701]),/* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ -&(nid_objs[702]),/* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ -&(nid_objs[703]),/* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ -&(nid_objs[409]),/* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ -&(nid_objs[410]),/* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ -&(nid_objs[411]),/* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ -&(nid_objs[412]),/* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ -&(nid_objs[413]),/* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ -&(nid_objs[414]),/* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ -&(nid_objs[415]),/* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ -&(nid_objs[793]),/* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ -&(nid_objs[794]),/* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ -&(nid_objs[795]),/* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ -&(nid_objs[796]),/* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ -&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ -&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ -&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ -&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ -&(nid_objs[273]),/* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ -&(nid_objs[274]),/* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ -&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ -&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ -&(nid_objs[277]),/* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ -&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ -&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ -&(nid_objs[280]),/* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ -&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ -&(nid_objs[282]),/* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ -&(nid_objs[283]),/* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ -&(nid_objs[284]),/* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ -&(nid_objs[177]),/* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ -&(nid_objs[285]),/* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ -&(nid_objs[286]),/* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ -&(nid_objs[287]),/* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ -&(nid_objs[288]),/* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ -&(nid_objs[289]),/* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ -&(nid_objs[290]),/* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ -&(nid_objs[291]),/* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ -&(nid_objs[292]),/* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ -&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ -&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ -&(nid_objs[663]),/* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ -&(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ -&(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ -&(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ -&(nid_objs[129]),/* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ -&(nid_objs[130]),/* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ -&(nid_objs[131]),/* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ -&(nid_objs[132]),/* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ -&(nid_objs[294]),/* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ -&(nid_objs[295]),/* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ -&(nid_objs[296]),/* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ -&(nid_objs[133]),/* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ -&(nid_objs[180]),/* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ -&(nid_objs[297]),/* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ -&(nid_objs[298]),/* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ -&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ -&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ -&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ -&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ -&(nid_objs[303]),/* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ -&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ -&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ -&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ -&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ -&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ -&(nid_objs[309]),/* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ -&(nid_objs[310]),/* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ -&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ -&(nid_objs[312]),/* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ -&(nid_objs[784]),/* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ -&(nid_objs[313]),/* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ -&(nid_objs[314]),/* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ -&(nid_objs[323]),/* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ -&(nid_objs[324]),/* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ -&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ -&(nid_objs[326]),/* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ -&(nid_objs[327]),/* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ -&(nid_objs[328]),/* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ -&(nid_objs[329]),/* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ -&(nid_objs[330]),/* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ -&(nid_objs[331]),/* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ -&(nid_objs[332]),/* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ -&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ -&(nid_objs[334]),/* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ -&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ -&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ -&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ -&(nid_objs[338]),/* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ -&(nid_objs[339]),/* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ -&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ -&(nid_objs[341]),/* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ -&(nid_objs[342]),/* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ -&(nid_objs[343]),/* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ -&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ -&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ -&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ -&(nid_objs[347]),/* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ -&(nid_objs[858]),/* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ -&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ -&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -&(nid_objs[351]),/* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ -&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ -&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ -&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ -&(nid_objs[355]),/* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ -&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ -&(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ -&(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ -&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ -&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ -&(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ -&(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ -&(nid_objs[362]),/* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ -&(nid_objs[664]),/* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ -&(nid_objs[665]),/* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ -&(nid_objs[667]),/* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ -&(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ -&(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ -&(nid_objs[363]),/* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ -&(nid_objs[364]),/* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ -&(nid_objs[785]),/* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ -&(nid_objs[780]),/* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ -&(nid_objs[781]),/* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ -&(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ -&(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ -&(nid_objs[438]),/* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ -&(nid_objs[439]),/* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ -&(nid_objs[440]),/* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ -&(nid_objs[441]),/* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ -&(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ -&(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ -&(nid_objs[782]),/* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ -&(nid_objs[783]),/* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ -&(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ -&(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ -&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ -&(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ -&(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ -&(nid_objs[644]),/* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ -&(nid_objs[668]),/* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ -&(nid_objs[669]),/* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ -&(nid_objs[670]),/* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ -&(nid_objs[671]),/* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ -&(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ -&(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ -&(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ -&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ -&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ -&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ -&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ -&(nid_objs[69]),/* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ -&(nid_objs[161]),/* OBJ_pbes2 1 2 840 113549 1 5 13 */ -&(nid_objs[162]),/* OBJ_pbmac1 1 2 840 113549 1 5 14 */ -&(nid_objs[21]),/* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ -&(nid_objs[22]),/* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ -&(nid_objs[23]),/* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ -&(nid_objs[24]),/* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ -&(nid_objs[25]),/* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ -&(nid_objs[26]),/* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ -&(nid_objs[48]),/* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ -&(nid_objs[49]),/* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ -&(nid_objs[50]),/* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ -&(nid_objs[51]),/* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ -&(nid_objs[52]),/* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ -&(nid_objs[53]),/* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ -&(nid_objs[54]),/* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ -&(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ -&(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ -&(nid_objs[172]),/* OBJ_ext_req 1 2 840 113549 1 9 14 */ -&(nid_objs[167]),/* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ -&(nid_objs[188]),/* OBJ_SMIME 1 2 840 113549 1 9 16 */ -&(nid_objs[156]),/* OBJ_friendlyName 1 2 840 113549 1 9 20 */ -&(nid_objs[157]),/* OBJ_localKeyID 1 2 840 113549 1 9 21 */ -&(nid_objs[681]),/* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ -&(nid_objs[682]),/* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ -&(nid_objs[683]),/* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ -&(nid_objs[417]),/* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ -&(nid_objs[856]),/* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ -&(nid_objs[390]),/* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ -&(nid_objs[91]),/* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ -&(nid_objs[315]),/* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ -&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ -&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ -&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ -&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ -&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ -&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ -&(nid_objs[322]),/* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ -&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ -&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ -&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ -&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ -&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ -&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ -&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ -&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ -&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ -&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ -&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ -&(nid_objs[418]),/* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ -&(nid_objs[419]),/* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ -&(nid_objs[420]),/* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ -&(nid_objs[421]),/* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ -&(nid_objs[788]),/* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ -&(nid_objs[422]),/* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ -&(nid_objs[423]),/* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ -&(nid_objs[424]),/* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ -&(nid_objs[425]),/* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ -&(nid_objs[789]),/* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ -&(nid_objs[426]),/* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ -&(nid_objs[427]),/* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ -&(nid_objs[428]),/* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ -&(nid_objs[429]),/* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ -&(nid_objs[790]),/* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ -&(nid_objs[672]),/* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ -&(nid_objs[673]),/* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ -&(nid_objs[674]),/* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ -&(nid_objs[675]),/* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ -&(nid_objs[802]),/* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ -&(nid_objs[803]),/* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ -&(nid_objs[71]),/* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ -&(nid_objs[72]),/* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ -&(nid_objs[73]),/* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ -&(nid_objs[74]),/* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ -&(nid_objs[75]),/* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ -&(nid_objs[76]),/* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ -&(nid_objs[77]),/* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ -&(nid_objs[78]),/* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ -&(nid_objs[79]),/* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ -&(nid_objs[139]),/* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ -&(nid_objs[458]),/* OBJ_userId 0 9 2342 19200300 100 1 1 */ -&(nid_objs[459]),/* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ -&(nid_objs[460]),/* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ -&(nid_objs[461]),/* OBJ_info 0 9 2342 19200300 100 1 4 */ -&(nid_objs[462]),/* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ -&(nid_objs[463]),/* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ -&(nid_objs[464]),/* OBJ_photo 0 9 2342 19200300 100 1 7 */ -&(nid_objs[465]),/* OBJ_userClass 0 9 2342 19200300 100 1 8 */ -&(nid_objs[466]),/* OBJ_host 0 9 2342 19200300 100 1 9 */ -&(nid_objs[467]),/* OBJ_manager 0 9 2342 19200300 100 1 10 */ -&(nid_objs[468]),/* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ -&(nid_objs[469]),/* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ -&(nid_objs[470]),/* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ -&(nid_objs[471]),/* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ -&(nid_objs[472]),/* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ -&(nid_objs[473]),/* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ -&(nid_objs[474]),/* OBJ_secretary 0 9 2342 19200300 100 1 21 */ -&(nid_objs[475]),/* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ -&(nid_objs[476]),/* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ -&(nid_objs[477]),/* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ -&(nid_objs[391]),/* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ -&(nid_objs[478]),/* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ -&(nid_objs[479]),/* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ -&(nid_objs[480]),/* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ -&(nid_objs[481]),/* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ -&(nid_objs[482]),/* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ -&(nid_objs[483]),/* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ -&(nid_objs[484]),/* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ -&(nid_objs[485]),/* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ -&(nid_objs[486]),/* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ -&(nid_objs[487]),/* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ -&(nid_objs[488]),/* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ -&(nid_objs[489]),/* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ -&(nid_objs[490]),/* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ -&(nid_objs[491]),/* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ -&(nid_objs[492]),/* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ -&(nid_objs[493]),/* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ -&(nid_objs[494]),/* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ -&(nid_objs[495]),/* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ -&(nid_objs[496]),/* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ -&(nid_objs[497]),/* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ -&(nid_objs[498]),/* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ -&(nid_objs[499]),/* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ -&(nid_objs[500]),/* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ -&(nid_objs[501]),/* OBJ_audio 0 9 2342 19200300 100 1 55 */ -&(nid_objs[502]),/* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ -&(nid_objs[442]),/* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ -&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ -&(nid_objs[444]),/* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ -&(nid_objs[445]),/* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ -&(nid_objs[446]),/* OBJ_account 0 9 2342 19200300 100 4 5 */ -&(nid_objs[447]),/* OBJ_document 0 9 2342 19200300 100 4 6 */ -&(nid_objs[448]),/* OBJ_room 0 9 2342 19200300 100 4 7 */ -&(nid_objs[449]),/* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ -&(nid_objs[392]),/* OBJ_Domain 0 9 2342 19200300 100 4 13 */ -&(nid_objs[450]),/* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ -&(nid_objs[451]),/* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ -&(nid_objs[452]),/* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ -&(nid_objs[453]),/* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ -&(nid_objs[454]),/* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ -&(nid_objs[455]),/* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ -&(nid_objs[456]),/* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ -&(nid_objs[457]),/* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ -&(nid_objs[189]),/* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ -&(nid_objs[190]),/* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ -&(nid_objs[191]),/* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ -&(nid_objs[192]),/* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ -&(nid_objs[193]),/* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ -&(nid_objs[194]),/* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ -&(nid_objs[195]),/* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ -&(nid_objs[158]),/* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ -&(nid_objs[159]),/* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ -&(nid_objs[160]),/* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ -&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ -&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ -&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ -&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ -&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ -&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ -&(nid_objs[171]),/* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ -&(nid_objs[134]),/* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ -&(nid_objs[135]),/* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ -&(nid_objs[136]),/* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ -&(nid_objs[137]),/* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ -&(nid_objs[138]),/* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ -&(nid_objs[648]),/* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ -&(nid_objs[649]),/* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ -&(nid_objs[751]),/* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ -&(nid_objs[752]),/* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ -&(nid_objs[753]),/* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ -&(nid_objs[196]),/* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ -&(nid_objs[197]),/* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ -&(nid_objs[198]),/* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ -&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ -&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ -&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ -&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ -&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ -&(nid_objs[204]),/* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ -&(nid_objs[205]),/* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ -&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ -&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ -&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ -&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ -&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ -&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ -&(nid_objs[786]),/* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ -&(nid_objs[787]),/* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ -&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ -&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ -&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ -&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ -&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ -&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ -&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ -&(nid_objs[219]),/* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ -&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ -&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ -&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ -&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ -&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ -&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ -&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ -&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ -&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ -&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ -&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ -&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ -&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ -&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ -&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ -&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ -&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ -&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ -&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ -&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ -&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ -&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ -&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ -&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ -&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ -&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ -&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ -&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ -&(nid_objs[248]),/* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ -&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ -&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ -&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ -&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ -&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ -&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ -&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ -&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ -&(nid_objs[150]),/* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ -&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ -&(nid_objs[152]),/* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ -&(nid_objs[153]),/* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ -&(nid_objs[154]),/* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ -&(nid_objs[155]),/* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ -&(nid_objs[34]),/* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ +static const unsigned int obj_objs[NUM_OBJ]={ + 0, /* OBJ_undef 0 */ +393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +404, /* OBJ_ccitt OBJ_itu_t */ +645, /* OBJ_itu_t 0 */ +434, /* OBJ_data 0 9 */ +181, /* OBJ_iso 1 */ +182, /* OBJ_member_body 1 2 */ +379, /* OBJ_org 1 3 */ +676, /* OBJ_identified_organization 1 3 */ +646, /* OBJ_joint_iso_itu_t 2 */ +11, /* OBJ_X500 2 5 */ +647, /* OBJ_international_organizations 2 23 */ +380, /* OBJ_dod 1 3 6 */ +12, /* OBJ_X509 2 5 4 */ +378, /* OBJ_X500algorithms 2 5 8 */ +81, /* OBJ_id_ce 2 5 29 */ +512, /* OBJ_id_set 2 23 42 */ +678, /* OBJ_wap 2 23 43 */ +435, /* OBJ_pss 0 9 2342 */ +183, /* OBJ_ISO_US 1 2 840 */ +381, /* OBJ_iana 1 3 6 1 */ +677, /* OBJ_certicom_arc 1 3 132 */ +394, /* OBJ_selected_attribute_types 2 5 1 5 */ +13, /* OBJ_commonName 2 5 4 3 */ +100, /* OBJ_surname 2 5 4 4 */ +105, /* OBJ_serialNumber 2 5 4 5 */ +14, /* OBJ_countryName 2 5 4 6 */ +15, /* OBJ_localityName 2 5 4 7 */ +16, /* OBJ_stateOrProvinceName 2 5 4 8 */ +660, /* OBJ_streetAddress 2 5 4 9 */ +17, /* OBJ_organizationName 2 5 4 10 */ +18, /* OBJ_organizationalUnitName 2 5 4 11 */ +106, /* OBJ_title 2 5 4 12 */ +107, /* OBJ_description 2 5 4 13 */ +859, /* OBJ_searchGuide 2 5 4 14 */ +860, /* OBJ_businessCategory 2 5 4 15 */ +861, /* OBJ_postalAddress 2 5 4 16 */ +661, /* OBJ_postalCode 2 5 4 17 */ +862, /* OBJ_postOfficeBox 2 5 4 18 */ +863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ +864, /* OBJ_telephoneNumber 2 5 4 20 */ +865, /* OBJ_telexNumber 2 5 4 21 */ +866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ +867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ +868, /* OBJ_x121Address 2 5 4 24 */ +869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ +870, /* OBJ_registeredAddress 2 5 4 26 */ +871, /* OBJ_destinationIndicator 2 5 4 27 */ +872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ +873, /* OBJ_presentationAddress 2 5 4 29 */ +874, /* OBJ_supportedApplicationContext 2 5 4 30 */ +875, /* OBJ_member 2 5 4 31 */ +876, /* OBJ_owner 2 5 4 32 */ +877, /* OBJ_roleOccupant 2 5 4 33 */ +878, /* OBJ_seeAlso 2 5 4 34 */ +879, /* OBJ_userPassword 2 5 4 35 */ +880, /* OBJ_userCertificate 2 5 4 36 */ +881, /* OBJ_cACertificate 2 5 4 37 */ +882, /* OBJ_authorityRevocationList 2 5 4 38 */ +883, /* OBJ_certificateRevocationList 2 5 4 39 */ +884, /* OBJ_crossCertificatePair 2 5 4 40 */ +173, /* OBJ_name 2 5 4 41 */ +99, /* OBJ_givenName 2 5 4 42 */ +101, /* OBJ_initials 2 5 4 43 */ +509, /* OBJ_generationQualifier 2 5 4 44 */ +503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ +174, /* OBJ_dnQualifier 2 5 4 46 */ +885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ +886, /* OBJ_protocolInformation 2 5 4 48 */ +887, /* OBJ_distinguishedName 2 5 4 49 */ +888, /* OBJ_uniqueMember 2 5 4 50 */ +889, /* OBJ_houseIdentifier 2 5 4 51 */ +890, /* OBJ_supportedAlgorithms 2 5 4 52 */ +891, /* OBJ_deltaRevocationList 2 5 4 53 */ +892, /* OBJ_dmdName 2 5 4 54 */ +510, /* OBJ_pseudonym 2 5 4 65 */ +400, /* OBJ_role 2 5 4 72 */ +769, /* OBJ_subject_directory_attributes 2 5 29 9 */ +82, /* OBJ_subject_key_identifier 2 5 29 14 */ +83, /* OBJ_key_usage 2 5 29 15 */ +84, /* OBJ_private_key_usage_period 2 5 29 16 */ +85, /* OBJ_subject_alt_name 2 5 29 17 */ +86, /* OBJ_issuer_alt_name 2 5 29 18 */ +87, /* OBJ_basic_constraints 2 5 29 19 */ +88, /* OBJ_crl_number 2 5 29 20 */ +141, /* OBJ_crl_reason 2 5 29 21 */ +430, /* OBJ_hold_instruction_code 2 5 29 23 */ +142, /* OBJ_invalidity_date 2 5 29 24 */ +140, /* OBJ_delta_crl 2 5 29 27 */ +770, /* OBJ_issuing_distribution_point 2 5 29 28 */ +771, /* OBJ_certificate_issuer 2 5 29 29 */ +666, /* OBJ_name_constraints 2 5 29 30 */ +103, /* OBJ_crl_distribution_points 2 5 29 31 */ +89, /* OBJ_certificate_policies 2 5 29 32 */ +747, /* OBJ_policy_mappings 2 5 29 33 */ +90, /* OBJ_authority_key_identifier 2 5 29 35 */ +401, /* OBJ_policy_constraints 2 5 29 36 */ +126, /* OBJ_ext_key_usage 2 5 29 37 */ +857, /* OBJ_freshest_crl 2 5 29 46 */ +748, /* OBJ_inhibit_any_policy 2 5 29 54 */ +402, /* OBJ_target_information 2 5 29 55 */ +403, /* OBJ_no_rev_avail 2 5 29 56 */ +513, /* OBJ_set_ctype 2 23 42 0 */ +514, /* OBJ_set_msgExt 2 23 42 1 */ +515, /* OBJ_set_attr 2 23 42 3 */ +516, /* OBJ_set_policy 2 23 42 5 */ +517, /* OBJ_set_certExt 2 23 42 7 */ +518, /* OBJ_set_brand 2 23 42 8 */ +679, /* OBJ_wap_wsg 2 23 43 1 */ +382, /* OBJ_Directory 1 3 6 1 1 */ +383, /* OBJ_Management 1 3 6 1 2 */ +384, /* OBJ_Experimental 1 3 6 1 3 */ +385, /* OBJ_Private 1 3 6 1 4 */ +386, /* OBJ_Security 1 3 6 1 5 */ +387, /* OBJ_SNMPv2 1 3 6 1 6 */ +388, /* OBJ_Mail 1 3 6 1 7 */ +376, /* OBJ_algorithm 1 3 14 3 2 */ +395, /* OBJ_clearance 2 5 1 5 55 */ +19, /* OBJ_rsa 2 5 8 1 1 */ +96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ +95, /* OBJ_mdc2 2 5 8 3 101 */ +746, /* OBJ_any_policy 2 5 29 32 0 */ +519, /* OBJ_setct_PANData 2 23 42 0 0 */ +520, /* OBJ_setct_PANToken 2 23 42 0 1 */ +521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ +522, /* OBJ_setct_OIData 2 23 42 0 3 */ +523, /* OBJ_setct_PI 2 23 42 0 4 */ +524, /* OBJ_setct_PIData 2 23 42 0 5 */ +525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +526, /* OBJ_setct_HODInput 2 23 42 0 7 */ +527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ +532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ +533, /* OBJ_setct_PResData 2 23 42 0 14 */ +534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ +539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +546, /* OBJ_setct_CapResData 2 23 42 0 28 */ +547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ +550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +552, /* OBJ_setct_CredResData 2 23 42 0 34 */ +553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ +556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ +557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ +564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +565, /* OBJ_setct_CertResData 2 23 42 0 47 */ +566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ +583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ +589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ +598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ +602, /* OBJ_setext_miAuth 2 23 42 1 3 */ +603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ +604, /* OBJ_setext_pinAny 2 23 42 1 5 */ +605, /* OBJ_setext_track2 2 23 42 1 7 */ +606, /* OBJ_setext_cv 2 23 42 1 8 */ +620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ +621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ +623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ +607, /* OBJ_set_policy_root 2 23 42 5 0 */ +608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +609, /* OBJ_setCext_certType 2 23 42 7 1 */ +610, /* OBJ_setCext_merchData 2 23 42 7 2 */ +611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ +613, /* OBJ_setCext_setExt 2 23 42 7 5 */ +614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ +615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ +618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ +619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ +641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ +638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ +805, /* OBJ_cryptopro 1 2 643 2 2 */ +806, /* OBJ_cryptocom 1 2 643 2 9 */ +184, /* OBJ_X9_57 1 2 840 10040 */ +405, /* OBJ_ansi_X9_62 1 2 840 10045 */ +389, /* OBJ_Enterprises 1 3 6 1 4 1 */ +504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ +104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ +29, /* OBJ_des_ecb 1 3 14 3 2 6 */ +31, /* OBJ_des_cbc 1 3 14 3 2 7 */ +45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ +30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ +377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ +67, /* OBJ_dsa_2 1 3 14 3 2 12 */ +66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ +42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ +32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ +41, /* OBJ_sha 1 3 14 3 2 18 */ +64, /* OBJ_sha1 1 3 14 3 2 26 */ +70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ +115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ +117, /* OBJ_ripemd160 1 3 36 3 2 1 */ +143, /* OBJ_sxnet 1 3 101 1 4 1 */ +721, /* OBJ_sect163k1 1 3 132 0 1 */ +722, /* OBJ_sect163r1 1 3 132 0 2 */ +728, /* OBJ_sect239k1 1 3 132 0 3 */ +717, /* OBJ_sect113r1 1 3 132 0 4 */ +718, /* OBJ_sect113r2 1 3 132 0 5 */ +704, /* OBJ_secp112r1 1 3 132 0 6 */ +705, /* OBJ_secp112r2 1 3 132 0 7 */ +709, /* OBJ_secp160r1 1 3 132 0 8 */ +708, /* OBJ_secp160k1 1 3 132 0 9 */ +714, /* OBJ_secp256k1 1 3 132 0 10 */ +723, /* OBJ_sect163r2 1 3 132 0 15 */ +729, /* OBJ_sect283k1 1 3 132 0 16 */ +730, /* OBJ_sect283r1 1 3 132 0 17 */ +719, /* OBJ_sect131r1 1 3 132 0 22 */ +720, /* OBJ_sect131r2 1 3 132 0 23 */ +724, /* OBJ_sect193r1 1 3 132 0 24 */ +725, /* OBJ_sect193r2 1 3 132 0 25 */ +726, /* OBJ_sect233k1 1 3 132 0 26 */ +727, /* OBJ_sect233r1 1 3 132 0 27 */ +706, /* OBJ_secp128r1 1 3 132 0 28 */ +707, /* OBJ_secp128r2 1 3 132 0 29 */ +710, /* OBJ_secp160r2 1 3 132 0 30 */ +711, /* OBJ_secp192k1 1 3 132 0 31 */ +712, /* OBJ_secp224k1 1 3 132 0 32 */ +713, /* OBJ_secp224r1 1 3 132 0 33 */ +715, /* OBJ_secp384r1 1 3 132 0 34 */ +716, /* OBJ_secp521r1 1 3 132 0 35 */ +731, /* OBJ_sect409k1 1 3 132 0 36 */ +732, /* OBJ_sect409r1 1 3 132 0 37 */ +733, /* OBJ_sect571k1 1 3 132 0 38 */ +734, /* OBJ_sect571r1 1 3 132 0 39 */ +624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ +626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ +735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ +736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ +737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ +738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ +739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ +740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ +741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ +742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ +743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ +744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ +745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ +804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ +124, /* OBJ_rle_compression 1 1 1 1 666 1 */ +773, /* OBJ_kisa 1 2 410 200004 */ +807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ +808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ +809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ +810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ +811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ +812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ +813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ +815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ +816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ +817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ +818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ + 1, /* OBJ_rsadsi 1 2 840 113549 */ +185, /* OBJ_X9cm 1 2 840 10040 4 */ +127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ +505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ +506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ +119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ +436, /* OBJ_ucl 0 9 2342 19200300 */ +820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ +819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ +845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ +846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ +847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ +848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ +821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ +822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ +823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ +824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ +825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ +826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ +827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ +828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ +829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ +830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ +831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ +832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ +833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ +834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ +835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ +836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ +837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ +838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ +839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ +840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ +841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ +842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ +843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ +844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ + 2, /* OBJ_pkcs 1 2 840 113549 1 */ +431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ +432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ +433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ +116, /* OBJ_dsa 1 2 840 10040 4 1 */ +113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ +406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ +407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ +408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ +416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ +258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ +175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ +259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ +128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ +260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ +261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ +262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ +263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ +264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ +265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ +266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ +267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ +268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ +176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ +507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ +508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ +57, /* OBJ_netscape 2 16 840 1 113730 */ +754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ +766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ +757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ +767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ +758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ +768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ +759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ +437, /* OBJ_pilot 0 9 2342 19200300 100 */ +776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ +777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ +779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ +778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ +852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ +853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ +850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ +851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ +849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ +854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ +186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ +27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ +187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ +20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ +47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ + 3, /* OBJ_md2 1 2 840 113549 2 2 */ +257, /* OBJ_md4 1 2 840 113549 2 4 */ + 4, /* OBJ_md5 1 2 840 113549 2 5 */ +797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ +163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ +798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ +799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ +800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ +801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ +37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ + 5, /* OBJ_rc4 1 2 840 113549 3 4 */ +44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ +120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ +680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ +409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ +410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ +411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ +412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ +413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ +414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ +415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ +269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ +270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ +271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ +272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ +273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ +274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ +275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ +276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ +277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ +278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ +279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ +280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ +281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ +282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ +283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ +284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ +177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ +285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ +286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ +287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ +288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ +289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ +290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ +398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ +165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ +293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ +129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ +130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ +131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ +132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ +294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ +295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ +296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ +133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ +180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ +297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ +299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ +300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ +301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ +302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ +303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ +304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ +305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ +306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ +307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ +308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ +309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ +310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ +311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ +312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ +313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ +314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ +323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ +324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ +325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ +326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ +327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ +328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ +329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ +330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ +331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ +332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ +333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ +334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ +335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ +336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ +337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ +338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ +339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ +340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ +341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ +342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ +343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ +344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ +345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ +346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ +347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ +858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ +348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ +349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ +351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ +352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ +353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ +354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ +355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ +356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ +357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ +358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ +399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ +359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ +360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ +361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ +362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ +178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ +179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ +363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ +364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ +58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ +59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ +438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ +439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ +440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ +441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ +108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ +112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ + 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ + 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ + 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ +65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ +669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ +670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ +671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ +28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ + 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ +10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ +168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ +169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ +170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ +68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ +69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ +161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ +162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ +21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ +22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ +23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ +24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ +25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ +26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ +48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ +49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ +50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ +51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ +52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ +53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ +54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ +55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ +56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ +172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ +167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ +188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ +156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ +157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ +417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ +390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ +91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ +315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ +316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ +317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ +318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ +319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ +320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ +321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ +322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ +365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ +366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ +367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ +368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ +369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ +370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ +371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ +372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ +373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ +374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ +375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ +418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ +419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ +420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ +421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ +422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ +423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ +424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ +425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ +426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ +427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ +428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ +429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ +672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ +673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ +674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ +675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ +802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ +803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ +71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ +72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ +73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ +74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ +75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ +76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ +77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ +78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ +79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ +139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ +458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ +459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ +460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ +461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ +462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ +463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ +464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ +465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ +466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ +467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ +468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ +469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ +470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ +471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ +472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ +473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ +474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ +475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ +476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ +477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ +391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ +478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ +479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ +480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ +481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ +482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ +483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ +484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ +485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ +486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ +487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ +488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ +489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ +490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ +491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ +492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ +493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ +494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ +495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ +496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ +497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ +498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ +499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ +500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ +501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ +502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ +442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ +443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ +444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ +445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ +446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ +447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ +448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ +449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ +392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ +450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ +451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ +452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ +453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ +454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ +455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ +456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ +457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ +189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ +190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ +191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ +192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ +193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ +194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ +195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ +158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ +159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ +160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ +144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ +145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ +146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ +147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ +148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ +149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ +171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ +134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ +135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ +136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ +137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ +138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ +752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ +753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ +196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ +197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ +198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ +199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ +200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ +201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ +202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ +203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ +204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ +205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ +206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ +207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ +208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ +209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ +210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ +211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ +212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ +213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ +214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ +215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ +216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ +217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ +218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ +219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ +220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ +221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ +222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ +223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ +224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ +225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ +226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ +227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ +228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ +229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ +230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ +231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ +232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ +233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ +234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ +235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ +236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ +237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ +238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ +239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ +240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ +241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ +242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ +243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ +244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ +245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ +246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ +247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ +248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ +249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ +250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ +251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ +252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ +253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ +254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ +255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ +256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ +150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ +151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ +152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ +153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ +154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ +155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ +34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ }; diff --git a/src/lib/libssl/src/crypto/objects/obj_dat.pl b/src/lib/libssl/src/crypto/objects/obj_dat.pl index 7de2f77afd..c67f71c327 100644 --- a/src/lib/libssl/src/crypto/objects/obj_dat.pl +++ b/src/lib/libssl/src/crypto/objects/obj_dat.pl @@ -2,9 +2,7 @@ # fixes bug in floating point emulation on sparc64 when # this script produces off-by-one output on sparc64 -eval 'use integer;'; - -print STDERR "Warning: perl module integer not found.\n" if ($@); +use integer; sub obj_cmp { @@ -150,13 +148,13 @@ for ($i=0; $i<$n; $i++) @a=grep(defined($sn{$nid{$_}}),0 .. $n); foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) { - push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_)); + push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_)); } @a=grep(defined($ln{$nid{$_}}),0 .. $n); foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) { - push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_)); + push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_)); } @a=grep(defined($obj{$nid{$_}}),0 .. $n); @@ -166,7 +164,7 @@ foreach (sort obj_cmp @a) $v=$objd{$m}; $v =~ s/L//g; $v =~ s/,/ /g; - push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); + push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v)); } print OUT <<'EOF'; @@ -241,11 +239,11 @@ printf OUT "#define NUM_SN %d\n",$#sn+1; printf OUT "#define NUM_LN %d\n",$#ln+1; printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; -printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1; +printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1; print OUT @lvalues; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; +printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n"; foreach (@out) { if (length($_) > 75) @@ -269,15 +267,15 @@ foreach (@out) } print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; +printf OUT "static const unsigned int sn_objs[NUM_SN]={\n"; print OUT @sn; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; +printf OUT "static const unsigned int ln_objs[NUM_LN]={\n"; print OUT @ln; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; +printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n"; print OUT @ob; print OUT "};\n\n"; diff --git a/src/lib/libssl/src/crypto/objects/obj_err.c b/src/lib/libssl/src/crypto/objects/obj_err.c index 12b48850c6..2e7a034c3f 100644 --- a/src/lib/libssl/src/crypto/objects/obj_err.c +++ b/src/lib/libssl/src/crypto/objects/obj_err.c @@ -1,6 +1,6 @@ /* crypto/objects/obj_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/objects/obj_lib.c b/src/lib/libssl/src/crypto/objects/obj_lib.c index 706fa0b0e7..23e9d48cdf 100644 --- a/src/lib/libssl/src/crypto/objects/obj_lib.c +++ b/src/lib/libssl/src/crypto/objects/obj_lib.c @@ -66,7 +66,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { ASN1_OBJECT *r; int i; - char *ln=NULL; + char *ln=NULL,*sn=NULL; + unsigned char *data=NULL; if (o == NULL) return(NULL); if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) @@ -79,42 +80,42 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); return(NULL); } - r->data=OPENSSL_malloc(o->length); - if (r->data == NULL) + data=OPENSSL_malloc(o->length); + if (data == NULL) goto err; if (o->data != NULL) - memcpy(r->data,o->data,o->length); + memcpy(data,o->data,o->length); + /* once data attached to object it remains const */ + r->data = data; r->length=o->length; r->nid=o->nid; r->ln=r->sn=NULL; if (o->ln != NULL) { i=strlen(o->ln)+1; - r->ln=ln=OPENSSL_malloc(i); - if (r->ln == NULL) goto err; + ln=OPENSSL_malloc(i); + if (ln == NULL) goto err; memcpy(ln,o->ln,i); + r->ln=ln; } if (o->sn != NULL) { - char *s; - i=strlen(o->sn)+1; - r->sn=s=OPENSSL_malloc(i); - if (r->sn == NULL) goto err; - memcpy(s,o->sn,i); + sn=OPENSSL_malloc(i); + if (sn == NULL) goto err; + memcpy(sn,o->sn,i); + r->sn=sn; } r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); return(r); err: OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); - if (r != NULL) - { - if (ln != NULL) OPENSSL_free(ln); - if (r->data != NULL) OPENSSL_free(r->data); - OPENSSL_free(r); - } + if (ln != NULL) OPENSSL_free(ln); + if (sn != NULL) OPENSSL_free(sn); + if (data != NULL) OPENSSL_free(data); + if (r != NULL) OPENSSL_free(r); return(NULL); } diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.h b/src/lib/libssl/src/crypto/objects/obj_mac.h index ad5f7cfc10..282f11a8a8 100644 --- a/src/lib/libssl/src/crypto/objects/obj_mac.h +++ b/src/lib/libssl/src/crypto/objects/obj_mac.h @@ -122,7 +122,7 @@ #define SN_wap_wsg "wap-wsg" #define NID_wap_wsg 679 -#define OBJ_wap_wsg OBJ_wap,13L +#define OBJ_wap_wsg OBJ_wap,1L #define SN_selected_attribute_types "selected-attribute-types" #define LN_selected_attribute_types "Selected Attribute Types" @@ -2049,6 +2049,7 @@ #define NID_stateOrProvinceName 16 #define OBJ_stateOrProvinceName OBJ_X509,8L +#define SN_streetAddress "street" #define LN_streetAddress "streetAddress" #define NID_streetAddress 660 #define OBJ_streetAddress OBJ_X509,9L @@ -2063,6 +2064,7 @@ #define NID_organizationalUnitName 18 #define OBJ_organizationalUnitName OBJ_X509,11L +#define SN_title "title" #define LN_title "title" #define NID_title 106 #define OBJ_title OBJ_X509,12L @@ -2071,10 +2073,114 @@ #define NID_description 107 #define OBJ_description OBJ_X509,13L +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + #define LN_postalCode "postalCode" #define NID_postalCode 661 #define OBJ_postalCode OBJ_X509,17L +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + #define SN_name "name" #define LN_name "name" #define NID_name 173 @@ -2085,6 +2191,7 @@ #define NID_givenName 99 #define OBJ_givenName OBJ_X509,42L +#define SN_initials "initials" #define LN_initials "initials" #define NID_initials 101 #define OBJ_initials OBJ_X509,43L @@ -2102,6 +2209,38 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + #define LN_pseudonym "pseudonym" #define NID_pseudonym 510 #define OBJ_pseudonym OBJ_X509,65L diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num index e3f56bc52c..8c50aac27f 100644 --- a/src/lib/libssl/src/crypto/objects/obj_mac.num +++ b/src/lib/libssl/src/crypto/objects/obj_mac.num @@ -856,3 +856,37 @@ hmac 855 LocalKeySet 856 freshest_crl 857 id_on_permanentIdentifier 858 +searchGuide 859 +businessCategory 860 +postalAddress 861 +postOfficeBox 862 +physicalDeliveryOfficeName 863 +telephoneNumber 864 +telexNumber 865 +teletexTerminalIdentifier 866 +facsimileTelephoneNumber 867 +x121Address 868 +internationaliSDNNumber 869 +registeredAddress 870 +destinationIndicator 871 +preferredDeliveryMethod 872 +presentationAddress 873 +supportedApplicationContext 874 +member 875 +owner 876 +roleOccupant 877 +seeAlso 878 +userPassword 879 +userCertificate 880 +cACertificate 881 +authorityRevocationList 882 +certificateRevocationList 883 +crossCertificatePair 884 +enhancedSearchGuide 885 +protocolInformation 886 +distinguishedName 887 +uniqueMember 888 +houseIdentifier 889 +supportedAlgorithms 890 +deltaRevocationList 891 +dmdName 892 diff --git a/src/lib/libssl/src/crypto/objects/objects.h b/src/lib/libssl/src/crypto/objects/objects.h index 7242f76fb0..bd0ee52feb 100644 --- a/src/lib/libssl/src/crypto/objects/objects.h +++ b/src/lib/libssl/src/crypto/objects/objects.h @@ -1011,10 +1011,91 @@ int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); -const char * OBJ_bsearch(const char *key,const char *base,int num,int size, - int (*cmp)(const void *, const void *)); -const char * OBJ_bsearch_ex(const char *key,const char *base,int num, - int size, int (*cmp)(const void *, const void *), int flags); +const void * OBJ_bsearch_(const void *key,const void *base,int num,int size, + int (*cmp)(const void *, const void *)); +const void * OBJ_bsearch_ex_(const void *key,const void *base,int num, + int size, + int (*cmp)(const void *, const void *), + int flags); + +#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/* + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); @@ -1022,6 +1103,14 @@ int OBJ_create(const char *oid,const char *sn,const char *ln); void OBJ_cleanup(void ); int OBJ_create_objects(BIO *in); +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + +extern int obj_cleanup_defer; +void check_defer(int nid); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/src/lib/libssl/src/crypto/objects/objects.pl b/src/lib/libssl/src/crypto/objects/objects.pl index 76c06cc8f9..15c00bbd52 100644 --- a/src/lib/libssl/src/crypto/objects/objects.pl +++ b/src/lib/libssl/src/crypto/objects/objects.pl @@ -14,6 +14,8 @@ while() $Cname =~ s/^X//; if (defined($nidn{$mynum})) { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } + if (defined($nid{$Cname})) + { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; } $nid{$Cname} = $mynum; $nidn{$mynum} = $Cname; $order{$mynum} = $o; @@ -102,6 +104,7 @@ while () $max_nid++; $nid{$Cname} = $max_nid; $nidn{$max_nid} = $Cname; +print STDERR "Added OID $Cname\n"; } $Cname=""; } diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt index a6a811b8e7..e61fe60cbf 100644 --- a/src/lib/libssl/src/crypto/objects/objects.txt +++ b/src/lib/libssl/src/crypto/objects/objects.txt @@ -20,7 +20,7 @@ identified-organization 132 : certicom-arc joint-iso-itu-t 23 : international-organizations : International Organizations international-organizations 43 : wap -wap 13 : wap-wsg +wap 1 : wap-wsg joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types @@ -664,18 +664,52 @@ X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName X509 8 : ST : stateOrProvinceName -X509 9 : : streetAddress +X509 9 : street : streetAddress X509 10 : O : organizationName X509 11 : OU : organizationalUnitName -X509 12 : : title +X509 12 : title : title X509 13 : : description -X509 17 : : postalCode +X509 14 : : searchGuide +X509 15 : : businessCategory +X509 16 : : postalAddress +X509 17 : : postalCode +X509 18 : : postOfficeBox +X509 19 : : physicalDeliveryOfficeName +X509 20 : : telephoneNumber +X509 21 : : telexNumber +X509 22 : : teletexTerminalIdentifier +X509 23 : : facsimileTelephoneNumber +X509 24 : : x121Address +X509 25 : : internationaliSDNNumber +X509 26 : : registeredAddress +X509 27 : : destinationIndicator +X509 28 : : preferredDeliveryMethod +X509 29 : : presentationAddress +X509 30 : : supportedApplicationContext +X509 31 : member : +X509 32 : owner : +X509 33 : : roleOccupant +X509 34 : seeAlso : +X509 35 : : userPassword +X509 36 : : userCertificate +X509 37 : : cACertificate +X509 38 : : authorityRevocationList +X509 39 : : certificateRevocationList +X509 40 : : crossCertificatePair X509 41 : name : name X509 42 : GN : givenName -X509 43 : : initials +X509 43 : initials : initials X509 44 : : generationQualifier X509 45 : : x500UniqueIdentifier X509 46 : dnQualifier : dnQualifier +X509 47 : : enhancedSearchGuide +X509 48 : : protocolInformation +X509 49 : : distinguishedName +X509 50 : : uniqueMember +X509 51 : : houseIdentifier +X509 52 : : supportedAlgorithms +X509 53 : : deltaRevocationList +X509 54 : dmdName : X509 65 : : pseudonym X509 72 : role : role diff --git a/src/lib/libssl/src/crypto/ocsp/Makefile b/src/lib/libssl/src/crypto/ocsp/Makefile index 30a00b3372..60c414cf4d 100644 --- a/src/lib/libssl/src/crypto/ocsp/Makefile +++ b/src/lib/libssl/src/crypto/ocsp/Makefile @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -82,10 +82,9 @@ ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_asn.o: ../../include/openssl/opensslconf.h +ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -98,25 +97,24 @@ ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_cl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c +ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_err.o: ../../include/openssl/opensslconf.h +ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -129,9 +127,9 @@ ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ext.o: ../../include/openssl/opensslconf.h ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -144,22 +142,21 @@ ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_ht.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ht.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ht.o: ocsp_ht.c +ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ocsp_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ocsp_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ocsp_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -174,10 +171,9 @@ ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_prn.o: ../../include/openssl/opensslconf.h +ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -191,9 +187,9 @@ ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_srv.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h +ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +ocsp_srv.o: ../../include/openssl/opensslconf.h ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -206,10 +202,9 @@ ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_vfy.o: ../../include/openssl/opensslconf.h +ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp.h b/src/lib/libssl/src/crypto/ocsp/ocsp.h index a0577a717e..31e45744ba 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp.h +++ b/src/lib/libssl/src/crypto/ocsp/ocsp.h @@ -64,6 +64,7 @@ #ifndef HEADER_OCSP_H #define HEADER_OCSP_H +#include #include #include #include @@ -394,17 +395,20 @@ typedef struct ocsp_service_locator_st #define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) -#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) - #define OCSP_CERTSTATUS_dup(cs)\ (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, int maxline); int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); @@ -474,11 +478,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, - void *data, STACK_OF(ASN1_OBJECT) *sk); -#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ - ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) - X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); X509_EXTENSION *OCSP_accept_responses_new(char **oids); @@ -547,9 +546,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) -char *OCSP_response_status_str(long s); -char *OCSP_cert_status_str(long s); -char *OCSP_crl_reason_str(long s); +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); @@ -582,7 +581,8 @@ void ERR_load_OCSP_strings(void); #define OCSP_F_OCSP_REQUEST_VERIFY 116 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 #define OCSP_F_OCSP_SENDREQ_BIO 112 -#define OCSP_F_PARSE_HTTP_LINE1 117 +#define OCSP_F_OCSP_SENDREQ_NBIO 117 +#define OCSP_F_PARSE_HTTP_LINE1 118 #define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c index 17bab5fc59..9c14d9da27 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c @@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST *req, goto err; if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; - if (!dgst) dgst = EVP_sha1(); if (key) { if (!X509_check_private_key(signer, key)) diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c index d2f2e79f44..0cedcea682 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* crypto/ocsp/ocsp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]= {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, +{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, {0,NULL} diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c index 815cc29d58..ec884cb08f 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c @@ -264,7 +264,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) } /* also CRL Entry Extensions */ - +#if 0 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, STACK_OF(ASN1_OBJECT) *sk) { @@ -305,6 +305,7 @@ err: if (b) OPENSSL_free(b); return NULL; } +#endif /* Nonce handling functions */ @@ -442,17 +443,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) goto err; } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; - if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, - NULL))) - goto err; - OCSP_CRLID_free(cid); - return x; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); err: - if (x) X509_EXTENSION_free(x); if (cid) OCSP_CRLID_free(cid); - return NULL; + return x; } /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ @@ -470,18 +464,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) sk_ASN1_OBJECT_push(sk, o); oids++; } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) - goto err; - if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, - sk))) - goto err; - sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); - return x; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); err: - if (x) X509_EXTENSION_free(x); if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); - return NULL; + return x; } /* ArchiveCutoff ::= GeneralizedTime */ @@ -492,16 +478,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; - if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, - i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err; - ASN1_GENERALIZEDTIME_free(gt); - return x; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); err: if (gt) ASN1_GENERALIZEDTIME_free(gt); - if (x) X509_EXTENSION_free(x); - return NULL; + return x; } /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently @@ -530,16 +510,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; urls++; } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) - goto err; - if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, - i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; - OCSP_SERVICELOC_free(sloc); - return x; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); err: - if (x) X509_EXTENSION_free(x); if (sloc) OCSP_SERVICELOC_free(sloc); - return NULL; + return x; } diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c index 6abb30b2c0..12bbfcffd1 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c @@ -118,39 +118,65 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) OPENSSL_free(rctx); } -OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, - int maxline) +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req) { - static char post_hdr[] = "POST %s HTTP/1.0\r\n" + static const char req_hdr[] = "Content-Type: application/ocsp-request\r\n" "Content-Length: %d\r\n\r\n"; + if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0) + return 0; + if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) + return 0; + rctx->state = OHS_ASN1_WRITE; + rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); + return 1; + } + +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value) + { + if (!name) + return 0; + if (BIO_puts(rctx->mem, name) <= 0) + return 0; + if (value) + { + if (BIO_write(rctx->mem, ": ", 2) != 2) + return 0; + if (BIO_puts(rctx->mem, value) <= 0) + return 0; + } + if (BIO_write(rctx->mem, "\r\n", 2) != 2) + return 0; + return 1; + } + +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, + int maxline) + { + static const char post_hdr[] = "POST %s HTTP/1.0\r\n"; OCSP_REQ_CTX *rctx; rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); - rctx->state = OHS_FIRSTLINE; + rctx->state = OHS_ERROR; rctx->mem = BIO_new(BIO_s_mem()); rctx->io = io; + rctx->asn1_len = 0; if (maxline > 0) rctx->iobuflen = maxline; else rctx->iobuflen = OCSP_MAX_LINE_LEN; rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); + if (!rctx->iobuf) + return 0; if (!path) path = "/"; - if (BIO_printf(rctx->mem, post_hdr, path, - i2d_OCSP_REQUEST(req, NULL)) <= 0) - { - rctx->state = OHS_ERROR; + if (BIO_printf(rctx->mem, post_hdr, path) <= 0) return 0; - } - if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) - { - rctx->state = OHS_ERROR; + + if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) return 0; - } - rctx->state = OHS_ASN1_WRITE; - rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); return rctx; } diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 27450811d7..36905d76cd 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c @@ -69,6 +69,7 @@ #include #include #include +#include /* Convert a certificate and its issuer to an OCSP_CERTID */ @@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss return 0; } + +IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c index 3dfb51c1e4..1695c9c4ad 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c @@ -85,21 +85,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) typedef struct { long t; - char *m; + const char *m; } OCSP_TBLSTR; -static char *table2string(long s, OCSP_TBLSTR *ts, int len) +static const char *table2string(long s, const OCSP_TBLSTR *ts, int len) { - OCSP_TBLSTR *p; + const OCSP_TBLSTR *p; for (p=ts; p < ts + len; p++) if (p->t == s) return p->m; return "(UNKNOWN)"; } -char *OCSP_response_status_str(long s) +const char *OCSP_response_status_str(long s) { - static OCSP_TBLSTR rstat_tbl[] = { + static const OCSP_TBLSTR rstat_tbl[] = { { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, @@ -109,18 +109,18 @@ char *OCSP_response_status_str(long s) return table2string(s, rstat_tbl, 6); } -char *OCSP_cert_status_str(long s) +const char *OCSP_cert_status_str(long s) { - static OCSP_TBLSTR cstat_tbl[] = { + static const OCSP_TBLSTR cstat_tbl[] = { { V_OCSP_CERTSTATUS_GOOD, "good" }, { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; return table2string(s, cstat_tbl, 3); } -char *OCSP_crl_reason_str(long s) +const char *OCSP_crl_reason_str(long s) { - OCSP_TBLSTR reason_tbl[] = { + static const OCSP_TBLSTR reason_tbl[] = { { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, @@ -266,15 +266,16 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) goto err; } - if (!BIO_write(bp,"\n",1)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; if (!X509V3_extensions_print(bp, "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; - if (!BIO_write(bp,"\n",1)) goto err; + if (BIO_write(bp,"\n",1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", rd->responseExtensions, flags, 4)) + goto err; if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) goto err; diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index 4a0c3870d8..415d67e61c 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c @@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, } mdlen = EVP_MD_size(dgst); + if (mdlen < 0) + return -1; if ((cid->issuerNameHash->length != mdlen) || (cid->issuerKeyHash->length != mdlen)) return 0; @@ -316,7 +318,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, return -1; if (memcmp(md, cid->issuerNameHash->data, mdlen)) return 0; - X509_pubkey_digest(cert, EVP_sha1(), md, NULL); + X509_pubkey_digest(cert, dgst, md, NULL); if (memcmp(md, cid->issuerKeyHash->data, mdlen)) return 0; diff --git a/src/lib/libssl/src/crypto/opensslconf.h b/src/lib/libssl/src/crypto/opensslconf.h index 60505327d3..c21b3913f0 100644 --- a/src/lib/libssl/src/crypto/opensslconf.h +++ b/src/lib/libssl/src/crypto/opensslconf.h @@ -5,15 +5,6 @@ #ifndef OPENSSL_DOING_MAKEDEPEND -#ifndef OPENSSL_NO_CAMELLIA -# define OPENSSL_NO_CAMELLIA -#endif -#ifndef OPENSSL_NO_CAPIENG -# define OPENSSL_NO_CAPIENG -#endif -#ifndef OPENSSL_NO_CMS -# define OPENSSL_NO_CMS -#endif #ifndef OPENSSL_NO_GMP # define OPENSSL_NO_GMP #endif @@ -23,8 +14,8 @@ #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif -#ifndef OPENSSL_NO_MDC2 -# define OPENSSL_NO_MDC2 +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 #endif #ifndef OPENSSL_NO_RC5 # define OPENSSL_NO_RC5 @@ -32,8 +23,8 @@ #ifndef OPENSSL_NO_RFC3779 # define OPENSSL_NO_RFC3779 #endif -#ifndef OPENSSL_NO_SEED -# define OPENSSL_NO_SEED +#ifndef OPENSSL_NO_STORE +# define OPENSSL_NO_STORE #endif #endif /* OPENSSL_DOING_MAKEDEPEND */ @@ -47,15 +38,6 @@ who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) -# define NO_CAMELLIA -# endif -# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) -# define NO_CAPIENG -# endif -# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) -# define NO_CMS -# endif # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) # define NO_GMP # endif @@ -65,8 +47,8 @@ # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif -# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) -# define NO_MDC2 +# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) +# define NO_MD2 # endif # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) # define NO_RC5 @@ -74,28 +56,13 @@ # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) # define NO_RFC3779 # endif -# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) -# define NO_SEED +# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) +# define NO_STORE # endif #endif /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -159,14 +126,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/src/lib/libssl/src/crypto/opensslconf.h.in b/src/lib/libssl/src/crypto/opensslconf.h.in index 1c77f03c3d..97e3745563 100644 --- a/src/lib/libssl/src/crypto/opensslconf.h.in +++ b/src/lib/libssl/src/crypto/opensslconf.h.in @@ -1,20 +1,5 @@ /* crypto/opensslconf.h.in */ -#ifdef OPENSSL_DOING_MAKEDEPEND - -/* Include any symbols here that have to be explicitly set to enable a feature - * that should be visible to makedepend. - * - * [Our "make depend" doesn't actually look at this, we use actual build settings - * instead; we want to make it easy to remove subdirectories with disabled algorithms.] - */ - -#ifndef OPENSSL_FIPS -#define OPENSSL_FIPS -#endif - -#endif - /* Generate 80386 code? */ #undef I386_ONLY @@ -78,14 +63,9 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ #undef SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h index c6207f76b2..2fb110fa0e 100644 --- a/src/lib/libssl/src/crypto/opensslv.h +++ b/src/lib/libssl/src/crypto/opensslv.h @@ -12,7 +12,7 @@ * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) * 0.9.3 0x0090300f * 0.9.3a 0x0090301f - * 0.9.4 0x0090400f + * 0.9.4 0x0090400f * 1.2.3z 0x102031af * * For continuity reasons (because 0.9.5 is already out, and is coded @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009080bfL +#define OPENSSL_VERSION_NUMBER 0x1000001fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k-fips 25 Mar 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a-fips 1 Jun 2010" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8k 25 Mar 2009" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0a 1 Jun 2010" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -83,7 +83,7 @@ * should only keep the versions that are binary compatible with the current. */ #define SHLIB_VERSION_HISTORY "" -#define SHLIB_VERSION_NUMBER "0.9.8" +#define SHLIB_VERSION_NUMBER "1.0.0" #endif /* HEADER_OPENSSLV_H */ diff --git a/src/lib/libssl/src/crypto/ossl_typ.h b/src/lib/libssl/src/crypto/ossl_typ.h index 0e7a380880..12bd7014de 100644 --- a/src/lib/libssl/src/crypto/ossl_typ.h +++ b/src/lib/libssl/src/crypto/ossl_typ.h @@ -95,6 +95,8 @@ typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; #endif +typedef struct asn1_pctx_st ASN1_PCTX; + #ifdef OPENSSL_SYS_WIN32 #undef X509_NAME #undef X509_EXTENSIONS @@ -122,6 +124,11 @@ typedef struct env_md_st EVP_MD; typedef struct env_md_ctx_st EVP_MD_CTX; typedef struct evp_pkey_st EVP_PKEY; +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + typedef struct dh_st DH; typedef struct dh_method DH_METHOD; @@ -139,11 +146,14 @@ typedef struct ecdsa_method ECDSA_METHOD; typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; -typedef struct ssl_st SSL; -typedef struct ssl_ctx_st SSL_CTX; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; typedef struct v3_ext_ctx X509V3_CTX; typedef struct conf_st CONF; @@ -157,12 +167,19 @@ typedef struct ui_method_st UI_METHOD; typedef struct st_ERR_FNS ERR_FNS; typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ diff --git a/src/lib/libssl/src/crypto/pem/Makefile b/src/lib/libssl/src/crypto/pem/Makefile index 669f36612c..2cc7801529 100644 --- a/src/lib/libssl/src/crypto/pem/Makefile +++ b/src/lib/libssl/src/crypto/pem/Makefile @@ -18,10 +18,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \ - pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c + pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \ - pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o + pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o pvkfmt.o SRC= $(LIBSRC) @@ -36,7 +36,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -83,39 +83,36 @@ pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_all.o: ../cryptlib.h pem_all.c +pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c +pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c pem_info.o: ../../e_os.h ../../include/openssl/asn1.h pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_info.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h +pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h @@ -128,8 +125,8 @@ pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -139,43 +136,43 @@ pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c +pem_lib.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c +pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c +pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h +pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pem_pk8.o: ../cryptlib.h pem_pk8.c pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -184,15 +181,16 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c +pem_pkey.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h +pem_pkey.o: pem_pkey.c pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_seal.o: ../../include/openssl/opensslconf.h pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -205,9 +203,9 @@ pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_sign.o: ../../include/openssl/opensslconf.h pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h @@ -220,9 +218,9 @@ pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_x509.o: ../../include/openssl/opensslconf.h pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -234,12 +232,27 @@ pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pem_xaux.o: ../../include/openssl/opensslconf.h pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c +pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +pvkfmt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pvkfmt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pvkfmt.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pvkfmt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pvkfmt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pvkfmt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pvkfmt.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h +pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h index 6c193f1cbf..8a6ababe3a 100644 --- a/src/lib/libssl/src/crypto/pem/pem.h +++ b/src/lib/libssl/src/crypto/pem/pem.h @@ -134,6 +134,7 @@ extern "C" { #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_PARAMETERS "PARAMETERS" #define PEM_STRING_CMS "CMS" /* Note that this structure is initialised by PEM_SealInit and cleaned up @@ -183,11 +184,8 @@ typedef struct pem_ctx_st int num_recipient; PEM_USER **recipient; -#ifndef OPENSSL_NO_STACK - STACK *x509_chain; /* certificate chain */ -#else - char *x509_chain; /* certificate chain */ -#endif + /* XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ EVP_MD *md; /* signature type */ int md_enc; /* is the md encrypted or not? */ @@ -224,28 +222,19 @@ typedef struct pem_ctx_st #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ - return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ - str, fp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u); \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ } #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ } #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, const type *x) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(const type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ } #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ @@ -253,10 +242,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ } #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ @@ -264,10 +250,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, fp, \ - CHECKED_PTR_OF(const type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ } #endif @@ -275,48 +258,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ - return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ - str, bp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u); \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ } #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, const type *x) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(const type, x), \ - NULL, NULL, 0, NULL, NULL); \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ } #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ - str, bp, \ - CHECKED_PTR_OF(const type, x), \ - enc, kstr, klen, cb, u); \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ @@ -353,11 +321,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ /* These are the same except they are for the declarations */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) +#if defined(OPENSSL_NO_FP_API) #define DECLARE_PEM_read_fp(name, type) /**/ #define DECLARE_PEM_write_fp(name, type) /**/ -#define DECLARE_PEM_write_fp_const(name, type) /**/ #define DECLARE_PEM_write_cb_fp(name, type) /**/ #else @@ -428,138 +395,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -#ifdef SSLEAY_MACROS - -#define PEM_write_SSL_SESSION(fp,x) \ - PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_X509(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -#define PEM_write_X509_CRL(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ - fp,(char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -#define PEM_write_RSAPublicKey(fp,x) \ - PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ - PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_PKCS7(fp,x) \ - PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_DHparams(fp,x) \ - PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ - (char *)x,NULL,NULL,0,NULL,NULL) - -#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ - PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) - -#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ - (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) -#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) -#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) -#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) -#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) -#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) -#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) -#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) -#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) - -#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ - (char **)x,cb,u) - -#define PEM_write_bio_X509(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_X509_CRL(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ - bp,(char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_RSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ - PEM_STRING_RSA_PUBLIC,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_PKCS7(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DHparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DSAparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ - PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) - -#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) - -#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) -#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) -#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) -#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) -#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) -#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) -#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) - -#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) -#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) -#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) - -#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ - (char **)x,cb,u) - -#endif - #if 1 /* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); @@ -581,40 +416,25 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char pem_password_cb *cb, void *u); void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u); - -#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ - ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ - name, bp, \ - CHECKED_PPTR_OF(type, x), \ - cb, u)) - -int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, +int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); -#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ - (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ - name, bp, \ - CHECKED_PTR_OF(type, x), \ - enc, kstr, klen, cb, u)) - STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); #endif -#ifndef OPENSSL_SYS_WIN16 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len); int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u); int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, - char *x,const EVP_CIPHER *enc,unsigned char *kstr, + void *x,const EVP_CIPHER *enc,unsigned char *kstr, int klen,pem_password_cb *callback, void *u); STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -#endif int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, @@ -633,7 +453,6 @@ int PEM_def_callback(char *buf, int num, int w, void *key); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); -#ifndef SSLEAY_MACROS #include @@ -719,7 +538,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, char *kstr,int klen, pem_password_cb *cd, void *u); -#endif /* SSLEAY_MACROS */ +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +#ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +#endif /* BEGIN ERROR CODES */ @@ -731,10 +564,22 @@ void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ /* Function codes. */ +#define PEM_F_B2I_DSS 127 +#define PEM_F_B2I_PVK_BIO 128 +#define PEM_F_B2I_RSA 129 +#define PEM_F_CHECK_BITLEN_DSA 130 +#define PEM_F_CHECK_BITLEN_RSA 131 #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +#define PEM_F_DO_B2I 132 +#define PEM_F_DO_B2I_BIO 133 +#define PEM_F_DO_BLOB_HEADER 134 #define PEM_F_DO_PK8PKEY 126 #define PEM_F_DO_PK8PKEY_FP 125 +#define PEM_F_DO_PVK_BODY 135 +#define PEM_F_DO_PVK_HEADER 136 +#define PEM_F_I2B_PVK 137 +#define PEM_F_I2B_PVK_BIO 138 #define PEM_F_LOAD_IV 101 #define PEM_F_PEM_ASN1_READ 102 #define PEM_F_PEM_ASN1_READ_BIO 103 @@ -747,6 +592,7 @@ void ERR_load_PEM_strings(void); #define PEM_F_PEM_PK8PKEY 119 #define PEM_F_PEM_READ 108 #define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PARAMETERS 140 #define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 #define PEM_F_PEM_READ_PRIVATEKEY 124 #define PEM_F_PEM_SEALFINAL 110 @@ -754,6 +600,7 @@ void ERR_load_PEM_strings(void); #define PEM_F_PEM_SIGNFINAL 112 #define PEM_F_PEM_WRITE 113 #define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_WRITE_PRIVATEKEY 139 #define PEM_F_PEM_X509_INFO_READ 115 #define PEM_F_PEM_X509_INFO_READ_BIO 116 #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 @@ -763,18 +610,30 @@ void ERR_load_PEM_strings(void); #define PEM_R_BAD_DECRYPT 101 #define PEM_R_BAD_END_LINE 102 #define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_MAGIC_NUMBER 116 #define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_BAD_VERSION_NUMBER 117 +#define PEM_R_BIO_WRITE_FAILURE 118 +#define PEM_R_CIPHER_IS_NULL 127 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +#define PEM_R_INCONSISTENT_HEADER 121 +#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +#define PEM_R_KEYBLOB_TOO_SHORT 123 #define PEM_R_NOT_DEK_INFO 105 #define PEM_R_NOT_ENCRYPTED 106 #define PEM_R_NOT_PROC_TYPE 107 #define PEM_R_NO_START_LINE 108 #define PEM_R_PROBLEMS_GETTING_PASSWORD 109 #define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_PVK_DATA_TOO_SHORT 124 +#define PEM_R_PVK_TOO_SHORT 125 #define PEM_R_READ_KEY 111 #define PEM_R_SHORT_HEADER 112 #define PEM_R_UNSUPPORTED_CIPHER 113 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c index 69dd19bf2e..3e7a6093ad 100644 --- a/src/lib/libssl/src/crypto/pem/pem_all.c +++ b/src/lib/libssl/src/crypto/pem/pem_all.c @@ -110,7 +110,6 @@ */ #include -#undef SSLEAY_MACROS #include "cryptlib.h" #include #include @@ -194,49 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif -#ifdef OPENSSL_FIPS - -int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} - -#ifndef OPENSSL_NO_FP_API -int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} -#endif - -#else - IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) - -#endif - IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) @@ -263,50 +220,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, { EVP_PKEY *pktmp; pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ } -#ifdef OPENSSL_FIPS - -int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} - -#ifndef OPENSSL_NO_FP_API -int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} -#endif - -#else - IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) - -#endif - IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -316,7 +233,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, { EVP_PKEY *pktmp; pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ } #endif @@ -347,54 +264,13 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, { EVP_PKEY *pktmp; pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_eckey(pktmp, key); + return pkey_get_eckey(pktmp, key); /* will free pktmp */ } IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) - - -#ifdef OPENSSL_FIPS - -int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_EC_KEY(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} - -#ifndef OPENSSL_NO_FP_API -int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_EC_KEY(k, x); - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} -#endif - -#else - IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) -#endif - IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -404,7 +280,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, { EVP_PKEY *pktmp; pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_eckey(pktmp, eckey); + return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ } #endif @@ -417,66 +293,4 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) #endif - -/* The PrivateKey case is not that straightforward. - * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) - * does not work, RSA and DSA keys have specific strings. - * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything - * appropriate.) - */ - -#ifdef OPENSSL_FIPS - -static const char *pkey_str(EVP_PKEY *x) - { - switch (x->type) - { - case EVP_PKEY_RSA: - return PEM_STRING_RSA; - - case EVP_PKEY_DSA: - return PEM_STRING_DSA; - - case EVP_PKEY_EC: - return PEM_STRING_ECPRIVATEKEY; - - default: - return NULL; - } - } - - -int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, - pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); - } - -#ifndef OPENSSL_NO_FP_API -int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_PKCS8PrivateKey(fp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, - pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); - } -#endif - -#else -IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ - (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) - -#endif - IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) - diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c index 3133563d77..d644aeedd4 100644 --- a/src/lib/libssl/src/crypto/pem/pem_err.c +++ b/src/lib/libssl/src/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,10 +70,22 @@ static ERR_STRING_DATA PEM_str_functs[]= { +{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, +{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, +{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, +{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, +{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, +{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, +{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, +{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, +{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, +{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, +{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, +{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, @@ -86,6 +98,7 @@ static ERR_STRING_DATA PEM_str_functs[]= {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, @@ -93,6 +106,7 @@ static ERR_STRING_DATA PEM_str_functs[]= {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, +{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, @@ -105,18 +119,30 @@ static ERR_STRING_DATA PEM_str_reasons[]= {ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, {ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, {ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, +{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"}, {ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, +{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"}, +{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"}, +{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"}, {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, +{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"}, +{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"}, +{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"}, +{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"}, +{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"}, {ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, {ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, {ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, {ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, +{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"}, +{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"}, {ERR_REASON(PEM_R_READ_KEY) ,"read key"}, {ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, +{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c index 3a273f6f70..1b2be527ed 100644 --- a/src/lib/libssl/src/crypto/pem/pem_info.c +++ b/src/lib/libssl/src/crypto/pem/pem_info.c @@ -98,8 +98,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe long len,error=0; int ok=0; STACK_OF(X509_INFO) *ret=NULL; - unsigned int i,raw; - d2i_of_void *d2i; + unsigned int i,raw,ptype; + d2i_of_void *d2i = 0; if (sk == NULL) { @@ -116,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe for (;;) { raw=0; + ptype = 0; i=PEM_read_bio(bp,&name,&header,&data,&len); if (i == 0) { @@ -166,7 +167,6 @@ start: #ifndef OPENSSL_NO_RSA if (strcmp(name,PEM_STRING_RSA) == 0) { - d2i=(D2I_OF(void))d2i_RSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -178,10 +178,8 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; - pp=&(xi->x_pkey->dec_pkey->pkey.rsa); + ptype=EVP_PKEY_RSA; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -202,10 +200,8 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=&xi->x_pkey->dec_pkey->pkey.dsa; + ptype = EVP_PKEY_DSA; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -226,10 +222,8 @@ start: xi->enc_len=0; xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) - goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; - pp=&(xi->x_pkey->dec_pkey->pkey.ec); + ptype = EVP_PKEY_EC; + pp=&xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -251,7 +245,15 @@ start: if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; p=data; - if (d2i(pp,&p,len) == NULL) + if (ptype) + { + if (!d2i_PrivateKey(ptype, pp, &p, len)) + { + PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); + goto err; + } + } + else if (d2i(pp,&p,len) == NULL) { PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); goto err; @@ -337,6 +339,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, { if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) { + if (enc == NULL) + { + PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL); + goto err; + } + /* copy from weirdo names into more normal things */ iv=xi->enc_cipher.iv; data=(unsigned char *)xi->enc_data; diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c index cbafefe416..42e4861bc1 100644 --- a/src/lib/libssl/src/crypto/pem/pem_lib.c +++ b/src/lib/libssl/src/crypto/pem/pem_lib.c @@ -57,6 +57,7 @@ */ #include +#include #include "cryptlib.h" #include #include @@ -65,9 +66,13 @@ #include #include #include +#include "asn1_locl.h" #ifndef OPENSSL_NO_DES #include #endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; @@ -75,6 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; static int load_iv(char **fromp,unsigned char *to, int num); static int check_pem(const char *nm, const char *name); +int pem_check_suffix(const char *pem_str, const char *suffix); int PEM_def_callback(char *buf, int num, int w, void *key) { @@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) for (;;) { - i=EVP_read_pw_string(buf,num,prompt,w); + i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w); if (i != 0) { PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); @@ -183,20 +189,54 @@ static int check_pem(const char *nm, const char *name) /* Make PEM_STRING_EVP_PKEY match any private key */ - if(!strcmp(nm,PEM_STRING_PKCS8) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; - - if(!strcmp(nm,PEM_STRING_PKCS8INF) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; - - if(!strcmp(nm,PEM_STRING_RSA) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if(!strcmp(name,PEM_STRING_EVP_PKEY)) + { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; + if(!strcmp(nm,PEM_STRING_PKCS8)) + return 1; + if(!strcmp(nm,PEM_STRING_PKCS8INF)) + return 1; + slen = pem_check_suffix(nm, "PRIVATE KEY"); + if (slen > 0) + { + /* NB: ENGINE implementations wont contain + * a deprecated old private key decode function + * so don't look for them. + */ + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + if (ameth && ameth->old_priv_decode) + return 1; + } + return 0; + } - if(!strcmp(nm,PEM_STRING_DSA) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if(!strcmp(name,PEM_STRING_PARAMETERS)) + { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; + slen = pem_check_suffix(nm, "PARAMETERS"); + if (slen > 0) + { + ENGINE *e; + ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); + if (ameth) + { + int r; + if (ameth->param_decode) + r = 1; + else + r = 0; +#ifndef OPENSSL_NO_ENGINE + if (e) + ENGINE_finish(e); +#endif + return r; + } + } + return 0; + } - if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; /* Permit older strings */ if(!strcmp(nm,PEM_STRING_X509_OLD) && @@ -219,6 +259,14 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && !strcmp(name, PEM_STRING_PKCS7)) return 1; +#ifndef OPENSSL_NO_CMS + if(!strcmp(nm, PEM_STRING_X509) && + !strcmp(name, PEM_STRING_CMS)) return 1; + /* Allow CMS to be read from PKCS#7 headers */ + if(!strcmp(nm, PEM_STRING_PKCS7) && + !strcmp(name, PEM_STRING_CMS)) return 1; +#endif + return 0; } @@ -264,7 +312,7 @@ err: #ifndef OPENSSL_NO_FP_API int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, - char *x, const EVP_CIPHER *enc, unsigned char *kstr, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *callback, void *u) { BIO *b; @@ -283,7 +331,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, #endif int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, - char *x, const EVP_CIPHER *enc, unsigned char *kstr, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *callback, void *u) { EVP_CIPHER_CTX ctx; @@ -782,3 +830,25 @@ err: BUF_MEM_free(dataB); return(0); } + +/* Check pem string and return prefix length. + * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" + * the return value is 3 for the string "RSA". + */ + +int pem_check_suffix(const char *pem_str, const char *suffix) + { + int pem_len = strlen(pem_str); + int suffix_len = strlen(suffix); + const char *p; + if (suffix_len + 1 >= pem_len) + return 0; + p = pem_str + pem_len - suffix_len; + if (strcmp(p, suffix)) + return 0; + p--; + if (*p != ' ') + return 0; + return p - pem_str; + } + diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c index 4da4c31ce5..8ecf24903b 100644 --- a/src/lib/libssl/src/crypto/pem/pem_pkey.c +++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c @@ -65,7 +65,12 @@ #include #include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include "asn1_locl.h" +int pem_check_suffix(const char *pem_str, const char *suffix); EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { @@ -73,19 +78,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo const unsigned char *p=NULL; unsigned char *data=NULL; long len; + int slen; EVP_PKEY *ret=NULL; if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) return NULL; p = data; - if (strcmp(nm,PEM_STRING_RSA) == 0) - ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); - else if (strcmp(nm,PEM_STRING_DSA) == 0) - ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); - else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) - ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); - else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { + if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); if(!p8inf) goto p8err; @@ -119,7 +119,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo *x = ret; } PKCS8_PRIV_KEY_INFO_free(p8inf); - } + } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) + { + const EVP_PKEY_ASN1_METHOD *ameth; + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + if (!ameth || !ameth->old_priv_decode) + goto p8err; + ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len); + } p8err: if (ret == NULL) PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); @@ -130,6 +137,74 @@ err: return(ret); } +int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + char pem_str[80]; + if (!x->ameth || x->ameth->priv_encode) + return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, + (char *)kstr, klen, + cb, u); + + BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pem_str,bp,x,enc,kstr,klen,cb,u); + } + +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) + { + char *nm=NULL; + const unsigned char *p=NULL; + unsigned char *data=NULL; + long len; + int slen; + EVP_PKEY *ret=NULL; + + if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, + bp, 0, NULL)) + return NULL; + p = data; + + if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) + { + ret = EVP_PKEY_new(); + if (!ret) + goto err; + if (!EVP_PKEY_set_type_str(ret, nm, slen) + || !ret->ameth->param_decode + || !ret->ameth->param_decode(ret, &p, len)) + { + EVP_PKEY_free(ret); + ret = NULL; + goto err; + } + if(x) + { + if(*x) EVP_PKEY_free((EVP_PKEY *)*x); + *x = ret; + } + } +err: + if (ret == NULL) + PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB); + OPENSSL_free(nm); + OPENSSL_free(data); + return(ret); + } + +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) + { + char pem_str[80]; + if (!x->ameth || !x->ameth->param_encode) + return 0; + + BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); + return PEM_ASN1_write_bio( + (i2d_of_void *)x->ameth->param_encode, + pem_str,bp,x,NULL,NULL,0,0,NULL); + } + #ifndef OPENSSL_NO_FP_API EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { @@ -146,4 +221,22 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void BIO_free(b); return(ret); } + +int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + BIO *b; + int ret; + + if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) + { + PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB); + return 0; + } + ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); + BIO_free(b); + return ret; + } + #endif diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c index 4e554e5481..59690b56ae 100644 --- a/src/lib/libssl/src/crypto/pem/pem_seal.c +++ b/src/lib/libssl/src/crypto/pem/pem_seal.c @@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, EVP_CIPHER_CTX_init(&ctx->cipher); ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); - if (!ret) goto err; + if (ret <= 0) goto err; /* base64 encode the keys */ for (i=0; i -#undef SSLEAY_MACROS #include "cryptlib.h" #include #include diff --git a/src/lib/libssl/src/crypto/pem/pem_xaux.c b/src/lib/libssl/src/crypto/pem/pem_xaux.c index 7cc7491009..328f796200 100644 --- a/src/lib/libssl/src/crypto/pem/pem_xaux.c +++ b/src/lib/libssl/src/crypto/pem/pem_xaux.c @@ -57,7 +57,6 @@ */ #include -#undef SSLEAY_MACROS #include "cryptlib.h" #include #include diff --git a/src/lib/libssl/src/crypto/perlasm/x86asm.pl b/src/lib/libssl/src/crypto/perlasm/x86asm.pl index 5979122158..28080caaa6 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86asm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86asm.pl @@ -1,130 +1,207 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl # require 'x86asm.pl'; -# &asm_init("cpp","des-586.pl"); -# XXX -# XXX -# main'asm_finish - -sub main'asm_finish - { - &file_end(); - &asm_finish_cpp() if $cpp; - print &asm_get_output(); - } - -sub main'asm_init - { - ($type,$fn,$i386)=@_; - $filename=$fn; - - $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0; - if ( ($type eq "elf")) - { $elf=1; require "x86unix.pl"; } - elsif ( ($type eq "a.out")) - { $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "coff" or $type eq "gaswin")) - { $coff=1; require "x86unix.pl"; } - elsif ( ($type eq "cpp")) - { $cpp=1; require "x86unix.pl"; } - elsif ( ($type eq "win32")) - { $win32=1; require "x86ms.pl"; } - elsif ( ($type eq "win32n")) - { $win32=1; require "x86nasm.pl"; } - elsif ( ($type eq "nw-nasm")) - { $netware=1; require "x86nasm.pl"; } - elsif ( ($type eq "nw-mwasm")) - { $netware=1; $mwerks=1; require "x86nasm.pl"; } - else - { - print STDERR <<"EOF"; +# &asm_init(,"des-586.pl"[,$i386only]); +# &function_begin("foo"); +# ... +# &function_end("foo"); +# &asm_finish + +$out=(); +$i386=0; + +# AUTOLOAD is this context has quite unpleasant side effect, namely +# that typos in function calls effectively go to assembler output, +# but on the pros side we don't have to implement one subroutine per +# each opcode... +sub ::AUTOLOAD +{ my $opcode = $AUTOLOAD; + + die "more than 4 arguments passed to $opcode" if ($#_>3); + + $opcode =~ s/.*:://; + if ($opcode =~ /^push/) { $stack+=4; } + elsif ($opcode =~ /^pop/) { $stack-=4; } + + &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD"; +} + +sub ::emit +{ my $opcode=shift; + + if ($#_==-1) { push(@out,"\t$opcode\n"); } + else { push(@out,"\t$opcode\t".join(',',@_)."\n"); } +} + +sub ::LB +{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'"; + $1."l"; +} +sub ::HB +{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'"; + $1."h"; +} +sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); } +sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num); } +sub ::blindpop { &pop($_[0]); $stack+=4; } +sub ::wparam { &DWP($stack+4*$_[0],"esp"); } +sub ::swtmp { &DWP(4*$_[0],"esp"); } + +sub ::bswap +{ if ($i386) # emulate bswap for i386 + { &comment("bswap @_"); + &xchg(&HB(@_),&LB(@_)); + &ror (@_,16); + &xchg(&HB(@_),&LB(@_)); + } + else + { &generic("bswap",@_); } +} +# These are made-up opcodes introduced over the years essentially +# by ignorance, just alias them to real ones... +sub ::movb { &mov(@_); } +sub ::xorb { &xor(@_); } +sub ::rotl { &rol(@_); } +sub ::rotr { &ror(@_); } +sub ::exch { &xchg(@_); } +sub ::halt { &hlt; } +sub ::movz { &movzx(@_); } +sub ::pushf { &pushfd; } +sub ::popf { &popfd; } + +# 3 argument instructions +sub ::movq +{ my($p1,$p2,$optimize)=@_; + + if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) + # movq between mmx registers can sink Intel CPUs + { &::pshufw($p1,$p2,0xe4); } + else + { &::generic("movq",@_); } +} + +# label management +$lbdecor="L"; # local label decoration, set by package +$label="000"; + +sub ::islabel # see is argument is a known label +{ my $i; + foreach $i (values %label) { return $i if ($i eq $_[0]); } + $label{$_[0]}; # can be undef +} + +sub ::label # instantiate a function-scope label +{ if (!defined($label{$_[0]})) + { $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++; } + $label{$_[0]}; +} + +sub ::LABEL # instantiate a file-scope label +{ $label{$_[0]}=$_[1] if (!defined($label{$_[0]})); + $label{$_[0]}; +} + +sub ::static_label { &::LABEL($_[0],$lbdecor.$_[0]); } + +sub ::set_label_B { push(@out,"@_:\n"); } +sub ::set_label +{ my $label=&::label($_[0]); + &::align($_[1]) if ($_[1]>1); + &::set_label_B($label); + $label; +} + +sub ::wipe_labels # wipes function-scope labels +{ foreach $i (keys %label) + { delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); } +} + +# subroutine management +sub ::function_begin +{ &function_begin_B(@_); + $stack=4; + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); +} + +sub ::function_end +{ &pop("edi"); + &pop("esi"); + &pop("ebx"); + &pop("ebp"); + &ret(); + &function_end_B(@_); + $stack=0; + &wipe_labels(); +} + +sub ::function_end_A +{ &pop("edi"); + &pop("esi"); + &pop("ebx"); + &pop("ebp"); + &ret(); + $stack+=16; # readjust esp as if we didn't pop anything +} + +sub ::asciz +{ my @str=unpack("C*",shift); + push @str,0; + while ($#str>15) { + &data_byte(@str[0..15]); + foreach (0..15) { shift @str; } + } + &data_byte(@str) if (@str); +} + +sub ::asm_finish +{ &file_end(); + print @out; +} + +sub ::asm_init +{ my ($type,$fn,$cpu)=@_; + + $filename=$fn; + $i386=$cpu; + + $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=0; + if (($type eq "elf")) + { $elf=1; require "x86gas.pl"; } + elsif (($type eq "a\.out")) + { $aout=1; require "x86gas.pl"; } + elsif (($type eq "coff" or $type eq "gaswin")) + { $coff=1; require "x86gas.pl"; } + elsif (($type eq "win32n")) + { $win32=1; require "x86nasm.pl"; } + elsif (($type eq "nw-nasm")) + { $netware=1; require "x86nasm.pl"; } + #elsif (($type eq "nw-mwasm")) + #{ $netware=1; $mwerks=1; require "x86nasm.pl"; } + elsif (($type eq "win32")) + { $win32=1; require "x86masm.pl"; } + elsif (($type eq "macosx")) + { $aout=1; $macosx=1; require "x86gas.pl"; } + else + { print STDERR <<"EOF"; Pick one target type from elf - Linux, FreeBSD, Solaris x86, etc. - a.out - OpenBSD, DJGPP, etc. + a.out - DJGPP, elder OpenBSD, etc. coff - GAS/COFF such as Win32 targets - win32 - Windows 95/Windows NT win32n - Windows 95/Windows NT NASM format nw-nasm - NetWare NASM format - nw-mwasm- NetWare Metrowerks Assembler + macosx - Mac OS X EOF - exit(1); - } - - $pic=0; - for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } - - &asm_init_output(); - -&comment("Don't even think of reading this code"); -&comment("It was automatically generated by $filename"); -&comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of ELF, a.out, COFF, Win32, ..."); -&comment("eric "); -&comment(""); - - $filename =~ s/\.pl$//; - &file($filename); - } - -sub asm_finish_cpp - { - return unless $cpp; - - local($tmp,$i); - foreach $i (&get_labels()) - { - $tmp.="#define $i _$i\n"; - } - print <<"EOF"; -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || (defined(BSDI) && !defined(ELF)) -$tmp -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__) -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) .def a; .scl 2; .type 32; .endef -#endif /* __CYGWIN || __DJGPP */ -#endif - -#if defined(BSDI) && !defined(ELF) -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 16 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ -EOF - } + exit(1); + } + + $pic=0; + for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } + + $filename =~ s/\.pl$//; + &file($filename); +} 1; diff --git a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl index fa38f89c09..ce2bed9bb2 100644 --- a/src/lib/libssl/src/crypto/perlasm/x86nasm.pl +++ b/src/lib/libssl/src/crypto/perlasm/x86nasm.pl @@ -1,455 +1,166 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl package x86nasm; -$label="L000"; -$under=($main'netware)?'':'_'; +*out=\@::out; -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); +$::lbdecor="L\$"; # local label decoration +$nmdecor=$::netware?"":"_"; # external name decoration +$drdecor=$::mwerks?".":""; # directive decoration -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); +$initseg=""; -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } +sub ::generic +{ my $opcode=shift; + my $tmp; -sub main'external_label -{ - push(@labels,@_); - foreach (@_) { - push(@out,".") if ($main'mwerks); - push(@out, "extern\t${under}$_\n"); - } + if (!$::mwerks) + { if ($opcode =~ m/^j/o && $#_==0) # optimize jumps + { $_[0] = "NEAR $_[0]"; } + elsif ($opcode eq "lea" && $#_==1) # wipe storage qualifier from lea + { $_[1] =~ s/^[^\[]*\[/\[/o; } + } + &::emit($opcode,@_); + 1; } - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'QWP - { - &get_mem("",@_); - } - -sub main'BC - { - return (($main'mwerks)?"":"BYTE ")."@_"; - } - -sub main'DWC - { - return (($main'mwerks)?"":"DWORD ")."@_"; - } - -sub main'stack_push - { - my($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - my($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::emit("call",@_); } +sub ::jmp_ptr { &::emit("jmp",@_); } sub get_mem - { - my($size,$addr,$reg1,$reg2,$idx)=@_; - my($t,$post); - my($ret)=$size; - if ($ret ne "") - { - $ret .= " PTR" if ($main'mwerks); - $ret .= " "; - } - $ret .= "["; - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="$under$2"; - } - elsif ($addr =~ /^[_a-z][_a-z0-9]*$/i) - { - $addr="$under$addr"; - } - - if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.="${addr}+"; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="$reg2$t$reg1$post]"; - } - else - { - $ret.="$reg1$post]" - } - $ret =~ s/\+\]/]/; # in case $addr was the only argument - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'sbb { &out2("sbb",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'imul { &out2("imul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } - -# This is a bit of a kludge: declare all branches as NEAR. -$near=($main'mwerks)?'':'NEAR'; -sub main'je { &out1("je $near",@_); } -sub main'jle { &out1("jle $near",@_); } -sub main'jz { &out1("jz $near",@_); } -sub main'jge { &out1("jge $near",@_); } -sub main'jl { &out1("jl $near",@_); } -sub main'ja { &out1("ja $near",@_); } -sub main'jae { &out1("jae $near",@_); } -sub main'jb { &out1("jb $near",@_); } -sub main'jbe { &out1("jbe $near",@_); } -sub main'jc { &out1("jc $near",@_); } -sub main'jnc { &out1("jnc $near",@_); } -sub main'jnz { &out1("jnz $near",@_); } -sub main'jne { &out1("jne $near",@_); } -sub main'jno { &out1("jno $near",@_); } - -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'pushf { &out0("pushfd"); $stack+=4; } -sub main'popf { &out0("popfd"); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",($_[0]=~/^\@L/?'':$under).$_[0]); } -sub main'call_ptr { &out1p("call",@_); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } -sub main'test { &out2("test",@_); } -sub main'bt { &out2("bt",@_); } -sub main'leave { &out0("leave"); } -sub main'cpuid { &out0("cpuid"); } -sub main'rdtsc { &out0("rdtsc"); } -sub main'halt { &out0("hlt"); } -sub main'movz { &out2("movzx",@_); } -sub main'neg { &out1("neg",@_); } -sub main'cld { &out0("cld"); } - -# SSE2 -sub main'emms { &out0("emms"); } -sub main'movd { &out2("movd",@_); } -sub main'movq { &out2("movq",@_); } -sub main'movdqu { &out2("movdqu",@_); } -sub main'movdqa { &out2("movdqa",@_); } -sub main'movdq2q{ &out2("movdq2q",@_); } -sub main'movq2dq{ &out2("movq2dq",@_); } -sub main'paddq { &out2("paddq",@_); } -sub main'pmuludq{ &out2("pmuludq",@_); } -sub main'psrlq { &out2("psrlq",@_); } -sub main'psllq { &out2("psllq",@_); } -sub main'pxor { &out2("pxor",@_); } -sub main'por { &out2("por",@_); } -sub main'pand { &out2("pand",@_); } - -sub out2 - { - my($name,$p1,$p2)=@_; - my($l,$t); - - push(@out,"\t$name\t"); - if (!$main'mwerks and $name eq "lea") - { - $p1 =~ s/^[^\[]*\[/\[/; - $p2 =~ s/^[^\[]*\[/\[/; - } - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - my($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - my($name,$p1)=@_; - my($l,$t); - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - my($p)=@_; - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - if ($main'mwerks) { push(@out,".section\t.text\n"); } - else { - local $tmp=<<___; -%ifdef __omf__ -section code use32 class=code +{ my($size,$addr,$reg1,$reg2,$idx)=@_; + my($post,$ret); + + if ($size ne "") + { $ret .= "$size"; + $ret .= " PTR" if ($::mwerks); + $ret .= " "; + } + $ret .= "["; + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige; + # put address arithmetic expression in parenthesis + $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/); + + if (($addr ne "") && ($addr ne 0)) + { if ($addr !~ /^-/) { $ret .= "$addr+"; } + else { $post=$addr; } + } + + if ($reg2 ne "") + { $idx!=0 or $idx=1; + $ret .= "$reg2*$idx"; + $ret .= "+$reg1" if ($reg1 ne ""); + } + else + { $ret .= "$reg1"; } + + $ret .= "$post]"; + $ret =~ s/\+\]/]/; # in case $addr was the only argument + + $ret; +} +sub ::BP { &get_mem("BYTE",@_); } +sub ::DWP { &get_mem("DWORD",@_); } +sub ::QWP { &get_mem("",@_); } +sub ::BC { (($::mwerks)?"":"BYTE ")."@_"; } +sub ::DWC { (($::mwerks)?"":"DWORD ")."@_"; } + +sub ::file +{ if ($::mwerks) { push(@out,".section\t.text,64\n"); } + else + { my $tmp=<<___; +%ifidn __OUTPUT_FORMAT__,obj +section code use32 class=code align=64 +%elifidn __OUTPUT_FORMAT__,win32 +\$\@feat.00 equ 1 +section .text code align=64 %else -section .text +section .text code %endif ___ - push(@out,$tmp); - } - } - -sub main'function_begin - { - my($func,$extra)=@_; - - push(@labels,$func); - push(@out,".") if ($main'mwerks); - my($tmp)=<<"EOF"; -global $under$func -$under$func: - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - my($func,$extra)=@_; - push(@out,".") if ($main'mwerks); - my($tmp)=<<"EOF"; -global $under$func -$under$func: -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - $stack=0; - %label=(); - } - -sub main'function_end_A - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - } - -sub main'wparam - { - my($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } + } +} -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# my($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } + $begin =~ s/^\@/./ if ($::mwerks); # the torture never stops -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func=$nmdecor.$func; -sub main'public_label - { - $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); - push(@out,".") if ($main'mwerks); - push(@out,"global\t$label{$_[0]}\n"); - } + push(@out,"${drdecor}global $func\n") if ($global); + push(@out,"${drdecor}align 16\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); + $::stack=4; +} -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\@${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } +sub ::function_end_B +{ $::stack=0; + &::wipe_labels(); +} -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\@${label}${_[0]}"; - $label++; - } - if ($_[1]!=0 && $_[1]>1) - { - main'align($_[1]); - } - push(@out,"$label{$_[0]}:\n"); - } +sub ::file_end +{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) + { my $comm=<<___; +${drdecor}segment .bss +${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 4 +___ + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; + push (@out,$comm) + } + push (@out,$initseg) if ($initseg); +} -sub main'data_byte - { - push(@out,(($main'mwerks)?".byte\t":"DB\t").join(',',@_)."\n"); - } +sub ::comment { foreach (@_) { push(@out,"\t; $_\n"); } } -sub main'data_word - { - push(@out,(($main'mwerks)?".long\t":"DD\t").join(',',@_)."\n"); - } +sub ::external_label +{ foreach(@_) + { push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n"); } +} -sub main'align - { - push(@out,".") if ($main'mwerks); - push(@out,"align\t$_[0]\n"); - } +sub ::public_label +{ push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } -sub out1p - { - my($name,$p1)=@_; - my($l,$t); +sub ::data_byte +{ push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n"); } - push(@out,"\t$name\t".&conv($p1)."\n"); - } +sub ::data_word +{ push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n"); } -sub main'picmeup - { - local($dst,$sym)=@_; - &main'lea($dst,&main'DWP($sym)); - } +sub ::align +{ push(@out,"${drdecor}align\t$_[0]\n"); } -sub main'blindpop { &out1("pop",@_); } +sub ::picmeup +{ my($dst,$sym)=@_; + &::lea($dst,&::DWP($sym)); +} -sub main'initseg - { - local($f)=@_; - if ($main'win32) - { - local($tmp)=<<___; -segment .CRT\$XCU data -extern $under$f -DD $under$f +sub ::initseg +{ my $f=$nmdecor.shift; + if ($::win32) + { $initseg=<<___; +segment .CRT\$XCU data align=4 +extern $f +dd $f ___ - push(@out,$tmp); - } - } + } +} + +sub ::dataseg +{ if ($mwerks) { push(@out,".section\t.data,4\n"); } + else { push(@out,"section\t.data align=4\n"); } +} 1; diff --git a/src/lib/libssl/src/crypto/pkcs12/Makefile b/src/lib/libssl/src/crypto/pkcs12/Makefile index eed226b30d..3a7498fe7a 100644 --- a/src/lib/libssl/src/crypto/pkcs12/Makefile +++ b/src/lib/libssl/src/crypto/pkcs12/Makefile @@ -39,7 +39,7 @@ test: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -85,37 +85,36 @@ p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_add.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c +p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_asn.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c +p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_asn.o: ../cryptlib.h p12_asn.c p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_attr.o: ../../include/openssl/opensslconf.h p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -127,9 +126,9 @@ p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crpt.o: ../../include/openssl/opensslconf.h p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -141,23 +140,22 @@ p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c +p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_decr.o: ../../include/openssl/opensslconf.h p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -169,9 +167,9 @@ p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_init.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_init.o: ../../include/openssl/opensslconf.h p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -184,22 +182,22 @@ p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c +p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p12_key.o: ../cryptlib.h p12_key.c p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_kiss.o: ../../include/openssl/opensslconf.h p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -211,10 +209,9 @@ p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h -p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_mutl.o: ../../include/openssl/opensslconf.h +p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h +p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -226,9 +223,8 @@ p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_npas.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_npas.o: ../../include/openssl/opensslconf.h +p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h @@ -241,53 +237,50 @@ p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c +p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c +p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c +p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk12err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c +pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h +pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk12err.o: pk12err.c diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_add.c b/src/lib/libssl/src/crypto/pkcs12/p12_add.c index 1f3e378f5c..27ac5facfa 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_add.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_add.c @@ -106,6 +106,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, PKCS8_PRIV_KEY_INFO *p8) { PKCS12_SAFEBAG *bag; + const EVP_CIPHER *pbe_ciph; /* Set up the safe bag */ if (!(bag = PKCS12_SAFEBAG_new())) { @@ -114,8 +115,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, } bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe_nid = -1; + if (!(bag->value.shkeybag = - PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, + PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, p8))) { PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); return NULL; @@ -164,6 +171,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, { PKCS7 *p7; X509_ALGOR *pbe; + const EVP_CIPHER *pbe_ciph; if (!(p7 = PKCS7_new())) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); return NULL; @@ -173,7 +181,15 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); return NULL; } - if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); + else + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + + if (!pbe) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c index 68d6c5ad15..e4d9c25647 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_attr.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_attr.c @@ -139,7 +139,7 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) ASN1_TYPE *atype; if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; if (atype->type != V_ASN1_BMPSTRING) return NULL; - return uni2asc(atype->value.bmpstring->data, + return OPENSSL_uni2asc(atype->value.bmpstring->data, atype->value.bmpstring->length); } diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c index f8b952e27e..b71d07b4d0 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crpt.c @@ -60,28 +60,10 @@ #include "cryptlib.h" #include -/* PKCS#12 specific PBE functions */ +/* PKCS#12 PBE algorithms now in static table */ void PKCS12_PBE_add(void) { -#ifndef OPENSSL_NO_RC4 -EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), - PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), - PKCS12_PBE_keyivgen); -#endif -#ifndef OPENSSL_NO_DES -EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, - EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -#endif -#ifndef OPENSSL_NO_RC2 -EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), - EVP_sha1(), PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), - EVP_sha1(), PKCS12_PBE_keyivgen); -#endif } int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c index 9522342fa5..96b131defa 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c @@ -59,10 +59,6 @@ #include #include "cryptlib.h" #include -#ifdef OPENSSL_FIPS -#include -#endif - static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -94,14 +90,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) - { -#ifdef OPENSSL_FIPS - if (FIPS_mode()) - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else -#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c index 9e57eee4a4..a29794bbbc 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c @@ -81,15 +81,18 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, int ret; unsigned char *unipass; int uniplen; + if(!pass) { unipass = NULL; uniplen = 0; - } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { + } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); return 0; } ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, id, iter, n, out, md_type); + if (ret <= 0) + return 0; if(unipass) { OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ OPENSSL_free(unipass); @@ -129,6 +132,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, #endif v = EVP_MD_block_size (md_type); u = EVP_MD_size (md_type); + if (u < 0) + return 0; D = OPENSSL_malloc (v); Ai = OPENSSL_malloc (u); B = OPENSSL_malloc (v + 1); diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c index 5c4c6ec988..292cc3ed4a 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_kiss.c @@ -63,16 +63,13 @@ /* Simplified PKCS#12 routines */ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch); + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); /* Parse and decrypt a PKCS#12 structure returning user key, user cert * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, @@ -83,24 +80,20 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { - + STACK_OF(X509) *ocerts = NULL; + X509 *x = NULL; /* Check for NULL PKCS12 structure */ - if(!p12) { + if(!p12) + { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); return 0; - } - - /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) { - if (!(*ca = sk_X509_new_null())) { - PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); - return 0; } - } - if(pkey) *pkey = NULL; - if(cert) *cert = NULL; + if(pkey) + *pkey = NULL; + if(cert) + *cert = NULL; /* Check the mac */ @@ -122,19 +115,61 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, goto err; } - if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) + /* Allocate stack for other certificates */ + ocerts = sk_X509_new_null(); + + if (!ocerts) + { + PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); goto err; } + while ((x = sk_X509_pop(ocerts))) + { + if (pkey && *pkey && cert && !*cert) + { + if (X509_check_private_key(x, *pkey)) + { + *cert = x; + x = NULL; + } + } + + if (ca && x) + { + if (!*ca) + *ca = sk_X509_new_null(); + if (!*ca) + goto err; + if (!sk_X509_push(*ca, x)) + goto err; + x = NULL; + } + if (x) + X509_free(x); + } + + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); + return 1; err: - if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) X509_free(*cert); - if (ca) sk_X509_pop_free(*ca, X509_free); + if (pkey && *pkey) + EVP_PKEY_free(*pkey); + if (cert && *cert) + X509_free(*cert); + if (x) + X509_free(*cert); + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); return 0; } @@ -142,15 +177,13 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, /* Parse the outer PKCS#12 structure */ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; - ASN1_OCTET_STRING *keyid = NULL; - char keymatch = 0; if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; for (i = 0; i < sk_PKCS7_num (asafes); i++) { p7 = sk_PKCS7_value (asafes, i); @@ -164,8 +197,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } - if (!parse_bags(bags, pass, passlen, pkey, cert, ca, - &keyid, &keymatch)) { + if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; @@ -173,89 +205,65 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(asafes, PKCS7_free); - if (keyid) M_ASN1_OCTET_STRING_free(keyid); return 1; } static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, pkey, cert, ca, keyid, - keymatch)) return 0; + pass, passlen, pkey, ocerts)) + return 0; } return 1; } -#define MATCH_KEY 0x1 -#define MATCH_CERT 0x2 -#define MATCH_ALL 0x3 - static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { - lkey = attrib->value.octet_string; - ckid = lkey; - } + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) + lkid = attrib->value.octet_string; - /* Check for any local key id matching (if needed) */ - if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { - if (*keyid) { - if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; - } else { - if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); - return 0; - } - } - } - switch (M_PKCS12_bag_type(bag)) { case NID_keyBag: - if (!lkey || !pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; - *keymatch |= MATCH_KEY; + if (!pkey || *pkey) + return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; break; case NID_pkcs8ShroudedKeyBag: - if (!lkey || !pkey) return 1; + if (!pkey || *pkey) + return 1; if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); if (!(*pkey)) return 0; - *keymatch |= MATCH_KEY; break; case NID_certBag: if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { - if (!X509_keyid_set1(x509, ckid->data, ckid->length)) - { - X509_free(x509); - return 0; - } + X509_free(x509); + return 0; } if(fname) { int len, r; @@ -272,20 +280,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, } } + if(!sk_X509_push(ocerts, x509)) + { + X509_free(x509); + return 0; + } - if (lkey) { - *keymatch |= MATCH_CERT; - if (cert) *cert = x509; - else X509_free(x509); - } else { - if(ca) sk_X509_push (*ca, x509); - else X509_free(x509); - } break; case NID_safeContentsBag: return parse_bags(bag->value.safes, pass, passlen, - pkey, cert, ca, keyid, keymatch); + pkey, ocerts); break; default: diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c index 70bfef6e5d..9ab740d51f 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_mutl.c @@ -71,6 +71,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, HMAC_CTX hmac; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; + int md_size; if (!PKCS7_type_is_data(p12->authsafes)) { @@ -87,13 +88,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } + md_size = EVP_MD_size(md_type); + if (md_size < 0) + return 0; if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - EVP_MD_size(md_type), key, md_type)) { + md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); + HMAC_Init_ex(&hmac, key, md_size, md_type, NULL); HMAC_Update(&hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length); HMAC_Final(&hmac, mac, maclen); diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c index 47e5e9c377..2f71355150 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_npas.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_npas.c @@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen); + if (!alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen)) + { + sk_PKCS12_SAFEBAG_pop_free(bags, + PKCS12_SAFEBAG_free); + bags = NULL; + } } else continue; if (!bags) { sk_PKCS7_pop_free(asafes, PKCS7_free); @@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0; - alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); + if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, + &p8_saltlen)) + return 0; if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, p8_iter, p8))) return 0; X509_SIG_free(bag->value.shkeybag); @@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) p = alg->parameter->value.sequence->data; pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + if (!pbe) + return 0; *pnid = OBJ_obj2nid(alg->algorithm); *piter = ASN1_INTEGER_get(pbe->iter); *psaltlen = pbe->salt->length; PBEPARAM_free(pbe); - return 0; + return 1; } diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c index ca30ac4f6d..59c6f453f6 100644 --- a/src/lib/libssl/src/crypto/pkcs12/p12_utl.c +++ b/src/lib/libssl/src/crypto/pkcs12/p12_utl.c @@ -62,7 +62,7 @@ /* Cheap and nasty Unicode stuff */ -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) { int ulen, i; unsigned char *unitmp; @@ -81,7 +81,7 @@ unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *un return unitmp; } -char *uni2asc(unsigned char *uni, int unilen) +char *OPENSSL_uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; diff --git a/src/lib/libssl/src/crypto/pkcs12/pk12err.c b/src/lib/libssl/src/crypto/pkcs12/pk12err.c index 07a1fb6907..f6ddf2df12 100644 --- a/src/lib/libssl/src/crypto/pkcs12/pk12err.c +++ b/src/lib/libssl/src/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* crypto/pkcs12/pk12err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h index 4bee605dc0..b17eb9f42b 100644 --- a/src/lib/libssl/src/crypto/pkcs12/pkcs12.h +++ b/src/lib/libssl/src/crypto/pkcs12/pkcs12.h @@ -108,8 +108,6 @@ PKCS12_MAC_DATA *mac; PKCS7 *authsafes; } PKCS12; -PREDECLARE_STACK_OF(PKCS12_SAFEBAG) - typedef struct { ASN1_OBJECT *type; union { @@ -232,8 +230,8 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type); -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); -char *uni2asc(unsigned char *uni, int unilen); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(unsigned char *uni, int unilen); DECLARE_ASN1_FUNCTIONS(PKCS12) DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) diff --git a/src/lib/libssl/src/crypto/pkcs7/Makefile b/src/lib/libssl/src/crypto/pkcs7/Makefile index 790d8edf36..56dc6823d1 100644 --- a/src/lib/libssl/src/crypto/pkcs7/Makefile +++ b/src/lib/libssl/src/crypto/pkcs7/Makefile @@ -21,9 +21,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \ - pk7_mime.c + pk7_mime.c bio_pk7.c LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \ - pk7_mime.o + pk7_mime.o bio_pk7.o SRC= $(LIBSRC) @@ -54,7 +54,7 @@ verify: verify.o example.o lib $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -95,26 +95,31 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +bio_pk7.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +bio_pk7.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bio_pk7.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_pk7.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +bio_pk7.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_pk7.o: ../../include/openssl/symhacks.h bio_pk7.c pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_asn1.o: ../../include/openssl/opensslconf.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_attr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_attr.o: ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -129,9 +134,8 @@ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_doit.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_doit.o: ../../include/openssl/opensslconf.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -143,22 +147,22 @@ pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../asn1/asn1_locl.h ../cryptlib.h pk7_lib.c pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -171,8 +175,8 @@ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_smime.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c index 1f70d31386..b7ec2883cb 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c @@ -77,10 +77,39 @@ ASN1_ADB(PKCS7) = { ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); -ASN1_NDEF_SEQUENCE(PKCS7) = { +/* PKCS#7 streaming support */ +static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) +{ + ASN1_STREAM_ARG *sarg = exarg; + PKCS7 **pp7 = (PKCS7 **)pval; + + switch(operation) + { + + case ASN1_OP_STREAM_PRE: + if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) + return 0; + case ASN1_OP_DETACHED_PRE: + sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); + if (!sarg->ndef_bio) + return 0; + break; + + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: + if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) + return 0; + break; + + } + return 1; +} + +ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), ASN1_ADB_OBJECT(PKCS7) -}ASN1_NDEF_SEQUENCE_END(PKCS7) +}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) IMPLEMENT_ASN1_FUNCTIONS(PKCS7) IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) @@ -98,7 +127,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) /* Minor tweak to operation: free up EVP_PKEY */ -static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_POST) { PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; @@ -140,7 +170,8 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) /* Minor tweak to operation: free up X509 */ -static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_FREE_POST) { PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; @@ -161,7 +192,7 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), - ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) + ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) @@ -212,3 +243,5 @@ ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) + +IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c index d549717169..a97db51210 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include @@ -68,27 +69,12 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) { ASN1_STRING *seq; - unsigned char *p, *pp; - int len; - len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR, - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, - IS_SEQUENCE); - if(!(pp=(unsigned char *)OPENSSL_malloc(len))) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - p=pp; - i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE); if(!(seq = ASN1_STRING_new())) { PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); return 0; } - if(!ASN1_STRING_set (seq, pp, len)) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - OPENSSL_free (pp); + seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data, + ASN1_ITEM_rptr(X509_ALGORS)); return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, V_ASN1_SEQUENCE, seq); } @@ -102,10 +88,9 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) if (!cap || (cap->type != V_ASN1_SEQUENCE)) return NULL; p = cap->value.sequence->data; - return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, - cap->value.sequence->length, - d2i_X509_ALGOR, X509_ALGOR_free, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + return (STACK_OF(X509_ALGOR) *) + ASN1_item_d2i(NULL, &p, cap->value.sequence->length, + ASN1_ITEM_rptr(X509_ALGORS)); } /* Basic smime-capabilities OID and optional integer arg */ @@ -139,3 +124,42 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) sk_X509_ALGOR_push (sk, alg); return 1; } + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) + { + if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) + return 0; + if (!coid) + coid = OBJ_nid2obj(NID_pkcs7_data); + return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, coid); + } + +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) + { + if (!t && !(t=X509_gmtime_adj(NULL,0))) + { + PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, + ERR_R_MALLOC_FAILURE); + return 0; + } + return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, t); + } + +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen) + { + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); + if (!os) + return 0; + if (!ASN1_STRING_set(os, md, mdlen) + || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, os)) + { + ASN1_OCTET_STRING_free(os); + return 0; + } + return 1; + } diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c index a03d7ebedf..451de84489 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -138,6 +138,121 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) } +static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, + unsigned char *key, int keylen) + { + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ek = NULL; + int ret = 0; + size_t eklen; + + pkey = X509_get_pubkey(ri->cert); + + if (!pkey) + return 0; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) + { + PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) + goto err; + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) + goto err; + + ASN1_STRING_set0(ri->enc_key, ek, eklen); + ek = NULL; + + ret = 1; + + err: + if (pkey) + EVP_PKEY_free(pkey); + if (pctx) + EVP_PKEY_CTX_free(pctx); + if (ek) + OPENSSL_free(ek); + return ret; + + } + + +static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) + { + EVP_PKEY_CTX *pctx = NULL; + unsigned char *ek = NULL; + size_t eklen; + + int ret = 0; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) + return 0; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + goto err; + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, ek, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); + goto err; + } + + ret = 1; + + *pek = ek; + *peklen = eklen; + + err: + if (pctx) + EVP_PKEY_CTX_free(pctx); + if (!ret && ek) + OPENSSL_free(ek); + + return ret; + } + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i; @@ -148,7 +263,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; - EVP_PKEY *pkey; ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); @@ -187,6 +301,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) xa = p7->d.digest->md; os = PKCS7_get_octet_string(p7->d.digest->contents); break; + case NID_pkcs7_data: + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -204,8 +320,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; int keylen,ivlen; - int jj,max; - unsigned char *tmp; EVP_CIPHER_CTX *ctx; if ((btmp=BIO_new(BIO_f_cipher())) == NULL) @@ -234,52 +348,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) - goto err; + goto err; } /* Lets do the pub key stuff :-) */ - max=0; for (i=0; icert == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); - goto err; - } - if ((pkey=X509_get_pubkey(ri->cert)) == NULL) - goto err; - jj=EVP_PKEY_size(pkey); - EVP_PKEY_free(pkey); - if (max < jj) max=jj; - } - if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); - goto err; - } - for (i=0; icert)) == NULL) - goto err; - jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); - EVP_PKEY_free(pkey); - if (jj <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); - OPENSSL_free(tmp); + if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) goto err; - } - if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT, - ERR_R_MALLOC_FAILURE); - OPENSSL_free(tmp); - goto err; - } } - OPENSSL_free(tmp); OPENSSL_cleanse(key, keylen); if (out == NULL) @@ -303,7 +381,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) BIO_set_mem_eof_return(bio,0); } } - BIO_push(out,bio); + if (out) + BIO_push(out,bio); + else + out = bio; bio=NULL; if (0) { @@ -333,7 +414,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { int i,j; BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; - unsigned char *tmp=NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body=NULL; const EVP_MD *evp_md; @@ -423,7 +503,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) int max; X509_OBJECT ret; #endif - int jj; + unsigned char *ek = NULL; + int eklen; if ((etmp=BIO_new(BIO_f_cipher())) == NULL) { @@ -438,26 +519,21 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * (if any) */ - if (pcert) { - for (i=0; ienc_key), - M_ASN1_STRING_length(ri->enc_key), - pkey); - if (jj > 0) + if (pkcs7_decrypt_rinfo(&ek, &eklen, + ri, pkey) > 0) break; ERR_clear_error(); ri = NULL; @@ -485,15 +558,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } else { - jj=EVP_PKEY_decrypt(tmp, - M_ASN1_STRING_data(ri->enc_key), - M_ASN1_STRING_length(ri->enc_key), pkey); - if (jj <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - ERR_R_EVP_LIB); + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0) goto err; - } } evp_ctx=NULL; @@ -503,22 +569,26 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) goto err; - if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { + if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { /* Some S/MIME clients don't use the same key * and effective key length. The key length is * determined by the size of the decrypted RSA key. */ - if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) + if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); goto err; } } - if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) + if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) goto err; - OPENSSL_cleanse(tmp,jj); + if (ek) + { + OPENSSL_cleanse(ek,eklen); + OPENSSL_free(ek); + } if (out == NULL) out=etmp; @@ -566,8 +636,6 @@ err: if (bio != NULL) BIO_free_all(bio); out=NULL; } - if (tmp != NULL) - OPENSSL_free(tmp); return(out); } @@ -594,13 +662,43 @@ static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) return NULL; } +static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + + /* Add signing time if not already present */ + if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) + { + if (!PKCS7_add0_attrib_signing_time(si, NULL)) + { + PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, + ERR_R_MALLOC_FAILURE); + return 0; + } + } + + /* Add digest */ + EVP_DigestFinal_ex(mctx, md_data,&md_len); + if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) + { + PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Now sign the attributes */ + if (!PKCS7_SIGNER_INFO_sign(si)) + return 0; + + return 1; + } + + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; int i,j; BIO *btmp; - BUF_MEM *buf_mem=NULL; - BUF_MEM *buf=NULL; PKCS7_SIGNER_INFO *si; EVP_MD_CTX *mdc,ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; @@ -613,24 +711,37 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) switch (i) { + case NID_pkcs7_data: + os = p7->d.data; + break; case NID_pkcs7_signedAndEnveloped: /* XXXXXXXXXXXXXXXX */ si_sk=p7->d.signed_and_enveloped->signer_info; - if (!(os=M_ASN1_OCTET_STRING_new())) + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (!os) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); - goto err; + os=M_ASN1_OCTET_STRING_new(); + if (!os) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.signed_and_enveloped->enc_data->enc_data=os; } - p7->d.signed_and_enveloped->enc_data->enc_data=os; break; case NID_pkcs7_enveloped: /* XXXXXXXXXXXXXXXX */ - if (!(os=M_ASN1_OCTET_STRING_new())) + os = p7->d.enveloped->enc_data->enc_data; + if (!os) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); - goto err; + os=M_ASN1_OCTET_STRING_new(); + if (!os) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.enveloped->enc_data->enc_data=os; } - p7->d.enveloped->enc_data->enc_data=os; break; case NID_pkcs7_signed: si_sk=p7->d.sign->signer_info; @@ -652,21 +763,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) } break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; } if (si_sk != NULL) { - if ((buf=BUF_MEM_new()) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); - goto err; - } for (i=0; ipkey == NULL) continue; + if (si->pkey == NULL) + continue; - j=OBJ_obj2nid(si->digest_alg->algorithm); + j = OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; @@ -678,97 +788,33 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); - if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); - goto err; - } sk=si->auth_attr; /* If there are attributes, we add the digest * attribute and only sign the attributes */ - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) + if (sk_X509_ATTRIBUTE_num(sk) > 0) { - unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL; - unsigned int md_len, alen; - ASN1_OCTET_STRING *digest; - ASN1_UTCTIME *sign_time; - const EVP_MD *md_tmp; - - /* Add signing time if not already present */ - if (!PKCS7_get_signed_attribute(si, - NID_pkcs9_signingTime)) - { - if (!(sign_time=X509_gmtime_adj(NULL,0))) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, - ERR_R_MALLOC_FAILURE); - goto err; - } - if (!PKCS7_add_signed_attribute(si, - NID_pkcs9_signingTime, - V_ASN1_UTCTIME,sign_time)) - { - M_ASN1_UTCTIME_free(sign_time); - goto err; - } - } - - /* Add digest */ - md_tmp=EVP_MD_CTX_md(&ctx_tmp); - EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); - if (!(digest=M_ASN1_OCTET_STRING_new())) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, - ERR_R_MALLOC_FAILURE); + if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) goto err; - } - if (!M_ASN1_OCTET_STRING_set(digest,md_data, - md_len)) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, - ERR_R_MALLOC_FAILURE); - M_ASN1_OCTET_STRING_free(digest); + } + else + { + unsigned char *abuf = NULL; + unsigned int abuflen; + abuflen = EVP_PKEY_size(si->pkey); + abuf = OPENSSL_malloc(abuflen); + if (!abuf) goto err; - } - if (!PKCS7_add_signed_attribute(si, - NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING,digest)) + + if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, + si->pkey)) { - M_ASN1_OCTET_STRING_free(digest); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_EVP_LIB); goto err; } - - /* Now sign the attributes */ - EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); - alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if(!abuf) goto err; - EVP_SignUpdate(&ctx_tmp,abuf,alen); - OPENSSL_free(abuf); - } - -#ifndef OPENSSL_NO_DSA - if (si->pkey->type == EVP_PKEY_DSA) - ctx_tmp.digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (si->pkey->type == EVP_PKEY_EC) - ctx_tmp.digest=EVP_ecdsa(); -#endif - - if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, - (unsigned int *)&buf->length,si->pkey)) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); - goto err; - } - if (!ASN1_STRING_set(si->enc_digest, - (unsigned char *)buf->data,buf->length)) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); - goto err; + ASN1_STRING_set0(si->enc_digest, abuf, abuflen); } } } @@ -783,34 +829,90 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7)) + if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); goto err; } - BIO_get_mem_ptr(btmp,&buf_mem); + contlen = BIO_get_mem_data(btmp, &cont); /* Mark the BIO read only then we can use its copy of the data * instead of making an extra copy. */ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); BIO_set_mem_eof_return(btmp, 0); - os->data = (unsigned char *)buf_mem->data; - os->length = buf_mem->length; -#if 0 - M_ASN1_OCTET_STRING_set(os, - (unsigned char *)buf_mem->data,buf_mem->length); -#endif + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); } ret=1; err: EVP_MD_CTX_cleanup(&ctx_tmp); - if (buf != NULL) BUF_MEM_free(buf); return(ret); } +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) + { + EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; + unsigned char *abuf = NULL; + int alen; + size_t siglen; + const EVP_MD *md = NULL; + + md = EVP_get_digestbyobj(si->digest_alg->algorithm); + if (md == NULL) + return 0; + + EVP_MD_CTX_init(&mctx); + if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) + { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); + goto err; + } + + alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); + if(!abuf) + goto err; + if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) + goto err; + OPENSSL_free(abuf); + if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + goto err; + abuf = OPENSSL_malloc(siglen); + if(!abuf) + goto err; + if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) + { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); + goto err; + } + + EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->enc_digest, abuf, siglen); + + return 1; + + err: + if (abuf) + OPENSSL_free(abuf); + EVP_MD_CTX_cleanup(&mctx); + return 0; + + } + int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si) { @@ -922,7 +1024,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; - unsigned int md_len, alen; + unsigned int md_len; + int alen; ASN1_OCTET_STRING *message_digest; EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); @@ -954,6 +1057,12 @@ for (ii=0; iitype == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); -#endif -#ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); -#endif i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); EVP_PKEY_free(pkey); @@ -1107,8 +1210,9 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, if (*sk == NULL) { - if (!(*sk = sk_X509_ATTRIBUTE_new_null())) - return 0; + *sk = sk_X509_ATTRIBUTE_new_null(); + if (*sk == NULL) + return 0; new_attrib: if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) return 0; diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c index f2490941a3..3ca0952792 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include "asn1_locl.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { @@ -314,7 +315,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) *sk=sk_X509_new_null(); if (*sk == NULL) { - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE); + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); return 0; } CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); @@ -365,13 +366,8 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { - int nid; - char is_dsa; + int ret; - if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) - is_dsa = 1; - else - is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ if (!ASN1_INTEGER_set(p7i->version,1)) goto err; @@ -391,65 +387,55 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, p7i->pkey=pkey; /* Set the algorithms */ - if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); - else - p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); - if (p7i->digest_alg->parameter != NULL) - ASN1_TYPE_free(p7i->digest_alg->parameter); - if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) - goto err; - p7i->digest_alg->parameter->type=V_ASN1_NULL; + X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), + V_ASN1_NULL, NULL); - if (p7i->digest_enc_alg->parameter != NULL) - ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - nid = EVP_PKEY_type(pkey->type); - if (nid == EVP_PKEY_RSA) + if (pkey->ameth && pkey->ameth->pkey_ctrl) { - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); - if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; - } - else if (nid == EVP_PKEY_DSA) - { -#if 1 - /* use 'dsaEncryption' OID for compatibility with other software - * (PKCS #7 v1.5 does specify how to handle DSA) ... */ - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); -#else - /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) - * would make more sense. */ - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); -#endif - p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ - } - else if (nid == EVP_PKEY_EC) - { - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); - if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, + 0, p7i); + if (ret > 0) + return 1; + if (ret != -2) + { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, + PKCS7_R_SIGNING_CTRL_FAILURE); + return 0; + } } - else - return(0); - - return(1); + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, + PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); err: - return(0); + return 0; } PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { - PKCS7_SIGNER_INFO *si; + PKCS7_SIGNER_INFO *si = NULL; + + if (dgst == NULL) + { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) + goto err; + dgst = EVP_get_digestbynid(def_nid); + if (dgst == NULL) + { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, + PKCS7_R_NO_DEFAULT_DIGEST); + goto err; + } + } if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; if (!PKCS7_add_signer(p7,si)) goto err; return(si); err: - PKCS7_SIGNER_INFO_free(si); + if (si) + PKCS7_SIGNER_INFO_free(si); return(NULL); } @@ -485,6 +471,23 @@ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) return(NULL); } +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig) + { + if (pk) + *pk = si->pkey; + if (pdig) + *pdig = si->digest_alg; + if (psig) + *psig = si->digest_enc_alg; + } + +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) + { + if (penc) + *penc = ri->key_enc_algor; + } + PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) { PKCS7_RECIP_INFO *ri; @@ -492,10 +495,11 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; if (!PKCS7_add_recipient_info(p7,ri)) goto err; - return(ri); + return ri; err: - PKCS7_RECIP_INFO_free(ri); - return(NULL); + if (ri) + PKCS7_RECIP_INFO_free(ri); + return NULL; } int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) @@ -524,6 +528,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { + int ret; + EVP_PKEY *pkey = NULL; if (!ASN1_INTEGER_set(p7i->version,0)) return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, @@ -535,14 +541,41 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; - X509_ALGOR_free(p7i->key_enc_algor); - if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) - return 0; + pkey = X509_get_pubkey(x509); + + if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) + { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, + 0, p7i); + if (ret == -2) + { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + if (ret <= 0) + { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_CTRL_FAILURE); + goto err; + } + + EVP_PKEY_free(pkey); CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); p7i->cert=x509; - return(1); + return 1; + + err: + if (pkey) + EVP_PKEY_free(pkey); + return 0; } X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) @@ -587,3 +620,48 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) return 1; } +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) + { + ASN1_OCTET_STRING *os = NULL; + + switch (OBJ_obj2nid(p7->type)) + { + case NID_pkcs7_data: + os = p7->d.data; + break; + + case NID_pkcs7_signedAndEnveloped: + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (os == NULL) + { + os=M_ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data=os; + } + break; + + case NID_pkcs7_enveloped: + os = p7->d.enveloped->enc_data->enc_data; + if (os == NULL) + { + os=M_ASN1_OCTET_STRING_new(); + p7->d.enveloped->enc_data->enc_data=os; + } + break; + + case NID_pkcs7_signed: + os=p7->d.sign->contents->d.data; + break; + + default: + os = NULL; + break; + } + + if (os == NULL) + return 0; + + os->flags |= ASN1_STRING_FLAG_NDEF; + *boundary = &os->data; + + return 1; + } diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c index bf190360d7..938f79a646 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c @@ -50,10 +50,6 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ #include @@ -61,662 +57,41 @@ #include "cryptlib.h" #include #include +#include -/* MIME and related routines */ - -/* MIME format structures - * Note that all are translated to lower case apart from - * parameter values. Quotes are stripped off - */ - -typedef struct { -char *param_name; /* Param name e.g. "micalg" */ -char *param_value; /* Param value e.g. "sha1" */ -} MIME_PARAM; - -DECLARE_STACK_OF(MIME_PARAM) -IMPLEMENT_STACK_OF(MIME_PARAM) - -typedef struct { -char *name; /* Name of line e.g. "content-type" */ -char *value; /* Value of line e.g. "text/plain" */ -STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ -} MIME_HEADER; +/* PKCS#7 wrappers round generalised stream and MIME routines */ -DECLARE_STACK_OF(MIME_HEADER) -IMPLEMENT_STACK_OF(MIME_HEADER) - -static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); -static PKCS7 *B64_read_PKCS7(BIO *bio); -static char * strip_ends(char *name); -static char * strip_start(char *name); -static char * strip_end(char *name); -static MIME_HEADER *mime_hdr_new(char *name, char *value); -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b); -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b); -static void mime_param_free(MIME_PARAM *param); -static int mime_bound_check(char *line, int linelen, char *bound, int blen); -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int strip_eol(char *linebuf, int *plen); -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); -static void mime_hdr_free(MIME_HEADER *hdr); - -#define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ - -/* Base 64 read and write of PKCS#7 structure */ - -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) -{ - BIO *b64; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) + { + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, + ASN1_ITEM_rptr(PKCS7)); } - bio = BIO_push(b64, bio); - i2d_PKCS7_bio(bio, p7); - (void)BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return 1; -} -static PKCS7 *B64_read_PKCS7(BIO *bio) -{ - BIO *b64; - PKCS7 *p7; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) + { + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, + "PKCS7", + ASN1_ITEM_rptr(PKCS7)); } - bio = BIO_push(b64, bio); - if(!(p7 = d2i_PKCS7_bio(bio, NULL))) - PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); - (void)BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return p7; -} - -/* SMIME sender */ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) -{ - char bound[33], c; - int i; - char *mime_prefix, *mime_eol, *msg_type=NULL; - if (flags & PKCS7_NOOLDMIMETYPE) - mime_prefix = "application/pkcs7-"; - else - mime_prefix = "application/x-pkcs7-"; - - if (flags & PKCS7_CRLFEOL) - mime_eol = "\r\n"; - else - mime_eol = "\n"; - if((flags & PKCS7_DETACHED) && data) { - /* We want multipart/signed */ - /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); - for(i = 0; i < 32; i++) { - c = bound[i] & 0xf; - if(c < 10) c += '0'; - else c += 'A' - 10; - bound[i] = c; - } - bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"%s%s", - bound, mime_eol, mime_eol); - BIO_printf(bio, "This is an S/MIME signed message%s%s", - mime_eol, mime_eol); - /* Now write out the first part */ - BIO_printf(bio, "------%s%s", bound, mime_eol); - pkcs7_output_data(bio, data, p7, flags); - BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); - - /* Headers for signature */ - - BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); - BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s", - mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7s\"%s%s", - mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); - BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); - return 1; - } - - /* Determine smime-type header */ - - if (PKCS7_type_is_enveloped(p7)) - msg_type = "enveloped-data"; - else if (PKCS7_type_is_signed(p7)) - { - /* If we have any signers it is signed-data othewise - * certs-only. - */ - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - sinfos = PKCS7_get_signer_info(p7); - if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0) - msg_type = "signed-data"; - else - msg_type = "certs-only"; - } - /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); - BIO_printf(bio, "Content-Type: %smime;", mime_prefix); - if (msg_type) - BIO_printf(bio, " smime-type=%s;", msg_type); - BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", - mime_eol, mime_eol); - B64_write_PKCS7(bio, p7); - BIO_printf(bio, "%s", mime_eol); - return 1; -} - -/* Handle output of PKCS#7 data */ - - -static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) { - BIO *tmpbio, *p7bio; - - if (!(flags & PKCS7_STREAM)) - { - SMIME_crlf_copy(data, out, flags); - return 1; - } - - /* Partial sign operation */ - - /* Initialize sign operation */ - p7bio = PKCS7_dataInit(p7, out); - - /* Copy data across, computing digests etc */ - SMIME_crlf_copy(data, p7bio, flags); - - /* Must be detached */ - PKCS7_set_detached(p7, 1); - - /* Finalize signatures */ - PKCS7_dataFinal(p7, p7bio); - - /* Now remove any digests prepended to the BIO */ + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = p7->d.sign->md_algs; + else + mdalgs = NULL; - while (p7bio != out) - { - tmpbio = BIO_pop(p7bio); - BIO_free(p7bio); - p7bio = tmpbio; - } + flags ^= SMIME_OLDMIME; - return 1; + return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, + ctype_nid, NID_undef, mdalgs, + ASN1_ITEM_rptr(PKCS7)); } -/* SMIME reader: handle multipart/signed and opaque signing. - * in multipart case the content is placed in a memory BIO - * pointed to by "bcont". In opaque this is set to NULL - */ - PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) -{ - BIO *p7in; - STACK_OF(MIME_HEADER) *headers = NULL; - STACK_OF(BIO) *parts = NULL; - MIME_HEADER *hdr; - MIME_PARAM *prm; - PKCS7 *p7; - int ret; - - if(bcont) *bcont = NULL; - - if (!(headers = mime_parse_hdr(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); - return NULL; - } - - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); - return NULL; - } - - /* Handle multipart/signed */ - - if(!strcmp(hdr->value, "multipart/signed")) { - /* Split into two parts */ - prm = mime_param_find(hdr, "boundary"); - if(!prm || !prm->param_value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); - return NULL; - } - ret = multi_split(bio, prm->param_value, &parts); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if(!ret || (sk_BIO_num(parts) != 2) ) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Parse the signature piece */ - p7in = sk_BIO_value(parts, 1); - - if (!(headers = mime_parse_hdr(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Get content type */ - - if(!(hdr = mime_hdr_find(headers, "content-type")) || - !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); - return NULL; - } - - if(strcmp(hdr->value, "application/x-pkcs7-signature") && - strcmp(hdr->value, "application/pkcs7-signature")) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in PKCS#7 */ - if(!(p7 = B64_read_PKCS7(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - if(bcont) { - *bcont = sk_BIO_value(parts, 0); - BIO_free(p7in); - sk_BIO_free(parts); - } else sk_BIO_pop_free(parts, BIO_vfree); - return p7; - } - - /* OK, if not multipart/signed try opaque signature */ - - if (strcmp (hdr->value, "application/x-pkcs7-mime") && - strcmp (hdr->value, "application/pkcs7-mime")) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return NULL; - } - - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - - if(!(p7 = B64_read_PKCS7(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); - return NULL; - } - return p7; - -} - -/* Split a multipart/XXX message body into component parts: result is - * canonical parts in a STACK of bios - */ - -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) -{ - char linebuf[MAX_SMLEN]; - int len, blen; - int eol = 0, next_eol = 0; - BIO *bpart = NULL; - STACK_OF(BIO) *parts; - char state, part, first; - - blen = strlen(bound); - part = 0; - state = 0; - first = 1; - parts = sk_BIO_new_null(); - *ret = parts; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - state = mime_bound_check(linebuf, len, bound, blen); - if(state == 1) { - first = 1; - part++; - } else if(state == 2) { - sk_BIO_push(parts, bpart); - return 1; - } else if(part) { - /* Strip CR+LF from linebuf */ - next_eol = strip_eol(linebuf, &len); - if(first) { - first = 0; - if(bpart) sk_BIO_push(parts, bpart); - bpart = BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bpart, 0); - } else if (eol) - BIO_write(bpart, "\r\n", 2); - eol = next_eol; - if (len) - BIO_write(bpart, linebuf, len); - } - } - return 0; -} - -/* This is the big one: parse MIME header lines up to message body */ - -#define MIME_INVALID 0 -#define MIME_START 1 -#define MIME_TYPE 2 -#define MIME_NAME 3 -#define MIME_VALUE 4 -#define MIME_QUOTE 5 -#define MIME_COMMENT 6 - - -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) -{ - char *p, *q, c; - char *ntmp; - char linebuf[MAX_SMLEN]; - MIME_HEADER *mhdr = NULL; - STACK_OF(MIME_HEADER) *headers; - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; - else state = MIME_START; - ntmp = NULL; - /* Go through all characters */ - for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { - - /* State machine to handle MIME headers - * if this looks horrible that's because it *is* - */ - - switch(state) { - case MIME_START: - if(c == ':') { - state = MIME_TYPE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break; - - case MIME_TYPE: - if(c == ';') { - mime_debug("Found End Value\n"); - *p = 0; - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - ntmp = NULL; - q = p + 1; - state = MIME_NAME; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_COMMENT: - if(c == ')') { - state = save_state; - } - break; - - case MIME_NAME: - if(c == '=') { - state = MIME_VALUE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break ; - - case MIME_VALUE: - if(c == ';') { - state = MIME_NAME; - *p = 0; - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - ntmp = NULL; - q = p + 1; - } else if (c == '"') { - mime_debug("Found Quote\n"); - state = MIME_QUOTE; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_QUOTE: - if(c == '"') { - mime_debug("Found Match Quote\n"); - state = MIME_VALUE; - } - break; - } - } - - if(state == MIME_TYPE) { - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - } else if(state == MIME_VALUE) - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - if(p == linebuf) break; /* Blank line means end of headers */ -} - -return headers; - -} - -static char *strip_ends(char *name) -{ - return strip_end(strip_start(name)); -} - -/* Strip a parameter of whitespace from start of param */ -static char *strip_start(char *name) -{ - char *p, c; - /* Look for first non white space or quote */ - for(p = name; (c = *p) ;p++) { - if(c == '"') { - /* Next char is start of string if non null */ - if(p[1]) return p + 1; - /* Else null string */ - return NULL; - } - if(!isspace((unsigned char)c)) return p; - } - return NULL; -} - -/* As above but strip from end of string : maybe should handle brackets? */ -static char *strip_end(char *name) -{ - char *p, c; - if(!name) return NULL; - /* Look for first non white space or quote */ - for(p = name + strlen(name) - 1; p >= name ;p--) { - c = *p; - if(c == '"') { - if(p - 1 == name) return NULL; - *p = 0; - return name; - } - if(isspace((unsigned char)c)) *p = 0; - else return name; - } - return NULL; -} - -static MIME_HEADER *mime_hdr_new(char *name, char *value) -{ - MIME_HEADER *mhdr; - char *tmpname, *tmpval, *p; - int c; - if(name) { - if(!(tmpname = BUF_strdup(name))) return NULL; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - if(!(tmpval = BUF_strdup(value))) return NULL; - for(p = tmpval ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpval = NULL; - mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); - if(!mhdr) return NULL; - mhdr->name = tmpname; - mhdr->value = tmpval; - if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; - return mhdr; -} - -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) -{ - char *tmpname, *tmpval, *p; - int c; - MIME_PARAM *mparam; - if(name) { - tmpname = BUF_strdup(name); - if(!tmpname) return 0; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - tmpval = BUF_strdup(value); - if(!tmpval) return 0; - } else tmpval = NULL; - /* Parameter values are case sensitive so leave as is */ - mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); - if(!mparam) return 0; - mparam->param_name = tmpname; - mparam->param_value = tmpval; - sk_MIME_PARAM_push(mhdr->params, mparam); - return 1; -} - -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b) -{ - return(strcmp((*a)->name, (*b)->name)); -} - -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b) -{ - return(strcmp((*a)->param_name, (*b)->param_name)); -} - -/* Find a header with a given name (if possible) */ - -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) -{ - MIME_HEADER htmp; - int idx; - htmp.name = name; - idx = sk_MIME_HEADER_find(hdrs, &htmp); - if(idx < 0) return NULL; - return sk_MIME_HEADER_value(hdrs, idx); -} - -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) -{ - MIME_PARAM param; - int idx; - param.param_name = name; - idx = sk_MIME_PARAM_find(hdr->params, ¶m); - if(idx < 0) return NULL; - return sk_MIME_PARAM_value(hdr->params, idx); -} - -static void mime_hdr_free(MIME_HEADER *hdr) -{ - if(hdr->name) OPENSSL_free(hdr->name); - if(hdr->value) OPENSSL_free(hdr->value); - if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); - OPENSSL_free(hdr); -} - -static void mime_param_free(MIME_PARAM *param) -{ - if(param->param_name) OPENSSL_free(param->param_name); - if(param->param_value) OPENSSL_free(param->param_value); - OPENSSL_free(param); -} - -/* Check for a multipart boundary. Returns: - * 0 : no boundary - * 1 : part boundary - * 2 : final boundary - */ -static int mime_bound_check(char *line, int linelen, char *bound, int blen) -{ - if(linelen == -1) linelen = strlen(line); - if(blen == -1) blen = strlen(bound); - /* Quickly eliminate if line length too short */ - if(blen + 2 > linelen) return 0; - /* Check for part boundary */ - if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { - if(!strncmp(line + blen + 2, "--", 2)) return 2; - else return 1; - } - return 0; -} - -static int strip_eol(char *linebuf, int *plen) { - int len = *plen; - char *p, c; - int is_eol = 0; - p = linebuf + len - 1; - for (p = linebuf + len - 1; len > 0; len--, p--) - { - c = *p; - if (c == '\n') - is_eol = 1; - else if (c != '\r') - break; - } - *plen = len; - return is_eol; + return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); } diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c index fd18ec3d95..86742d0dcd 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c @@ -63,24 +63,19 @@ #include #include +static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags) { - PKCS7 *p7 = NULL; - PKCS7_SIGNER_INFO *si; - BIO *p7bio = NULL; - STACK_OF(X509_ALGOR) *smcap = NULL; + PKCS7 *p7; int i; - if(!X509_check_private_key(signcert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } - - if(!(p7 = PKCS7_new())) { + if(!(p7 = PKCS7_new())) + { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); return NULL; - } + } if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err; @@ -88,82 +83,185 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!PKCS7_content_new(p7, NID_pkcs7_data)) goto err; - if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) + { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR); goto err; - } + } - if(!(flags & PKCS7_NOCERTS)) { - if (!PKCS7_add_certificate(p7, signcert)) - goto err; - if(certs) for(i = 0; i < sk_X509_num(certs); i++) + if(!(flags & PKCS7_NOCERTS)) + { + for(i = 0; i < sk_X509_num(certs); i++) + { if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) goto err; - } + } + } - if(!(flags & PKCS7_NOATTR)) { - if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) - goto err; - /* Add SMIMECapabilities */ - if(!(flags & PKCS7_NOSMIMECAP)) + if(flags & PKCS7_DETACHED) + PKCS7_set_detached(p7, 1); + + if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) + return p7; + + if (PKCS7_final(p7, data, flags)) + return p7; + + err: + PKCS7_free(p7); + return NULL; +} + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags) + { + BIO *p7bio; + int ret = 0; + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - if(!(smcap = sk_X509_ALGOR_new_null())) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - goto err; - } -#ifndef OPENSSL_NO_DES - if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) - goto err; -#endif -#ifndef OPENSSL_NO_RC2 - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) - goto err; - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) - goto err; -#endif -#ifndef OPENSSL_NO_DES - if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) - goto err; -#endif -#ifndef OPENSSL_NO_RC2 - if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) - goto err; -#endif - if (!PKCS7_add_attrib_smimecap (si, smcap)) - goto err; - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - smcap = NULL; + PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE); + return 0; } - } - if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + SMIME_crlf_copy(data, p7bio, flags); - if (flags & PKCS7_STREAM) - return p7; + (void)BIO_flush(p7bio); - if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + if (!PKCS7_dataFinal(p7,p7bio)) + { + PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN); goto err; + } + + ret = 1; + + err: + BIO_free_all(p7bio); + + return ret; + } - SMIME_crlf_copy(data, p7bio, flags); +/* Check to see if a cipher exists and if so add S/MIME capabilities */ +static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) + { + if (EVP_get_cipherbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; + } - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); - goto err; +static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) + { + if (EVP_get_digestbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; } - BIO_free_all(p7bio); - return p7; -err: - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - BIO_free_all(p7bio); - PKCS7_free(p7); +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, + EVP_PKEY *pkey, const EVP_MD *md, + int flags) + { + PKCS7_SIGNER_INFO *si = NULL; + STACK_OF(X509_ALGOR) *smcap = NULL; + if(!X509_check_private_key(signcert, pkey)) + { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if (!(si = PKCS7_add_signature(p7,signcert,pkey, md))) + { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } + + if(!(flags & PKCS7_NOCERTS)) + { + if (!PKCS7_add_certificate(p7, signcert)) + goto err; + } + + if(!(flags & PKCS7_NOATTR)) + { + if (!PKCS7_add_attrib_content_type(si, NULL)) + goto err; + /* Add SMIMECapabilities */ + if(!(flags & PKCS7_NOSMIMECAP)) + { + if(!(smcap = sk_X509_ALGOR_new_null())) + { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) + || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) + || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) + || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) + || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) + || !add_cipher_smcap(smcap, NID_des_cbc, -1) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) + || !PKCS7_add_attrib_smimecap (si, smcap)) + goto err; + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + smcap = NULL; + } + if (flags & PKCS7_REUSE_DIGEST) + { + if (!pkcs7_copy_existing_digest(p7, si)) + goto err; + if (!(flags & PKCS7_PARTIAL) && + !PKCS7_SIGNER_INFO_sign(si)) + goto err; + } + } + return si; + err: + if (smcap) + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); return NULL; -} + } + +/* Search for a digest matching SignerInfo digest type and if found + * copy across. + */ + +static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) + { + int i; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *sitmp; + ASN1_OCTET_STRING *osdig = NULL; + sinfos = PKCS7_get_signer_info(p7); + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + if (si == sitmp) + break; + if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) + continue; + if (!OBJ_cmp(si->digest_alg->algorithm, + sitmp->digest_alg->algorithm)) + { + osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); + break; + } + + } + + if (osdig) + return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); + + PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, + PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); + return 0; + } int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags) @@ -354,7 +452,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); - return NULL; + return 0; } if(!(signers = sk_X509_new_null())) { @@ -377,12 +475,12 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) if (!signer) { PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); sk_X509_free(signers); - return NULL; + return 0; } if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); - return NULL; + sk_X509_free(signers); + return NULL; } } return signers; @@ -405,7 +503,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) goto err; - if(!PKCS7_set_cipher(p7, cipher)) { + if (!PKCS7_set_cipher(p7, cipher)) { PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); goto err; } @@ -419,22 +517,11 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, } } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - SMIME_crlf_copy(in, p7bio, flags); - - (void)BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); - goto err; - } - BIO_free_all(p7bio); + if (flags & PKCS7_STREAM) + return p7; - return p7; + if (PKCS7_final(p7, in, flags)) + return p7; err: diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h index cc092d262d..e4d443193c 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pkcs7.h +++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7.h @@ -232,6 +232,9 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_type_is_signedAndEnveloped(a) \ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +#define PKCS7_type_is_encrypted(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) @@ -242,14 +245,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -#ifdef SSLEAY_MACROS -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - /* S/MIME related flags */ #define PKCS7_TEXT 0x1 @@ -266,6 +261,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_CRLFEOL 0x800 #define PKCS7_STREAM 0x1000 #define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 /* Flags: for compatibility with older code */ @@ -281,7 +278,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) -#ifndef SSLEAY_MACROS int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, unsigned char *md,unsigned int *len); #ifndef OPENSSL_NO_FP_API @@ -291,7 +287,8 @@ int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); PKCS7 *PKCS7_dup(PKCS7 *p7); PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); -#endif +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) @@ -307,6 +304,7 @@ DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) DECLARE_ASN1_NDEF_FUNCTION(PKCS7) +DECLARE_ASN1_PRINT_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); @@ -315,6 +313,7 @@ int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); @@ -336,9 +335,13 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); @@ -355,6 +358,12 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, + int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); @@ -367,10 +376,16 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); -int SMIME_crlf_copy(BIO *in, BIO *out, int flags); -int SMIME_text(BIO *in, BIO *out); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -383,12 +398,17 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ #define PKCS7_F_B64_READ_PKCS7 120 #define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +#define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +#define PKCS7_F_PKCS7_ADD_SIGNATURE 131 #define PKCS7_F_PKCS7_ADD_SIGNER 103 #define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 #define PKCS7_F_PKCS7_DATAFINAL 128 @@ -396,15 +416,22 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_DATASIGN 106 #define PKCS7_F_PKCS7_DATAVERIFY 107 #define PKCS7_F_PKCS7_DECRYPT 114 +#define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +#define PKCS7_F_PKCS7_ENCODE_RINFO 132 #define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FINAL 134 #define PKCS7_F_PKCS7_FIND_DIGEST 127 #define PKCS7_F_PKCS7_GET0_SIGNERS 124 +#define PKCS7_F_PKCS7_RECIP_INFO_SET 130 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 #define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 #define PKCS7_F_PKCS7_VERIFY 117 #define PKCS7_F_SMIME_READ_PKCS7 122 @@ -415,10 +442,13 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 #define PKCS7_R_CIPHER_NOT_INITIALIZED 116 #define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_CTRL_ERROR 152 #define PKCS7_R_DECODE_ERROR 130 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 #define PKCS7_R_DECRYPT_ERROR 119 #define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 #define PKCS7_R_ERROR_ADDING_RECIPIENT 120 #define PKCS7_R_ERROR_SETTING_CIPHER 121 #define PKCS7_R_INVALID_MIME_TYPE 131 @@ -429,6 +459,8 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_MISSING_CERIPEND_INFO 103 #define PKCS7_R_NO_CONTENT 122 #define PKCS7_R_NO_CONTENT_TYPE 135 +#define PKCS7_R_NO_DEFAULT_DIGEST 151 +#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 @@ -438,6 +470,7 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 #define PKCS7_R_PKCS7_DATAFINAL 126 #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 #define PKCS7_R_PKCS7_DATASIGN 145 @@ -446,6 +479,8 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 #define PKCS7_R_SIGNATURE_FAILURE 105 #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIGNING_CTRL_FAILURE 147 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 #define PKCS7_R_SIG_INVALID_MIME_TYPE 141 #define PKCS7_R_SMIME_TEXT_ERROR 129 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c index c0e3d4cd33..d0af32a265 100644 --- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c +++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -72,12 +72,17 @@ static ERR_STRING_DATA PKCS7_str_functs[]= { {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, +{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, +{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, +{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, @@ -85,15 +90,22 @@ static ERR_STRING_DATA PKCS7_str_functs[]= {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, +{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, +{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, @@ -107,10 +119,13 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, +{ERR_REASON(PKCS7_R_CTRL_ERROR) ,"ctrl error"}, {ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, {ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, {ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, +{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"}, +{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"}, {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, @@ -121,6 +136,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, {ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) ,"no default digest"}, +{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"}, {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, @@ -130,6 +147,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"}, {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, @@ -138,6 +156,8 @@ static ERR_STRING_DATA PKCS7_str_reasons[]= {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"}, +{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"}, {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, diff --git a/src/lib/libssl/src/crypto/rand/Makefile b/src/lib/libssl/src/crypto/rand/Makefile index 30794305cb..27694aa664 100644 --- a/src/lib/libssl/src/crypto/rand/Makefile +++ b/src/lib/libssl/src/crypto/rand/Makefile @@ -17,9 +17,9 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \ +LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_os2.c rand_nw.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \ +LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,34 +79,17 @@ clean: md_rand.o: ../../e_os.h ../../include/openssl/asn1.h md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +md_rand.o: md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_egd.o: rand_egd.c -rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h -rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h -rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -116,39 +99,34 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c +rand_lib.o: ../cryptlib.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c +rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_os2.o: ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -158,8 +136,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_unix.o: ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -170,9 +148,8 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_win.o: ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c index 0f8dd3e00f..88088ce73c 100644 --- a/src/lib/libssl/src/crypto/rand/md_rand.c +++ b/src/lib/libssl/src/crypto/rand/md_rand.c @@ -126,10 +126,6 @@ #include #include -#ifdef OPENSSL_FIPS -#include -#endif - #ifdef BN_DEBUG # define PREDICT @@ -149,7 +145,7 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ +static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */ #ifdef PREDICT @@ -217,8 +213,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) /* check if we already have the lock */ if (crypto_lock_rand) { + CRYPTO_THREADID cur; + CRYPTO_THREADID_current(&cur); CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -274,8 +272,16 @@ static void ssleay_rand_add(const void *buf, int num, double add) } else MD_Update(&m,&(state[st_idx]),j); - + + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ MD_Update(&m,buf,j); + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. The problem is not, it's + with the caller. Removing that line will make + sure you get really bad randomness and thereby + other problems such as very insecure keys. */ + MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); MD_Final(&m,local_md); md_c[1]++; @@ -336,14 +342,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; -#ifdef OPENSSL_FIPS - if(FIPS_mode()) - { - FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); - return 0; - } -#endif - #ifdef PREDICT if (rand_predictable) { @@ -384,7 +382,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_current(&locking_threadid); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; @@ -476,9 +474,15 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif MD_Update(&m,local_md,MD_DIGEST_LENGTH); MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -#ifndef PURIFY - MD_Update(&m,buf,j); /* purify complains */ + +#ifndef PURIFY /* purify complains */ + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ + MD_Update(&m,buf,j); + /* We know that line may cause programs such as + purify and valgrind to complain about use of + uninitialized data. */ #endif + k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; if (k > 0) { @@ -539,15 +543,17 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) static int ssleay_rand_status(void) { + CRYPTO_THREADID cur; int ret; int do_not_lock; + CRYPTO_THREADID_current(&cur); /* check if we already have the lock * (could happen if a RAND_poll() implementation calls RAND_status()) */ if (crypto_lock_rand) { CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); + do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); } else @@ -559,7 +565,7 @@ static int ssleay_rand_status(void) /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); + CRYPTO_THREADID_cpy(&locking_threadid, &cur); CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); crypto_lock_rand = 1; } diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h index ea89153cba..ac6c021763 100644 --- a/src/lib/libssl/src/crypto/rand/rand.h +++ b/src/lib/libssl/src/crypto/rand/rand.h @@ -72,7 +72,7 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T int +#define FIPS_RAND_SIZE_T size_t #endif /* Already defined in ossl_typ.h */ @@ -111,15 +111,6 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); int RAND_poll(void); -#ifndef OPENSSL_NO_ENGINE -#ifdef OPENSSL_FIPS -void int_RAND_init_engine_callbacks(void); -void int_RAND_set_callbacks( - int (*set_rand_func)(const RAND_METHOD *meth, - const RAND_METHOD **pmeth), - const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); -#endif -#endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -137,29 +128,11 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ -#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 -#define RAND_F_FIPS_RAND 103 -#define RAND_F_FIPS_RAND_BYTES 102 -#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 -#define RAND_F_FIPS_RAND_SET_DT 106 -#define RAND_F_FIPS_SET_DT 104 -#define RAND_F_FIPS_SET_PRNG_SEED 107 -#define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ -#define RAND_R_NON_FIPS_METHOD 105 -#define RAND_R_NOT_IN_TEST_MODE 106 -#define RAND_R_NO_KEY_SET 107 -#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 -#define RAND_R_PRNG_ERROR 108 -#define RAND_R_PRNG_KEYED 109 -#define RAND_R_PRNG_NOT_REKEYED 102 -#define RAND_R_PRNG_NOT_RESEEDED 103 #define RAND_R_PRNG_NOT_SEEDED 100 -#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 -#define RAND_R_PRNG_STUCK 104 #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/rand/rand_egd.c b/src/lib/libssl/src/crypto/rand/rand_egd.c index 50bce6caba..d53b916ebe 100644 --- a/src/lib/libssl/src/crypto/rand/rand_egd.c +++ b/src/lib/libssl/src/crypto/rand/rand_egd.c @@ -95,7 +95,7 @@ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. */ -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS) int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) { return(-1); diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c index 829fb44d77..03cda4dd92 100644 --- a/src/lib/libssl/src/crypto/rand/rand_err.c +++ b/src/lib/libssl/src/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,14 +70,6 @@ static ERR_STRING_DATA RAND_str_functs[]= { -{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, -{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, -{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, -{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, -{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, -{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, -{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, -{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -85,17 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { -{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, -{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, -{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, -{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, -{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, -{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, -{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, -{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, -{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, -{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/rand/rand_lcl.h b/src/lib/libssl/src/crypto/rand/rand_lcl.h index 18cc9b1e4a..618a8ec899 100644 --- a/src/lib/libssl/src/crypto/rand/rand_lcl.h +++ b/src/lib/libssl/src/crypto/rand/rand_lcl.h @@ -154,16 +154,5 @@ #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) #endif -#ifndef OPENSSL_NO_ENGINE -void int_RAND_set_callbacks( - int (*set_rand_func)(const RAND_METHOD *meth, - const RAND_METHOD **pmeth), - const RAND_METHOD *(*get_rand_func) - (const RAND_METHOD **pmeth)); -int eng_RAND_set_rand_method(const RAND_METHOD *meth, - const RAND_METHOD **pmeth); -const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth); -#endif - #endif diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c index da6b4e0e86..513e338985 100644 --- a/src/lib/libssl/src/crypto/rand/rand_lib.c +++ b/src/lib/libssl/src/crypto/rand/rand_lib.c @@ -60,82 +60,15 @@ #include #include "cryptlib.h" #include -#include "rand_lcl.h" -#ifdef OPENSSL_FIPS -#include -#include -#endif - #ifndef OPENSSL_NO_ENGINE #include #endif -static const RAND_METHOD *default_RAND_meth = NULL; - -#ifdef OPENSSL_FIPS - -static int fips_RAND_set_rand_method(const RAND_METHOD *meth, - const RAND_METHOD **pmeth) - { - *pmeth = meth; - return 1; - } - -static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) - { - if (!*pmeth) - { - if(FIPS_mode()) - *pmeth=FIPS_rand_method(); - else - *pmeth = RAND_SSLeay(); - } - - if(FIPS_mode() - && *pmeth != FIPS_rand_check()) - { - RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); - return 0; - } - - return *pmeth; - } - -static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, - const RAND_METHOD **pmeth) - = fips_RAND_set_rand_method; -static const RAND_METHOD *(*RAND_get_rand_method_func) - (const RAND_METHOD **pmeth) - = fips_RAND_get_rand_method; - -#ifndef OPENSSL_NO_ENGINE -void int_RAND_set_callbacks( - int (*set_rand_func)(const RAND_METHOD *meth, - const RAND_METHOD **pmeth), - const RAND_METHOD *(*get_rand_func) - (const RAND_METHOD **pmeth)) - { - RAND_set_rand_method_func = set_rand_func; - RAND_get_rand_method_func = get_rand_func; - } -#endif - -int RAND_set_rand_method(const RAND_METHOD *meth) - { - return RAND_set_rand_method_func(meth, &default_RAND_meth); - } - -const RAND_METHOD *RAND_get_rand_method(void) - { - return RAND_get_rand_method_func(&default_RAND_meth); - } - -#else - #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; #endif +static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { @@ -196,8 +129,6 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif -#endif - void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/src/lib/libssl/src/crypto/rand/rand_os2.c b/src/lib/libssl/src/crypto/rand/rand_os2.c index c3e36d4e5e..fc1e78b179 100644 --- a/src/lib/libssl/src/crypto/rand/rand_os2.c +++ b/src/lib/libssl/src/crypto/rand/rand_os2.c @@ -78,8 +78,10 @@ typedef struct _CPUUTIL { ULONG ulIntrHigh; /* High 32 bits of interrupt time */ } CPUUTIL; +#ifndef __KLIBC__ APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; +#endif HMODULE hDoscalls = 0; int RAND_poll(void) @@ -91,6 +93,7 @@ int RAND_poll(void) if (hDoscalls == 0) { ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); +#ifndef __KLIBC__ if (rc == 0) { rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); @@ -102,6 +105,7 @@ int RAND_poll(void) if (rc) DosQuerySysState = NULL; } +#endif } /* Sample the hi-res timer, runs at around 1.1 MHz */ @@ -122,7 +126,9 @@ int RAND_poll(void) RAND_add(&util, sizeof(util), 10); } else { +#ifndef __KLIBC__ DosPerfSysCall = NULL; +#endif } } diff --git a/src/lib/libssl/src/crypto/rand/rand_unix.c b/src/lib/libssl/src/crypto/rand/rand_unix.c index 71b98ec212..e9ead3a529 100644 --- a/src/lib/libssl/src/crypto/rand/rand_unix.c +++ b/src/lib/libssl/src/crypto/rand/rand_unix.c @@ -133,7 +133,50 @@ # define FD_SETSIZE (8*sizeof(fd_set)) #endif -#ifdef __OpenBSD__ +#ifdef __VOS__ +int RAND_poll(void) +{ + unsigned char buf[ENTROPY_NEEDED]; + pid_t curr_pid; + uid_t curr_uid; + static int first=1; + int i; + long rnd = 0; + struct timespec ts; + unsigned seed; + +/* The VOS random() function starts from a static seed so its + initial value is predictable. If random() returns the + initial value, reseed it with dynamic data. The VOS + real-time clock has a granularity of 1 nsec so it should be + reasonably difficult to predict its exact value. Do not + gratuitously reseed the PRNG because other code in this + process or thread may be using it. */ + + if (first) { + first = 0; + rnd = random (); + if (rnd == 1804289383) { + clock_gettime (CLOCK_REALTIME, &ts); + curr_pid = getpid(); + curr_uid = getuid(); + seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid; + srandom (seed); + } + } + + for (i = 0; i < sizeof(buf); i++) { + if (i % 4 == 0) + rnd = random(); + buf[i] = rnd; + rnd >>= 8; + } + RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); + memset(buf, 0, sizeof(buf)); + + return 1; +} +#elif defined __OpenBSD__ int RAND_poll(void) { u_int32_t rnd = 0, i; @@ -163,7 +206,7 @@ int RAND_poll(void) static const char *randomfiles[] = { DEVRANDOM }; struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; int fd; - size_t i; + unsigned int i; #endif #ifdef DEVRANDOM_EGD static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; @@ -176,7 +219,8 @@ int RAND_poll(void) * have this. Use /dev/urandom if you can as /dev/random may block * if it runs out of random entries. */ - for (i=0; i 0) n += r; +#if defined(OPENSSL_SYS_BEOS_R5) + if (r == 0) + snooze(t.tv_usec); +#endif } else r = -1; @@ -311,6 +364,14 @@ int RAND_poll(void) l=time(NULL); RAND_add(&l,sizeof(l),0.0); +#if defined(OPENSSL_SYS_BEOS) + { + system_info sysInfo; + get_system_info(&sysInfo); + RAND_add(&sysInfo,sizeof(sysInfo),0); + } +#endif + #if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) return 1; #else diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c index 00dbe4232c..5d134e186b 100644 --- a/src/lib/libssl/src/crypto/rand/rand_win.c +++ b/src/lib/libssl/src/crypto/rand/rand_win.c @@ -463,7 +463,7 @@ int RAND_poll(void) PROCESSENTRY32 p; THREADENTRY32 t; MODULEENTRY32 m; - DWORD stoptime = 0; + DWORD starttime = 0; snap = (CREATETOOLHELP32SNAPSHOT) GetProcAddress(kernel, "CreateToolhelp32Snapshot"); @@ -494,12 +494,29 @@ int RAND_poll(void) * each entry. Consider each field a source of 1 byte * of entropy. */ + ZeroMemory(&hlist, sizeof(HEAPLIST32)); hlist.dwSize = sizeof(HEAPLIST32); - if (good) stoptime = GetTickCount() + MAXDELAY; + if (good) starttime = GetTickCount(); +#ifdef _MSC_VER if (heaplist_first(handle, &hlist)) + { + /* + following discussion on dev ML, exception on WinCE (or other Win + platform) is theoretically of unknown origin; prevent infinite + loop here when this theoretical case occurs; otherwise cope with + the expected (MSDN documented) exception-throwing behaviour of + Heap32Next() on WinCE. + + based on patch in original message by Tanguy Fautré (2009/03/02) + Subject: RAND_poll() and CreateToolhelp32Snapshot() stability + */ + int ex_cnt_limit = 42; do { RAND_add(&hlist, hlist.dwSize, 3); + __try + { + ZeroMemory(&hentry, sizeof(HEAPENTRY32)); hentry.dwSize = sizeof(HEAPENTRY32); if (heap_first(&hentry, hlist.th32ProcessID, @@ -510,10 +527,42 @@ int RAND_poll(void) RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) + && (!good || (GetTickCount()-starttime) 0); } - } while (heaplist_next(handle, - &hlist) && GetTickCount() < stoptime); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + /* ignore access violations when walking the heap list */ + ex_cnt_limit--; + } + } while (heaplist_next(handle, &hlist) + && (!good || (GetTickCount()-starttime) 0); + } + +#else + if (heaplist_first(handle, &hlist)) + { + do + { + RAND_add(&hlist, hlist.dwSize, 3); + hentry.dwSize = sizeof(HEAPENTRY32); + if (heap_first(&hentry, + hlist.th32ProcessID, + hlist.th32HeapID)) + { + int entrycnt = 80; + do + RAND_add(&hentry, + hentry.dwSize, 5); + while (heap_next(&hentry) + && --entrycnt > 0); + } + } while (heaplist_next(handle, &hlist) + && (!good || (GetTickCount()-starttime)= 0x80000000 || !OPENSSL_isservice()) + if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) return; /* Create a screen DC and a memory DC compatible to screen DC */ diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c index d108353bbc..4ed40b7b70 100644 --- a/src/lib/libssl/src/crypto/rand/randfile.c +++ b/src/lib/libssl/src/crypto/rand/randfile.c @@ -75,9 +75,7 @@ #ifndef NO_SYS_TYPES_H # include #endif -#ifdef MAC_OS_pre_X -# include -#else +#ifndef OPENSSL_NO_POSIX_IO # include #endif @@ -111,14 +109,26 @@ int RAND_load_file(const char *file, long bytes) * if bytes == -1, read complete file. */ MS_STATIC unsigned char buf[BUFSIZE]; +#ifndef OPENSSL_NO_POSIX_IO struct stat sb; +#endif int i,ret=0,n; FILE *in; if (file == NULL) return(0); +#ifndef OPENSSL_NO_POSIX_IO +#ifdef PURIFY + /* struct stat can have padding and unused fields that may not be + * initialized in the call to stat(). We need to clear the entire + * structure before calling RAND_add() to avoid complaints from + * applications such as Valgrind. + */ + memset(&sb, 0, sizeof(sb)); +#endif if (stat(file,&sb) < 0) return(0); RAND_add(&sb,sizeof(sb),0.0); +#endif if (bytes == 0) return(ret); #ifdef OPENSSL_SYS_VMS @@ -127,7 +137,7 @@ int RAND_load_file(const char *file, long bytes) in=fopen(file,"rb"); #endif if (in == NULL) goto err; -#if defined(S_IFBLK) && defined(S_IFCHR) +#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO) if (sb.st_mode & (S_IFBLK | S_IFCHR)) { /* this file is a device. we don't want read an infinite number * of bytes from a random device, nor do we want to use buffered @@ -170,12 +180,13 @@ int RAND_write_file(const char *file) int i,ret=0,rand_err=0; FILE *out = NULL; int n; +#ifndef OPENSSL_NO_POSIX_IO struct stat sb; i=stat(file,&sb); if (i != -1) { -#if defined(S_IFBLK) && defined(S_IFCHR) - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { +#if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { /* this file is a device. we don't write back to it. * we "succeed" on the assumption this is some sort * of random device. Otherwise attempting to write to @@ -185,14 +196,16 @@ int RAND_write_file(const char *file) } #endif } +#endif -#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) +#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) { - /* For some reason Win32 can't write to files created this way */ - +#ifndef O_BINARY +#define O_BINARY 0 +#endif /* chmod(..., 0600) is too late to protect the file, * permissions should be restrictive from the start */ - int fd = open(file, O_CREAT, 0600); + int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600); if (fd != -1) out = fdopen(fd, "wb"); } diff --git a/src/lib/libssl/src/crypto/rc2/Makefile b/src/lib/libssl/src/crypto/rc2/Makefile index 4b6292b65f..73eac347e7 100644 --- a/src/lib/libssl/src/crypto/rc2/Makefile +++ b/src/lib/libssl/src/crypto/rc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,11 +78,7 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_cbc.o: rc2_cbc.c rc2_locl.h rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h -rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rc2_skey.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2_skey.o: rc2_locl.h rc2_skey.c rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h rc2cfb64.o: rc2_locl.h rc2cfb64.c diff --git a/src/lib/libssl/src/crypto/rc2/rc2.h b/src/lib/libssl/src/crypto/rc2/rc2.h index e542ec94ff..34c8362317 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2.h +++ b/src/lib/libssl/src/crypto/rc2/rc2.h @@ -79,9 +79,7 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; -#ifdef OPENSSL_FIPS -void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); -#endif + void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c index 4e000e5b99..0150b0e035 100644 --- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c +++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c @@ -57,14 +57,9 @@ */ #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - #include "rc2_locl.h" -static unsigned char key_table[256]={ +static const unsigned char key_table[256]={ 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, @@ -99,19 +94,7 @@ static unsigned char key_table[256]={ * BSAFE uses the 'retarded' version. What I previously shipped is * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ - -#ifdef OPENSSL_FIPS void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) - { - if (FIPS_mode()) - FIPS_BAD_ABORT(RC2) - private_RC2_set_key(key, len, data, bits); - } -void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, - int bits) -#else -void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) -#endif { int i,j; unsigned char *k; diff --git a/src/lib/libssl/src/crypto/rc4/Makefile b/src/lib/libssl/src/crypto/rc4/Makefile index f0bd7678fc..264451a213 100644 --- a/src/lib/libssl/src/crypto/rc4/Makefile +++ b/src/lib/libssl/src/crypto/rc4/Makefile @@ -21,8 +21,8 @@ TEST=rc4test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=rc4_skey.c rc4_enc.c rc4_fblk.c -LIBOBJ=$(RC4_ENC) rc4_fblk.o +LIBSRC=rc4_skey.c rc4_enc.c +LIBOBJ=$(RC4_ENC) SRC= $(LIBSRC) @@ -37,26 +37,26 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@) -# COFF -rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@) -# a.out -rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@) +rc4-586.s: asm/rc4-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rc4-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -rc4-x86_64.s: asm/rc4-x86_64.pl; $(PERL) asm/rc4-x86_64.pl $@ +rc4-x86_64.s: asm/rc4-x86_64.pl + $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@ -rc4-ia64.s: asm/rc4-ia64.S +rc4-ia64.S: asm/rc4-ia64.pl + $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@ + +rc4-s390x.s: asm/rc4-s390x.pl + $(PERL) asm/rc4-s390x.pl > $@ + +rc4-ia64.s: rc4-ia64.S @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \ - int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \ - char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \ + int) set -x; $(CC) $(CFLAGS) -DSZ=4 -E rc4-ia64.S > $@ ;; \ + char) set -x; $(CC) $(CFLAGS) -DSZ=1 -E rc4-ia64.S > $@ ;; \ *) exit 1 ;; \ esac @@ -105,20 +105,10 @@ rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h -rc4_fblk.o: ../../e_os.h ../../include/openssl/bio.h -rc4_fblk.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rc4_fblk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_fblk.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_fblk.o: ../../include/openssl/opensslconf.h -rc4_fblk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rc4_fblk.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -rc4_fblk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_fblk.o: ../cryptlib.h rc4_fblk.c rc4_locl.h rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rc4_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rc4_skey.o: ../../include/openssl/opensslconf.h +rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl index ef7eee766c..38a44a70ef 100644 --- a/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl +++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-586.pl @@ -1,14 +1,21 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl + +# ==================================================================== +# [Re]written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== # At some point it became apparent that the original SSLeay RC4 -# assembler implementation performs suboptimaly on latest IA-32 +# assembler implementation performs suboptimally on latest IA-32 # microarchitectures. After re-tuning performance has changed as # following: # -# Pentium +0% -# Pentium III +17% -# AMD +52%(*) -# P4 +180%(**) +# Pentium -10% +# Pentium III +12% +# AMD +50%(*) +# P4 +250%(**) # # (*) This number is actually a trade-off:-) It's possible to # achieve +72%, but at the cost of -48% off PIII performance. @@ -17,214 +24,247 @@ # For reference! This code delivers ~80% of rc4-amd64.pl # performance on the same Opteron machine. # (**) This number requires compressed key schedule set up by -# RC4_set_key and therefore doesn't apply to 0.9.7 [option for -# compressed key schedule is implemented in 0.9.8 and later, -# see commentary section in rc4_skey.c for further details]. +# RC4_set_key [see commentary below for further details]. # # -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"rc4-586.pl"); -$x="eax"; -$y="ebx"; +$xx="eax"; +$yy="ebx"; $tx="ecx"; $ty="edx"; -$in="esi"; -$out="edi"; -$d="ebp"; - -&RC4("RC4"); - -&asm_finish(); - -sub RC4_loop - { - local($n,$p,$char)=@_; - - &comment("Round $n"); - - if ($char) - { - if ($p >= 0) - { - &mov($ty, &swtmp(2)); - &cmp($ty, $in); - &jbe(&label("finished")); - &inc($in); - } - else - { - &add($ty, 8); - &inc($in); - &cmp($ty, $in); - &jb(&label("finished")); - &mov(&swtmp(2), $ty); - } - } - # Moved out - # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; - - &add( &LB($y), &LB($tx)); - &mov( $ty, &DWP(0,$d,$y,4)); - # XXX - &mov( &DWP(0,$d,$x,4),$ty); - &add( $ty, $tx); - &mov( &DWP(0,$d,$y,4),$tx); - &and( $ty, 0xff); - &inc( &LB($x)); # NEXT ROUND - &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND - &mov( $ty, &DWP(0,$d,$ty,4)); - - if (!$char) - { - #moved up into last round - if ($p >= 1) - { - &add( $out, 8) - } - &movb( &BP($n,"esp","",0), &LB($ty)); - } - else - { - # Note in+=8 has occured - &movb( &HB($ty), &BP(-1,$in,"",0)); - # XXX - &xorb(&LB($ty), &HB($ty)); - # XXX - &movb(&BP($n,$out,"",0),&LB($ty)); - } +$inp="esi"; +$out="ebp"; +$dat="edi"; + +sub RC4_loop { + my $i=shift; + my $func = ($i==0)?*mov:*or; + + &add (&LB($yy),&LB($tx)); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &mov (&DWP(0,$dat,$xx,4),$ty); + &add ($ty,$tx); + &inc (&LB($xx)); + &and ($ty,0xff); + &ror ($out,8) if ($i!=0); + if ($i<3) { + &mov ($tx,&DWP(0,$dat,$xx,4)); + } else { + &mov ($tx,&wparam(3)); # reload [re-biased] out } - - -sub RC4 - { - local($name)=@_; - - &function_begin_B($name,""); - - &mov($ty,&wparam(1)); # len - &cmp($ty,0); - &jne(&label("proceed")); - &ret(); - &set_label("proceed"); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &push("esi"); - &xor( $x, $x); # avoid partial register stalls - &push("edi"); - &xor( $y, $y); # avoid partial register stalls - &mov( $d, &wparam(0)); # key - &mov( $in, &wparam(2)); - - &movb( &LB($x), &BP(0,$d,"",1)); - &movb( &LB($y), &BP(4,$d,"",1)); - - &mov( $out, &wparam(3)); - &inc( &LB($x)); - - &stack_push(3); # 3 temp variables - &add( $d, 8); - - # detect compressed schedule, see commentary section in rc4_skey.c... - # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant, - # as compressed key schedule is set up in 0.9.8 and later. - &cmp(&DWP(256,$d),-1); - &je(&label("RC4_CHAR")); - - &lea( $ty, &DWP(-8,$ty,$in)); - - # check for 0 length input - - &mov( &swtmp(2), $ty); # this is now address to exit at - &mov( $tx, &DWP(0,$d,$x,4)); - - &cmp( $ty, $in); - &jb( &label("end")); # less than 8 bytes - - &set_label("start"); - - # filling DELAY SLOT - &add( $in, 8); - - &RC4_loop(0,-1,0); - &RC4_loop(1,0,0); - &RC4_loop(2,0,0); - &RC4_loop(3,0,0); - &RC4_loop(4,0,0); - &RC4_loop(5,0,0); - &RC4_loop(6,0,0); - &RC4_loop(7,1,0); - - &comment("apply the cipher text"); - # xor the cipher data with input - - #&add( $out, 8); #moved up into last round - - &mov( $tx, &swtmp(0)); - &mov( $ty, &DWP(-8,$in,"",0)); - &xor( $tx, $ty); - &mov( $ty, &DWP(-4,$in,"",0)); - &mov( &DWP(-8,$out,"",0), $tx); - &mov( $tx, &swtmp(1)); - &xor( $tx, $ty); - &mov( $ty, &swtmp(2)); # load end ptr; - &mov( &DWP(-4,$out,"",0), $tx); - &mov( $tx, &DWP(0,$d,$x,4)); - &cmp($in, $ty); - &jbe(&label("start")); - - &set_label("end"); - - # There is quite a bit of extra crap in RC4_loop() for this - # first round - &RC4_loop(0,-1,1); - &RC4_loop(1,0,1); - &RC4_loop(2,0,1); - &RC4_loop(3,0,1); - &RC4_loop(4,0,1); - &RC4_loop(5,0,1); - &RC4_loop(6,1,1); - - &jmp(&label("finished")); - - &align(16); - # this is essentially Intel P4 specific codepath, see rc4_skey.c, - # and is engaged in 0.9.8 and later context... - &set_label("RC4_CHAR"); - - &lea ($ty,&DWP(0,$in,$ty)); - &mov (&swtmp(2),$ty); - &movz ($tx,&BP(0,$d,$x)); - + &$func ($out,&DWP(0,$dat,$ty,4)); +} + +# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out); +&function_begin("RC4"); + &mov ($dat,&wparam(0)); # load key schedule pointer + &mov ($ty, &wparam(1)); # load len + &mov ($inp,&wparam(2)); # load inp + &mov ($out,&wparam(3)); # load out + + &xor ($xx,$xx); # avoid partial register stalls + &xor ($yy,$yy); + + &cmp ($ty,0); # safety net + &je (&label("abort")); + + &mov (&LB($xx),&BP(0,$dat)); # load key->x + &mov (&LB($yy),&BP(4,$dat)); # load key->y + &add ($dat,8); + + &lea ($tx,&DWP(0,$inp,$ty)); + &sub ($out,$inp); # re-bias out + &mov (&wparam(1),$tx); # save input+len + + &inc (&LB($xx)); + + # detect compressed key schedule... + &cmp (&DWP(256,$dat),-1); + &je (&label("RC4_CHAR")); + + &mov ($tx,&DWP(0,$dat,$xx,4)); + + &and ($ty,-4); # how many 4-byte chunks? + &jz (&label("loop1")); + + &lea ($ty,&DWP(-4,$inp,$ty)); + &mov (&wparam(2),$ty); # save input+(len/4)*4-4 + &mov (&wparam(3),$out); # $out as accumulator in this loop + + &set_label("loop4",16); + for ($i=0;$i<4;$i++) { RC4_loop($i); } + &ror ($out,8); + &xor ($out,&DWP(0,$inp)); + &cmp ($inp,&wparam(2)); # compare to input+(len/4)*4-4 + &mov (&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here + &lea ($inp,&DWP(4,$inp)); + &mov ($tx,&DWP(0,$dat,$xx,4)); + &jb (&label("loop4")); + + &cmp ($inp,&wparam(1)); # compare to input+len + &je (&label("done")); + &mov ($out,&wparam(3)); # restore $out + + &set_label("loop1",16); + &add (&LB($yy),&LB($tx)); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &mov (&DWP(0,$dat,$xx,4),$ty); + &add ($ty,$tx); + &inc (&LB($xx)); + &and ($ty,0xff); + &mov ($ty,&DWP(0,$dat,$ty,4)); + &xor (&LB($ty),&BP(0,$inp)); + &lea ($inp,&DWP(1,$inp)); + &mov ($tx,&DWP(0,$dat,$xx,4)); + &cmp ($inp,&wparam(1)); # compare to input+len + &mov (&BP(-1,$out,$inp),&LB($ty)); + &jb (&label("loop1")); + + &jmp (&label("done")); + +# this is essentially Intel P4 specific codepath... +&set_label("RC4_CHAR",16); + &movz ($tx,&BP(0,$dat,$xx)); # strangely enough unrolled loop performs over 20% slower... - &set_label("RC4_CHAR_loop"); - &add (&LB($y),&LB($tx)); - &movz ($ty,&BP(0,$d,$y)); - &movb (&BP(0,$d,$y),&LB($tx)); - &movb (&BP(0,$d,$x),&LB($ty)); + &set_label("cloop1"); + &add (&LB($yy),&LB($tx)); + &movz ($ty,&BP(0,$dat,$yy)); + &mov (&BP(0,$dat,$yy),&LB($tx)); + &mov (&BP(0,$dat,$xx),&LB($ty)); &add (&LB($ty),&LB($tx)); - &movz ($ty,&BP(0,$d,$ty)); - &add (&LB($x),1); - &xorb (&LB($ty),&BP(0,$in)); - &lea ($in,&DWP(1,$in)); - &movz ($tx,&BP(0,$d,$x)); - &cmp ($in,&swtmp(2)); - &movb (&BP(0,$out),&LB($ty)); - &lea ($out,&DWP(1,$out)); - &jb (&label("RC4_CHAR_loop")); - - &set_label("finished"); - &dec( $x); - &stack_pop(3); - &movb( &BP(-4,$d,"",0),&LB($y)); - &movb( &BP(-8,$d,"",0),&LB($x)); - - &function_end($name); - } + &movz ($ty,&BP(0,$dat,$ty)); + &add (&LB($xx),1); + &xor (&LB($ty),&BP(0,$inp)); + &lea ($inp,&DWP(1,$inp)); + &movz ($tx,&BP(0,$dat,$xx)); + &cmp ($inp,&wparam(1)); + &mov (&BP(-1,$out,$inp),&LB($ty)); + &jb (&label("cloop1")); + +&set_label("done"); + &dec (&LB($xx)); + &mov (&BP(-4,$dat),&LB($yy)); # save key->y + &mov (&BP(-8,$dat),&LB($xx)); # save key->x +&set_label("abort"); +&function_end("RC4"); + +######################################################################## + +$inp="esi"; +$out="edi"; +$idi="ebp"; +$ido="ecx"; +$idx="edx"; + +&external_label("OPENSSL_ia32cap_P"); + +# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data); +&function_begin("RC4_set_key"); + &mov ($out,&wparam(0)); # load key + &mov ($idi,&wparam(1)); # load len + &mov ($inp,&wparam(2)); # load data + &picmeup($idx,"OPENSSL_ia32cap_P"); + + &lea ($out,&DWP(2*4,$out)); # &key->data + &lea ($inp,&DWP(0,$inp,$idi)); # $inp to point at the end + &neg ($idi); + &xor ("eax","eax"); + &mov (&DWP(-4,$out),$idi); # borrow key->y + + &bt (&DWP(0,$idx),20); # check for bit#20 + &jc (&label("c1stloop")); + +&set_label("w1stloop",16); + &mov (&DWP(0,$out,"eax",4),"eax"); # key->data[i]=i; + &add (&LB("eax"),1); # i++; + &jnc (&label("w1stloop")); + + &xor ($ido,$ido); + &xor ($idx,$idx); + +&set_label("w2ndloop",16); + &mov ("eax",&DWP(0,$out,$ido,4)); + &add (&LB($idx),&BP(0,$inp,$idi)); + &add (&LB($idx),&LB("eax")); + &add ($idi,1); + &mov ("ebx",&DWP(0,$out,$idx,4)); + &jnz (&label("wnowrap")); + &mov ($idi,&DWP(-4,$out)); + &set_label("wnowrap"); + &mov (&DWP(0,$out,$idx,4),"eax"); + &mov (&DWP(0,$out,$ido,4),"ebx"); + &add (&LB($ido),1); + &jnc (&label("w2ndloop")); +&jmp (&label("exit")); + +# Unlike all other x86 [and x86_64] implementations, Intel P4 core +# [including EM64T] was found to perform poorly with above "32-bit" key +# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded +# assembler turned out to be 3.5x if re-coded for compressed 8-bit one, +# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit +# schedule for x86[_64], because non-P4 implementations suffer from +# significant performance losses then, e.g. PIII exhibits >2x +# deterioration, and so does Opteron. In order to assure optimal +# all-round performance, we detect P4 at run-time and set up compressed +# key schedule, which is recognized by RC4 procedure. + +&set_label("c1stloop",16); + &mov (&BP(0,$out,"eax"),&LB("eax")); # key->data[i]=i; + &add (&LB("eax"),1); # i++; + &jnc (&label("c1stloop")); + + &xor ($ido,$ido); + &xor ($idx,$idx); + &xor ("ebx","ebx"); + +&set_label("c2ndloop",16); + &mov (&LB("eax"),&BP(0,$out,$ido)); + &add (&LB($idx),&BP(0,$inp,$idi)); + &add (&LB($idx),&LB("eax")); + &add ($idi,1); + &mov (&LB("ebx"),&BP(0,$out,$idx)); + &jnz (&label("cnowrap")); + &mov ($idi,&DWP(-4,$out)); + &set_label("cnowrap"); + &mov (&BP(0,$out,$idx),&LB("eax")); + &mov (&BP(0,$out,$ido),&LB("ebx")); + &add (&LB($ido),1); + &jnc (&label("c2ndloop")); + + &mov (&DWP(256,$out),-1); # mark schedule as compressed + +&set_label("exit"); + &xor ("eax","eax"); + &mov (&DWP(-8,$out),"eax"); # key->x=0; + &mov (&DWP(-4,$out),"eax"); # key->y=0; +&function_end("RC4_set_key"); + +# const char *RC4_options(void); +&function_begin_B("RC4_options"); + &call (&label("pic_point")); +&set_label("pic_point"); + &blindpop("eax"); + &lea ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax")); + &picmeup("edx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"edx"),20); + &jnc (&label("skip")); + &add ("eax",12); + &set_label("skip"); + &ret (); +&set_label("opts",64); +&asciz ("rc4(4x,int)"); +&asciz ("rc4(1x,char)"); +&asciz ("RC4 for x86, CRYPTOGAMS by "); +&align (64); +&function_end_B("RC4_options"); + +&asm_finish(); diff --git a/src/lib/libssl/src/crypto/rc4/rc4.h b/src/lib/libssl/src/crypto/rc4/rc4.h index 2d8620d33b..29d1acccf5 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4.h +++ b/src/lib/libssl/src/crypto/rc4/rc4.h @@ -64,6 +64,8 @@ #error RC4 is disabled. #endif +#include + #ifdef __cplusplus extern "C" { #endif @@ -76,11 +78,8 @@ typedef struct rc4_key_st const char *RC4_options(void); -#ifdef OPENSSL_FIPS -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -#endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata); #ifdef __cplusplus diff --git a/src/lib/libssl/src/crypto/rc4/rc4_enc.c b/src/lib/libssl/src/crypto/rc4/rc4_enc.c index 0660ea60a2..8c4fc6c7a3 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4_enc.c +++ b/src/lib/libssl/src/crypto/rc4/rc4_enc.c @@ -67,12 +67,12 @@ * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, unsigned char *outdata) { register RC4_INT *d; register RC4_INT x,y,tx,ty; - int i; + size_t i; x=key->x; y=key->y; @@ -120,8 +120,8 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, (RC4_CHUNK)d[(tx+ty)&0xff]\ ) - if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | - ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) + if ( ( ((size_t)indata & (sizeof(RC4_CHUNK)-1)) | + ((size_t)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) { RC4_CHUNK ichunk,otp; const union { long one; char little; } is_endian = {1}; @@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, if (!is_endian.little) { /* BIG-ENDIAN CASE */ # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) + for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK)) { ichunk = *(RC4_CHUNK *)indata; otp = RC4_STEP<>3L); + i=len>>3; if (i) { for (;;) @@ -296,7 +296,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, if (--i == 0) break; } } - i=(int)len&0x07; + i=len&0x07; if (i) { for (;;) diff --git a/src/lib/libssl/src/crypto/rc4/rc4_skey.c b/src/lib/libssl/src/crypto/rc4/rc4_skey.c index 4478d1a4b3..b22c40b0bd 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4_skey.c +++ b/src/lib/libssl/src/crypto/rc4/rc4_skey.c @@ -59,11 +59,6 @@ #include #include "rc4_locl.h" #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; @@ -90,11 +85,7 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -#ifdef OPENSSL_FIPS -void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -#else void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -#endif { register RC4_INT tmp; register int id1,id2; @@ -128,20 +119,14 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * implementations suffer from significant performance * losses then, e.g. PIII exhibits >2x deterioration, * and so does Opteron. In order to assure optimal - * all-round performance, we detect P4 at run-time by - * checking upon reserved bit 20 in CPU capability + * all-round performance, let us [try to] detect P4 at + * run-time by checking upon HTT bit in CPU capability * vector and set up compressed key schedule, which is * recognized by correspondingly updated assembler - * module... Bit 20 is set up by OPENSSL_ia32_cpuid. - * + * module... * */ -#ifdef OPENSSL_FIPS - unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); - if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) { -#else if (OPENSSL_ia32cap_P & (1<<28)) { -#endif unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; diff --git a/src/lib/libssl/src/crypto/rc4/rc4test.c b/src/lib/libssl/src/crypto/rc4/rc4test.c index 54b597fa26..633a79e758 100644 --- a/src/lib/libssl/src/crypto/rc4/rc4test.c +++ b/src/lib/libssl/src/crypto/rc4/rc4test.c @@ -114,8 +114,8 @@ static unsigned char output[7][30]={ int main(int argc, char *argv[]) { - int err=0; - unsigned int i, j; + int i,err=0; + int j; unsigned char *p; RC4_KEY key; unsigned char obuf[512]; @@ -129,12 +129,12 @@ int main(int argc, char *argv[]) { printf("error calculating RC4\n"); printf("output:"); - for (j=0; j ../$@) -# COFF -r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@) -# a.out -r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@) +rc5-586.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/rc5-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/src/lib/libssl/src/crypto/rc5/rc5.h b/src/lib/libssl/src/crypto/rc5/rc5.h index f73a2a02a4..4b3c153b50 100644 --- a/src/lib/libssl/src/crypto/rc5/rc5.h +++ b/src/lib/libssl/src/crypto/rc5/rc5.h @@ -94,10 +94,7 @@ typedef struct rc5_key_st RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; } RC5_32_KEY; -#ifdef OPENSSL_FIPS -void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds); -#endif + void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds); void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, diff --git a/src/lib/libssl/src/crypto/ripemd/Makefile b/src/lib/libssl/src/crypto/ripemd/Makefile index 6145f13699..d5b1067dbe 100644 --- a/src/lib/libssl/src/crypto/ripemd/Makefile +++ b/src/lib/libssl/src/crypto/ripemd/Makefile @@ -38,19 +38,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@) -# COFF -rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@) -# a.out -rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@) +rmd-586.s: asm/rmd-586.pl ../perlasm/x86asm.pl + $(PERL) asm/rmd-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -89,13 +82,8 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -rmd_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rmd_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rmd_dgst.o: ../../include/openssl/opensslconf.h -rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h -rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl index 4f3c4c967f..e8b2bc2db2 100644 --- a/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl +++ b/src/lib/libssl/src/crypto/ripemd/asm/rmd-586.pl @@ -5,7 +5,8 @@ $normal=0; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); diff --git a/src/lib/libssl/src/crypto/ripemd/ripemd.h b/src/lib/libssl/src/crypto/ripemd/ripemd.h index 3b6d04386d..5942eb6180 100644 --- a/src/lib/libssl/src/crypto/ripemd/ripemd.h +++ b/src/lib/libssl/src/crypto/ripemd/ripemd.h @@ -70,7 +70,7 @@ extern "C" { #error RIPEMD is disabled. #endif -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define RIPEMD160_LONG unsigned long #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define RIPEMD160_LONG unsigned long @@ -90,9 +90,7 @@ typedef struct RIPEMD160state_st RIPEMD160_LONG data[RIPEMD160_LBLOCK]; unsigned int num; } RIPEMD160_CTX; -#ifdef OPENSSL_FIPS -int private_RIPEMD160_Init(RIPEMD160_CTX *c); -#endif + int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c index ead11d075a..59b017f8c0 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c +++ b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c @@ -59,11 +59,6 @@ #include #include "rmd_locl.h" #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; @@ -74,16 +69,14 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -FIPS_NON_FIPS_MD_Init(RIPEMD160) +int RIPEMD160_Init(RIPEMD160_CTX *c) { + memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; c->B=RIPEMD160_B; c->C=RIPEMD160_C; c->D=RIPEMD160_D; c->E=RIPEMD160_E; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h index ce12a8000e..f14b346e66 100644 --- a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h +++ b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h @@ -72,7 +72,7 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define ripemd160_block_host_order ripemd160_block_asm_data_order +# define ripemd160_block_data_order ripemd160_block_asm_data_order # endif #endif diff --git a/src/lib/libssl/src/crypto/rsa/Makefile b/src/lib/libssl/src/crypto/rsa/Makefile index 7b1fd6428c..bb64223e05 100644 --- a/src/lib/libssl/src/crypto/rsa/Makefile +++ b/src/lib/libssl/src/crypto/rsa/Makefile @@ -19,10 +19,12 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c + rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \ + rsa_pmeth.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o + rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \ + rsa_pmeth.o SRC= $(LIBSRC) @@ -37,7 +39,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,6 +80,22 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h +rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_ameth.o: ../../include/openssl/objects.h +rsa_ameth.o: ../../include/openssl/opensslconf.h +rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -114,21 +132,6 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c -rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -151,15 +154,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -182,9 +185,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_oaep.o: ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -199,27 +202,50 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c +rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pmeth.o: ../../include/openssl/opensslconf.h +rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c +rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_prn.o: ../cryptlib.h rsa_prn.c rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_pss.o: ../cryptlib.h rsa_pss.c +rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_saos.o: ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -232,15 +258,14 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_sign.o: ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_sign.o: ../cryptlib.h rsa_sign.c +rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -260,11 +285,3 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c -rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_x931g.o: rsa_x931g.c diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h index 5bb932ae15..cf74343657 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa.h +++ b/src/lib/libssl/src/crypto/rsa/rsa.h @@ -74,25 +74,6 @@ #error RSA is disabled. #endif -/* If this flag is set the RSA method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its reposibility - * to ensure the result is compliant. - */ - -#define RSA_FLAG_FIPS_METHOD 0x0400 - -/* If this flag is set the operations normally disabled in FIPS mode are - * permitted it is then the applications responsibility to ensure that the - * usage is compliant. - */ - -#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 - -#ifdef OPENSSL_FIPS -#define FIPS_RSA_SIZE_T int -#endif - #ifdef __cplusplus extern "C" { #endif @@ -136,7 +117,8 @@ struct rsa_meth_st unsigned char *sigret, unsigned int *siglen, const RSA *rsa); int (*rsa_verify)(int dtype, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); + const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); /* If this callback is NULL, the builtin software RSA key-gen will be used. This * is for behavioural compatibility whilst the code gets rewired, but one day * it would be nice to assume there are no such things as "builtin software" @@ -182,8 +164,6 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif -#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 - #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif @@ -238,11 +218,37 @@ struct rsa_st #endif +#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ + len, NULL) + +#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) + #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 #define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +#define RSA_PKCS1_PSS_PADDING 6 #define RSA_PKCS1_PADDING_SIZE 11 @@ -261,11 +267,6 @@ RSA * RSA_generate_key(int bits, unsigned long e,void /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, - const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, - const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, - const BIGNUM *e, BN_GENCB *cb); -int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); int RSA_check_key(const RSA *); /* next 4 return -1 on error */ @@ -283,11 +284,6 @@ int RSA_up_ref(RSA *r); int RSA_flags(const RSA *r); -#ifdef OPENSSL_FIPS -RSA *FIPS_rsa_new(void); -void FIPS_rsa_free(RSA *r); -#endif - void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); @@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int RSA_sign(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ @@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ -#define RSA_F_FIPS_RSA_SIGN 140 -#define RSA_F_FIPS_RSA_VERIFY 141 +#define RSA_F_CHECK_PADDING_MD 140 +#define RSA_F_DO_RSA_PRINT 146 +#define RSA_F_INT_RSA_VERIFY 145 #define RSA_F_MEMORY_LOCK 100 +#define RSA_F_OLD_RSA_PRIV_DECODE 147 +#define RSA_F_PKEY_RSA_CTRL 143 +#define RSA_F_PKEY_RSA_CTRL_STR 144 +#define RSA_F_PKEY_RSA_SIGN 142 +#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 #define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 @@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void); #define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 -#define RSA_F_RSA_PRIVATE_ENCRYPT 137 -#define RSA_F_RSA_PUBLIC_DECRYPT 138 +#define RSA_F_RSA_PRIV_DECODE 137 +#define RSA_F_RSA_PRIV_ENCODE 138 +#define RSA_F_RSA_PUB_DECODE 139 #define RSA_F_RSA_SETUP_BLINDING 136 -#define RSA_F_RSA_SET_DEFAULT_METHOD 139 -#define RSA_F_RSA_SET_METHOD 142 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 @@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void); #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 #define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +#define RSA_R_INVALID_DIGEST_LENGTH 143 #define RSA_R_INVALID_HEADER 137 +#define RSA_R_INVALID_KEYBITS 145 #define RSA_R_INVALID_MESSAGE_LENGTH 131 #define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_PADDING_MODE 141 +#define RSA_R_INVALID_PSS_SALTLEN 146 #define RSA_R_INVALID_TRAILER 139 +#define RSA_R_INVALID_X931_DIGEST 142 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 #define RSA_R_MODULUS_TOO_LARGE 105 -#define RSA_R_NON_FIPS_METHOD 141 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 -#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 +#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 @@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_VALUE_MISSING 147 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus diff --git a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c index 6e8a803e81..4efca8cdc8 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c @@ -3,7 +3,7 @@ * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -62,19 +62,9 @@ #include #include -static ASN1_METHOD method={ - (I2D_OF(void)) i2d_RSAPrivateKey, - (D2I_OF(void)) d2i_RSAPrivateKey, - (void *(*)(void)) RSA_new, - (void (*)(void *)) RSA_free}; - -ASN1_METHOD *RSAPrivateKey_asn1_meth(void) - { - return(&method); - } - /* Override the default free and new methods */ -static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) { if(operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)RSA_new(); diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index 0ac6418449..c5eaeeae6b 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -115,7 +115,7 @@ #include #include -#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) +#ifndef RSA_NULL static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); @@ -256,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) { BN_BLINDING *ret; int got_write_lock = 0; + CRYPTO_THREADID cur; CRYPTO_r_lock(CRYPTO_LOCK_RSA); @@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) if (ret == NULL) goto err; - if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) + CRYPTO_THREADID_current(&cur); + if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) { /* rsa->blinding is ours! */ diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c index 501f5ea389..cf9f1106b0 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_err.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,9 +70,15 @@ static ERR_STRING_DATA RSA_str_functs[]= { -{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, -{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, +{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, +{ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"}, +{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"}, {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, +{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"}, +{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, +{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, +{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, +{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, @@ -103,11 +109,10 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, -{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, -{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, +{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, +{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, +{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, -{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, -{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, @@ -136,20 +141,25 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, {ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, +{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"}, +{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"}, {ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, +{ERR_REASON(RSA_R_INVALID_KEYBITS) ,"invalid keybits"}, {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, {ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, +{ERR_REASON(RSA_R_INVALID_PADDING_MODE) ,"invalid padding mode"}, +{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) ,"invalid pss saltlen"}, {ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, +{ERR_REASON(RSA_R_INVALID_X931_DIGEST) ,"invalid x931 digest"}, {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, -{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, -{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, +{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, @@ -160,6 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, +{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"}, {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c index 41278f83c6..767f7ab682 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c @@ -68,8 +68,6 @@ #include #include -#ifndef OPENSSL_FIPS - static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); /* NB: this wrapper would normally be placed in rsa_lib.c and the static @@ -219,4 +217,3 @@ err: return ok; } -#endif diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c index 5714841f4c..de45088d76 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c @@ -67,6 +67,224 @@ #include #endif +const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; + +static const RSA_METHOD *default_RSA_meth=NULL; + +RSA *RSA_new(void) + { + RSA *r=RSA_new_method(NULL); + + return r; + } + +void RSA_set_default_method(const RSA_METHOD *meth) + { + default_RSA_meth = meth; + } + +const RSA_METHOD *RSA_get_default_method(void) + { + if (default_RSA_meth == NULL) + { +#ifdef RSA_NULL + default_RSA_meth=RSA_null_method(); +#else +#if 0 /* was: #ifdef RSAref */ + default_RSA_meth=RSA_PKCS1_RSAref(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); +#endif +#endif + } + + return default_RSA_meth; + } + +const RSA_METHOD *RSA_get_method(const RSA *rsa) + { + return rsa->meth; + } + +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const RSA_METHOD *mtmp; + mtmp = rsa->meth; + if (mtmp->finish) mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE + if (rsa->engine) + { + ENGINE_finish(rsa->engine); + rsa->engine = NULL; + } +#endif + rsa->meth = meth; + if (meth->init) meth->init(rsa); + return 1; + } + +RSA *RSA_new_method(ENGINE *engine) + { + RSA *ret; + + ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); + if (ret == NULL) + { + RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); + return NULL; + } + + ret->meth = RSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE + if (engine) + { + if (!ENGINE_init(engine)) + { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } + else + ret->engine = ENGINE_get_default_RSA(); + if(ret->engine) + { + ret->meth = ENGINE_get_RSA(ret->engine); + if(!ret->meth) + { + RSAerr(RSA_F_RSA_NEW_METHOD, + ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } +#endif + + ret->pad=0; + ret->version=0; + ret->n=NULL; + ret->e=NULL; + ret->d=NULL; + ret->p=NULL; + ret->q=NULL; + ret->dmp1=NULL; + ret->dmq1=NULL; + ret->iqmp=NULL; + ret->references=1; + ret->_method_mod_n=NULL; + ret->_method_mod_p=NULL; + ret->_method_mod_q=NULL; + ret->blinding=NULL; + ret->mt_blinding=NULL; + ret->bignum_data=NULL; + ret->flags=ret->meth->flags; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) + { +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + OPENSSL_free(ret); + return(NULL); + } + + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } + return(ret); + } + +void RSA_free(RSA *r) + { + int i; + + if (r == NULL) return; + + i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); +#ifdef REF_PRINT + REF_PRINT("RSA",r); +#endif + if (i > 0) return; +#ifdef REF_CHECK + if (i < 0) + { + fprintf(stderr,"RSA_free, bad reference count\n"); + abort(); + } +#endif + + if (r->meth->finish) + r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE + if (r->engine) + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); + + if (r->n != NULL) BN_clear_free(r->n); + if (r->e != NULL) BN_clear_free(r->e); + if (r->d != NULL) BN_clear_free(r->d); + if (r->p != NULL) BN_clear_free(r->p); + if (r->q != NULL) BN_clear_free(r->q); + if (r->dmp1 != NULL) BN_clear_free(r->dmp1); + if (r->dmq1 != NULL) BN_clear_free(r->dmq1); + if (r->iqmp != NULL) BN_clear_free(r->iqmp); + if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); + if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); + OPENSSL_free(r); + } + +int RSA_up_ref(RSA *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); +#ifdef REF_PRINT + REF_PRINT("RSA",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "RSA_up_ref, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, + new_func, dup_func, free_func); + } + +int RSA_set_ex_data(RSA *r, int idx, void *arg) + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +void *RSA_get_ex_data(const RSA *r, int idx) + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + +int RSA_size(const RSA *r) + { + return(BN_num_bytes(r->n)); + } + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -76,13 +294,6 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } @@ -95,19 +306,12 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_size(const RSA *r) +int RSA_flags(const RSA *r) { - return(BN_num_bytes(r->n)); + return((r == NULL)?0:r->meth->flags); } void RSA_blinding_off(RSA *rsa) @@ -222,7 +426,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); goto err; } - BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); + CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); err: BN_CTX_end(ctx); if (in_ctx == NULL) @@ -232,3 +436,48 @@ err: return ret; } + +int RSA_memory_lock(RSA *r) + { + int i,j,k,off; + char *p; + BIGNUM *bn,**t[6],*b; + BN_ULONG *ul; + + if (r->d == NULL) return(1); + t[0]= &r->d; + t[1]= &r->p; + t[2]= &r->q; + t[3]= &r->dmp1; + t[4]= &r->dmq1; + t[5]= &r->iqmp; + k=sizeof(BIGNUM)*6; + off=k/sizeof(BN_ULONG)+1; + j=1; + for (i=0; i<6; i++) + j+= (*t[i])->top; + if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) + { + RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); + return(0); + } + bn=(BIGNUM *)p; + ul=(BN_ULONG *)&(p[off]); + for (i=0; i<6; i++) + { + b= *(t[i]); + *(t[i])= &(bn[i]); + memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); + bn[i].flags=BN_FLG_STATIC_DATA; + bn[i].d=ul; + memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); + ul+=b->top; + BN_clear_free(b); + } + + /* I should fix this so it can still be done */ + r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); + + r->bignum_data=p; + return(1); + } diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c index 4d30c9d2d3..e238d10e5c 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c @@ -28,7 +28,7 @@ #include #include -int MGF1(unsigned char *mask, long len, +static int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen); int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, @@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, return 0; } - dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); - if (dbmask == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return 0; - } - to[0] = 0; seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; @@ -76,11 +69,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 20); #endif - MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0) + return 0; for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) db[i] ^= dbmask[i]; - MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0) + return 0; for (i = 0; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= seedmask[i]; @@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, maskeddb = padded_from + SHA_DIGEST_LENGTH; - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); + if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) + return -1; for (i = 0; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= padded_from[i]; - MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) + return -1; for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; @@ -187,7 +191,9 @@ int PKCS1_MGF1(unsigned char *mask, long len, int mdlen; EVP_MD_CTX_init(&c); - mdlen = M_EVP_MD_size(dgst); + mdlen = EVP_MD_size(dgst); + if (mdlen < 0) + return -1; for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); @@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len, return 0; } -int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) +static int MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen) { return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); } diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c index 5488c06f6d..0be4ec7fb0 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -62,6 +62,7 @@ #include #include #include +#include "rsa_locl.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, i = SSL_SIG_LENGTH; s = m; } else { - /* NB: in FIPS mode block anything that isn't a TLS signature */ -#ifdef OPENSSL_FIPS - if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif sig.algor= &algor; sig.algor->algorithm=OBJ_nid2obj(type); if (sig.algor->algorithm == NULL) @@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, return(ret); } -int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +int int_rsa_verify(int dtype, const unsigned char *m, + unsigned int m_len, + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, + RSA *rsa) { int i,ret=0,sigtype; unsigned char *s; @@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, if (siglen != (unsigned int)RSA_size(rsa)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); return(0); } - if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) + if((dtype == NID_md5_sha1) && rm) { - return rsa->meth->rsa_verify(dtype, m, m_len, - sigbuf, siglen, rsa); + i = RSA_public_decrypt((int)siglen, + sigbuf,rm,rsa,RSA_PKCS1_PADDING); + if (i <= 0) + return 0; + *prm_len = i; + return 1; } s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) { - RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } - if(dtype == NID_md5_sha1) - { - if (m_len != SSL_SIG_LENGTH) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); + if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; - } - } - /* NB: in FIPS mode block anything that isn't a TLS signature */ -#ifdef OPENSSL_FIPS - else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) - { - RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return 0; - } -#endif + } i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); if (i <= 0) goto err; @@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, /* Special case: SSL signature */ if(dtype == NID_md5_sha1) { if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); else ret = 1; } else { const unsigned char *p=s; @@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, /* Excess data can be used to create forgeries */ if(p != s+i) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } @@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, if(sig->algor->parameter && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } @@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, } else { - RSAerr(RSA_F_RSA_VERIFY, + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); goto err; } } - if ( ((unsigned int)sig->digest->length != m_len) || + if (rm) + { + const EVP_MD *md; + md = EVP_get_digestbynid(dtype); + if (md && (EVP_MD_size(md) != sig->digest->length)) + RSAerr(RSA_F_INT_RSA_VERIFY, + RSA_R_INVALID_DIGEST_LENGTH); + else + { + memcpy(rm, sig->digest->data, + sig->digest->length); + *prm_len = sig->digest->length; + ret = 1; + } + } + else if (((unsigned int)sig->digest->length != m_len) || (memcmp(m,sig->digest->data,m_len) != 0)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); } else ret=1; @@ -267,3 +270,16 @@ err: return(ret); } +int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + const unsigned char *sigbuf, unsigned int siglen, + RSA *rsa) + { + + if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) + { + return rsa->meth->rsa_verify(dtype, m, m_len, + sigbuf, siglen, rsa); + } + + return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); + } diff --git a/src/lib/libssl/src/crypto/rsa/rsa_test.c b/src/lib/libssl/src/crypto/rsa/rsa_test.c index 4080de8bcf..c8705a0f6e 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_test.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_test.c @@ -328,7 +328,7 @@ int main(int argc, char *argv[]) } CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); + ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); diff --git a/src/lib/libssl/src/crypto/sha/Makefile b/src/lib/libssl/src/crypto/sha/Makefile index f4741b9ee6..e6eccb05f9 100644 --- a/src/lib/libssl/src/crypto/sha/Makefile +++ b/src/lib/libssl/src/crypto/sha/Makefile @@ -38,25 +38,16 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib -# ELF -sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@) -# COFF -sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@) -# a.out -sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) -s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@) +sha1-586.s: asm/sha1-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha1-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha256-586.s: asm/sha256-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha256-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ +sha512-586.s: asm/sha512-586.pl ../perlasm/x86asm.pl + $(PERL) asm/sha512-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ sha1-ia64.s: asm/sha1-ia64.pl (cd asm; $(PERL) sha1-ia64.pl ../$@ $(CFLAGS)) @@ -65,10 +56,25 @@ sha256-ia64.s: asm/sha512-ia64.pl sha512-ia64.s: asm/sha512-ia64.pl (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS)) +sha256-armv4.s: asm/sha256-armv4.pl + $(PERL) $< $@ + # Solaris make has to be explicitly told -sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@ -sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ -sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@ +sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ +sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $(PERLASM_SCHEME) $@ +sha1-sparcv9.s: asm/sha1-sparcv9.pl; $(PERL) asm/sha1-sparcv9.pl $@ $(CFLAGS) +sha256-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) +sha512-sparcv9.s:asm/sha512-sparcv9.pl; $(PERL) asm/sha512-sparcv9.pl $@ $(CFLAGS) + +sha1-ppc.s: asm/sha1-ppc.pl; $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@ +sha256-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ +sha512-ppc.s: asm/sha512-ppc.pl; $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@ + +# GNU make "catch all" +sha1-%.s: asm/sha1-%.pl; $(PERL) $< $@ +sha256-%.s: asm/sha512-%.pl; $(PERL) $< $@ +sha512-%.s: asm/sha512-%.pl; $(PERL) $< $@ files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -113,31 +119,24 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha1_one.o: sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/fips.h -sha1dgst.o: ../../include/openssl/opensslconf.h +sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha256.o: ../../include/openssl/fips.h ../../include/openssl/opensslconf.h -sha256.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha256.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha256.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha256.o: ../md32_common.h sha256.c +sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c sha512.o: ../../e_os.h ../../include/openssl/bio.h sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha512.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha512.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha512.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha512.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha512.o: ../../include/openssl/symhacks.h ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -sha_dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +sha512.o: ../cryptlib.h sha512.c +sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h +sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl index a787dd37da..a1f876281a 100644 --- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl +++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl @@ -215,5 +215,6 @@ sub BODY_40_59 &stack_pop(16); &function_end("sha1_block_data_order"); +&asciz("SHA1 block transform for x86, CRYPTOGAMS by "); &asm_finish(); diff --git a/src/lib/libssl/src/crypto/sha/sha.h b/src/lib/libssl/src/crypto/sha/sha.h index 47a2c29f66..16cacf9fc0 100644 --- a/src/lib/libssl/src/crypto/sha/sha.h +++ b/src/lib/libssl/src/crypto/sha/sha.h @@ -81,7 +81,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define SHA_LONG unsigned long #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define SHA_LONG unsigned long @@ -106,9 +106,6 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 -#ifdef OPENSSL_FIPS -int private_SHA_Init(SHA_CTX *c); -#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c index 4831174198..7c65b60276 100644 --- a/src/lib/libssl/src/crypto/sha/sha1_one.c +++ b/src/lib/libssl/src/crypto/sha/sha1_one.c @@ -61,7 +61,7 @@ #include #include -#if !defined(OPENSSL_NO_SHA1) +#ifndef OPENSSL_NO_SHA1 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; diff --git a/src/lib/libssl/src/crypto/sha/sha1dgst.c b/src/lib/libssl/src/crypto/sha/sha1dgst.c index d31f0781a0..50d1925cde 100644 --- a/src/lib/libssl/src/crypto/sha/sha1dgst.c +++ b/src/lib/libssl/src/crypto/sha/sha1dgst.c @@ -63,10 +63,6 @@ #define SHA_1 #include -#ifdef OPENSSL_FIPS -#include -#endif - const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; diff --git a/src/lib/libssl/src/crypto/sha/sha_dgst.c b/src/lib/libssl/src/crypto/sha/sha_dgst.c index 598f4d721a..70eb56032c 100644 --- a/src/lib/libssl/src/crypto/sha/sha_dgst.c +++ b/src/lib/libssl/src/crypto/sha/sha_dgst.c @@ -57,12 +57,6 @@ */ #include -#include -#ifdef OPENSSL_FIPS -#include -#endif - -#include #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/src/lib/libssl/src/crypto/sha/sha_locl.h b/src/lib/libssl/src/crypto/sha/sha_locl.h index da46ddfe79..672c26eee1 100644 --- a/src/lib/libssl/src/crypto/sha/sha_locl.h +++ b/src/lib/libssl/src/crypto/sha/sha_locl.h @@ -122,23 +122,14 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL -#if defined(SHA_0) && defined(OPENSSL_FIPS) -FIPS_NON_FIPS_MD_Init(SHA) -#else int HASH_INIT (SHA_CTX *c) -#endif { -#if defined(SHA_1) && defined(OPENSSL_FIPS) - FIPS_selftest_check(); -#endif + memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; c->h3=INIT_DATA_h3; c->h4=INIT_DATA_h4; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } diff --git a/src/lib/libssl/src/crypto/sha/shatest.c b/src/lib/libssl/src/crypto/sha/shatest.c index ed0fe06a7b..27614646d1 100644 --- a/src/lib/libssl/src/crypto/sha/shatest.c +++ b/src/lib/libssl/src/crypto/sha/shatest.c @@ -123,9 +123,9 @@ int main(int argc, char *argv[]) i=1; while (*P != NULL) { - EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL); + EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL); p=pt(md); - if (strcmp(p,(char *)*R) != 0) + if (strcmp(p,*R) != 0) { printf("error calculating SHA on '%s'\n",*P); printf("got %s instead of %s\n",p,*R); diff --git a/src/lib/libssl/src/crypto/stack/Makefile b/src/lib/libssl/src/crypto/stack/Makefile index 489a77b93c..5327692ac8 100644 --- a/src/lib/libssl/src/crypto/stack/Makefile +++ b/src/lib/libssl/src/crypto/stack/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h index 40b17902e0..891cb84a51 100644 --- a/src/lib/libssl/src/crypto/stack/safestack.h +++ b/src/lib/libssl/src/crypto/stack/safestack.h @@ -57,18 +57,27 @@ #include -#ifdef DEBUG_SAFESTACK - #ifndef CHECKED_PTR_OF #define CHECKED_PTR_OF(type, p) \ ((void*) (1 ? p : (type*)0)) #endif +/* In C++ we get problems because an explicit cast is needed from (void *) + * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +#define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + #define CHECKED_SK_FREE_FUNC(type, p) \ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) +#define CHECKED_SK_FREE_FUNC2(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type))0))) + #define CHECKED_SK_CMP_FUNC(type, p) \ - ((int (*)(const char * const *, const char * const *)) \ + ((int (*)(const void *, const void *)) \ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) #define STACK_OF(type) struct stack_st_##type @@ -77,11 +86,51 @@ #define DECLARE_STACK_OF(type) \ STACK_OF(type) \ { \ - STACK stack; \ + _STACK stack; \ + }; +#define DECLARE_SPECIAL_STACK_OF(type, type2) \ +STACK_OF(type) \ + { \ + _STACK stack; \ }; #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ + +/* Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * +o * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as + * mentioned above, instead of a single char each entry is a + * NUL-terminated array of chars. So, we have to implement STRING + * specially for STACK_OF. This is dealt with in the autogenerated + * macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* Similarly, we sometimes use a block of characters, NOT + * nul-terminated. These should also be distinguished from "normal" + * stacks. */ + +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk__... instead */ #define SKM_sk_new(type, cmp) \ @@ -89,52 +138,55 @@ STACK_OF(type) \ #define SKM_sk_new_null(type) \ ((STACK_OF(type) *)sk_new_null()) #define SKM_sk_free(type, st) \ - sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) + sk_free(CHECKED_STACK_OF(type, st)) #define SKM_sk_num(type, st) \ - sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) + sk_num(CHECKED_STACK_OF(type, st)) #define SKM_sk_value(type, st,i) \ - ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) #define SKM_sk_set(type, st,i,val) \ - sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) #define SKM_sk_zero(type, st) \ - sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) -#define SKM_sk_push(type, st,val) \ - sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -#define SKM_sk_unshift(type, st,val) \ - sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -#define SKM_sk_find(type, st,val) \ - sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) -#define SKM_sk_delete(type, st,i) \ - (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) -#define SKM_sk_delete_ptr(type, st,ptr) \ - (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) -#define SKM_sk_insert(type, st,val,i) \ - sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) -#define SKM_sk_set_cmp_func(type, st,cmp) \ + sk_zero(CHECKED_STACK_OF(type, st)) +#define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +#define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +#define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +#define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +#define SKM_sk_set_cmp_func(type, st, cmp) \ ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) #define SKM_sk_dup(type, st) \ - (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) -#define SKM_sk_pop_free(type, st,free_func) \ - sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) #define SKM_sk_shift(type, st) \ - (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) + (type *)sk_shift(CHECKED_STACK_OF(type, st)) #define SKM_sk_pop(type, st) \ - (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) + (type *)sk_pop(CHECKED_STACK_OF(type, st)) #define SKM_sk_sort(type, st) \ - sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) + sk_sort(CHECKED_STACK_OF(type, st)) #define SKM_sk_is_sorted(type, st) \ - sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) + sk_is_sorted(CHECKED_STACK_OF(type, st)) #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \ + (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \ pp, length, \ CHECKED_D2I_OF(type, d2i_func), \ CHECKED_SK_FREE_FUNC(type, free_func), \ ex_tag, ex_class) #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ + i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ CHECKED_I2D_OF(type, i2d_func), \ ex_tag, ex_class, is_set) @@ -151,72 +203,8 @@ STACK_OF(type) \ CHECKED_SK_FREE_FUNC(type, free_func), \ pass, passlen, oct, seq) -#else - -#define STACK_OF(type) STACK -#define PREDECLARE_STACK_OF(type) /* nada */ -#define DECLARE_STACK_OF(type) /* nada */ -#define IMPLEMENT_STACK_OF(type) /* nada */ - -#define SKM_sk_new(type, cmp) \ - sk_new((int (*)(const char * const *, const char * const *))(cmp)) -#define SKM_sk_new_null(type) \ - sk_new_null() -#define SKM_sk_free(type, st) \ - sk_free(st) -#define SKM_sk_num(type, st) \ - sk_num(st) -#define SKM_sk_value(type, st,i) \ - ((type *)sk_value(st, i)) -#define SKM_sk_set(type, st,i,val) \ - ((type *)sk_set(st, i,(char *)val)) -#define SKM_sk_zero(type, st) \ - sk_zero(st) -#define SKM_sk_push(type, st,val) \ - sk_push(st, (char *)val) -#define SKM_sk_unshift(type, st,val) \ - sk_unshift(st, (char *)val) -#define SKM_sk_find(type, st,val) \ - sk_find(st, (char *)val) -#define SKM_sk_delete(type, st,i) \ - ((type *)sk_delete(st, i)) -#define SKM_sk_delete_ptr(type, st,ptr) \ - ((type *)sk_delete_ptr(st,(char *)ptr)) -#define SKM_sk_insert(type, st,val,i) \ - sk_insert(st, (char *)val, i) -#define SKM_sk_set_cmp_func(type, st,cmp) \ - ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) -#define SKM_sk_dup(type, st) \ - sk_dup(st) -#define SKM_sk_pop_free(type, st,free_func) \ - sk_pop_free(st, (void (*)(void *))free_func) -#define SKM_sk_shift(type, st) \ - ((type *)sk_shift(st)) -#define SKM_sk_pop(type, st) \ - ((type *)sk_pop(st)) -#define SKM_sk_sort(type, st) \ - sk_sort(st) -#define SKM_sk_is_sorted(type, st) \ - sk_is_sorted(st) - -#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) -#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) - -#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) -#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) - -#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) - -#endif - /* This block of defines is updated by util/mkstack.pl, please do not touch! */ -#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) #define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) #define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) @@ -238,7 +226,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) -#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) +#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) #define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) #define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) #define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) @@ -260,7 +248,7 @@ STACK_OF(type) \ #define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) #define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) -#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) @@ -282,7 +270,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) @@ -304,7 +292,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) #define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) @@ -326,7 +314,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) #define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) @@ -348,7 +336,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) @@ -370,7 +358,29 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) -#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) +#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) + +#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) #define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) @@ -392,7 +402,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -#define sk_BIO_new(st) SKM_sk_new(BIO, (st)) +#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) #define sk_BIO_new_null() SKM_sk_new_null(BIO) #define sk_BIO_free(st) SKM_sk_free(BIO, (st)) #define sk_BIO_num(st) SKM_sk_num(BIO, (st)) @@ -414,7 +424,51 @@ STACK_OF(type) \ #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) -#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) +#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) + +#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) + +#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) #define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) #define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) #define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) @@ -436,7 +490,7 @@ STACK_OF(type) \ #define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) #define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) -#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) #define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) #define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) #define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) @@ -458,7 +512,7 @@ STACK_OF(type) \ #define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) #define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) -#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) #define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) #define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) #define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) @@ -480,7 +534,7 @@ STACK_OF(type) \ #define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) #define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) -#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) #define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) #define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) #define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) @@ -502,7 +556,7 @@ STACK_OF(type) \ #define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) #define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) -#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) @@ -524,7 +578,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) +#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) #define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) #define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) @@ -546,7 +600,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) #define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) +#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) #define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) @@ -568,7 +622,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) #define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) #define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) @@ -590,7 +644,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) @@ -612,7 +666,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) +#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) #define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) @@ -634,7 +688,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) #define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) +#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) #define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) #define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) @@ -656,7 +710,7 @@ STACK_OF(type) \ #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) #define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) #define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) @@ -678,7 +732,117 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) -#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) +#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) + +#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) +#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) + +#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) +#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) +#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) +#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) +#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) +#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) +#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) +#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) +#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) + +#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) + +#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) + +#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) @@ -700,7 +864,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) -#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) #define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) #define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) #define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) @@ -722,7 +886,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) #define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) -#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) #define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) #define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) @@ -744,7 +908,7 @@ STACK_OF(type) \ #define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) #define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) -#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) +#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) #define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) #define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) #define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) @@ -766,7 +930,7 @@ STACK_OF(type) \ #define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) #define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) -#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) #define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) #define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) #define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) @@ -788,7 +952,7 @@ STACK_OF(type) \ #define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) #define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) +#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) @@ -810,7 +974,7 @@ STACK_OF(type) \ #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) #define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) -#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) +#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) #define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) @@ -832,7 +996,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) #define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) +#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) #define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) @@ -854,7 +1018,7 @@ STACK_OF(type) \ #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) #define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) +#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) #define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) #define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) @@ -876,7 +1040,7 @@ STACK_OF(type) \ #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) #define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) -#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) +#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) #define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) @@ -898,7 +1062,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) #define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) +#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) #define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) #define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) @@ -920,7 +1084,7 @@ STACK_OF(type) \ #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) #define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) -#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) +#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) #define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) #define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) @@ -942,7 +1106,7 @@ STACK_OF(type) \ #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) #define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) -#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) +#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) #define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) #define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) @@ -964,7 +1128,29 @@ STACK_OF(type) \ #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) #define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) -#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) +#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) +#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) +#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) +#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) +#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) +#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) +#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) +#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) + +#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) #define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) @@ -986,51 +1172,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) #define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) -#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) -#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) -#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) -#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) -#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) -#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) -#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) -#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) -#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) -#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) -#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) -#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) -#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) -#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) -#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) -#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) - -#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) -#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) -#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) -#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) -#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) -#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) -#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) -#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) -#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) -#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) -#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) -#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) -#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) -#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) -#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) -#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) -#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) - -#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) #define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) @@ -1052,7 +1194,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) #define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) #define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) @@ -1074,7 +1216,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) #define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) @@ -1096,7 +1238,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) @@ -1118,7 +1260,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) -#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) #define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) #define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) #define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) @@ -1140,7 +1282,7 @@ STACK_OF(type) \ #define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) #define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) -#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) @@ -1162,7 +1304,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) @@ -1184,7 +1326,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) +#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) #define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) #define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) @@ -1206,7 +1348,7 @@ STACK_OF(type) \ #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) #define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) #define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) @@ -1228,7 +1370,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) #define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) @@ -1250,7 +1392,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) +#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) #define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) #define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) @@ -1272,7 +1414,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) #define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) #define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) @@ -1294,7 +1436,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) -#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) #define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) #define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) #define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) @@ -1316,7 +1458,7 @@ STACK_OF(type) \ #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) -#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) @@ -1338,7 +1480,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) +#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) #define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) #define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) @@ -1360,7 +1502,51 @@ STACK_OF(type) \ #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) -#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) + +#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) + +#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) #define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) #define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) #define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) @@ -1382,7 +1568,7 @@ STACK_OF(type) \ #define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) #define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) -#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) +#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) #define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) @@ -1404,7 +1590,7 @@ STACK_OF(type) \ #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) #define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) +#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) #define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) @@ -1426,7 +1612,7 @@ STACK_OF(type) \ #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) #define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -#define sk_X509_new(st) SKM_sk_new(X509, (st)) +#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) #define sk_X509_new_null() SKM_sk_new_null(X509) #define sk_X509_free(st) SKM_sk_free(X509, (st)) #define sk_X509_num(st) SKM_sk_num(X509, (st)) @@ -1448,7 +1634,7 @@ STACK_OF(type) \ #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) #define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) #define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) @@ -1470,7 +1656,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) +#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) #define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) #define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) @@ -1492,7 +1678,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) #define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) #define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) @@ -1514,7 +1700,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) +#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) #define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) #define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) @@ -1536,7 +1722,7 @@ STACK_OF(type) \ #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) #define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) #define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) @@ -1558,7 +1744,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) +#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) #define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) #define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) @@ -1580,7 +1766,7 @@ STACK_OF(type) \ #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) #define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) #define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) @@ -1602,7 +1788,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) +#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) #define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) @@ -1624,7 +1810,7 @@ STACK_OF(type) \ #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) #define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) #define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) @@ -1646,7 +1832,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) +#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) #define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) #define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) @@ -1668,7 +1854,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) #define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) #define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) #define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) @@ -1690,7 +1876,7 @@ STACK_OF(type) \ #define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) #define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) -#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) #define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) #define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) #define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) @@ -1712,29 +1898,7 @@ STACK_OF(type) \ #define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) #define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) -#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) -#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) -#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) -#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) -#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) -#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) -#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) -#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) -#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) -#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) -#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) - -#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) @@ -1756,7 +1920,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) +#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) #define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) @@ -1778,7 +1942,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) #define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) +#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) #define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) #define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) @@ -1800,7 +1964,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) -#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) #define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) #define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) #define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) @@ -1822,6 +1986,125 @@ STACK_OF(type) \ #define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) #define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) +#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) +#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) +#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) +#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) +#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) +#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) +#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) +#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) +#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) +#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) +#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) +#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) +#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) +#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) +#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) +#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) +#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) +#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) +#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) +#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) +#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) + +#define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +#define sk_void_new_null() SKM_sk_new_null(void) +#define sk_void_free(st) SKM_sk_free(void, (st)) +#define sk_void_num(st) SKM_sk_num(void, (st)) +#define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +#define sk_void_zero(st) SKM_sk_zero(void, (st)) +#define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +#define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) +#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +#define sk_void_dup(st) SKM_sk_dup(void, st) +#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +#define sk_void_shift(st) SKM_sk_shift(void, (st)) +#define sk_void_pop(st) SKM_sk_pop(void, (st)) +#define sk_void_sort(st) SKM_sk_sort(void, (st)) +#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) + +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) + + +#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i)) +#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_PSTRING), st)) +#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + + +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + + #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1858,6 +2141,15 @@ STACK_OF(type) \ #define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) +#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) + #define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -1867,6 +2159,24 @@ STACK_OF(type) \ #define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) +#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) + +#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ + SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ + SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ + SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) +#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ + SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) + #define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) #define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ @@ -2025,6 +2335,240 @@ STACK_OF(type) \ #define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) + +#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_stats_bio(lh,out) \ + LHM_lh_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) + +#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) +#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) +#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) +#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) +#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) +#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) +#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) +#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) +#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) +#define lh_APP_INFO_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_stats_bio(lh,out) \ + LHM_lh_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) + +#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) +#define lh_CONF_VALUE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_stats_bio(lh,out) \ + LHM_lh_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) + +#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) +#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) +#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) +#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) + +#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) +#define lh_ERR_STATE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) + +#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) + +#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) + +#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) +#define lh_FUNCTION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_stats_bio(lh,out) \ + LHM_lh_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) + +#define lh_MEM_new() LHM_lh_new(MEM,mem) +#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) +#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) +#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) +#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) +#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) +#define lh_MEM_error(lh) LHM_lh_error(MEM,lh) +#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) +#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) +#define lh_MEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(MEM,lh,out) +#define lh_MEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(MEM,lh,out) +#define lh_MEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(MEM,lh,out) +#define lh_MEM_free(lh) LHM_lh_free(MEM,lh) + +#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) +#define lh_OBJ_NAME_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_stats_bio(lh,out) \ + LHM_lh_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) + +#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) +#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) +#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) + +#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) + +#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) +#define lh_SSL_SESSION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_stats_bio(lh,out) \ + LHM_lh_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) /* End of util/mkstack.pl block, you may now edit :-) */ #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/src/lib/libssl/src/crypto/stack/stack.c b/src/lib/libssl/src/crypto/stack/stack.c index 378bd7c796..76cf1a1168 100644 --- a/src/lib/libssl/src/crypto/stack/stack.c +++ b/src/lib/libssl/src/crypto/stack/stack.c @@ -77,10 +77,10 @@ const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT; #include -int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *))) - (const char * const *, const char * const *) +int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *))) + (const void *, const void *) { - int (*old)(const char * const *,const char * const *)=sk->comp; + int (*old)(const void *,const void *)=sk->comp; if (sk->comp != c) sk->sorted=0; @@ -89,9 +89,9 @@ int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * cons return old; } -STACK *sk_dup(STACK *sk) +_STACK *sk_dup(_STACK *sk) { - STACK *ret; + _STACK *ret; char **s; if ((ret=sk_new(sk->comp)) == NULL) goto err; @@ -112,19 +112,19 @@ err: return(NULL); } -STACK *sk_new_null(void) +_STACK *sk_new_null(void) { - return sk_new((int (*)(const char * const *, const char * const *))0); + return sk_new((int (*)(const void *, const void *))0); } -STACK *sk_new(int (*c)(const char * const *, const char * const *)) +_STACK *sk_new(int (*c)(const void *, const void *)) { - STACK *ret; + _STACK *ret; int i; - if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL) + if ((ret=OPENSSL_malloc(sizeof(_STACK))) == NULL) goto err; - if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) + if ((ret->data=OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) goto err; for (i=0; idata[i]=NULL; @@ -139,14 +139,14 @@ err: return(NULL); } -int sk_insert(STACK *st, char *data, int loc) +int sk_insert(_STACK *st, void *data, int loc) { char **s; if(st == NULL) return 0; if (st->num_alloc <= st->num+1) { - s=(char **)OPENSSL_realloc((char *)st->data, + s=OPENSSL_realloc((char *)st->data, (unsigned int)sizeof(char *)*st->num_alloc*2); if (s == NULL) return(0); @@ -160,14 +160,14 @@ int sk_insert(STACK *st, char *data, int loc) int i; char **f,**t; - f=(char **)st->data; - t=(char **)&(st->data[1]); + f=st->data; + t=&(st->data[1]); for (i=st->num; i>=loc; i--) t[i]=f[i]; #ifdef undef /* no memmove on sunos :-( */ - memmove( (char *)&(st->data[loc+1]), - (char *)&(st->data[loc]), + memmove(&(st->data[loc+1]), + &(st->data[loc]), sizeof(char *)*(st->num-loc)); #endif st->data[loc]=data; @@ -177,7 +177,7 @@ int sk_insert(STACK *st, char *data, int loc) return(st->num); } -char *sk_delete_ptr(STACK *st, char *p) +void *sk_delete_ptr(_STACK *st, void *p) { int i; @@ -187,7 +187,7 @@ char *sk_delete_ptr(STACK *st, char *p) return(NULL); } -char *sk_delete(STACK *st, int loc) +void *sk_delete(_STACK *st, int loc) { char *ret; int i,j; @@ -210,11 +210,11 @@ char *sk_delete(STACK *st, int loc) return(ret); } -static int internal_find(STACK *st, char *data, int ret_val_options) +static int internal_find(_STACK *st, void *data, int ret_val_options) { - char **r; + const void * const *r; int i; - int (*comp_func)(const void *,const void *); + if(st == NULL) return -1; if (st->comp == NULL) @@ -226,53 +226,46 @@ static int internal_find(STACK *st, char *data, int ret_val_options) } sk_sort(st); if (data == NULL) return(-1); - /* This (and the "qsort" below) are the two places in OpenSSL - * where we need to convert from our standard (type **,type **) - * compare callback type to the (void *,void *) type required by - * bsearch. However, the "data" it is being called(back) with are - * not (type *) pointers, but the *pointers* to (type *) pointers, - * so we get our extra level of pointer dereferencing that way. */ - comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, - st->num,sizeof(char *),comp_func,ret_val_options); + r=OBJ_bsearch_ex_(&data,st->data,st->num,sizeof(void *),st->comp, + ret_val_options); if (r == NULL) return(-1); - return((int)(r-st->data)); + return (int)((char **)r-st->data); } -int sk_find(STACK *st, char *data) +int sk_find(_STACK *st, void *data) { return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); } -int sk_find_ex(STACK *st, char *data) +int sk_find_ex(_STACK *st, void *data) { return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); } -int sk_push(STACK *st, char *data) +int sk_push(_STACK *st, void *data) { return(sk_insert(st,data,st->num)); } -int sk_unshift(STACK *st, char *data) +int sk_unshift(_STACK *st, void *data) { return(sk_insert(st,data,0)); } -char *sk_shift(STACK *st) +void *sk_shift(_STACK *st) { if (st == NULL) return(NULL); if (st->num <= 0) return(NULL); return(sk_delete(st,0)); } -char *sk_pop(STACK *st) +void *sk_pop(_STACK *st) { if (st == NULL) return(NULL); if (st->num <= 0) return(NULL); return(sk_delete(st,st->num-1)); } -void sk_zero(STACK *st) +void sk_zero(_STACK *st) { if (st == NULL) return; if (st->num <= 0) return; @@ -280,7 +273,7 @@ void sk_zero(STACK *st) st->num=0; } -void sk_pop_free(STACK *st, void (*func)(void *)) +void sk_pop_free(_STACK *st, void (*func)(void *)) { int i; @@ -291,32 +284,32 @@ void sk_pop_free(STACK *st, void (*func)(void *)) sk_free(st); } -void sk_free(STACK *st) +void sk_free(_STACK *st) { if (st == NULL) return; if (st->data != NULL) OPENSSL_free(st->data); OPENSSL_free(st); } -int sk_num(const STACK *st) +int sk_num(const _STACK *st) { if(st == NULL) return -1; return st->num; } -char *sk_value(const STACK *st, int i) +void *sk_value(const _STACK *st, int i) { if(!st || (i < 0) || (i >= st->num)) return NULL; return st->data[i]; } -char *sk_set(STACK *st, int i, char *value) +void *sk_set(_STACK *st, int i, void *value) { if(!st || (i < 0) || (i >= st->num)) return NULL; return (st->data[i] = value); } -void sk_sort(STACK *st) +void sk_sort(_STACK *st) { if (st && !st->sorted) { @@ -333,7 +326,7 @@ void sk_sort(STACK *st) } } -int sk_is_sorted(const STACK *st) +int sk_is_sorted(const _STACK *st) { if (!st) return 1; diff --git a/src/lib/libssl/src/crypto/stack/stack.h b/src/lib/libssl/src/crypto/stack/stack.h index 5cbb116a8b..ce35e554eb 100644 --- a/src/lib/libssl/src/crypto/stack/stack.h +++ b/src/lib/libssl/src/crypto/stack/stack.h @@ -70,37 +70,36 @@ typedef struct stack_st int sorted; int num_alloc; - int (*comp)(const char * const *, const char * const *); - } STACK; + int (*comp)(const void *, const void *); + } _STACK; /* Use STACK_OF(...) instead */ #define M_sk_num(sk) ((sk) ? (sk)->num:-1) #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) -int sk_num(const STACK *); -char *sk_value(const STACK *, int); +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); -char *sk_set(STACK *, int, char *); +void *sk_set(_STACK *, int, void *); -STACK *sk_new(int (*cmp)(const char * const *, const char * const *)); -STACK *sk_new_null(void); -void sk_free(STACK *); -void sk_pop_free(STACK *st, void (*func)(void *)); -int sk_insert(STACK *sk,char *data,int where); -char *sk_delete(STACK *st,int loc); -char *sk_delete_ptr(STACK *st, char *p); -int sk_find(STACK *st,char *data); -int sk_find_ex(STACK *st,char *data); -int sk_push(STACK *st,char *data); -int sk_unshift(STACK *st,char *data); -char *sk_shift(STACK *st); -char *sk_pop(STACK *st); -void sk_zero(STACK *st); -int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, - const char * const *))) - (const char * const *, const char * const *); -STACK *sk_dup(STACK *st); -void sk_sort(STACK *st); -int sk_is_sorted(const STACK *st); +_STACK *sk_new(int (*cmp)(const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_find_ex(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *))) + (const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h index 8728e6124d..3fd4a81692 100644 --- a/src/lib/libssl/src/crypto/symhacks.h +++ b/src/lib/libssl/src/crypto/symhacks.h @@ -60,12 +60,13 @@ /* Hacks to solve the problem with linkers incapable of handling very long symbol names. In the case of VMS, the limit is 31 characters on VMS for VAX. */ +/* Note that this affects util/libeay.num and util/ssleay.num... you may + change those manually, but that's not recommended, as those files are + controlled centrally and updated on Unix, and the central definition + may disagree with yours, which in turn may come with shareable library + incompatibilities. */ #ifdef OPENSSL_SYS_VMS -/* Hack a long name in crypto/cryptlib.c */ -#undef int_CRYPTO_set_do_dynlock_callback -#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb - /* Hack a long name in crypto/ex_data.c */ #undef CRYPTO_get_ex_data_implementation #define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl @@ -137,6 +138,8 @@ #define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers #undef X509_STORE_CTX_get_explicit_policy #define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +#undef X509_STORE_CTX_get0_current_issuer +#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer /* Hack some long CRYPTO names */ #undef CRYPTO_set_dynlock_destroy_callback @@ -144,9 +147,9 @@ #undef CRYPTO_set_dynlock_create_callback #define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb #undef CRYPTO_set_dynlock_lock_callback -#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb #undef CRYPTO_get_dynlock_lock_callback -#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb #undef CRYPTO_get_dynlock_destroy_callback #define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb #undef CRYPTO_get_dynlock_create_callback @@ -158,7 +161,7 @@ /* Hack some long SSL names */ #undef SSL_CTX_set_default_verify_paths -#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths #undef SSL_get_ex_data_X509_STORE_CTX_idx #define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx #undef SSL_add_file_cert_subjects_to_stack @@ -168,21 +171,38 @@ #undef SSL_CTX_use_certificate_chain_file #define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file #undef SSL_CTX_set_cert_verify_callback -#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb #undef SSL_CTX_set_default_passwd_cb_userdata #define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud #undef SSL_COMP_get_compression_methods #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +#undef ssl_add_clienthello_renegotiate_ext +#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +#undef ssl_add_serverhello_renegotiate_ext +#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +#undef ssl_parse_clienthello_renegotiate_ext +#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +#undef ssl_parse_serverhello_renegotiate_ext +#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext + /* Hack some long ENGINE names */ #undef ENGINE_get_default_BN_mod_exp_crt #define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt #undef ENGINE_set_default_BN_mod_exp_crt #define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt #undef ENGINE_set_load_privkey_function -#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn #undef ENGINE_get_load_privkey_function -#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_unregister_pkey_asn1_meths +#define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths +#undef ENGINE_register_all_pkey_asn1_meths +#define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths +#undef ENGINE_set_default_pkey_asn1_meths +#define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths +#undef ENGINE_get_pkey_asn1_meth_engine +#define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng #undef ENGINE_set_load_ssl_client_cert_function #define ENGINE_set_load_ssl_client_cert_function \ ENGINE_set_ld_ssl_clnt_cert_fn @@ -191,7 +211,7 @@ /* Hack some long OCSP names */ #undef OCSP_REQUEST_get_ext_by_critical -#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit #undef OCSP_BASICRESP_get_ext_by_critical #define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit #undef OCSP_SINGLERESP_get_ext_by_critical @@ -208,6 +228,8 @@ #define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf #undef OPENSSL_add_all_algorithms_conf #define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf +#undef EVP_PKEY_meth_set_verify_recover +#define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover /* Hack some long EC names */ #undef EC_GROUP_set_point_conversion_form @@ -236,15 +258,15 @@ #define EC_POINT_set_compressed_coordinates_GF2m \ EC_POINT_set_compr_coords_GF2m #undef ec_GF2m_simple_group_clear_finish -#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish #undef ec_GF2m_simple_group_check_discriminant #define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim #undef ec_GF2m_simple_point_clear_finish -#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish #undef ec_GF2m_simple_point_set_to_infinity -#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf #undef ec_GF2m_simple_points_make_affine -#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine #undef ec_GF2m_simple_point_set_affine_coordinates #define ec_GF2m_simple_point_set_affine_coordinates \ ec_GF2m_smp_pt_set_af_coords @@ -259,19 +281,19 @@ #undef ec_GFp_simple_group_get_curve_GFp #define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_group_clear_finish -#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish #undef ec_GFp_simple_group_set_generator #define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator #undef ec_GFp_simple_group_get0_generator #define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator #undef ec_GFp_simple_group_get_cofactor -#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor #undef ec_GFp_simple_point_clear_finish -#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish #undef ec_GFp_simple_point_set_to_infinity #define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf #undef ec_GFp_simple_points_make_affine -#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine #undef ec_GFp_simple_group_get_curve_GFp #define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp #undef ec_GFp_simple_set_Jprojective_coordinates_GFp @@ -351,6 +373,14 @@ #undef STORE_method_get_unlock_store_function #define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn +/* Hack some long TS names */ +#undef TS_RESP_CTX_set_status_info_cond +#define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond +#undef TS_RESP_CTX_set_clock_precision_digits +#define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits +#undef TS_CONF_set_clock_precision_digits +#define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits + /* Hack some long CMS names */ #undef CMS_RecipientInfo_ktri_get0_algs #define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs @@ -365,24 +395,34 @@ #undef cms_SignerIdentifier_get0_signer_id #define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +/* Hack some long DTLS1 names */ +#undef dtls1_retransmit_buffered_messages +#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + +/* Hack some long UI names */ +#undef UI_method_get_prompt_constructor +#define UI_method_get_prompt_constructor UI_method_get_prompt_constructr +#undef UI_method_set_prompt_constructor +#define UI_method_set_prompt_constructor UI_method_set_prompt_constructr + #endif /* defined OPENSSL_SYS_VMS */ -/* Case insensiteve linking causes problems.... */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +/* Case insensitive linking causes problems.... */ +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) #undef ERR_load_CRYPTO_strings #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings #undef OCSP_crlID_new -#define OCSP_crlID_new OCSP_crlID2_new +#define OCSP_crlID_new OCSP_crlID2_new #undef d2i_ECPARAMETERS -#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS #undef i2d_ECPARAMETERS -#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS #undef d2i_ECPKPARAMETERS -#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS #undef i2d_ECPKPARAMETERS -#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS +#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS /* These functions do not seem to exist! However, I'm paranoid... Original command in x509v3.h: @@ -391,19 +431,19 @@ hide them a little, by giving them an extra 'o' at the beginning of the name... */ #undef X509v3_cleanup_extensions -#define X509v3_cleanup_extensions oX509v3_cleanup_extensions +#define X509v3_cleanup_extensions oX509v3_cleanup_extensions #undef X509v3_add_extension -#define X509v3_add_extension oX509v3_add_extension +#define X509v3_add_extension oX509v3_add_extension #undef X509v3_add_netscape_extensions -#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions #undef X509v3_add_standard_extensions -#define X509v3_add_standard_extensions oX509v3_add_standard_extensions +#define X509v3_add_standard_extensions oX509v3_add_standard_extensions +/* This one clashes with CMS_data_create */ +#undef cms_Data_create +#define cms_Data_create priv_cms_Data_create #endif #endif /* ! defined HEADER_VMS_IDHACKS_H */ -/* This one clashes with CMS_data_create */ -#undef cms_Data_create -#define cms_Data_create priv_cms_Data_create diff --git a/src/lib/libssl/src/crypto/threads/mttest.c b/src/lib/libssl/src/crypto/threads/mttest.c index f6f3df4b6a..eba7aa8a6e 100644 --- a/src/lib/libssl/src/crypto/threads/mttest.c +++ b/src/lib/libssl/src/crypto/threads/mttest.c @@ -117,11 +117,13 @@ void solaris_locking_callback(int mode,int type,char *file,int line); void win32_locking_callback(int mode,int type,char *file,int line); void pthreads_locking_callback(int mode,int type,char *file,int line); void netware_locking_callback(int mode,int type,char *file,int line); +void beos_locking_callback(int mode,int type,const char *file,int line); unsigned long irix_thread_id(void ); unsigned long solaris_thread_id(void ); unsigned long pthreads_thread_id(void ); unsigned long netware_thread_id(void ); +unsigned long beos_thread_id(void ); #if defined(OPENSSL_SYS_NETWARE) static MPKMutex *lock_cs; @@ -1209,3 +1211,100 @@ unsigned long netware_thread_id(void) return(ret); } #endif /* NETWARE */ + +#ifdef BEOS_THREADS + +#include + +static BLocker** lock_cs; +static long* lock_count; + +void thread_setup(void) + { + int i; + + lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*)); + lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + for (i=0; iLock(); + lock_count[type]++; + } + else + { + lock_cs[type]->Unlock(); + } + } + +void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx) + { + SSL_CTX *ssl_ctx[2]; + thread_id thread_ctx[MAX_THREAD_NUMBER]; + int i; + + ssl_ctx[0]=s_ctx; + ssl_ctx[1]=c_ctx; + + for (i=0; ireferences,c_ctx->references); + } + +unsigned long beos_thread_id(void) + { + unsigned long ret; + + ret=(unsigned long)find_thread(NULL); + return(ret); + } + +#endif /* BEOS_THREADS */ diff --git a/src/lib/libssl/src/crypto/threads/pthreads-vms.com b/src/lib/libssl/src/crypto/threads/pthreads-vms.com index 63f5b8cc2e..1cf92bdf57 100644 --- a/src/lib/libssl/src/crypto/threads/pthreads-vms.com +++ b/src/lib/libssl/src/crypto/threads/pthreads-vms.com @@ -2,8 +2,13 @@ $! To compile mttest on VMS. $! $! WARNING: only tested with DEC C so far. $ -$ arch := vax -$ if f$getsyi("CPU") .ge. 128 then arch := axp +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := VAX +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif $ define/user openssl [--.include.openssl] $ cc/def=PTHREADS mttest.c $ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/src/lib/libssl/src/crypto/txt_db/Makefile b/src/lib/libssl/src/crypto/txt_db/Makefile index 87e57b49f6..e6f30331d8 100644 --- a/src/lib/libssl/src/crypto/txt_db/Makefile +++ b/src/lib/libssl/src/crypto/txt_db/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c index 3ed5f72ee9..6f2ce3b5a4 100644 --- a/src/lib/libssl/src/crypto/txt_db/txt_db.c +++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c @@ -77,22 +77,23 @@ TXT_DB *TXT_DB_read(BIO *in, int num) int i,add,n; int size=BUFSIZE; int offset=0; - char *p,**pp,*f; + char *p,*f; + OPENSSL_STRING *pp; BUF_MEM *buf=NULL; if ((buf=BUF_MEM_new()) == NULL) goto err; if (!BUF_MEM_grow(buf,size)) goto err; - if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) + if ((ret=OPENSSL_malloc(sizeof(TXT_DB))) == NULL) goto err; ret->num_fields=num; ret->index=NULL; ret->qual=NULL; - if ((ret->data=sk_new_null()) == NULL) + if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL) goto err; - if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) + if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL) goto err; - if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL) + if ((ret->qual=OPENSSL_malloc(sizeof(*(ret->qual))*num)) == NULL) goto err; for (i=0; idata[offset-1]='\0'; /* blat the '\n' */ - if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; + if (!(p=OPENSSL_malloc(add+offset))) goto err; offset=0; } pp=(char **)p; @@ -155,16 +156,16 @@ TXT_DB *TXT_DB_read(BIO *in, int num) *(p++)='\0'; if ((n != num) || (*f != '\0')) { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ +#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */ fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); #endif er=2; goto err; } pp[n]=p; - if (!sk_push(ret->data,(char *)pp)) + if (!sk_OPENSSL_PSTRING_push(ret->data,pp)) { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ +#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */ fprintf(stderr,"failure in sk_push\n"); #endif er=2; @@ -181,7 +182,7 @@ err: #endif if (ret != NULL) { - if (ret->data != NULL) sk_free(ret->data); + if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data); if (ret->index != NULL) OPENSSL_free(ret->index); if (ret->qual != NULL) OPENSSL_free(ret->qual); if (ret != NULL) OPENSSL_free(ret); @@ -192,10 +193,10 @@ err: return(ret); } -char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value) { - char **ret; - LHASH *lh; + OPENSSL_STRING *ret; + LHASH_OF(OPENSSL_STRING) *lh; if (idx >= db->num_fields) { @@ -208,16 +209,16 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) db->error=DB_ERROR_NO_INDEX; return(NULL); } - ret=(char **)lh_retrieve(lh,value); + ret=lh_OPENSSL_STRING_retrieve(lh,value); db->error=DB_ERROR_OK; return(ret); } -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) { - LHASH *idx; - char **r; + LHASH_OF(OPENSSL_STRING) *idx; + OPENSSL_STRING *r; int i,n; if (field >= db->num_fields) @@ -225,26 +226,27 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), db->error=DB_ERROR_INDEX_OUT_OF_RANGE; return(0); } - if ((idx=lh_new(hash,cmp)) == NULL) + /* FIXME: we lose type checking at this point */ + if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL) { db->error=DB_ERROR_MALLOC; return(0); } - n=sk_num(db->data); + n=sk_OPENSSL_PSTRING_num(db->data); for (i=0; idata,i); + r=sk_OPENSSL_PSTRING_value(db->data,i); if ((qual != NULL) && (qual(r) == 0)) continue; - if ((r=lh_insert(idx,r)) != NULL) + if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL) { db->error=DB_ERROR_INDEX_CLASH; - db->arg1=sk_find(db->data,(char *)r); + db->arg1=sk_OPENSSL_PSTRING_find(db->data,r); db->arg2=i; - lh_free(idx); + lh_OPENSSL_STRING_free(idx); return(0); } } - if (db->index[field] != NULL) lh_free(db->index[field]); + if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]); db->index[field]=idx; db->qual[field]=qual; return(1); @@ -259,11 +261,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db) if ((buf=BUF_MEM_new()) == NULL) goto err; - n=sk_num(db->data); + n=sk_OPENSSL_PSTRING_num(db->data); nn=db->num_fields; for (i=0; idata,i); + pp=sk_OPENSSL_PSTRING_value(db->data,i); l=0; for (j=0; jnum_fields; i++) { @@ -309,7 +311,7 @@ int TXT_DB_insert(TXT_DB *db, char **row) { if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) continue; - r=(char **)lh_retrieve(db->index[i],row); + r=lh_OPENSSL_STRING_retrieve(db->index[i],row); if (r != NULL) { db->error=DB_ERROR_INDEX_CLASH; @@ -320,7 +322,7 @@ int TXT_DB_insert(TXT_DB *db, char **row) } } /* We have passed the index checks, now just append and insert */ - if (!sk_push(db->data,(char *)row)) + if (!sk_OPENSSL_PSTRING_push(db->data,row)) { db->error=DB_ERROR_MALLOC; goto err; @@ -332,7 +334,7 @@ int TXT_DB_insert(TXT_DB *db, char **row) { if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) continue; - lh_insert(db->index[i],row); + (void)lh_OPENSSL_STRING_insert(db->index[i],row); } } return(1); @@ -351,18 +353,18 @@ void TXT_DB_free(TXT_DB *db) if (db->index != NULL) { for (i=db->num_fields-1; i>=0; i--) - if (db->index[i] != NULL) lh_free(db->index[i]); + if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]); OPENSSL_free(db->index); } if (db->qual != NULL) OPENSSL_free(db->qual); if (db->data != NULL) { - for (i=sk_num(db->data)-1; i>=0; i--) + for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--) { /* check if any 'fields' have been allocated * from outside of the initial block */ - p=(char **)sk_value(db->data,i); + p=sk_OPENSSL_PSTRING_value(db->data,i); max=p[db->num_fields]; /* last address */ if (max == NULL) /* new row */ { @@ -378,9 +380,9 @@ void TXT_DB_free(TXT_DB *db) OPENSSL_free(p[n]); } } - OPENSSL_free(sk_value(db->data,i)); + OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i)); } - sk_free(db->data); + sk_OPENSSL_PSTRING_free(db->data); } OPENSSL_free(db); } diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.h b/src/lib/libssl/src/crypto/txt_db/txt_db.h index 307e1ba23f..6abe435bc8 100644 --- a/src/lib/libssl/src/crypto/txt_db/txt_db.h +++ b/src/lib/libssl/src/crypto/txt_db/txt_db.h @@ -77,16 +77,19 @@ extern "C" { #endif +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + typedef struct txt_db_st { int num_fields; - STACK /* char ** */ *data; - LHASH **index; - int (**qual)(char **); + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual)(OPENSSL_STRING *); long error; long arg1; long arg2; - char **arg_row; + OPENSSL_STRING *arg_row; } TXT_DB; #ifndef OPENSSL_NO_BIO @@ -96,11 +99,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db); TXT_DB *TXT_DB_read(char *in, int num); long TXT_DB_write(char *out, TXT_DB *db); #endif -int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); +int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); -char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); -int TXT_DB_insert(TXT_DB *db,char **value); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); #ifdef __cplusplus } diff --git a/src/lib/libssl/src/crypto/ui/Makefile b/src/lib/libssl/src/crypto/ui/Makefile index 4755e206f6..a685659fb4 100644 --- a/src/lib/libssl/src/crypto/ui/Makefile +++ b/src/lib/libssl/src/crypto/ui/Makefile @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/src/lib/libssl/src/crypto/ui/ui.h b/src/lib/libssl/src/crypto/ui/ui.h index 018296412b..2b1cfa2289 100644 --- a/src/lib/libssl/src/crypto/ui/ui.h +++ b/src/lib/libssl/src/crypto/ui/ui.h @@ -287,8 +287,8 @@ UI_METHOD *UI_OpenSSL(void); /* The UI_STRING type is the data structure that contains all the needed info about a string or a prompt, including test data for a verification prompt. */ -DECLARE_STACK_OF(UI_STRING) typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) /* The different types of strings that are currently supported. This is only needed by method authors. */ @@ -310,11 +310,13 @@ int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)); int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); +int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name)); int (*UI_method_get_opener(UI_METHOD *method))(UI*); int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); int (*UI_method_get_flusher(UI_METHOD *method))(UI*); int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); int (*UI_method_get_closer(UI_METHOD *method))(UI*); +char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*); /* The following functions are helpers for method writers to access relevant data from a UI_STRING. */ diff --git a/src/lib/libssl/src/crypto/ui/ui_err.c b/src/lib/libssl/src/crypto/ui/ui_err.c index 786bd0dbc3..a6b96299a0 100644 --- a/src/lib/libssl/src/crypto/ui/ui_err.c +++ b/src/lib/libssl/src/crypto/ui/ui_err.c @@ -1,6 +1,6 @@ /* crypto/ui/ui_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/src/crypto/ui/ui_lib.c b/src/lib/libssl/src/crypto/ui/ui_lib.c index ac0100808f..a8abc27064 100644 --- a/src/lib/libssl/src/crypto/ui/ui_lib.c +++ b/src/lib/libssl/src/crypto/ui/ui_lib.c @@ -693,6 +693,17 @@ int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) return -1; } +int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name)) + { + if (method) + { + method->ui_construct_prompt = prompt_constructor; + return 0; + } + else + return -1; + } + int (*UI_method_get_opener(UI_METHOD *method))(UI*) { if (method) @@ -733,6 +744,14 @@ int (*UI_method_get_closer(UI_METHOD *method))(UI*) return NULL; } +char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*) + { + if (method) + return method->ui_construct_prompt; + else + return NULL; + } + enum UI_string_types UI_get_string_type(UI_STRING *uis) { if (!uis) diff --git a/src/lib/libssl/src/crypto/ui/ui_openssl.c b/src/lib/libssl/src/crypto/ui/ui_openssl.c index ef930bf247..1bc25f48d5 100644 --- a/src/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/src/lib/libssl/src/crypto/ui/ui_openssl.c @@ -122,7 +122,9 @@ * sigaction and fileno included. -pedantic would be more appropriate for * the intended purposes, but we can't prevent users from adding -ansi. */ -#define _POSIX_C_SOURCE 1 +#ifndef _POSIX_C_SOURCE +#define _POSIX_C_SOURCE 2 +#endif #include #include #include @@ -297,7 +299,7 @@ static int is_a_tty; /* Declare static functions */ #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) -static void read_till_nl(FILE *); +static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); @@ -390,14 +392,16 @@ static int read_string(UI *ui, UI_STRING *uis) #if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ -static void read_till_nl(FILE *in) +static int read_till_nl(FILE *in) { #define SIZE 4 char buf[SIZE+1]; do { - fgets(buf,SIZE,in); + if (!fgets(buf,SIZE,in)) + return 0; } while (strchr(buf,'\n') == NULL); + return 1; } static volatile sig_atomic_t intr_signal; @@ -445,7 +449,8 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) *p='\0'; } else - read_till_nl(tty_in); + if (!read_till_nl(tty_in)) + goto error; if (UI_set_result(ui, uis, result) >= 0) ok=1; @@ -473,7 +478,7 @@ static int open_console(UI *ui) CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) +#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS) tty_in=stdin; tty_out=stderr; #else diff --git a/src/lib/libssl/src/crypto/x509/Makefile b/src/lib/libssl/src/crypto/x509/Makefile index 464752b159..72c82278f4 100644 --- a/src/lib/libssl/src/crypto/x509/Makefile +++ b/src/lib/libssl/src/crypto/x509/Makefile @@ -43,12 +43,12 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO links: @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) @@ -89,37 +89,35 @@ by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_dir.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c +by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c by_file.o: ../../e_os.h ../../include/openssl/asn1.h by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -by_file.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -by_file.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c +by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h +by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h +by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +by_file.o: ../cryptlib.h by_file.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_att.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_att.o: ../../include/openssl/opensslconf.h +x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -132,9 +130,8 @@ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_cmp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_cmp.o: ../../include/openssl/opensslconf.h +x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -146,22 +143,22 @@ x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c +x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +x509_d2.o: ../cryptlib.h x509_d2.c x509_def.o: ../../e_os.h ../../include/openssl/asn1.h x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_def.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_def.o: ../../include/openssl/opensslconf.h x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -172,9 +169,8 @@ x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_err.o: ../../include/openssl/opensslconf.h +x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -186,9 +182,8 @@ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_ext.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_ext.o: ../../include/openssl/opensslconf.h +x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -201,22 +196,22 @@ x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_lu.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c +x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_lu.o: ../cryptlib.h x509_lu.c x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_obj.o: ../../include/openssl/opensslconf.h x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -228,21 +223,20 @@ x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_r2x.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h +x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c x509_req.o: ../../e_os.h ../../include/openssl/asn1.h -x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_req.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h x509_req.o: ../../include/openssl/opensslconf.h x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -256,9 +250,9 @@ x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_set.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_set.o: ../../include/openssl/opensslconf.h x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,9 +264,8 @@ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_trs.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_trs.o: ../../include/openssl/opensslconf.h +x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -284,9 +277,9 @@ x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509_txt.o: ../../include/openssl/opensslconf.h x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -298,23 +291,22 @@ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_v3.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c +x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +x509_v3.o: ../cryptlib.h x509_v3.c x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vfy.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vfy.o: ../../include/openssl/opensslconf.h +x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -327,9 +319,8 @@ x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vpm.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -x509_vpm.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_vpm.o: ../../include/openssl/opensslconf.h +x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -341,9 +332,9 @@ x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509cset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509cset.o: ../../include/openssl/opensslconf.h x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,9 +345,9 @@ x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509name.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509name.o: ../../include/openssl/opensslconf.h x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,9 +358,9 @@ x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509rset.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509rset.o: ../../include/openssl/opensslconf.h x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -380,9 +371,9 @@ x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509spki.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509spki.o: ../../include/openssl/opensslconf.h x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -393,9 +384,9 @@ x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x509type.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x509type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x509type.o: ../../include/openssl/opensslconf.h x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -406,12 +397,11 @@ x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -x_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c +x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c index 341e0ba6a4..27ca5150c1 100644 --- a/src/lib/libssl/src/crypto/x509/by_dir.c +++ b/src/lib/libssl/src/crypto/x509/by_dir.c @@ -65,28 +65,36 @@ #ifndef NO_SYS_TYPES_H # include #endif -#ifdef MAC_OS_pre_X -# include -#else +#ifndef OPENSSL_NO_POSIX_IO # include #endif #include #include -#ifdef _WIN32 -#define stat _stat -#endif + +typedef struct lookup_dir_hashes_st + { + unsigned long hash; + int suffix; + } BY_DIR_HASH; + +typedef struct lookup_dir_entry_st + { + char *dir; + int dir_type; + STACK_OF(BY_DIR_HASH) *hashes; + } BY_DIR_ENTRY; typedef struct lookup_dir_st { BUF_MEM *buffer; - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; + STACK_OF(BY_DIR_ENTRY) *dirs; } BY_DIR; +DECLARE_STACK_OF(BY_DIR_HASH) +DECLARE_STACK_OF(BY_DIR_ENTRY) + static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret); static int new_dir(X509_LOOKUP *lu); @@ -127,7 +135,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir=(char *)Getenv(X509_get_default_cert_dir_env()); + dir=(char *)getenv(X509_get_default_cert_dir_env()); if (dir) ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); else @@ -156,34 +164,51 @@ static int new_dir(X509_LOOKUP *lu) OPENSSL_free(a); return(0); } - a->num_dirs=0; a->dirs=NULL; - a->dirs_type=NULL; - a->num_dirs_alloced=0; lu->method_data=(char *)a; return(1); } +static void by_dir_hash_free(BY_DIR_HASH *hash) + { + OPENSSL_free(hash); + } + +static int by_dir_hash_cmp(const BY_DIR_HASH * const *a, + const BY_DIR_HASH * const *b) + { + if ((*a)->hash > (*b)->hash) + return 1; + if ((*a)->hash < (*b)->hash) + return -1; + return 0; + } + +static void by_dir_entry_free(BY_DIR_ENTRY *ent) + { + if (ent->dir) + OPENSSL_free(ent->dir); + if (ent->hashes) + sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); + OPENSSL_free(ent); + } + static void free_dir(X509_LOOKUP *lu) { BY_DIR *a; - int i; a=(BY_DIR *)lu->method_data; - for (i=0; inum_dirs; i++) - if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); - if (a->dirs != NULL) OPENSSL_free(a->dirs); - if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); - if (a->buffer != NULL) BUF_MEM_free(a->buffer); + if (a->dirs != NULL) + sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); + if (a->buffer != NULL) + BUF_MEM_free(a->buffer); OPENSSL_free(a); } static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { int j,len; - int *ip; const char *s,*ss,*p; - char **pp; if (dir == NULL || !*dir) { @@ -197,49 +222,52 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) { if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { + BY_DIR_ENTRY *ent; ss=s; s=p+1; len=(int)(p-ss); if (len == 0) continue; - for (j=0; jnum_dirs; j++) - if (strlen(ctx->dirs[j]) == (size_t)len && - strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) + for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) + { + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); + if (strlen(ent->dir) == (size_t)len && + strncmp(ent->dir,ss,(unsigned int)len) == 0) break; - if (jnum_dirs) + } + if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) continue; - if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) + if (ctx->dirs == NULL) { - ctx->num_dirs_alloced+=10; - pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* - sizeof(char *)); - ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* - sizeof(int)); - if ((pp == NULL) || (ip == NULL)) + ctx->dirs = sk_BY_DIR_ENTRY_new_null(); + if (!ctx->dirs) { X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); - return(0); + return 0; } - memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* - sizeof(char *)); - memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* - sizeof(int)); - if (ctx->dirs != NULL) - OPENSSL_free(ctx->dirs); - if (ctx->dirs_type != NULL) - OPENSSL_free(ctx->dirs_type); - ctx->dirs=pp; - ctx->dirs_type=ip; } - ctx->dirs_type[ctx->num_dirs]=type; - ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); - if (ctx->dirs[ctx->num_dirs] == NULL) return(0); - strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); - ctx->dirs[ctx->num_dirs][len]='\0'; - ctx->num_dirs++; + ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY)); + if (!ent) + return 0; + ent->dir_type = type; + ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); + ent->dir = OPENSSL_malloc((unsigned int)len+1); + if (!ent->dir || !ent->hashes) + { + by_dir_entry_free(ent); + return 0; + } + strncpy(ent->dir,ss,(unsigned int)len); + ent->dir[len] = '\0'; + if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) + { + by_dir_entry_free(ent); + return 0; + } } - if (*p == '\0') break; + if (*p == '\0') + break; } - return(1); + return 1; } static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, @@ -260,7 +288,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, int i,j,k; unsigned long h; BUF_MEM *b=NULL; - struct stat st; X509_OBJECT stmp,*tmp; const char *postfix=""; @@ -296,20 +323,45 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ctx=(BY_DIR *)xl->method_data; h=X509_NAME_hash(name); - for (i=0; inum_dirs; i++) + for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { - j=strlen(ctx->dirs[i])+1+8+6+1+1; + BY_DIR_ENTRY *ent; + int idx; + BY_DIR_HASH htmp, *hent; + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); + j=strlen(ent->dir)+1+8+6+1+1; if (!BUF_MEM_grow(b,j)) { X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); goto finish; } - k=0; + if (type == X509_LU_CRL && ent->hashes) + { + htmp.hash = h; + CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); + if (idx >= 0) + { + hent = sk_BY_DIR_HASH_value(ent->hashes, idx); + k = hent->suffix; + } + else + { + hent = NULL; + k=0; + } + CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + } + else + { + k = 0; + hent = NULL; + } for (;;) { char c = '/'; #ifdef OPENSSL_SYS_VMS - c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; + c = ent->dir[strlen(ent->dir)-1]; if (c != ':' && c != '>' && c != ']') { /* If no separator is present, we assume the @@ -330,41 +382,86 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* This is special. When c == '\0', no directory separator should be added. */ BIO_snprintf(b->data,b->max, - "%s%08lx.%s%d",ctx->dirs[i],h, + "%s%08lx.%s%d",ent->dir,h, postfix,k); } else { BIO_snprintf(b->data,b->max, - "%s%c%08lx.%s%d",ctx->dirs[i],c,h, + "%s%c%08lx.%s%d",ent->dir,c,h, postfix,k); } - k++; +#ifndef OPENSSL_NO_POSIX_IO +#ifdef _WIN32 +#define stat _stat +#endif + { + struct stat st; if (stat(b->data,&st) < 0) break; + } +#endif /* found one. */ if (type == X509_LU_X509) { if ((X509_load_cert_file(xl,b->data, - ctx->dirs_type[i])) == 0) + ent->dir_type)) == 0) break; } else if (type == X509_LU_CRL) { if ((X509_load_crl_file(xl,b->data, - ctx->dirs_type[i])) == 0) + ent->dir_type)) == 0) break; } /* else case will caught higher up */ + k++; } /* we have added it to the cache so now pull * it out again */ - CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); else tmp = NULL; - CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + + /* If a CRL, update the last file suffix added for this */ + + if (type == X509_LU_CRL) + { + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + /* Look for entry again in case another thread added + * an entry first. + */ + if (!hent) + { + htmp.hash = h; + idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); + if (idx >= 0) + hent = + sk_BY_DIR_HASH_value(ent->hashes, idx); + } + if (!hent) + { + hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); + hent->hash = h; + hent->suffix = k; + if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + OPENSSL_free(hent); + ok = 0; + goto finish; + } + } + else if (hent->suffix < k) + hent->suffix = k; + + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + } if (tmp != NULL) { @@ -383,4 +480,3 @@ finish: if (b != NULL) BUF_MEM_free(b); return(ok); } - diff --git a/src/lib/libssl/src/crypto/x509/by_file.c b/src/lib/libssl/src/crypto/x509/by_file.c index a5e0d4aefa..57b08ee094 100644 --- a/src/lib/libssl/src/crypto/x509/by_file.c +++ b/src/lib/libssl/src/crypto/x509/by_file.c @@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = (char *)Getenv(X509_get_default_cert_file_env()); + file = (char *)getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx,file, X509_FILETYPE_PEM) != 0); diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index e71b5257e5..604f4fb27f 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h @@ -116,6 +116,7 @@ extern "C" { /* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME #undef X509_CERT_PAIR +#undef X509_EXTENSIONS #endif #define X509_FILETYPE_PEM 1 @@ -156,12 +157,12 @@ typedef struct X509_val_st ASN1_TIME *notAfter; } X509_VAL; -typedef struct X509_pubkey_st +struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; EVP_PKEY *pkey; - } X509_PUBKEY; + }; typedef struct X509_sig_st { @@ -190,7 +191,9 @@ struct X509_name_st #else char *bytes; #endif - unsigned long hash; /* Keep the hash around for lookups */ +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; } /* X509_NAME */; DECLARE_STACK_OF(X509_NAME) @@ -289,8 +292,11 @@ struct x509_st unsigned long ex_xkusage; unsigned long ex_nscert; ASN1_OCTET_STRING *skid; - struct AUTHORITY_KEYID_st *akid; + AUTHORITY_KEYID *akid; X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; #ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; @@ -333,10 +339,11 @@ typedef struct x509_cert_pair_st { #define X509_TRUST_OBJECT_SIGN 5 #define X509_TRUST_OCSP_SIGN 6 #define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 /* Keep these up to date! */ #define X509_TRUST_MIN 1 -#define X509_TRUST_MAX 7 +#define X509_TRUST_MAX 8 /* trust_flags values */ @@ -423,13 +430,17 @@ typedef struct x509_cert_pair_st { XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -typedef struct X509_revoked_st +struct x509_revoked_st { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; int sequence; /* load sequence */ - } X509_REVOKED; + }; DECLARE_STACK_OF(X509_REVOKED) DECLARE_ASN1_SET_OF(X509_REVOKED) @@ -453,6 +464,22 @@ struct X509_crl_st X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; +#ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +#endif + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; } /* X509_CRL */; DECLARE_STACK_OF(X509_CRL) @@ -551,18 +578,19 @@ X509_ALGOR *prf; /* PKCS#8 private key info structure */ -typedef struct pkcs8_priv_key_info_st +struct pkcs8_priv_key_info_st { int broken; /* Flag for various broken formats */ #define PKCS8_OK 0 #define PKCS8_NO_OCTET 1 #define PKCS8_EMBEDDED_PARAM 2 #define PKCS8_NS_DB 3 +#define PKCS8_NEG_PRIVKEY 4 ASN1_INTEGER *version; X509_ALGOR *pkeyalg; ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ STACK_OF(X509_ATTRIBUTE) *attributes; - } PKCS8_PRIV_KEY_INFO; + }; #ifdef __cplusplus } @@ -575,151 +603,6 @@ typedef struct pkcs8_priv_key_info_st extern "C" { #endif -#ifdef SSLEAY_MACROS -#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ - a->signature,(char *)a->cert_info,r) -#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ - a->sig_alg,a->signature,(char *)a->req_info,r) -#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ - a->sig_alg, a->signature,(char *)a->crl,r) - -#define X509_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ - x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) -#define X509_REQ_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ - x->signature, (char *)x->req_info,pkey,md) -#define X509_CRL_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ - x->signature, (char *)x->crl,pkey,md) -#define NETSCAPE_SPKI_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ - x->signature, (char *)x->spkac,pkey,md) - -#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ - (char *(*)())d2i_X509,(char *)x509) -#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ - (int (*)())i2d_X509_ATTRIBUTE, \ - (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) -#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ - (int (*)())i2d_X509_EXTENSION, \ - (char *(*)())d2i_X509_EXTENSION,(char *)ex) -#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) -#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) -#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) -#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) - -#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ - (char *(*)())d2i_X509_CRL,(char *)crl) -#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ - (unsigned char *)crl) -#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ - (unsigned char *)crl) - -#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ - (char *(*)())d2i_PKCS7,(char *)p7) -#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ - (unsigned char *)p7) -#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ - (unsigned char *)p7) - -#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ - (char *(*)())d2i_X509_REQ,(char *)req) -#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ - (unsigned char *)req) -#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ - (unsigned char *)req) - -#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ - (char *(*)())d2i_RSAPublicKey,(char *)rsa) -#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ - (char *(*)())d2i_RSAPrivateKey,(char *)rsa) - -#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ - (unsigned char *)rsa) - -#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ - (unsigned char *)rsa) - -#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ - (unsigned char *)dsa) -#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ - (unsigned char *)dsa) - -#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ - EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ - (unsigned char **)(ecdsa)) -#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ - (unsigned char *)ecdsa) -#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ - EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ - (unsigned char **)(ecdsa)) -#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ - (unsigned char *)ecdsa) - -#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ - (char *(*)())d2i_X509_ALGOR,(char *)xn) - -#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ - (char *(*)())d2i_X509_NAME,(char *)xn) -#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ - (int (*)())i2d_X509_NAME_ENTRY, \ - (char *(*)())d2i_X509_NAME_ENTRY,\ - (char *)ne) - -#define X509_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) -#define X509_NAME_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - #define X509_EXT_PACK_UNKNOWN 1 #define X509_EXT_PACK_STRING 2 @@ -740,6 +623,18 @@ extern "C" { #define X509_CRL_get_issuer(x) ((x)->crl->issuer) #define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new( + int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); + /* This one is only used so that a binary form can output, as in * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) @@ -747,7 +642,6 @@ extern "C" { const char *X509_verify_cert_error_string(long n); -#ifndef SSLEAY_MACROS #ifndef OPENSSL_NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); @@ -872,11 +766,11 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#endif /* !SSLEAY_MACROS */ - -int X509_cmp_time(ASN1_TIME *s, time_t *t); -int X509_cmp_current_time(ASN1_TIME *s); +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME * X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); const char * X509_get_default_cert_area(void ); @@ -964,6 +858,9 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) DECLARE_ASN1_FUNCTIONS(X509_CRL) int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY * X509_PKEY_new(void ); void X509_PKEY_free(X509_PKEY *a); @@ -1007,8 +904,8 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); X509_NAME * X509_get_issuer_name(X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); X509_NAME * X509_get_subject_name(X509 *a); -int X509_set_notBefore(X509 *x, ASN1_TIME *tm); -int X509_set_notAfter(X509 *x, ASN1_TIME *tm); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); EVP_PKEY * X509_get_pubkey(X509 *x); ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); @@ -1045,8 +942,8 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); -int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); @@ -1065,11 +962,18 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); +#ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +#endif + int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); #ifndef OPENSSL_NO_FP_API int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp,X509 *x); @@ -1245,9 +1149,16 @@ DECLARE_ASN1_FUNCTIONS(PBEPARAM) DECLARE_ASN1_FUNCTIONS(PBE2PARAM) DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); /* PKCS#8 utilities */ @@ -1258,6 +1169,22 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + PKCS8_PRIV_KEY_INFO *p8); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + X509_PUBKEY *pub); + int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); X509_TRUST * X509_TRUST_get0(int idx); @@ -1337,7 +1264,10 @@ void ERR_load_X509_strings(void); #define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 +#define X509_R_METHOD_NOT_SUPPORTED 124 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 #define X509_R_SHOULD_RETRY 106 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c index 2faf92514a..4bc9da07e0 100644 --- a/src/lib/libssl/src/crypto/x509/x509_cmp.c +++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c @@ -116,6 +116,13 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); } +#ifndef OPENSSL_NO_SHA +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) + { + return memcmp(a->sha1_hash, b->sha1_hash, 20); + } +#endif + X509_NAME *X509_get_issuer_name(X509 *a) { return(a->cert_info->issuer); @@ -126,6 +133,13 @@ unsigned long X509_issuer_name_hash(X509 *x) return(X509_NAME_hash(x->cert_info->issuer)); } +#ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *x) + { + return(X509_NAME_hash_old(x->cert_info->issuer)); + } +#endif + X509_NAME *X509_get_subject_name(X509 *a) { return(a->cert_info->subject); @@ -141,6 +155,13 @@ unsigned long X509_subject_name_hash(X509 *x) return(X509_NAME_hash(x->cert_info->subject)); } +#ifndef OPENSSL_NO_MD5 +unsigned long X509_subject_name_hash_old(X509 *x) + { + return(X509_NAME_hash_old(x->cert_info->subject)); + } +#endif + #ifndef OPENSSL_NO_SHA /* Compare two certificates: they must be identical for * this to work. NB: Although "cmp" operations are generally @@ -162,177 +183,63 @@ int X509_cmp(const X509 *a, const X509 *b) #endif -/* Case insensitive string comparision */ -static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) -{ - int i; - - if (a->length != b->length) - return (a->length - b->length); - - for (i=0; ilength; i++) - { - int ca, cb; - - ca = tolower(a->data[i]); - cb = tolower(b->data[i]); - - if (ca != cb) - return(ca-cb); - } - return 0; -} - -/* Case insensitive string comparision with space normalization - * Space normalization - ignore leading, trailing spaces, - * multiple spaces between characters are replaced by single space - */ -static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) -{ - unsigned char *pa = NULL, *pb = NULL; - int la, lb; - - la = a->length; - lb = b->length; - pa = a->data; - pb = b->data; - - /* skip leading spaces */ - while (la > 0 && isspace(*pa)) - { - la--; - pa++; - } - while (lb > 0 && isspace(*pb)) - { - lb--; - pb++; - } - - /* skip trailing spaces */ - while (la > 0 && isspace(pa[la-1])) - la--; - while (lb > 0 && isspace(pb[lb-1])) - lb--; - - /* compare strings with space normalization */ - while (la > 0 && lb > 0) +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { - int ca, cb; - - /* compare character */ - ca = tolower(*pa); - cb = tolower(*pb); - if (ca != cb) - return (ca - cb); + int ret; - pa++; pb++; - la--; lb--; + /* Ensure canonical encoding is present and up to date */ - if (la <= 0 || lb <= 0) - break; + if (!a->canon_enc || a->modified) + { + ret = i2d_X509_NAME((X509_NAME *)a, NULL); + if (ret < 0) + return -2; + } - /* is white space next character ? */ - if (isspace(*pa) && isspace(*pb)) + if (!b->canon_enc || b->modified) { - /* skip remaining white spaces */ - while (la > 0 && isspace(*pa)) - { - la--; - pa++; - } - while (lb > 0 && isspace(*pb)) - { - lb--; - pb++; - } + ret = i2d_X509_NAME((X509_NAME *)b, NULL); + if (ret < 0) + return -2; } - } - if (la > 0 || lb > 0) - return la - lb; - return 0; -} + ret = a->canon_enclen - b->canon_enclen; -static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) - { - int j; - j = a->length - b->length; - if (j) - return j; - return memcmp(a->data, b->data, a->length); - } + if (ret) + return ret; -#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) + return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); -int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) - { - int i,j; - X509_NAME_ENTRY *na,*nb; + } - unsigned long nabit, nbbit; +unsigned long X509_NAME_hash(X509_NAME *x) + { + unsigned long ret=0; + unsigned char md[SHA_DIGEST_LENGTH]; - j = sk_X509_NAME_ENTRY_num(a->entries) - - sk_X509_NAME_ENTRY_num(b->entries); - if (j) - return j; - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) - { - na=sk_X509_NAME_ENTRY_value(a->entries,i); - nb=sk_X509_NAME_ENTRY_value(b->entries,i); - j=na->value->type-nb->value->type; - if (j) - { - nabit = ASN1_tag2bit(na->value->type); - nbbit = ASN1_tag2bit(nb->value->type); - if (!(nabit & STR_TYPE_CMP) || - !(nbbit & STR_TYPE_CMP)) - return j; - if (!asn1_string_memcmp(na->value, nb->value)) - j = 0; - } - else if (na->value->type == V_ASN1_PRINTABLESTRING) - j=nocase_spacenorm_cmp(na->value, nb->value); - else if (na->value->type == V_ASN1_IA5STRING - && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) - j=nocase_cmp(na->value, nb->value); - else - j = asn1_string_memcmp(na->value, nb->value); - if (j) return(j); - j=na->set-nb->set; - if (j) return(j); - } + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x,NULL); + EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL); - /* We will check the object types after checking the values - * since the values will more often be different than the object - * types. */ - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) - { - na=sk_X509_NAME_ENTRY_value(a->entries,i); - nb=sk_X509_NAME_ENTRY_value(b->entries,i); - j=OBJ_cmp(na->object,nb->object); - if (j) return(j); - } - return(0); + ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; + return(ret); } + #ifndef OPENSSL_NO_MD5 /* I now DER encode the name and hash it. Since I cache the DER encoding, * this is reasonably efficient. */ -unsigned long X509_NAME_hash(X509_NAME *x) + +unsigned long X509_NAME_hash_old(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; - EVP_MD_CTX md_ctx; /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - EVP_MD_CTX_init(&md_ctx); - EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); - EVP_DigestFinal_ex(&md_ctx,md,NULL); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) @@ -393,14 +300,19 @@ ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) int X509_check_private_key(X509 *x, EVP_PKEY *k) { - EVP_PKEY *xk=NULL; - int ok=0; + EVP_PKEY *xk; + int ret; xk=X509_get_pubkey(x); - switch (EVP_PKEY_cmp(xk, k)) + + if (xk) + ret = EVP_PKEY_cmp(xk, k); + else + ret = -2; + + switch (ret) { case 1: - ok=1; break; case 0: X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); @@ -409,24 +321,11 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); break; case -2: -#ifndef OPENSSL_NO_EC - if (k->type == EVP_PKEY_EC) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); - break; - } -#endif -#ifndef OPENSSL_NO_DH - if (k->type == EVP_PKEY_DH) - { - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - break; - } -#endif X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); } - - EVP_PKEY_free(xk); - return(ok); + if (xk) + EVP_PKEY_free(xk); + if (ret > 0) + return 1; + return 0; } diff --git a/src/lib/libssl/src/crypto/x509/x509_err.c b/src/lib/libssl/src/crypto/x509/x509_err.c index fb377292da..a01402f416 100644 --- a/src/lib/libssl/src/crypto/x509/x509_err.c +++ b/src/lib/libssl/src/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* crypto/x509/x509_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -132,7 +132,10 @@ static ERR_STRING_DATA X509_str_reasons[]= {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, {ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, {ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, +{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, +{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"}, +{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"}, {ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, diff --git a/src/lib/libssl/src/crypto/x509/x509_lu.c b/src/lib/libssl/src/crypto/x509/x509_lu.c index cd2cfb6d85..3a6e04a1de 100644 --- a/src/lib/libssl/src/crypto/x509/x509_lu.c +++ b/src/lib/libssl/src/crypto/x509/x509_lu.c @@ -196,9 +196,17 @@ X509_STORE *X509_STORE_new(void) ret->get_crl = 0; ret->check_crl = 0; ret->cert_crl = 0; + ret->lookup_certs = 0; + ret->lookup_crls = 0; ret->cleanup = 0; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + { + sk_X509_OBJECT_free(ret->objs); + OPENSSL_free(ret); + return NULL; + } + ret->references=1; return ret; } @@ -286,9 +294,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp,*tmp; int i,j; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (tmp == NULL) + if (tmp == NULL || type == X509_LU_CRL) { for (i=vs->current_method; iget_cert_methods); i++) { @@ -340,7 +350,6 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) X509_OBJECT_up_ref_count(obj); - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { X509_OBJECT_free_contents(obj); @@ -414,14 +423,15 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) } } -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name, int *pnmatch) { X509_OBJECT stmp; X509 x509_s; X509_CINF cinf_s; X509_CRL crl_s; X509_CRL_INFO crl_info_s; + int idx; stmp.type=type; switch (type) @@ -441,41 +451,169 @@ int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, return -1; } - return sk_X509_OBJECT_find(h,&stmp); + idx = sk_X509_OBJECT_find(h,&stmp); + if (idx >= 0 && pnmatch) + { + int tidx; + const X509_OBJECT *tobj, *pstmp; + *pnmatch = 1; + pstmp = &stmp; + for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) + { + tobj = sk_X509_OBJECT_value(h, tidx); + if (x509_object_cmp(&tobj, &pstmp)) + break; + (*pnmatch)++; + } + } + return idx; + } + + +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) + { + return x509_object_idx_cnt(h, type, name, NULL); } X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) -{ + { int idx; idx = X509_OBJECT_idx_by_subject(h, type, name); if (idx==-1) return NULL; return sk_X509_OBJECT_value(h, idx); -} + } + +STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) + { + int i, idx, cnt; + STACK_OF(X509) *sk; + X509 *x; + X509_OBJECT *obj; + sk = sk_X509_new_null(); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + if (idx < 0) + { + /* Nothing found in cache: do lookup to possibly add new + * objects to cache + */ + X509_OBJECT xobj; + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) + { + sk_X509_free(sk); + return NULL; + } + X509_OBJECT_free_contents(&xobj); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); + if (idx < 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_free(sk); + return NULL; + } + } + for (i = 0; i < cnt; i++, idx++) + { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.x509; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(sk, x)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_free(x); + sk_X509_pop_free(sk, X509_free); + return NULL; + } + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + + } + +STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) + { + int i, idx, cnt; + STACK_OF(X509_CRL) *sk; + X509_CRL *x; + X509_OBJECT *obj, xobj; + sk = sk_X509_CRL_new_null(); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + /* Check cache first */ + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + + /* Always do lookup to possibly add new CRLs to cache + */ + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) + { + sk_X509_CRL_free(sk); + return NULL; + } + X509_OBJECT_free_contents(&xobj); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); + if (idx < 0) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_CRL_free(sk); + return NULL; + } + + for (i = 0; i < cnt; i++, idx++) + { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.crl; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(sk, x)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_CRL_free(x); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + } X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) -{ + { int idx, i; X509_OBJECT *obj; idx = sk_X509_OBJECT_find(h, x); if (idx == -1) return NULL; - if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); + if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) + return sk_X509_OBJECT_value(h, idx); for (i = idx; i < sk_X509_OBJECT_num(h); i++) { obj = sk_X509_OBJECT_value(h, i); if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) return NULL; - if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) + if (x->type == X509_LU_X509) + { + if (!X509_cmp(obj->data.x509, x->data.x509)) + return obj; + } + else if (x->type == X509_LU_CRL) + { + if (!X509_CRL_match(obj->data.crl, x->data.crl)) + return obj; + } + else return obj; } return NULL; -} + } /* Try to get issuer certificate from store. Due to limitations * of the API this can only retrieve a single certificate matching * a given subject name. However it will fill the cache with all - * matching certificates, so we can examine the cache for all + * matching certificates, so we can examine the cache for all * matches. * * Return values are: @@ -483,13 +621,11 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x * 0 certificate not found. * -1 some other error. */ - - int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) -{ + { X509_NAME *xn; X509_OBJECT obj, *pobj; - int i, ok, idx; + int i, ok, idx, ret; xn=X509_get_issuer_name(x); ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); if (ok != X509_LU_X509) @@ -515,27 +651,34 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 1; } X509_OBJECT_free_contents(&obj); - /* Else find index of first matching cert */ - idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); - /* This shouldn't normally happen since we already have one match */ - if (idx == -1) return 0; - /* Look through all matching certificates for a suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) + /* Else find index of first cert accepted by 'check_issued' */ + ret = 0; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + if (idx != -1) /* should be true as we've had at least one match */ { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); - /* See if we've ran out of matches */ - if (pobj->type != X509_LU_X509) return 0; - if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; - if (ctx->check_issued(ctx, x, pobj->data.x509)) + /* Look through all matching certs for suitable issuer */ + for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { - *issuer = pobj->data.x509; - X509_OBJECT_up_ref_count(pobj); - return 1; + pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + /* See if we've run past the matches */ + if (pobj->type != X509_LU_X509) + break; + if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) + break; + if (ctx->check_issued(ctx, x, pobj->data.x509)) + { + *issuer = pobj->data.x509; + X509_OBJECT_up_ref_count(pobj); + ret = 1; + break; + } } } - return 0; -} + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return ret; + } int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) { @@ -563,5 +706,11 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) return X509_VERIFY_PARAM_set1(ctx->param, param); } +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) + { + ctx->verify_cb = verify_cb; + } + IMPLEMENT_STACK_OF(X509_LOOKUP) IMPLEMENT_STACK_OF(X509_OBJECT) diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c index 1e718f76eb..21fed9f838 100644 --- a/src/lib/libssl/src/crypto/x509/x509_obj.c +++ b/src/lib/libssl/src/crypto/x509/x509_obj.c @@ -72,7 +72,7 @@ int i; char *p; unsigned char *q; BUF_MEM *b=NULL; - static char hex[17]="0123456789ABCDEF"; + static const char hex[17]="0123456789ABCDEF"; int gs_doit[4]; char tmp_buf[80]; #ifdef CHARSET_EBCDIC diff --git a/src/lib/libssl/src/crypto/x509/x509_req.c b/src/lib/libssl/src/crypto/x509/x509_req.c index 3872e1fb64..48183dc00c 100644 --- a/src/lib/libssl/src/crypto/x509/x509_req.c +++ b/src/lib/libssl/src/crypto/x509/x509_req.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -205,10 +206,9 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; - return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, - ext->value.sequence->length, - d2i_X509_EXTENSION, X509_EXTENSION_free, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + return (STACK_OF(X509_EXTENSION) *) + ASN1_item_d2i(NULL, &p, ext->value.sequence->length, + ASN1_ITEM_rptr(X509_EXTENSIONS)); } /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs @@ -218,8 +218,6 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - unsigned char *p = NULL, *q; - long len; ASN1_TYPE *at = NULL; X509_ATTRIBUTE *attr = NULL; if(!(at = ASN1_TYPE_new()) || @@ -227,15 +225,10 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, at->type = V_ASN1_SEQUENCE; /* Generate encoding of extensions */ - len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); - if(!(p = OPENSSL_malloc(len))) goto err; - q = p; - i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); - at->value.sequence->data = p; - p = NULL; - at->value.sequence->length = len; + at->value.sequence->length = + ASN1_item_i2d((ASN1_VALUE *)exts, + &at->value.sequence->data, + ASN1_ITEM_rptr(X509_EXTENSIONS)); if(!(attr = X509_ATTRIBUTE_new())) goto err; if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; @@ -250,7 +243,6 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; return 1; err: - if(p) OPENSSL_free(p); X509_ATTRIBUTE_free(attr); ASN1_TYPE_free(at); return 0; diff --git a/src/lib/libssl/src/crypto/x509/x509_set.c b/src/lib/libssl/src/crypto/x509/x509_set.c index aaf61ca062..4b94fc5847 100644 --- a/src/lib/libssl/src/crypto/x509/x509_set.c +++ b/src/lib/libssl/src/crypto/x509/x509_set.c @@ -104,7 +104,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name) return(X509_NAME_set(&x->cert_info->subject,name)); } -int X509_set_notBefore(X509 *x, ASN1_TIME *tm) +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; @@ -122,7 +122,7 @@ int X509_set_notBefore(X509 *x, ASN1_TIME *tm) return(in != NULL); } -int X509_set_notAfter(X509 *x, ASN1_TIME *tm) +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c index ed18700585..a6cb9c8b1b 100644 --- a/src/lib/libssl/src/crypto/x509/x509_trs.c +++ b/src/lib/libssl/src/crypto/x509/x509_trs.c @@ -84,7 +84,8 @@ static X509_TRUST trstandard[] = { {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, -{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} +{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}, +{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} }; #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) diff --git a/src/lib/libssl/src/crypto/x509/x509_txt.c b/src/lib/libssl/src/crypto/x509/x509_txt.c index 73a8ec726f..c44f753c46 100644 --- a/src/lib/libssl/src/crypto/x509/x509_txt.c +++ b/src/lib/libssl/src/crypto/x509/x509_txt.c @@ -162,8 +162,28 @@ const char *X509_verify_cert_error_string(long n) return("invalid or inconsistent certificate policy extension"); case X509_V_ERR_NO_EXPLICIT_POLICY: return("no explicit policy"); - case X509_V_ERR_UNNESTED_RESOURCE: - return("RFC 3779 resource not subset of parent's resources"); + case X509_V_ERR_DIFFERENT_CRL_SCOPE: + return("Different CRL scope"); + case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: + return("Unsupported extension feature"); + case X509_V_ERR_UNNESTED_RESOURCE: + return("RFC 3779 resource not subset of parent's resources"); + + case X509_V_ERR_PERMITTED_VIOLATION: + return("permitted subtree violation"); + case X509_V_ERR_EXCLUDED_VIOLATION: + return("excluded subtree violation"); + case X509_V_ERR_SUBTREE_MINMAX: + return("name constraints minimum and maximum not supported"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: + return("unsupported name constraint type"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: + return("unsupported or invalid name constraint syntax"); + case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: + return("unsupported or invalid name syntax"); + case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: + return("CRL path validation error"); + default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); return(buf); diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 336c40ddd7..87ebf62525 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c @@ -70,14 +70,70 @@ #include #include +/* CRL score values */ + +/* No unhandled critical extensions */ + +#define CRL_SCORE_NOCRITICAL 0x100 + +/* certificate is within CRL scope */ + +#define CRL_SCORE_SCOPE 0x080 + +/* CRL times valid */ + +#define CRL_SCORE_TIME 0x040 + +/* Issuer name matches certificate */ + +#define CRL_SCORE_ISSUER_NAME 0x020 + +/* If this score or above CRL is probably valid */ + +#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) + +/* CRL issuer is certificate issuer */ + +#define CRL_SCORE_ISSUER_CERT 0x018 + +/* CRL issuer is on certificate path */ + +#define CRL_SCORE_SAME_PATH 0x008 + +/* CRL issuer matches CRL AKID */ + +#define CRL_SCORE_AKID 0x004 + +/* Have a delta CRL with valid times */ + +#define CRL_SCORE_TIME_DELTA 0x002 + static int null_callback(int ok,X509_STORE_CTX *e); static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); static int check_chain_extensions(X509_STORE_CTX *ctx); +static int check_name_constraints(X509_STORE_CTX *ctx); static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); + +static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, + X509_CRL *crl, X509 *x); +static int get_crl_delta(X509_STORE_CTX *ctx, + X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); +static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, + X509_CRL *base, STACK_OF(X509_CRL) *crls); +static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, + X509 **pissuer, int *pcrl_score); +static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, + unsigned int *preasons); +static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); +static int check_crl_chain(X509_STORE_CTX *ctx, + STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path); + static int internal_verify(X509_STORE_CTX *ctx); const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; @@ -289,6 +345,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; + /* Check name constraints */ + + ok = check_name_constraints(ctx); + + if (!ok) goto end; + /* The chain extensions are OK: check trust */ if (param->trust > 0) ok = check_trust(ctx); @@ -398,8 +460,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) X509 *x; int (*cb)(int xok,X509_STORE_CTX *xctx); int proxy_path_length = 0; - int allow_proxy_certs = - !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); + int purpose; + int allow_proxy_certs; cb=ctx->verify_cb; /* must_be_ca can have 1 of 3 values: @@ -412,10 +474,22 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) */ must_be_ca = -1; - /* A hack to keep people who don't want to modify their software - happy */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; + /* CRL path validation */ + if (ctx->parent) + { + allow_proxy_certs = 0; + purpose = X509_PURPOSE_CRL_SIGN; + } + else + { + allow_proxy_certs = + !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); + /* A hack to keep people who don't want to modify their + software happy */ + if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) + allow_proxy_certs = 1; + purpose = ctx->param->purpose; + } /* Check all untrusted certificates */ for (i = 0; i < ctx->last_untrusted; i++) @@ -482,8 +556,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) } if (ctx->param->purpose > 0) { - ret = X509_check_purpose(x, ctx->param->purpose, - must_be_ca > 0); + ret = X509_check_purpose(x, purpose, must_be_ca > 0); if ((ret == 0) || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && (ret != 1))) @@ -536,6 +609,42 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) #endif } +static int check_name_constraints(X509_STORE_CTX *ctx) + { + X509 *x; + int i, j, rv; + /* Check name constraints for all certificates */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); + /* Ignore self issued certs unless last in chain */ + if (i && (x->ex_flags & EXFLAG_SI)) + continue; + /* Check against constraints for all certificates higher in + * chain including trust anchor. Trust anchor not strictly + * speaking needed but if it includes constraints it is to be + * assumed it expects them to be obeyed. + */ + for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) + { + NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; + if (nc) + { + rv = NAME_CONSTRAINTS_check(x, nc); + if (rv != X509_V_OK) + { + ctx->error = rv; + ctx->error_depth = i; + ctx->current_cert = x; + if (!ctx->verify_cb(0,ctx)) + return 0; + } + } + } + } + return 1; + } + static int check_trust(X509_STORE_CTX *ctx) { #ifdef OPENSSL_NO_CHAIN_VERIFY @@ -570,7 +679,12 @@ static int check_revocation(X509_STORE_CTX *ctx) if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) last = sk_X509_num(ctx->chain) - 1; else + { + /* If checking CRL paths this isn't the EE certificate */ + if (ctx->parent) + return 1; last = 0; + } for(i = 0; i <= last; i++) { ctx->error_depth = i; @@ -582,30 +696,65 @@ static int check_revocation(X509_STORE_CTX *ctx) static int check_cert(X509_STORE_CTX *ctx) { - X509_CRL *crl = NULL; + X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; int ok, cnum; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; - /* Try to retrieve relevant CRL */ - ok = ctx->get_crl(ctx, &crl, x); - /* If error looking up CRL, nothing we can do except - * notify callback - */ - if(!ok) + ctx->current_issuer = NULL; + ctx->current_reasons = 0; + while (ctx->current_reasons != CRLDP_ALL_REASONS) { - ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; - ok = ctx->verify_cb(0, ctx); - goto err; + /* Try to retrieve relevant CRL */ + if (ctx->get_crl) + ok = ctx->get_crl(ctx, &crl, x); + else + ok = get_crl_delta(ctx, &crl, &dcrl, x); + /* If error looking up CRL, nothing we can do except + * notify callback + */ + if(!ok) + { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; + ok = ctx->verify_cb(0, ctx); + goto err; + } + ctx->current_crl = crl; + ok = ctx->check_crl(ctx, crl); + if (!ok) + goto err; + + if (dcrl) + { + ok = ctx->check_crl(ctx, dcrl); + if (!ok) + goto err; + ok = ctx->cert_crl(ctx, dcrl, x); + if (!ok) + goto err; + } + else + ok = 1; + + /* Don't look in full CRL if delta reason is removefromCRL */ + if (ok != 2) + { + ok = ctx->cert_crl(ctx, crl, x); + if (!ok) + goto err; + } + + X509_CRL_free(crl); + X509_CRL_free(dcrl); + crl = NULL; + dcrl = NULL; } - ctx->current_crl = crl; - ok = ctx->check_crl(ctx, crl); - if (!ok) goto err; - ok = ctx->cert_crl(ctx, crl, x); err: - ctx->current_crl = NULL; X509_CRL_free(crl); + X509_CRL_free(dcrl); + + ctx->current_crl = NULL; return ok; } @@ -616,7 +765,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) { time_t *ptime; int i; - ctx->current_crl = crl; + if (notify) + ctx->current_crl = crl; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; else @@ -625,15 +775,19 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); if (i == 0) { + if (!notify) + return 0; ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; - if (!notify || !ctx->verify_cb(0, ctx)) + if (!ctx->verify_cb(0, ctx)) return 0; } if (i > 0) { + if (!notify) + return 0; ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; - if (!notify || !ctx->verify_cb(0, ctx)) + if (!ctx->verify_cb(0, ctx)) return 0; } @@ -643,92 +797,545 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) if (i == 0) { + if (!notify) + return 0; ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; - if (!notify || !ctx->verify_cb(0, ctx)) + if (!ctx->verify_cb(0, ctx)) return 0; } - - if (i < 0) + /* Ignore expiry of base CRL is delta is valid */ + if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { + if (!notify) + return 0; ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; - if (!notify || !ctx->verify_cb(0, ctx)) + if (!ctx->verify_cb(0, ctx)) return 0; } } - ctx->current_crl = NULL; + if (notify) + ctx->current_crl = NULL; return 1; } -/* Lookup CRLs from the supplied list. Look for matching isser name - * and validity. If we can't find a valid CRL return the last one - * with matching name. This gives more meaningful error codes. Otherwise - * we'd get a CRL not found error if a CRL existed with matching name but - * was invalid. - */ - -static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, - X509_NAME *nm, STACK_OF(X509_CRL) *crls) +static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) { - int i; + int i, crl_score, best_score = *pscore; + unsigned int reasons, best_reasons = 0; + X509 *x = ctx->current_cert; X509_CRL *crl, *best_crl = NULL; + X509 *crl_issuer = NULL, *best_crl_issuer = NULL; + for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); - if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) - continue; - if (check_crl_time(ctx, crl, 0)) + reasons = *preasons; + crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); + + if (crl_score > best_score) { - *pcrl = crl; - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); - return 1; + best_crl = crl; + best_crl_issuer = crl_issuer; + best_score = crl_score; + best_reasons = reasons; } - best_crl = crl; } + if (best_crl) { + if (*pcrl) + X509_CRL_free(*pcrl); *pcrl = best_crl; - CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); + *pissuer = best_crl_issuer; + *pscore = best_score; + *preasons = best_reasons; + CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (*pdcrl) + { + X509_CRL_free(*pdcrl); + *pdcrl = NULL; + } + get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); } - + + if (best_score >= CRL_SCORE_VALID) + return 1; + return 0; } -/* Retrieve CRL corresponding to certificate: currently just a - * subject lookup: maybe use AKID later... +/* Compare two CRL extensions for delta checking purposes. They should be + * both present or both absent. If both present all fields must be identical. */ -static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) + +static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) { - int ok; - X509_CRL *crl = NULL; - X509_OBJECT xobj; - X509_NAME *nm; - nm = X509_get_issuer_name(x); - ok = get_crl_sk(ctx, &crl, nm, ctx->crls); - if (ok) + ASN1_OCTET_STRING *exta, *extb; + int i; + i = X509_CRL_get_ext_by_NID(a, nid, 0); + if (i >= 0) { - *pcrl = crl; + /* Can't have multiple occurrences */ + if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) + return 0; + exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); + } + else + exta = NULL; + + i = X509_CRL_get_ext_by_NID(b, nid, 0); + + if (i >= 0) + { + + if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) + return 0; + extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); + } + else + extb = NULL; + + if (!exta && !extb) return 1; + + if (!exta || !extb) + return 0; + + + if (ASN1_OCTET_STRING_cmp(exta, extb)) + return 0; + + return 1; + } + +/* See if a base and delta are compatible */ + +static int check_delta_base(X509_CRL *delta, X509_CRL *base) + { + /* Delta CRL must be a delta */ + if (!delta->base_crl_number) + return 0; + /* Base must have a CRL number */ + if (!base->crl_number) + return 0; + /* Issuer names must match */ + if (X509_NAME_cmp(X509_CRL_get_issuer(base), + X509_CRL_get_issuer(delta))) + return 0; + /* AKID and IDP must match */ + if (!crl_extension_match(delta, base, NID_authority_key_identifier)) + return 0; + if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) + return 0; + /* Delta CRL base number must not exceed Full CRL number. */ + if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) + return 0; + /* Delta CRL number must exceed full CRL number */ + if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) + return 1; + return 0; + } + +/* For a given base CRL find a delta... maybe extend to delta scoring + * or retrieve a chain of deltas... + */ + +static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, + X509_CRL *base, STACK_OF(X509_CRL) *crls) + { + X509_CRL *delta; + int i; + if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) + return; + if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) + return; + for (i = 0; i < sk_X509_CRL_num(crls); i++) + { + delta = sk_X509_CRL_value(crls, i); + if (check_delta_base(delta, base)) + { + if (check_crl_time(ctx, delta, 0)) + *pscore |= CRL_SCORE_TIME_DELTA; + CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); + *dcrl = delta; + return; + } + } + *dcrl = NULL; + } + +/* For a given CRL return how suitable it is for the supplied certificate 'x'. + * The return value is a mask of several criteria. + * If the issuer is not the certificate issuer this is returned in *pissuer. + * The reasons mask is also used to determine if the CRL is suitable: if + * no new reasons the CRL is rejected, otherwise reasons is updated. + */ + +static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, + X509_CRL *crl, X509 *x) + { + + int crl_score = 0; + unsigned int tmp_reasons = *preasons, crl_reasons; + + /* First see if we can reject CRL straight away */ + + /* Invalid IDP cannot be processed */ + if (crl->idp_flags & IDP_INVALID) + return 0; + /* Reason codes or indirect CRLs need extended CRL support */ + if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) + { + if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) + return 0; + } + else if (crl->idp_flags & IDP_REASONS) + { + /* If no new reasons reject */ + if (!(crl->idp_reasons & ~tmp_reasons)) + return 0; + } + /* Don't process deltas at this stage */ + else if (crl->base_crl_number) + return 0; + /* If issuer name doesn't match certificate need indirect CRL */ + if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) + { + if (!(crl->idp_flags & IDP_INDIRECT)) + return 0; + } + else + crl_score |= CRL_SCORE_ISSUER_NAME; + + if (!(crl->flags & EXFLAG_CRITICAL)) + crl_score |= CRL_SCORE_NOCRITICAL; + + /* Check expiry */ + if (check_crl_time(ctx, crl, 0)) + crl_score |= CRL_SCORE_TIME; + + /* Check authority key ID and locate certificate issuer */ + crl_akid_check(ctx, crl, pissuer, &crl_score); + + /* If we can't locate certificate issuer at this point forget it */ + + if (!(crl_score & CRL_SCORE_AKID)) + return 0; + + /* Check cert for matching CRL distribution points */ + + if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) + { + /* If no new reasons reject */ + if (!(crl_reasons & ~tmp_reasons)) + return 0; + tmp_reasons |= crl_reasons; + crl_score |= CRL_SCORE_SCOPE; } - ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); + *preasons = tmp_reasons; + + return crl_score; + + } + +static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, + X509 **pissuer, int *pcrl_score) + { + X509 *crl_issuer = NULL; + X509_NAME *cnm = X509_CRL_get_issuer(crl); + int cidx = ctx->error_depth; + int i; - if (!ok) + if (cidx != sk_X509_num(ctx->chain) - 1) + cidx++; + + crl_issuer = sk_X509_value(ctx->chain, cidx); + + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { - /* If we got a near match from get_crl_sk use that */ - if (crl) + if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { - *pcrl = crl; - return 1; + *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; + *pissuer = crl_issuer; + return; + } + } + + for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) + { + crl_issuer = sk_X509_value(ctx->chain, cidx); + if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) + continue; + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) + { + *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; + *pissuer = crl_issuer; + return; + } + } + + /* Anything else needs extended CRL support */ + + if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) + return; + + /* Otherwise the CRL issuer is not on the path. Look for it in the + * set of untrusted certificates. + */ + for (i = 0; i < sk_X509_num(ctx->untrusted); i++) + { + crl_issuer = sk_X509_value(ctx->untrusted, i); + if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) + continue; + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) + { + *pissuer = crl_issuer; + *pcrl_score |= CRL_SCORE_AKID; + return; } + } + } + +/* Check the path of a CRL issuer certificate. This creates a new + * X509_STORE_CTX and populates it with most of the parameters from the + * parent. This could be optimised somewhat since a lot of path checking + * will be duplicated by the parent, but this will rarely be used in + * practice. + */ + +static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) + { + X509_STORE_CTX crl_ctx; + int ret; + /* Don't allow recursive CRL path validation */ + if (ctx->parent) return 0; + if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) + return -1; + + crl_ctx.crls = ctx->crls; + /* Copy verify params across */ + X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); + + crl_ctx.parent = ctx; + crl_ctx.verify_cb = ctx->verify_cb; + + /* Verify CRL issuer */ + ret = X509_verify_cert(&crl_ctx); + + if (ret <= 0) + goto err; + + /* Check chain is acceptable */ + + ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); + err: + X509_STORE_CTX_cleanup(&crl_ctx); + return ret; + } + +/* RFC3280 says nothing about the relationship between CRL path + * and certificate path, which could lead to situations where a + * certificate could be revoked or validated by a CA not authorised + * to do so. RFC5280 is more strict and states that the two paths must + * end in the same trust anchor, though some discussions remain... + * until this is resolved we use the RFC5280 version + */ + +static int check_crl_chain(X509_STORE_CTX *ctx, + STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path) + { + X509 *cert_ta, *crl_ta; + cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); + crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); + if (!X509_cmp(cert_ta, crl_ta)) + return 1; + return 0; + } + +/* Check for match between two dist point names: three separate cases. + * 1. Both are relative names and compare X509_NAME types. + * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. + * 3. Both are full names and compare two GENERAL_NAMES. + * 4. One is NULL: automatic match. + */ + + +static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) + { + X509_NAME *nm = NULL; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gena, *genb; + int i, j; + if (!a || !b) + return 1; + if (a->type == 1) + { + if (!a->dpname) + return 0; + /* Case 1: two X509_NAME */ + if (b->type == 1) + { + if (!b->dpname) + return 0; + if (!X509_NAME_cmp(a->dpname, b->dpname)) + return 1; + else + return 0; + } + /* Case 2: set name and GENERAL_NAMES appropriately */ + nm = a->dpname; + gens = b->name.fullname; + } + else if (b->type == 1) + { + if (!b->dpname) + return 0; + /* Case 2: set name and GENERAL_NAMES appropriately */ + gens = a->name.fullname; + nm = b->dpname; } - *pcrl = xobj.data.crl; + /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ + if (nm) + { + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) + { + gena = sk_GENERAL_NAME_value(gens, i); + if (gena->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(nm, gena->d.directoryName)) + return 1; + } + return 0; + } + + /* Else case 3: two GENERAL_NAMES */ + + for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) + { + gena = sk_GENERAL_NAME_value(a->name.fullname, i); + for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) + { + genb = sk_GENERAL_NAME_value(b->name.fullname, j); + if (!GENERAL_NAME_cmp(gena, genb)) + return 1; + } + } + + return 0; + + } + +static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) + { + int i; + X509_NAME *nm = X509_CRL_get_issuer(crl); + /* If no CRLissuer return is successful iff don't need a match */ + if (!dp->CRLissuer) + return !!(crl_score & CRL_SCORE_ISSUER_NAME); + for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) + { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); + if (gen->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(gen->d.directoryName, nm)) + return 1; + } + return 0; + } + +/* Check CRLDP and IDP */ + +static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, + unsigned int *preasons) + { + int i; + if (crl->idp_flags & IDP_ONLYATTR) + return 0; + if (x->ex_flags & EXFLAG_CA) + { + if (crl->idp_flags & IDP_ONLYUSER) + return 0; + } + else + { + if (crl->idp_flags & IDP_ONLYCA) + return 0; + } + *preasons = crl->idp_reasons; + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) + { + DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); + if (crldp_check_crlissuer(dp, crl, crl_score)) + { + if (!crl->idp || + idp_check_dp(dp->distpoint, crl->idp->distpoint)) + { + *preasons &= dp->dp_reasons; + return 1; + } + } + } + if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME)) + return 1; + return 0; + } + +/* Retrieve CRL corresponding to current certificate. + * If deltas enabled try to find a delta CRL too + */ + +static int get_crl_delta(X509_STORE_CTX *ctx, + X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) + { + int ok; + X509 *issuer = NULL; + int crl_score = 0; + unsigned int reasons; + X509_CRL *crl = NULL, *dcrl = NULL; + STACK_OF(X509_CRL) *skcrl; + X509_NAME *nm = X509_get_issuer_name(x); + reasons = ctx->current_reasons; + ok = get_crl_sk(ctx, &crl, &dcrl, + &issuer, &crl_score, &reasons, ctx->crls); + + if (ok) + goto done; + + /* Lookup CRLs from store */ + + skcrl = ctx->lookup_crls(ctx, nm); + + /* If no CRLs found and a near match from get_crl_sk use that */ + if (!skcrl && crl) + goto done; + + get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); + + sk_X509_CRL_pop_free(skcrl, X509_CRL_free); + + done: + + /* If we got any kind of CRL use it and return success */ if (crl) - X509_CRL_free(crl); - return 1; + { + ctx->current_issuer = issuer; + ctx->current_crl_score = crl_score; + ctx->current_reasons = reasons; + *pcrl = crl; + *pdcrl = dcrl; + return 1; + } + + return 0; } /* Check CRL validity */ @@ -739,10 +1346,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) int ok = 0, chnum, cnum; cnum = ctx->error_depth; chnum = sk_X509_num(ctx->chain) - 1; - /* Find CRL issuer: if not last certificate then issuer + /* if we have an alternative CRL issuer cert use that */ + if (ctx->current_issuer) + issuer = ctx->current_issuer; + + /* Else find CRL issuer: if not last certificate then issuer * is next certificate in chain. */ - if(cnum < chnum) + else if (cnum < chnum) issuer = sk_X509_value(ctx->chain, cnum + 1); else { @@ -758,13 +1369,52 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) if(issuer) { - /* Check for cRLSign bit if keyUsage present */ - if ((issuer->ex_flags & EXFLAG_KUSAGE) && - !(issuer->ex_kusage & KU_CRL_SIGN)) + /* Skip most tests for deltas because they have already + * been done + */ + if (!crl->base_crl_number) { - ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; - ok = ctx->verify_cb(0, ctx); - if(!ok) goto err; + /* Check for cRLSign bit if keyUsage present */ + if ((issuer->ex_flags & EXFLAG_KUSAGE) && + !(issuer->ex_kusage & KU_CRL_SIGN)) + { + ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + + if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) + { + ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + + if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) + { + if (check_crl_path(ctx, ctx->current_issuer) <= 0) + { + ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + } + + if (crl->idp_flags & IDP_INVALID) + { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + ok = ctx->verify_cb(0, ctx); + if(!ok) goto err; + } + + + } + + if (!(ctx->current_crl_score & CRL_SCORE_TIME)) + { + ok = check_crl_time(ctx, crl, 1); + if (!ok) + goto err; } /* Attempt to get issuer certificate public key */ @@ -788,10 +1438,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) } } - ok = check_crl_time(ctx, crl, 1); - if (!ok) - goto err; - ok = 1; err: @@ -802,62 +1448,43 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) /* Check certificate against CRL */ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) { - int idx, ok; - X509_REVOKED rtmp; - STACK_OF(X509_EXTENSION) *exts; - X509_EXTENSION *ext; - /* Look for serial number of certificate in CRL */ - rtmp.serialNumber = X509_get_serialNumber(x); - /* Sort revoked into serial number order if not already sorted. - * Do this under a lock to avoid race condition. - */ - if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + int ok; + X509_REVOKED *rev; + /* The rules changed for this... previously if a CRL contained + * unhandled critical extensions it could still be used to indicate + * a certificate was revoked. This has since been changed since + * critical extension can change the meaning of CRL entries. + */ + if (crl->flags & EXFLAG_CRITICAL) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); - sk_X509_REVOKED_sort(crl->crl->revoked); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + return 1; + ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; + ok = ctx->verify_cb(0, ctx); + if(!ok) + return 0; } - idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); - /* If found assume revoked: want something cleverer than - * this to handle entry extensions in V2 CRLs. + /* Look for serial number of certificate in CRL + * If found make sure reason is not removeFromCRL. */ - if(idx >= 0) + if (X509_CRL_get0_by_cert(crl, &rev, x)) { + if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) + return 2; ctx->error = X509_V_ERR_CERT_REVOKED; ok = ctx->verify_cb(0, ctx); - if (!ok) return 0; + if (!ok) + return 0; } - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; - - /* See if we have any critical CRL extensions: since we - * currently don't handle any CRL extensions the CRL must be - * rejected. - * This code accesses the X509_CRL structure directly: applications - * shouldn't do this. - */ - - exts = crl->crl->extensions; - - for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) - { - ext = sk_X509_EXTENSION_value(exts, idx); - if (ext->critical > 0) - { - ctx->error = - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; - ok = ctx->verify_cb(0, ctx); - if(!ok) return 0; - break; - } - } return 1; } static int check_policy(X509_STORE_CTX *ctx) { int ret; + if (ctx->parent) + return 1; ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, ctx->param->policies, ctx->param->flags); if (ret == 0) @@ -880,7 +1507,8 @@ static int check_policy(X509_STORE_CTX *ctx) continue; ctx->current_cert = x; ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; - ret = ctx->verify_cb(0, ctx); + if(!ctx->verify_cb(0, ctx)) + return 0; } return 1; } @@ -986,7 +1614,12 @@ static int internal_verify(X509_STORE_CTX *ctx) while (n >= 0) { ctx->error_depth=n; - if (!xs->valid) + + /* Skip signature check for self signed certificates unless + * explicitly asked for. It doesn't add any security and + * just wastes time. + */ + if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { if ((pkey=X509_get_pubkey(xi)) == NULL) { @@ -996,13 +1629,6 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!ok) goto end; } else if (X509_verify(xs,pkey) <= 0) - /* XXX For the final trusted self-signed cert, - * this is a waste of time. That check should - * optional so that e.g. 'openssl x509' can be - * used to detect invalid self-signatures, but - * we don't verify again and again in SSL - * handshakes and the like once the cert has - * been declared trusted. */ { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; @@ -1041,12 +1667,12 @@ end: return ok; } -int X509_cmp_current_time(ASN1_TIME *ctm) +int X509_cmp_current_time(const ASN1_TIME *ctm) { return X509_cmp_time(ctm, NULL); } -int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) +int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { char *str; ASN1_TIME atm; @@ -1101,6 +1727,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) offset= -offset; } atm.type=ctm->type; + atm.flags = 0; atm.length=sizeof(buff2); atm.data=(unsigned char *)buff2; @@ -1129,19 +1756,28 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) return X509_time_adj(s, adj, NULL); } -ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) +ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) + { + return X509_time_adj_ex(s, 0, offset_sec, in_tm); + } + +ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *in_tm) { time_t t; - int type = -1; if (in_tm) t = *in_tm; else time(&t); - t+=adj; - if (s) type = s->type; - if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); - if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); - return ASN1_TIME_set(s, t); + if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) + { + if (s->type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); + if (s->type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, + offset_sec); + } + return ASN1_TIME_adj(s, t, offset_day, offset_sec); } int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) @@ -1244,6 +1880,21 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) return chain; } +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) + { + return ctx->current_issuer; + } + +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) + { + return ctx->current_crl; + } + +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) + { + return ctx->parent; + } + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert=x; @@ -1365,6 +2016,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->current_cert=NULL; ctx->current_issuer=NULL; ctx->tree = NULL; + ctx->parent = NULL; ctx->param = X509_VERIFY_PARAM_new(); @@ -1430,7 +2082,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store && store->get_crl) ctx->get_crl = store->get_crl; else - ctx->get_crl = get_crl; + ctx->get_crl = NULL; if (store && store->check_crl) ctx->check_crl = store->check_crl; @@ -1442,6 +2094,16 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->cert_crl = cert_crl; + if (store && store->lookup_certs) + ctx->lookup_certs = store->lookup_certs; + else + ctx->lookup_certs = X509_STORE_get1_certs; + + if (store && store->lookup_crls) + ctx->lookup_crls = store->lookup_crls; + else + ctx->lookup_crls = X509_STORE_get1_crls; + ctx->check_policy = check_policy; @@ -1474,7 +2136,8 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) if (ctx->cleanup) ctx->cleanup(ctx); if (ctx->param != NULL) { - X509_VERIFY_PARAM_free(ctx->param); + if (ctx->parent == NULL) + X509_VERIFY_PARAM_free(ctx->param); ctx->param=NULL; } if (ctx->tree != NULL) diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.h b/src/lib/libssl/src/crypto/x509/x509_vfy.h index 76c76e1719..fe09b30aaa 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.h +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.h @@ -77,6 +77,7 @@ extern "C" { #endif +#if 0 /* Outer object */ typedef struct x509_hash_dir_st { @@ -85,6 +86,7 @@ typedef struct x509_hash_dir_st int *dirs_type; int num_dirs_alloced; } X509_HASH_DIR_CTX; +#endif typedef struct x509_file_st { @@ -198,6 +200,8 @@ struct x509_store_st int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; @@ -246,6 +250,8 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ @@ -263,6 +269,11 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ X509 *current_issuer; /* cert currently being tested as valid issuer */ X509_CRL *current_crl; /* current CRL */ + int current_crl_score; /* score of current CRL */ + unsigned int current_reasons; /* Reason mask */ + + X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; @@ -330,8 +341,18 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_INVALID_EXTENSION 41 #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 #define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +#define X509_V_ERR_UNNESTED_RESOURCE 46 -#define X509_V_ERR_UNNESTED_RESOURCE 44 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -362,6 +383,13 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_FLAG_INHIBIT_MAP 0x400 /* Notify callback that policy is OK */ #define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +#define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check selfsigned CA signature */ +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + #define X509_VP_FLAG_DEFAULT 0x1 #define X509_VP_FLAG_OVERWRITE 0x2 @@ -384,11 +412,16 @@ void X509_OBJECT_free_contents(X509_OBJECT *a); X509_STORE *X509_STORE_new(void ); void X509_STORE_free(X509_STORE *v); +STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); + X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); @@ -447,6 +480,9 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); diff --git a/src/lib/libssl/src/crypto/x509/x509cset.c b/src/lib/libssl/src/crypto/x509/x509cset.c index 7f4004b291..3109defb0b 100644 --- a/src/lib/libssl/src/crypto/x509/x509cset.c +++ b/src/lib/libssl/src/crypto/x509/x509cset.c @@ -81,7 +81,7 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) } -int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) { ASN1_TIME *in; @@ -99,7 +99,7 @@ int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) return(in != NULL); } -int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) { ASN1_TIME *in; diff --git a/src/lib/libssl/src/crypto/x509/x509name.c b/src/lib/libssl/src/crypto/x509/x509name.c index 068abfe5f0..27bc4dc9a3 100644 --- a/src/lib/libssl/src/crypto/x509/x509name.c +++ b/src/lib/libssl/src/crypto/x509/x509name.c @@ -356,7 +356,7 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, return ASN1_STRING_set_by_NID(&ne->value, bytes, len, type, OBJ_obj2nid(ne->object)) ? 1 : 0; - if (len < 0) len=strlen((char *)bytes); + if (len < 0) len=strlen((const char *)bytes); i=ASN1_STRING_set(ne->value,bytes,len); if (!i) return(0); if (type != V_ASN1_UNDEF) diff --git a/src/lib/libssl/src/crypto/x509/x509type.c b/src/lib/libssl/src/crypto/x509/x509type.c index 2cd994c5b0..3385ad3f67 100644 --- a/src/lib/libssl/src/crypto/x509/x509type.c +++ b/src/lib/libssl/src/crypto/x509/x509type.c @@ -91,6 +91,10 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) break; case EVP_PKEY_DH: ret=EVP_PK_DH|EVP_PKT_EXCH; + break; + case NID_id_GostR3410_94: + case NID_id_GostR3410_2001: + ret=EVP_PKT_EXCH|EVP_PKT_SIGN; break; default: break; diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c index 9039caad60..ebae30b701 100644 --- a/src/lib/libssl/src/crypto/x509/x_all.c +++ b/src/lib/libssl/src/crypto/x509/x_all.c @@ -57,7 +57,6 @@ */ #include -#undef SSLEAY_MACROS #include #include "cryptlib.h" #include @@ -83,12 +82,6 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) a->sig_alg,a->signature,a->req_info,r)); } -int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) - { - return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), - a->sig_alg, a->signature,a->crl,r)); - } - int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), diff --git a/src/lib/libssl/src/crypto/x509v3/Makefile b/src/lib/libssl/src/crypto/x509v3/Makefile index e71dc42f9f..556ef351bf 100644 --- a/src/lib/libssl/src/crypto/x509v3/Makefile +++ b/src/lib/libssl/src/crypto/x509v3/Makefile @@ -43,7 +43,7 @@ top: all: lib lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -90,8 +90,8 @@ pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_cache.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_cache.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_cache.o: ../../include/openssl/objects.h pcy_cache.o: ../../include/openssl/opensslconf.h pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -105,9 +105,8 @@ pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_data.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_data.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_data.o: ../../include/openssl/opensslconf.h +pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -120,36 +119,35 @@ pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_lib.c +pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_map.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_map.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_map.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pcy_map.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pcy_map.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pcy_map.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcy_map.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pcy_map.o: ../../include/openssl/x509v3.h ../cryptlib.h pcy_int.h pcy_map.c +pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h -pcy_node.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_node.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_node.o: ../../include/openssl/opensslconf.h +pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -162,9 +160,8 @@ pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pcy_tree.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -pcy_tree.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pcy_tree.o: ../../include/openssl/opensslconf.h +pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -177,39 +174,37 @@ v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_addr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_addr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_addr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_addr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_addr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_addr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_addr.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_addr.o: ../cryptlib.h v3_addr.c +v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c +v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_akeya.o: ../../include/openssl/opensslconf.h v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -221,15 +216,14 @@ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c +v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -237,23 +231,23 @@ v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_asid.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_asid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_asid.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_asid.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_asid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_asid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_asid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_asid.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_asid.c +v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_asid.o: ../cryptlib.h v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_bcons.o: ../../include/openssl/opensslconf.h v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -266,9 +260,8 @@ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bitst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_bitst.o: ../../include/openssl/opensslconf.h +v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -281,23 +274,23 @@ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_conf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c +v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_conf.o: ../cryptlib.h v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_cpols.o: ../../include/openssl/opensslconf.h v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -310,38 +303,37 @@ v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c +v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_enum.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c +v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_enum.o: ../cryptlib.h v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_extku.o: ../../include/openssl/opensslconf.h v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -354,81 +346,76 @@ v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c +v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c +v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_info.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c +v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_int.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c +v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c +v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_ncons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ncons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_ncons.o: ../../include/openssl/opensslconf.h v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -441,52 +428,49 @@ v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c +v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h +v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pci.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pci.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pci.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pci.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pci.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pci.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pci.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pci.o: ../cryptlib.h v3_pci.c +v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcia.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcia.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pcia.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pcia.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pcia.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pcia.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pcia.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcia.o: v3_pcia.c +v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pcons.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pcons.o: ../../include/openssl/opensslconf.h v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -499,24 +483,23 @@ v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pku.o: ../cryptlib.h v3_pku.c +v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_pmaps.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_pmaps.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_pmaps.o: ../../include/openssl/opensslconf.h v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -528,52 +511,51 @@ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c +v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_purp.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c +v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_purp.o: ../cryptlib.h v3_purp.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_skey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c +v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_skey.o: ../cryptlib.h v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3_sxnet.o: ../../include/openssl/opensslconf.h v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -586,25 +568,24 @@ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_utl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c +v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_utl.o: ../cryptlib.h v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h -v3err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c +v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +v3err.o: ../../include/openssl/x509v3.h v3err.c diff --git a/src/lib/libssl/src/crypto/x509v3/ext_dat.h b/src/lib/libssl/src/crypto/x509v3/ext_dat.h index 3eaec46f8a..76daee6fcd 100644 --- a/src/lib/libssl/src/crypto/x509v3/ext_dat.h +++ b/src/lib/libssl/src/crypto/x509v3/ext_dat.h @@ -61,21 +61,19 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; -extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld; +extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; -#ifndef OPENSSL_NO_RFC3779 +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; extern X509V3_EXT_METHOD v3_addr, v3_asid; -#endif /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. */ -static X509V3_EXT_METHOD *standard_exts[] = { +static const X509V3_EXT_METHOD *standard_exts[] = { &v3_nscert, &v3_ns_ia5_list[0], &v3_ns_ia5_list[1], @@ -122,7 +120,10 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_pci, &v3_name_constraints, &v3_policy_mappings, -&v3_inhibit_anyp +&v3_inhibit_anyp, +&v3_idp, +&v3_alt[2], +&v3_freshest_crl, }; /* Number of standard extensions */ diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c index 58b2952478..d29d94338e 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c @@ -82,6 +82,12 @@ NULL, NULL, NULL}, (X509V3_EXT_I2V)i2v_GENERAL_NAMES, (X509V3_EXT_V2I)v2i_issuer_alt, NULL, NULL, NULL}, + +{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), +0,0,0,0, +0,0, +(X509V3_EXT_I2V)i2v_GENERAL_NAMES, +NULL, NULL, NULL, NULL}, }; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, @@ -360,6 +366,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) if (move_p) { X509_NAME_delete_entry(nm, i); + X509_NAME_ENTRY_free(ne); i--; } if(!email || !(gen = GENERAL_NAME_new())) { @@ -386,8 +393,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) } -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; GENERAL_NAMES *gens = NULL; @@ -408,28 +415,22 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, return NULL; } -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf) +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } -GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf, int is_nc) +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, char *value, int is_nc) { char is_string = 0; - int type; GENERAL_NAME *gen = NULL; - char *name, *value; - - name = cnf->name; - value = cnf->value; - if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); return NULL; } @@ -440,74 +441,62 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, gen = GENERAL_NAME_new(); if(gen == NULL) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); return NULL; } } - if(!name_cmp(name, "email")) - { - is_string = 1; - type = GEN_EMAIL; - } - else if(!name_cmp(name, "URI")) - { - is_string = 1; - type = GEN_URI; - } - else if(!name_cmp(name, "DNS")) + switch (gen_type) { + case GEN_URI: + case GEN_EMAIL: + case GEN_DNS: is_string = 1; - type = GEN_DNS; - } - else if(!name_cmp(name, "RID")) + break; + + case GEN_RID: { ASN1_OBJECT *obj; if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; } gen->d.rid = obj; - type = GEN_RID; } - else if(!name_cmp(name, "IP")) - { + break; + + case GEN_IPADD: if (is_nc) gen->d.ip = a2i_IPADDRESS_NC(value); else gen->d.ip = a2i_IPADDRESS(value); if(gen->d.ip == NULL) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; } - type = GEN_IPADD; - } - else if(!name_cmp(name, "dirName")) - { - type = GEN_DIRNAME; + break; + + case GEN_DIRNAME: if (!do_dirname(gen, value, ctx)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); goto err; } - } - else if(!name_cmp(name, "otherName")) - { + break; + + case GEN_OTHERNAME: if (!do_othername(gen, value, ctx)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); goto err; } - type = GEN_OTHERNAME; - } - else - { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); + break; + default: + X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE); goto err; } @@ -517,12 +506,12 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); goto err; } } - gen->type = type; + gen->type = gen_type; return gen; @@ -532,6 +521,48 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, return NULL; } +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) + { + int type; + + char *name, *value; + + name = cnf->name; + value = cnf->value; + + if(!value) + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); + return NULL; + } + + if(!name_cmp(name, "email")) + type = GEN_EMAIL; + else if(!name_cmp(name, "URI")) + type = GEN_URI; + else if(!name_cmp(name, "DNS")) + type = GEN_DNS; + else if(!name_cmp(name, "RID")) + type = GEN_RID; + else if(!name_cmp(name, "IP")) + type = GEN_IPADD; + else if(!name_cmp(name, "dirName")) + type = GEN_DIRNAME; + else if(!name_cmp(name, "otherName")) + type = GEN_OTHERNAME; + else + { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); + return NULL; + } + + return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + + } + static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; @@ -577,6 +608,7 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) if (!ret) X509_NAME_free(nm); gen->d.dirn = nm; + X509V3_section_free(ctx, sk); return ret; } diff --git a/src/lib/libssl/src/crypto/x509v3/v3_conf.c b/src/lib/libssl/src/crypto/x509v3/v3_conf.c index 11eb6b7fd5..6730f9a6ee 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_conf.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_conf.c @@ -72,14 +72,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, in static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); +static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc); static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) + char *value) { int crit; int ext_type; @@ -99,7 +99,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, /* CONF *conf: Config file */ /* char *value: Value */ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) + char *value) { int crit; int ext_type; @@ -113,9 +113,9 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, /* CONF *conf: Config file */ /* char *value: Value */ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) + int crit, char *value) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; @@ -172,8 +172,8 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, } -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc) +static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc) { unsigned char *ext_der; int ext_len; @@ -214,7 +214,7 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); return NULL; @@ -258,7 +258,8 @@ static int v3_check_generic(char **value) /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int gen_type, X509V3_CTX *ctx) + int crit, int gen_type, + X509V3_CTX *ctx) { unsigned char *ext_der=NULL; long ext_len; @@ -322,7 +323,7 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk) + STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; @@ -343,7 +344,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, /* Convenience functions to add extensions to a certificate, CRL and request */ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert) + X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; if (cert) @@ -354,7 +355,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, /* Same as above but for a CRL */ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) + X509_CRL *crl) { STACK_OF(X509_EXTENSION) **sk = NULL; if (crl) @@ -443,7 +444,7 @@ void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) } void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) + X509_CRL *crl, int flags) { ctx->issuer_cert = issuer; ctx->subject_cert = subj; @@ -454,8 +455,8 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, /* Old conf compatibility functions */ -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value) +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *name, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -464,8 +465,8 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, /* LHASH *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, - char *value) +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + int ext_nid, char *value) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -489,14 +490,14 @@ NULL, NULL }; -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) { ctx->db_meth = &conf_lhash_method; ctx->db = lhash; } -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert) +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509 *cert) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -505,8 +506,8 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl) { CONF ctmp; CONF_set_nconf(&ctmp, conf); @@ -515,8 +516,8 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req) { CONF ctmp; CONF_set_nconf(&ctmp, conf); diff --git a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c index ad0506d75c..1f0798b946 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_cpols.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_cpols.c @@ -450,5 +450,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) else BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); } - + + IMPLEMENT_STACK_OF(X509_POLICY_NODE) +IMPLEMENT_STACK_OF(X509_POLICY_DATA) + diff --git a/src/lib/libssl/src/crypto/x509v3/v3_crld.c b/src/lib/libssl/src/crypto/x509v3/v3_crld.c index 181a8977b1..790a6dd032 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_crld.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_crld.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -63,45 +63,254 @@ #include #include -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -const X509V3_EXT_METHOD v3_crld = { -NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_crld, -(X509V3_EXT_V2I)v2i_crld, -0,0, -NULL +static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, + int indent); + +const X509V3_EXT_METHOD v3_crld = + { + NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), + 0,0,0,0, + 0,0, + 0, + v2i_crld, + i2r_crldp,0, + NULL + }; + +const X509V3_EXT_METHOD v3_freshest_crl = + { + NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), + 0,0,0,0, + 0,0, + 0, + v2i_crld, + i2r_crldp,0, + NULL + }; + +static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) + { + STACK_OF(CONF_VALUE) *gnsect; + STACK_OF(GENERAL_NAME) *gens; + if (*sect == '@') + gnsect = X509V3_get_section(ctx, sect + 1); + else + gnsect = X509V3_parse_list(sect); + if (!gnsect) + { + X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, + X509V3_R_SECTION_NOT_FOUND); + return NULL; + } + gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); + if (*sect == '@') + X509V3_section_free(ctx, gnsect); + else + sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); + return gens; + } + +static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, + CONF_VALUE *cnf) + { + STACK_OF(GENERAL_NAME) *fnm = NULL; + STACK_OF(X509_NAME_ENTRY) *rnm = NULL; + if (!strncmp(cnf->name, "fullname", 9)) + { + fnm = gnames_from_sectname(ctx, cnf->value); + if (!fnm) + goto err; + } + else if (!strcmp(cnf->name, "relativename")) + { + int ret; + STACK_OF(CONF_VALUE) *dnsect; + X509_NAME *nm; + nm = X509_NAME_new(); + if (!nm) + return -1; + dnsect = X509V3_get_section(ctx, cnf->value); + if (!dnsect) + { + X509V3err(X509V3_F_SET_DIST_POINT_NAME, + X509V3_R_SECTION_NOT_FOUND); + return -1; + } + ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); + X509V3_section_free(ctx, dnsect); + rnm = nm->entries; + nm->entries = NULL; + X509_NAME_free(nm); + if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0) + goto err; + /* Since its a name fragment can't have more than one + * RDNSequence + */ + if (sk_X509_NAME_ENTRY_value(rnm, + sk_X509_NAME_ENTRY_num(rnm) - 1)->set) + { + X509V3err(X509V3_F_SET_DIST_POINT_NAME, + X509V3_R_INVALID_MULTIPLE_RDNS); + goto err; + } + } + else + return 0; + + if (*pdp) + { + X509V3err(X509V3_F_SET_DIST_POINT_NAME, + X509V3_R_DISTPOINT_ALREADY_SET); + goto err; + } + + *pdp = DIST_POINT_NAME_new(); + if (!*pdp) + goto err; + if (fnm) + { + (*pdp)->type = 0; + (*pdp)->name.fullname = fnm; + } + else + { + (*pdp)->type = 1; + (*pdp)->name.relativename = rnm; + } + + return 1; + + err: + if (fnm) + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + if (rnm) + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + return -1; + } + +static const BIT_STRING_BITNAME reason_flags[] = { +{0, "Unused", "unused"}, +{1, "Key Compromise", "keyCompromise"}, +{2, "CA Compromise", "CACompromise"}, +{3, "Affiliation Changed", "affiliationChanged"}, +{4, "Superseded", "superseded"}, +{5, "Cessation Of Operation", "cessationOfOperation"}, +{6, "Certificate Hold", "certificateHold"}, +{7, "Privilege Withdrawn", "privilegeWithdrawn"}, +{8, "AA Compromise", "AACompromise"}, +{-1, NULL, NULL} }; -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) -{ - DIST_POINT *point; +static int set_reasons(ASN1_BIT_STRING **preas, char *value) + { + STACK_OF(CONF_VALUE) *rsk = NULL; + const BIT_STRING_BITNAME *pbn; + const char *bnam; + int i, ret = 0; + rsk = X509V3_parse_list(value); + if (!rsk) + return 0; + if (*preas) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) + { + bnam = sk_CONF_VALUE_value(rsk, i)->name; + if (!*preas) + { + *preas = ASN1_BIT_STRING_new(); + if (!*preas) + goto err; + } + for (pbn = reason_flags; pbn->lname; pbn++) + { + if (!strcmp(pbn->sname, bnam)) + { + if (!ASN1_BIT_STRING_set_bit(*preas, + pbn->bitnum, 1)) + goto err; + break; + } + } + if (!pbn->lname) + goto err; + } + ret = 1; + + err: + sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); + return ret; + } + +static int print_reasons(BIO *out, const char *rname, + ASN1_BIT_STRING *rflags, int indent) + { + int first = 1; + const BIT_STRING_BITNAME *pbn; + BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); + for (pbn = reason_flags; pbn->lname; pbn++) + { + if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) + { + if (first) + first = 0; + else + BIO_puts(out, ", "); + BIO_puts(out, pbn->lname); + } + } + if (first) + BIO_puts(out, "\n"); + else + BIO_puts(out, "\n"); + return 1; + } + +static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) + { int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) { - point = sk_DIST_POINT_value(crld, i); - if(point->distpoint) { - if(point->distpoint->type == 0) - exts = i2v_GENERAL_NAMES(NULL, - point->distpoint->name.fullname, exts); - else X509V3_add_value("RelativeName","", &exts); + CONF_VALUE *cnf; + DIST_POINT *point = NULL; + point = DIST_POINT_new(); + if (!point) + goto err; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) + { + int ret; + cnf = sk_CONF_VALUE_value(nval, i); + ret = set_dist_point_name(&point->distpoint, ctx, cnf); + if (ret > 0) + continue; + if (ret < 0) + goto err; + if (!strcmp(cnf->name, "reasons")) + { + if (!set_reasons(&point->reasons, cnf->value)) + goto err; + } + else if (!strcmp(cnf->name, "CRLissuer")) + { + point->CRLissuer = + gnames_from_sectname(ctx, cnf->value); + if (!point->CRLissuer) + goto err; + } } - if(point->reasons) - X509V3_add_value("reasons","", &exts); - if(point->CRLissuer) - X509V3_add_value("CRLissuer","", &exts); + + return point; + + + err: + if (point) + DIST_POINT_free(point); + return NULL; } - return exts; -} -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ +static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; @@ -111,19 +320,44 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; cnf = sk_CONF_VALUE_value(nval, i); - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - if(!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; - gen = NULL; - if(!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; - } - if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; - point->distpoint->name.fullname = gens; - point->distpoint->type = 0; - gens = NULL; + if (!cnf->value) + { + STACK_OF(CONF_VALUE) *dpsect; + dpsect = X509V3_get_section(ctx, cnf->name); + if (!dpsect) + goto err; + point = crldp_from_section(ctx, dpsect); + X509V3_section_free(ctx, dpsect); + if (!point) + goto err; + if(!sk_DIST_POINT_push(crld, point)) + { + DIST_POINT_free(point); + goto merr; + } + } + else + { + if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if(!(gens = GENERAL_NAMES_new())) + goto merr; + if(!sk_GENERAL_NAME_push(gens, gen)) + goto merr; + gen = NULL; + if(!(point = DIST_POINT_new())) + goto merr; + if(!sk_DIST_POINT_push(crld, point)) + { + DIST_POINT_free(point); + goto merr; + } + if(!(point->distpoint = DIST_POINT_NAME_new())) + goto merr; + point->distpoint->name.fullname = gens; + point->distpoint->type = 0; + gens = NULL; + } } return crld; @@ -139,11 +373,31 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, IMPLEMENT_STACK_OF(DIST_POINT) IMPLEMENT_ASN1_SET_OF(DIST_POINT) +static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) + { + DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; + + switch(operation) + { + case ASN1_OP_NEW_POST: + dpn->dpname = NULL; + break; + + case ASN1_OP_FREE_POST: + if (dpn->dpname) + X509_NAME_free(dpn->dpname); + break; + } + return 1; + } + -ASN1_CHOICE(DIST_POINT_NAME) = { +ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) -} ASN1_CHOICE_END(DIST_POINT_NAME) +} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type) + IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) @@ -160,3 +414,203 @@ ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) + +ASN1_SEQUENCE(ISSUING_DIST_POINT) = { + ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3), + ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4), + ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5) +} ASN1_SEQUENCE_END(ISSUING_DIST_POINT) + +IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, + int indent); +static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); + +const X509V3_EXT_METHOD v3_idp = + { + NID_issuing_distribution_point, X509V3_EXT_MULTILINE, + ASN1_ITEM_ref(ISSUING_DIST_POINT), + 0,0,0,0, + 0,0, + 0, + v2i_idp, + i2r_idp,0, + NULL + }; + +static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) + { + ISSUING_DIST_POINT *idp = NULL; + CONF_VALUE *cnf; + char *name, *val; + int i, ret; + idp = ISSUING_DIST_POINT_new(); + if (!idp) + goto merr; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) + { + cnf = sk_CONF_VALUE_value(nval, i); + name = cnf->name; + val = cnf->value; + ret = set_dist_point_name(&idp->distpoint, ctx, cnf); + if (ret > 0) + continue; + if (ret < 0) + goto err; + if (!strcmp(name, "onlyuser")) + { + if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) + goto err; + } + else if (!strcmp(name, "onlyCA")) + { + if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) + goto err; + } + else if (!strcmp(name, "onlyAA")) + { + if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) + goto err; + } + else if (!strcmp(name, "indirectCRL")) + { + if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) + goto err; + } + else if (!strcmp(name, "onlysomereasons")) + { + if (!set_reasons(&idp->onlysomereasons, val)) + goto err; + } + else + { + X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME); + X509V3_conf_err(cnf); + goto err; + } + } + return idp; + + merr: + X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE); + err: + ISSUING_DIST_POINT_free(idp); + return NULL; + } + +static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) + { + int i; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) + { + BIO_printf(out, "%*s", indent + 2, ""); + GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); + BIO_puts(out, "\n"); + } + return 1; + } + +static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) + { + if (dpn->type == 0) + { + BIO_printf(out, "%*sFull Name:\n", indent, ""); + print_gens(out, dpn->name.fullname, indent); + } + else + { + X509_NAME ntmp; + ntmp.entries = dpn->name.relativename; + BIO_printf(out, "%*sRelative Name:\n%*s", + indent, "", indent + 2, ""); + X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); + BIO_puts(out, "\n"); + } + return 1; + } + +static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, + int indent) + { + ISSUING_DIST_POINT *idp = pidp; + if (idp->distpoint) + print_distpoint(out, idp->distpoint, indent); + if (idp->onlyuser > 0) + BIO_printf(out, "%*sOnly User Certificates\n", indent, ""); + if (idp->onlyCA > 0) + BIO_printf(out, "%*sOnly CA Certificates\n", indent, ""); + if (idp->indirectCRL > 0) + BIO_printf(out, "%*sIndirect CRL\n", indent, ""); + if (idp->onlysomereasons) + print_reasons(out, "Only Some Reasons", + idp->onlysomereasons, indent); + if (idp->onlyattr > 0) + BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); + if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) + && (idp->indirectCRL <= 0) && !idp->onlysomereasons + && (idp->onlyattr <= 0)) + BIO_printf(out, "%*s\n", indent, ""); + + return 1; + } + +static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, + int indent) + { + STACK_OF(DIST_POINT) *crld = pcrldp; + DIST_POINT *point; + int i; + for(i = 0; i < sk_DIST_POINT_num(crld); i++) + { + BIO_puts(out, "\n"); + point = sk_DIST_POINT_value(crld, i); + if(point->distpoint) + print_distpoint(out, point->distpoint, indent); + if(point->reasons) + print_reasons(out, "Reasons", point->reasons, + indent); + if(point->CRLissuer) + { + BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); + print_gens(out, point->CRLissuer, indent); + } + } + return 1; + } + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) + { + int i; + STACK_OF(X509_NAME_ENTRY) *frag; + X509_NAME_ENTRY *ne; + if (!dpn || (dpn->type != 1)) + return 1; + frag = dpn->name.relativename; + dpn->dpname = X509_NAME_dup(iname); + if (!dpn->dpname) + return 0; + for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) + { + ne = sk_X509_NAME_ENTRY_value(frag, i); + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) + { + X509_NAME_free(dpn->dpname); + dpn->dpname = NULL; + return 0; + } + } + /* generate cached encoding of name */ + if (i2d_X509_NAME(dpn->dpname, NULL) < 0) + { + X509_NAME_free(dpn->dpname); + dpn->dpname = NULL; + return 0; + } + return 1; + } diff --git a/src/lib/libssl/src/crypto/x509v3/v3_enum.c b/src/lib/libssl/src/crypto/x509v3/v3_enum.c index 36576eaa4d..c0575e368d 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_enum.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_enum.c @@ -61,14 +61,17 @@ #include static ENUMERATED_NAMES crl_reasons[] = { -{0, "Unspecified", "unspecified"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{8, "Remove From CRL", "removeFromCRL"}, +{CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, +{CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, +{CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, +{CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", "affiliationChanged"}, +{CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, +{CRL_REASON_CESSATION_OF_OPERATION, + "Cessation Of Operation", "cessationOfOperation"}, +{CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, +{CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, +{CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"}, +{CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, {-1, NULL, NULL} }; diff --git a/src/lib/libssl/src/crypto/x509v3/v3_extku.c b/src/lib/libssl/src/crypto/x509v3/v3_extku.c index c0d14500ed..1c66532757 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_extku.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_extku.c @@ -63,9 +63,10 @@ #include #include -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist); const X509V3_EXT_METHOD v3_ext_ku = { @@ -97,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +static STACK_OF(CONF_VALUE) * + i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { EXTENDED_KEY_USAGE *eku = a; int i; @@ -112,8 +114,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { EXTENDED_KEY_USAGE *extku; char *extval; diff --git a/src/lib/libssl/src/crypto/x509v3/v3_genn.c b/src/lib/libssl/src/crypto/x509v3/v3_genn.c index 84b4b1c881..b628357301 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_genn.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_genn.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -99,3 +99,154 @@ ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) + +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a) + { + return (GENERAL_NAME *) ASN1_dup((i2d_of_void *) i2d_GENERAL_NAME, + (d2i_of_void *) d2i_GENERAL_NAME, + (char *) a); + } + +/* Returns 0 if they are equal, != 0 otherwise. */ +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) + { + int result = -1; + + if (!a || !b || a->type != b->type) return -1; + switch(a->type) + { + case GEN_X400: + case GEN_EDIPARTY: + result = ASN1_TYPE_cmp(a->d.other, b->d.other); + break; + + case GEN_OTHERNAME: + result = OTHERNAME_cmp(a->d.otherName, b->d.otherName); + break; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5); + break; + + case GEN_DIRNAME: + result = X509_NAME_cmp(a->d.dirn, b->d.dirn); + break; + + case GEN_IPADD: + result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip); + break; + + case GEN_RID: + result = OBJ_cmp(a->d.rid, b->d.rid); + break; + } + return result; + } + +/* Returns 0 if they are equal, != 0 otherwise. */ +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b) + { + int result = -1; + + if (!a || !b) return -1; + /* Check their type first. */ + if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0) + return result; + /* Check the value. */ + result = ASN1_TYPE_cmp(a->value, b->value); + return result; + } + +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) + { + switch(type) + { + case GEN_X400: + case GEN_EDIPARTY: + a->d.other = value; + break; + + case GEN_OTHERNAME: + a->d.otherName = value; + break; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + a->d.ia5 = value; + break; + + case GEN_DIRNAME: + a->d.dirn = value; + break; + + case GEN_IPADD: + a->d.ip = value; + break; + + case GEN_RID: + a->d.rid = value; + break; + } + a->type = type; + } + +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) + { + if (ptype) + *ptype = a->type; + switch(a->type) + { + case GEN_X400: + case GEN_EDIPARTY: + return a->d.other; + + case GEN_OTHERNAME: + return a->d.otherName; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + return a->d.ia5; + + case GEN_DIRNAME: + return a->d.dirn; + + case GEN_IPADD: + return a->d.ip; + + case GEN_RID: + return a->d.rid; + + default: + return NULL; + } + } + +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value) + { + OTHERNAME *oth; + oth = OTHERNAME_new(); + if (!oth) + return 0; + oth->type_id = oid; + oth->value = value; + GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); + return 1; + } + +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue) + { + if (gen->type != GEN_OTHERNAME) + return 0; + if (poid) + *poid = gen->d.otherName->type_id; + if (pvalue) + *pvalue = gen->d.otherName->value; + return 1; + } + diff --git a/src/lib/libssl/src/crypto/x509v3/v3_lib.c b/src/lib/libssl/src/crypto/x509v3/v3_lib.c index df3a48f43e..0f1e1d4422 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_lib.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_lib.c @@ -84,20 +84,24 @@ int X509V3_EXT_add(X509V3_EXT_METHOD *ext) } static int ext_cmp(const X509V3_EXT_METHOD * const *a, - const X509V3_EXT_METHOD * const *b) + const X509V3_EXT_METHOD * const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) +DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *, + ext); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, + const X509V3_EXT_METHOD *, ext); + +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) { - X509V3_EXT_METHOD tmp, *t = &tmp, **ret; + X509V3_EXT_METHOD tmp; + const X509V3_EXT_METHOD *t = &tmp, * const *ret; int idx; if(nid < 0) return NULL; tmp.ext_nid = nid; - ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); + ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); if(ret) return *ret; if(!ext_list) return NULL; idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); @@ -105,7 +109,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) return sk_X509V3_EXT_METHOD_value(ext_list, idx); } -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) { int nid; if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; @@ -122,7 +126,9 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) int X509V3_EXT_add_alias(int nid_to, int nid_from) { - X509V3_EXT_METHOD *ext, *tmpext; + const X509V3_EXT_METHOD *ext; + X509V3_EXT_METHOD *tmpext; + if(!(ext = X509V3_EXT_get_nid(nid_from))) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); return 0; @@ -161,7 +167,7 @@ int X509V3_add_standard_extensions(void) void *X509V3_EXT_d2i(X509_EXTENSION *ext) { - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; const unsigned char *p; if(!(method = X509V3_EXT_get(ext))) return NULL; diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c index e426ea930c..0c165af314 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_ocsp.c @@ -68,19 +68,26 @@ /* OCSP extensions and a couple of CRL entry extensions */ -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, + void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str); +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind); const X509V3_EXT_METHOD v3_ocsp_crlid = { NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), @@ -148,44 +155,47 @@ const X509V3_EXT_METHOD v3_ocsp_serviceloc = { NULL }; -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, + int ind) { OCSP_CRLID *a = in; if (a->crlUrl) { - if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err; + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (a->crlNum) { - if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err; - if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } if (a->crlTime) { - if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err; + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; + if (BIO_write(bp, "\n", 1) <= 0) goto err; } return 1; err: return 0; } -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, + BIO *bp, int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; return 1; } -static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) +static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, + int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; - if(!i2a_ASN1_OBJECT(bp, oid)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; + if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; return 1; } @@ -232,7 +242,8 @@ static void ocsp_nonce_free(void *a) M_ASN1_OCTET_STRING_free(a); } -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent) { if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; @@ -241,17 +252,20 @@ static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int /* Nocheck is just a single NULL. Don't print anything and always set it */ -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, + BIO *out, int indent) { return 1; } -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { return ASN1_NULL_new(); } -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind) { int i; OCSP_SERVICELOC *a = in; diff --git a/src/lib/libssl/src/crypto/x509v3/v3_pci.c b/src/lib/libssl/src/crypto/x509v3/v3_pci.c index 601211f416..0dcfa004fe 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_pci.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_pci.c @@ -82,7 +82,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*language) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -97,7 +97,7 @@ static int process_pci_value(CONF_VALUE *val, { if (*pathlen) { - X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); X509V3_conf_err(val); return 0; } @@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val, unsigned char *tmp_data2 = string_to_hex(val->value + 4, &val_len); - if (!tmp_data2) goto err; + if (!tmp_data2) + { + X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); @@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + OPENSSL_free(tmp_data2); + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + OPENSSL_free(tmp_data2); } else if (strncmp(val->value, "file:", 5) == 0) { @@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += n; (*policy)->data[(*policy)->length] = '\0'; } + BIO_free_all(b); if (n < 0) { @@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val, (*policy)->length += val_len; (*policy)->data[(*policy)->length] = '\0'; } + else + { + /* realloc failure implies the original data space is b0rked too! */ + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } } else { diff --git a/src/lib/libssl/src/crypto/x509v3/v3_prn.c b/src/lib/libssl/src/crypto/x509v3/v3_prn.c index c1bb17f105..3146218708 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_prn.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_prn.c @@ -110,7 +110,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde void *ext_str = NULL; char *value = NULL; const unsigned char *p; - X509V3_EXT_METHOD *method; + const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c index e18751e01c..181bd34979 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c @@ -71,6 +71,7 @@ static int purpose_smime(const X509 *x, int ca); static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca); static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); @@ -87,6 +88,7 @@ static X509_PURPOSE xstandard[] = { {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, + {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL}, }; #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) @@ -265,11 +267,14 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp) return xp->trust; } -static int nid_cmp(int *a, int *b) +static int nid_cmp(const int *a, const int *b) { return *a - *b; } +DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid); +IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid); + int X509_supported_extension(X509_EXTENSION *ex) { /* This table is a list of the NIDs of supported extensions: @@ -280,7 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex) * searched using bsearch. */ - static int supported_nids[] = { + static const int supported_nids[] = { NID_netscape_cert_type, /* 71 */ NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ @@ -292,24 +297,62 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_sbgp_autonomousSysNum, /* 291 */ #endif NID_policy_constraints, /* 401 */ - NID_proxyCertInfo, /* 661 */ + NID_proxyCertInfo, /* 663 */ + NID_name_constraints, /* 666 */ + NID_policy_mappings, /* 747 */ NID_inhibit_any_policy /* 748 */ }; - int ex_nid; - - ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, - sizeof(supported_nids)/sizeof(int), sizeof(int), - (int (*)(const void *, const void *))nid_cmp)) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, + sizeof(supported_nids)/sizeof(int))) return 1; return 0; } - + +static void setup_dp(X509 *x, DIST_POINT *dp) + { + X509_NAME *iname = NULL; + int i; + if (dp->reasons) + { + if (dp->reasons->length > 0) + dp->dp_reasons = dp->reasons->data[0]; + if (dp->reasons->length > 1) + dp->dp_reasons |= (dp->reasons->data[1] << 8); + dp->dp_reasons &= CRLDP_ALL_REASONS; + } + else + dp->dp_reasons = CRLDP_ALL_REASONS; + if (!dp->distpoint || (dp->distpoint->type != 1)) + return; + for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) + { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); + if (gen->type == GEN_DIRNAME) + { + iname = gen->d.directoryName; + break; + } + } + if (!iname) + iname = X509_get_issuer_name(x); + + DIST_POINT_set_dpname(dp->distpoint, iname); + + } + +static void setup_crldp(X509 *x) + { + int i; + x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) + setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); + } static void x509v3_cache_extensions(X509 *x) { @@ -417,16 +460,25 @@ static void x509v3_cache_extensions(X509 *x) } x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); + x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); + if (!x->nc && (i != -1)) + x->ex_flags |= EXFLAG_INVALID; + setup_crldp(x); + #ifndef OPENSSL_NO_RFC3779 - x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); - x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, - NULL, NULL); + x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); + x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, + NULL, NULL); #endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (!X509_EXTENSION_get_critical(ex)) continue; + if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) + == NID_freshest_crl) + x->ex_flags |= EXFLAG_FRESHEST; if (!X509_supported_extension(ex)) { x->ex_flags |= EXFLAG_CRITICAL; @@ -594,6 +646,41 @@ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) return 1; } +static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, + int ca) +{ + int i_ext; + + /* If ca is true we must return if this is a valid CA certificate. */ + if (ca) return check_ca(x); + + /* + * Check the optional key usage field: + * if Key Usage is present, it must be one of digitalSignature + * and/or nonRepudiation (other values are not consistent and shall + * be rejected). + */ + if ((x->ex_flags & EXFLAG_KUSAGE) + && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || + !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) + return 0; + + /* Only time stamp key usage is permitted and it's required. */ + if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) + return 0; + + /* Extended Key Usage MUST be critical */ + i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0); + if (i_ext >= 0) + { + X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); + if (!X509_EXTENSION_get_critical(ext)) + return 0; + } + + return 1; +} + static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; @@ -618,39 +705,14 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); - if(subject->akid) { - /* Check key ids (if present) */ - if(subject->akid->keyid && issuer->skid && - ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) - return X509_V_ERR_AKID_SKID_MISMATCH; - /* Check serial number */ - if(subject->akid->serial && - ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), - subject->akid->serial)) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; - /* Check issuer name */ - if(subject->akid->issuer) { - /* Ugh, for some peculiar reason AKID includes - * SEQUENCE OF GeneralName. So look for a DirName. - * There may be more than one but we only take any - * notice of the first. - */ - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - X509_NAME *nm = NULL; - int i; - gens = subject->akid->issuer; - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - if(gen->type == GEN_DIRNAME) { - nm = gen->d.dirn; - break; - } - } - if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + + if(subject->akid) + { + int ret = X509_check_akid(issuer, subject->akid); + if (ret != X509_V_OK) + return ret; } - } + if(subject->ex_flags & EXFLAG_PROXY) { if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) @@ -661,3 +723,45 @@ int X509_check_issued(X509 *issuer, X509 *subject) return X509_V_OK; } +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) + { + + if(!akid) + return X509_V_OK; + + /* Check key ids (if present) */ + if(akid->keyid && issuer->skid && + ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) ) + return X509_V_ERR_AKID_SKID_MISMATCH; + /* Check serial number */ + if(akid->serial && + ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + /* Check issuer name */ + if(akid->issuer) + { + /* Ugh, for some peculiar reason AKID includes + * SEQUENCE OF GeneralName. So look for a DirName. + * There may be more than one but we only take any + * notice of the first. + */ + GENERAL_NAMES *gens; + GENERAL_NAME *gen; + X509_NAME *nm = NULL; + int i; + gens = akid->issuer; + for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) + { + gen = sk_GENERAL_NAME_value(gens, i); + if(gen->type == GEN_DIRNAME) + { + nm = gen->d.dirn; + break; + } + } + if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + } + return X509_V_OK; + } + diff --git a/src/lib/libssl/src/crypto/x509v3/v3_utl.c b/src/lib/libssl/src/crypto/x509v3/v3_utl.c index 7a45216c00..e030234540 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_utl.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_utl.c @@ -67,9 +67,9 @@ static char *strip_spaces(char *name); static int sk_strcmp(const char * const *a, const char * const *b); -static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); -static void str_free(void *str); -static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens); +static void str_free(OPENSSL_STRING str); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); static int ipv4_from_asc(unsigned char *v4, const char *in); static int ipv6_from_asc(unsigned char *v6, const char *in); @@ -360,10 +360,10 @@ static char *strip_spaces(char *name) * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) */ -char *hex_to_string(unsigned char *buffer, long len) +char *hex_to_string(const unsigned char *buffer, long len) { char *tmp, *q; - unsigned char *p; + const unsigned char *p; int i; const static char hexdig[] = "0123456789ABCDEF"; if(!buffer || !len) return NULL; @@ -389,7 +389,7 @@ char *hex_to_string(unsigned char *buffer, long len) * a buffer */ -unsigned char *string_to_hex(char *str, long *len) +unsigned char *string_to_hex(const char *str, long *len) { unsigned char *hexbuf, *q; unsigned char ch, cl, *p; @@ -463,21 +463,23 @@ static int sk_strcmp(const char * const *a, const char * const *b) return strcmp(*a, *b); } -STACK *X509_get1_email(X509 *x) +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) { GENERAL_NAMES *gens; - STACK *ret; + STACK_OF(OPENSSL_STRING) *ret; + gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); ret = get_email(X509_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return ret; } -STACK *X509_get1_ocsp(X509 *x) +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) { AUTHORITY_INFO_ACCESS *info; - STACK *ret = NULL; + STACK_OF(OPENSSL_STRING) *ret = NULL; int i; + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); if (!info) return NULL; @@ -497,11 +499,12 @@ STACK *X509_get1_ocsp(X509 *x) return ret; } -STACK *X509_REQ_get1_email(X509_REQ *x) +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) { GENERAL_NAMES *gens; STACK_OF(X509_EXTENSION) *exts; - STACK *ret; + STACK_OF(OPENSSL_STRING) *ret; + exts = X509_REQ_get_extensions(x); gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); ret = get_email(X509_REQ_get_subject_name(x), gens); @@ -511,9 +514,9 @@ STACK *X509_REQ_get1_email(X509_REQ *x) } -static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) +static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) { - STACK *ret = NULL; + STACK_OF(OPENSSL_STRING) *ret = NULL; X509_NAME_ENTRY *ne; ASN1_IA5STRING *email; GENERAL_NAME *gen; @@ -536,23 +539,23 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) return ret; } -static void str_free(void *str) +static void str_free(OPENSSL_STRING str) { OPENSSL_free(str); } -static int append_ia5(STACK **sk, ASN1_IA5STRING *email) +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) { char *emtmp; /* First some sanity checks */ if(email->type != V_ASN1_IA5STRING) return 1; if(!email->data || !email->length) return 1; - if(!*sk) *sk = sk_new(sk_strcmp); + if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp); if(!*sk) return 0; /* Don't add duplicates */ - if(sk_find(*sk, (char *)email->data) != -1) return 1; + if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; emtmp = BUF_strdup((char *)email->data); - if(!emtmp || !sk_push(*sk, emtmp)) { + if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { X509_email_free(*sk); *sk = NULL; return 0; @@ -560,9 +563,9 @@ static int append_ia5(STACK **sk, ASN1_IA5STRING *email) return 1; } -void X509_email_free(STACK *sk) +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) { - sk_pop_free(sk, str_free); + sk_OPENSSL_STRING_pop_free(sk, str_free); } /* Convert IP addresses both IPv4 and IPv6 into an diff --git a/src/lib/libssl/src/crypto/x509v3/v3err.c b/src/lib/libssl/src/crypto/x509v3/v3err.c index d538ad8b80..f9f6f1f91f 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3err.c +++ b/src/lib/libssl/src/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* crypto/x509v3/v3err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= { +{ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "A2I_GENERAL_NAME"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, @@ -79,6 +80,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, +{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, @@ -95,6 +97,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, +{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, @@ -110,6 +113,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, +{ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, @@ -141,6 +145,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, {ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, +{ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET),"distpoint already set"}, {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, @@ -154,6 +159,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, +{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, {ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, @@ -187,9 +193,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, {ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, -{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"}, {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, -{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, +{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"}, {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, {ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, @@ -200,6 +206,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"}, {ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"}, {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"}, +{ERR_REASON(X509V3_R_UNSUPPORTED_TYPE) ,"unsupported type"}, {ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"}, {0,NULL} }; diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h index 9ef83da755..b308abe7cd 100644 --- a/src/lib/libssl/src/crypto/x509v3/x509v3.h +++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h @@ -76,12 +76,19 @@ typedef void * (*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE)(void *); typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); -typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); -typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); -typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ @@ -220,24 +227,41 @@ union { GENERAL_NAMES *fullname; STACK_OF(X509_NAME_ENTRY) *relativename; } name; +/* If relativename then this contains the full distribution point name */ +X509_NAME *dpname; } DIST_POINT_NAME; - -typedef struct DIST_POINT_st { +/* All existing reasons */ +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { DIST_POINT_NAME *distpoint; ASN1_BIT_STRING *reasons; GENERAL_NAMES *CRLissuer; -} DIST_POINT; +int dp_reasons; +}; typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; DECLARE_STACK_OF(DIST_POINT) DECLARE_ASN1_SET_OF(DIST_POINT) -typedef struct AUTHORITY_KEYID_st { +struct AUTHORITY_KEYID_st { ASN1_OCTET_STRING *keyid; GENERAL_NAMES *issuer; ASN1_INTEGER *serial; -} AUTHORITY_KEYID; +}; /* Strong extranet structures */ @@ -303,10 +327,10 @@ typedef struct GENERAL_SUBTREE_st { DECLARE_STACK_OF(GENERAL_SUBTREE) -typedef struct NAME_CONSTRAINTS_st { +struct NAME_CONSTRAINTS_st { STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; -} NAME_CONSTRAINTS; +}; typedef struct POLICY_CONSTRAINTS_st { ASN1_INTEGER *requireExplicitPolicy; @@ -329,6 +353,31 @@ typedef struct PROXY_CERT_INFO_EXTENSION_st DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) +struct ISSUING_DIST_POINT_st + { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; + }; + +/* Values in idp_flags field */ +/* IDP present */ +#define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +#define IDP_INVALID 0x2 +/* onlyuser true */ +#define IDP_ONLYUSER 0x4 +/* onlyCA true */ +#define IDP_ONLYCA 0x8 +/* onlyattr true */ +#define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +#define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +#define IDP_REASONS 0x40 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -373,6 +422,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) #define EXFLAG_PROXY 0x400 #define EXFLAG_INVALID_POLICY 0x800 +#define EXFLAG_FRESHEST 0x1000 #define KU_DIGITAL_SIGNATURE 0x0080 #define KU_NON_REPUDIATION 0x0040 @@ -424,9 +474,10 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_CRL_SIGN 6 #define X509_PURPOSE_ANY 7 #define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 #define X509_PURPOSE_MIN 1 -#define X509_PURPOSE_MAX 8 +#define X509_PURPOSE_MAX 9 /* Flags for X509V3_EXT_print() */ @@ -471,6 +522,9 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, @@ -486,11 +540,18 @@ DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); DECLARE_ASN1_FUNCTIONS(OTHERNAME) DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); @@ -507,6 +568,11 @@ DECLARE_ASN1_FUNCTIONS(NOTICEREF) DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) DECLARE_ASN1_FUNCTIONS(DIST_POINT) DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) +DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) @@ -524,11 +590,16 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, char *value, int is_nc); + #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf); -GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); @@ -538,18 +609,23 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + int ext_nid, char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *name, char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); + STACK_OF(CONF_VALUE) **extlist); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); #endif char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); @@ -576,8 +652,8 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); @@ -587,8 +663,8 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -char *hex_to_string(unsigned char *buffer, long len); -unsigned char *string_to_hex(char *str, long *len); +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); int name_cmp(const char *name, const char *cmp); void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, @@ -603,6 +679,7 @@ int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); int X509_PURPOSE_get_count(void); X509_PURPOSE * X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); @@ -616,10 +693,10 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp); void X509_PURPOSE_cleanup(void); int X509_PURPOSE_get_id(X509_PURPOSE *); -STACK *X509_get1_email(X509 *x); -STACK *X509_REQ_get1_email(X509_REQ *x); -void X509_email_free(STACK *sk); -STACK *X509_get1_ocsp(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); @@ -628,6 +705,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype); void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DECLARE_STACK_OF(X509_POLICY_NODE) #ifndef OPENSSL_NO_RFC3779 @@ -787,8 +865,9 @@ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ /* Function codes. */ -#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 -#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 +#define X509V3_F_A2I_GENERAL_NAME 164 +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 #define X509V3_F_DO_DIRNAME 144 @@ -796,6 +875,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_DO_EXT_I2D 135 #define X509V3_F_DO_EXT_NCONF 151 #define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +#define X509V3_F_GNAMES_FROM_SECTNAME 156 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_IA5STRING 149 @@ -812,13 +892,14 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_S2I_ASN1_OCTET_STRING 112 #define X509V3_F_S2I_ASN1_SKEY_ID 114 #define X509V3_F_S2I_SKEY_ID 115 +#define X509V3_F_SET_DIST_POINT_NAME 158 #define X509V3_F_STRING_TO_HEX 113 #define X509V3_F_SXNET_ADD_ID_ASC 125 #define X509V3_F_SXNET_ADD_ID_INTEGER 126 #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 -#define X509V3_F_V2I_ASIDENTIFIERS 158 +#define X509V3_F_V2I_ASIDENTIFIERS 163 #define X509V3_F_V2I_ASN1_BIT_STRING 101 #define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 #define X509V3_F_V2I_AUTHORITY_KEYID 119 @@ -827,6 +908,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 #define X509V3_F_V2I_GENERAL_NAMES 118 #define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_IDP 157 #define X509V3_F_V2I_IPADDRBLOCKS 159 #define X509V3_F_V2I_ISSUER_ALT 153 #define X509V3_F_V2I_NAME_CONSTRAINTS 147 @@ -855,6 +937,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 #define X509V3_R_DIRNAME_ERROR 149 +#define X509V3_R_DISTPOINT_ALREADY_SET 160 #define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -868,12 +951,13 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 -#define X509V3_R_INVALID_ASNUMBER 160 -#define X509V3_R_INVALID_ASRANGE 161 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_ASNUMBER 162 +#define X509V3_R_INVALID_ASRANGE 163 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 -#define X509V3_R_INVALID_INHERITANCE 162 -#define X509V3_R_INVALID_IPADDRESS 163 +#define X509V3_R_INVALID_INHERITANCE 165 +#define X509V3_R_INVALID_IPADDRESS 166 #define X509V3_R_INVALID_NAME 106 #define X509V3_R_INVALID_NULL_ARGUMENT 107 #define X509V3_R_INVALID_NULL_NAME 108 @@ -901,9 +985,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 #define X509V3_R_OPERATION_NOT_DEFINED 148 #define X509V3_R_OTHERNAME_ERROR 147 -#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 #define X509V3_R_POLICY_PATH_LENGTH 156 -#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 #define X509V3_R_SECTION_NOT_FOUND 150 @@ -914,6 +998,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_UNKNOWN_EXTENSION_NAME 130 #define X509V3_R_UNKNOWN_OPTION 120 #define X509V3_R_UNSUPPORTED_OPTION 117 +#define X509V3_R_UNSUPPORTED_TYPE 167 #define X509V3_R_USER_TOO_LONG 132 #ifdef __cplusplus diff --git a/src/lib/libssl/src/demos/engines/rsaref/build.com b/src/lib/libssl/src/demos/engines/rsaref/build.com index b956912916..72b013d45e 100644 --- a/src/lib/libssl/src/demos/engines/rsaref/build.com +++ b/src/lib/libssl/src/demos/engines/rsaref/build.com @@ -7,6 +7,14 @@ $ write sys$error "RSAref 2.0 hasn't been properly extracted." $ exit $ endif $ +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := vax +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$ $ _save_default = f$environment("default") $ set default [.install] $ files := desc,digit,md2c,md5c,nn,prime,- @@ -29,14 +37,8 @@ $ set default [-] $ define/user openssl [---.include.openssl] $ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c $ -$ if f$getsyi("CPU") .ge. 128 +$ if arch .eqs. "VAX" $ then -$ link/share=librsaref.exe sys$input:/option -[]rsaref.obj -[.install]rsaref.olb/lib -[---.axp.exe.crypto]libcrypto.olb/lib -symbol_vector=(bind_engine=procedure,v_check=procedure) -$ else $ macro/object=rsaref_vec.obj sys$input: ; ; Transfer vector for VAX shareable image @@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT []rsaref.obj [.install]rsaref.olb/lib [---.vax.exe.crypto]libcrypto.olb/lib +$ else +$ if arch_name .eqs. "ALPHA" +$ then +$ link/share=librsaref.exe sys$input:/option +[]rsaref.obj +[.install]rsaref.olb/lib +[---.alpha.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ else +$ if arch_name .eqs. "IA64" +$ then +$ link /shareable=librsaref.exe sys$input: /options +[]rsaref.obj +[.install]rsaref.olb/lib +[---.ia64.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ endif +$ endif $ endif $ $ set default '_save_default' diff --git a/src/lib/libssl/src/demos/pkcs12/pkread.c b/src/lib/libssl/src/demos/pkcs12/pkread.c index 8e1b686312..fa8f509237 100644 --- a/src/lib/libssl/src/demos/pkcs12/pkread.c +++ b/src/lib/libssl/src/demos/pkcs12/pkread.c @@ -20,7 +20,7 @@ int main(int argc, char **argv) fprintf(stderr, "Usage: pkread p12file password opfile\n"); exit (1); } - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); if (!(fp = fopen(argv[1], "rb"))) { fprintf(stderr, "Error opening file %s\n", argv[1]); @@ -51,7 +51,7 @@ int main(int argc, char **argv) fprintf(fp, "***User Certificate***\n"); PEM_write_X509_AUX(fp, cert); } - if (ca && sk_num(ca)) { + if (ca && sk_X509_num(ca)) { fprintf(fp, "***Other Certificates***\n"); for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); diff --git a/src/lib/libssl/src/demos/tunala/autoungunk.sh b/src/lib/libssl/src/demos/tunala/autoungunk.sh index 0c9123b6cf..21790880d7 100644 --- a/src/lib/libssl/src/demos/tunala/autoungunk.sh +++ b/src/lib/libssl/src/demos/tunala/autoungunk.sh @@ -15,4 +15,5 @@ fi rm -f aclocal.m4 config.* configure install-sh \ missing mkinstalldirs stamp-h.* Makefile.in \ - ltconfig ltmain.sh + ltconfig ltmain.sh depcomp +rm -rf autom4te.cache diff --git a/src/lib/libssl/src/demos/tunala/cb.c b/src/lib/libssl/src/demos/tunala/cb.c index e64983896e..f6e452ae93 100644 --- a/src/lib/libssl/src/demos/tunala/cb.c +++ b/src/lib/libssl/src/demos/tunala/cb.c @@ -134,8 +134,27 @@ RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) /* TODO: Perhaps make it so our global key can be generated on-the-fly * after certain intervals? */ static RSA *rsa_tmp = NULL; - if(!rsa_tmp) - rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + BIGNUM *bn = NULL; + int ok = 1; + if(!rsa_tmp) { + ok = 0; + if(!(bn = BN_new())) + goto end; + if(!BN_set_word(bn, RSA_F4)) + goto end; + if(!(rsa_tmp = RSA_new())) + goto end; + if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) + goto end; + ok = 1; + } +end: + if(bn) + BN_free(bn); + if(!ok) { + RSA_free(rsa_tmp); + rsa_tmp = NULL; + } return rsa_tmp; } diff --git a/src/lib/libssl/src/demos/tunala/tunala.c b/src/lib/libssl/src/demos/tunala/tunala.c index e918cba2ce..ec49d3e943 100644 --- a/src/lib/libssl/src/demos/tunala/tunala.c +++ b/src/lib/libssl/src/demos/tunala/tunala.c @@ -697,9 +697,11 @@ static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special) abort(); fprintf(stderr, "Info, generating DH parameters ... "); fflush(stderr); - if((dh = DH_generate_parameters(512, DH_GENERATOR_5, - NULL, NULL)) == NULL) { + if(!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512, + DH_GENERATOR_5, NULL)) { fprintf(stderr, "error!\n"); + if(dh) + DH_free(dh); return 0; } fprintf(stderr, "complete\n"); @@ -733,7 +735,7 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, unsigned int verify_depth) { SSL_CTX *ctx = NULL, *ret = NULL; - SSL_METHOD *meth; + const SSL_METHOD *meth; ENGINE *e = NULL; OpenSSL_add_ssl_algorithms(); diff --git a/src/lib/libssl/src/demos/x509/mkcert.c b/src/lib/libssl/src/demos/x509/mkcert.c index c5e67b8e28..6a52e5d0fc 100644 --- a/src/lib/libssl/src/demos/x509/mkcert.c +++ b/src/lib/libssl/src/demos/x509/mkcert.c @@ -136,7 +136,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) } #endif - if (!X509_sign(x,pk,EVP_md5())) + if (!X509_sign(x,pk,EVP_sha1())) goto err; *x509p=x; diff --git a/src/lib/libssl/src/demos/x509/mkreq.c b/src/lib/libssl/src/demos/x509/mkreq.c index 3dfc65f164..d17e4ade94 100644 --- a/src/lib/libssl/src/demos/x509/mkreq.c +++ b/src/lib/libssl/src/demos/x509/mkreq.c @@ -134,7 +134,7 @@ int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days) #endif - if (!X509_REQ_sign(x,pk,EVP_md5())) + if (!X509_REQ_sign(x,pk,EVP_sha1())) goto err; *req=x; diff --git a/src/lib/libssl/src/doc/apps/asn1parse.pod b/src/lib/libssl/src/doc/apps/asn1parse.pod index 542d969066..f7bb926211 100644 --- a/src/lib/libssl/src/doc/apps/asn1parse.pod +++ b/src/lib/libssl/src/doc/apps/asn1parse.pod @@ -72,11 +72,11 @@ option can be used multiple times to "drill down" into a nested structure. =item B<-genstr string>, B<-genconf file> generate encoded data based on B, B or both using -ASN1_generate_nconf() format. If B only is present then the string -is obtained from the default section using the name B. The encoded -data is passed through the ASN1 parser and printed out as though it came -from a file, the contents can thus be examined and written to a file -using the B option. +L format. If B only is +present then the string is obtained from the default section using the name +B. The encoded data is passed through the ASN1 parser and printed out as +though it came from a file, the contents can thus be examined and written to a +file using the B option. =back @@ -168,4 +168,8 @@ Example config file: There should be options to change the format of output lines. The output of some ASN.1 types is not well handled (if at all). +=head1 SEE ALSO + +L + =cut diff --git a/src/lib/libssl/src/doc/apps/ca.pod b/src/lib/libssl/src/doc/apps/ca.pod index 5618c2dc9d..9ff0cc3612 100644 --- a/src/lib/libssl/src/doc/apps/ca.pod +++ b/src/lib/libssl/src/doc/apps/ca.pod @@ -205,7 +205,9 @@ the section of the configuration file containing certificate extensions to be added when a certificate is issued (defaults to B unless the B<-extfile> option is used). If no extension section is present then, a V1 certificate is created. If the extension section -is present (even if it is empty), then a V3 certificate is created. +is present (even if it is empty), then a V3 certificate is created. See the:w +L manual page for details of the +extension section format. =item B<-extfile file> @@ -215,7 +217,7 @@ used). =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -299,7 +301,9 @@ include. If no CRL extension section is present then a V1 CRL is created, if the CRL extension section is present (even if it is empty) then a V2 CRL is created. The CRL extensions specified are CRL extensions and B CRL entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. +that some software (for example Netscape) can't handle V2 CRLs. See +L manual page for details of the +extension section format. =back @@ -666,6 +670,6 @@ then even if a certificate is issued with CA:TRUE it will not be valid. =head1 SEE ALSO L, L, L, L, -L +L, L =cut diff --git a/src/lib/libssl/src/doc/apps/ciphers.pod b/src/lib/libssl/src/doc/apps/ciphers.pod index 694e433ef3..f44aa00a2f 100644 --- a/src/lib/libssl/src/doc/apps/ciphers.pod +++ b/src/lib/libssl/src/doc/apps/ciphers.pod @@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool. B B [B<-v>] +[B<-V>] [B<-ssl2>] [B<-ssl3>] [B<-tls1>] @@ -15,7 +16,7 @@ B B =head1 DESCRIPTION -The B command converts OpenSSL cipher lists into ordered +The B command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. @@ -25,7 +26,7 @@ the appropriate cipherlist. =item B<-v> -verbose option. List ciphers with a complete description of +Verbose option. List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. @@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice in a cipher list; this is when similar ciphers are available for SSL v2 and for SSL v3/TLS v1. +=item B<-V> + +Like B<-V>, but include cipher suite codes in output (hex format). + =item B<-ssl3> only include SSL v3 ciphers. @@ -104,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B -the default cipher list. This is determined at compile time and is normally -B. This must be the first cipher string +the default cipher list. This is determined at compile time and, as of OpenSSL +1.0.0, is normally B. This must be the first cipher string specified. =item B @@ -116,7 +121,8 @@ not included by B (use B if necessary). =item B -all ciphers suites except the B ciphers which must be explicitly enabled. +all cipher suites except the B ciphers which must be explicitly enabled; +as of OpenSSL, the B cipher suites are reasonably ordered by default =item B @@ -245,6 +251,33 @@ cipher suites using MD5. cipher suites using SHA1. +=item B + +cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction +(needs an engine supporting GOST algorithms). + +=item B + +cipher suites using GOST R 34.10-2001 authentication. + +=item B + +cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94 +standard has been expired so use GOST R 34.10-2001) + +=item B + +cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. + +=item B + +cipher suites, using HMAC based on GOST R 34.11-94. + +=item B + +cipher suites using GOST 28147-89 MAC B HMAC. + + =back =head1 CIPHER SUITE NAMES @@ -370,6 +403,16 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA +=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0 + +Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the B engine, included in the OpenSSL distribution. + + TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + =head2 Additional Export 1024 and other cipher suites Note: these ciphers can also be used in SSL v3. @@ -428,7 +471,8 @@ L, L, L =head1 HISTORY -The B and B selection options were -added in version 0.9.7. +The B and B selection options +for cipherlist strings were added in OpenSSL 0.9.7. +The B<-V> option for the B command was added in OpenSSL 1.0.0. =cut diff --git a/src/lib/libssl/src/doc/apps/dgst.pod b/src/lib/libssl/src/doc/apps/dgst.pod index 908cd2a6d6..b035edf08e 100644 --- a/src/lib/libssl/src/doc/apps/dgst.pod +++ b/src/lib/libssl/src/doc/apps/dgst.pod @@ -14,6 +14,7 @@ B B [B<-binary>] [B<-out filename>] [B<-sign filename>] +[B<-keyform arg>] [B<-passin arg>] [B<-verify filename>] [B<-prverify filename>] @@ -61,6 +62,23 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in "filename". +=item B<-keyform arg> + +Specifies the key format to sign digest with. Only PEM and ENGINE +formats are supported by the B command. + +=item B<-engine id> + +Use engine B for operations (including private key storage). +This engine is not used as source for digest algorithms, unless it is +also specified in the configuration file. + +=item B<-sigopt nm:v> + +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. + + =item B<-passin arg> the private key password source. For more information about the format of B @@ -83,6 +101,35 @@ the actual signature to verify. create a hashed MAC using "key". +=item B<-mac alg> + +create MAC (keyed Message Authentication Code). The most popular MAC +algorithm is HMAC (hash-based MAC), but there are other MAC algorithms +which are not based on hash, for instance B algorithm, +supported by B engine. MAC keys and other options should be set +via B<-macopt> parameter. + +=item B<-macopt nm:v> + +Passes options to MAC algorithm, specified by B<-mac> key. +Following options are supported by both by B and B: + +=over 8 + +=item B + +Specifies MAC key as alphnumeric string (use if key contain printable +characters only). String length must conform to any restrictions of +the MAC algorithm for example exactly 32 chars for gost-mac. + +=item B + +Specifies MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm +for example exactly 32 chars for gost-mac. + +=back + =item B<-rand file(s)> a file or files containing random data used to seed the random number diff --git a/src/lib/libssl/src/doc/apps/dhparam.pod b/src/lib/libssl/src/doc/apps/dhparam.pod index c31db95a47..9edb4ff4e1 100644 --- a/src/lib/libssl/src/doc/apps/dhparam.pod +++ b/src/lib/libssl/src/doc/apps/dhparam.pod @@ -99,7 +99,7 @@ be loaded by calling the BIB<()> function. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/dsa.pod b/src/lib/libssl/src/doc/apps/dsa.pod index ed06b8806d..ddbc9327fa 100644 --- a/src/lib/libssl/src/doc/apps/dsa.pod +++ b/src/lib/libssl/src/doc/apps/dsa.pod @@ -109,7 +109,7 @@ a public key. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/dsaparam.pod b/src/lib/libssl/src/doc/apps/dsaparam.pod index b9b1b93b42..ba5ec4d72c 100644 --- a/src/lib/libssl/src/doc/apps/dsaparam.pod +++ b/src/lib/libssl/src/doc/apps/dsaparam.pod @@ -85,7 +85,7 @@ the input file (if any) is ignored. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod index 4391c93360..3dee4ed992 100644 --- a/src/lib/libssl/src/doc/apps/enc.pod +++ b/src/lib/libssl/src/doc/apps/enc.pod @@ -12,17 +12,24 @@ B [B<-pass arg>] [B<-e>] [B<-d>] -[B<-a>] +[B<-a/-base64>] [B<-A>] [B<-k password>] [B<-kfile filename>] [B<-K key>] [B<-iv IV>] +[B<-S salt>] +[B<-salt>] +[B<-nosalt>] +[B<-z>] +[B<-md>] [B<-p>] [B<-P>] [B<-bufsize number>] [B<-nopad>] [B<-debug>] +[B<-none>] +[B<-engine id>] =head1 DESCRIPTION @@ -50,15 +57,13 @@ see the B section in L. =item B<-salt> -use a salt in the key derivation routines. This option should B -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. +use a salt in the key derivation routines. This is the default. =item B<-nosalt> -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. +don't use a salt in the key derivation routines. This option B be +used except for test purposes or compatibility with ancient versions of OpenSSL +and SSLeay. =item B<-e> @@ -74,6 +79,10 @@ base64 process the data. This means that if encryption is taking place the data is base64 encoded after encryption. If decryption is set then the input data is base64 decoded before being decrypted. +=item B<-base64> + +same as B<-a> + =item B<-A> if the B<-a> option is set then base64 process the data on one line. @@ -89,10 +98,18 @@ read the password to derive the key from the first line of B. This is for compatibility with previous versions of OpenSSL. Superseded by the B<-pass> argument. +=item B<-nosalt> + +do not use a salt + +=item B<-salt> + +use salt (randomly generated or provide with B<-S> option) when +encrypting (this is the default). + =item B<-S salt> -the actual salt to use: this must be represented as a string comprised only -of hex digits. +the actual salt to use: this must be represented as a string of hex digits. =item B<-K key> @@ -131,12 +148,34 @@ disable standard block padding debug the BIOs used for I/O. +=item B<-z> + +Compress or decompress clear text using zlib before encryption or after +decryption. This option exists only if OpenSSL with compiled with zlib +or zlib-dynamic option. + +=item B<-none> + +Use NULL cipher (no encryption or decryption of input). + =back =head1 NOTES The program can be called either as B or -B. +B. But the first form doesn't work with +engine-provided ciphers, because this form is processed before the +configuration file is read and any ENGINEs loaded. + +Engines which provide entirely new encryption algorithms (such as ccgost +engine which provides gost89 algorithm) should be configured in the +configuration file. Engines, specified in the command line using -engine +options can only be used for hadrware-assisted implementations of +ciphers, which are supported by OpenSSL core or other engine, specified +in the configuration file. + +When enc command lists supported ciphers, ciphers provided by engines, +specified in the configuration files are listed too. A password will be prompted for to derive the key and IV if necessary. @@ -169,6 +208,14 @@ Blowfish and RC5 algorithms use a 128 bit key. =head1 SUPPORTED CIPHERS +Note that some of these ciphers can be disabled at compile time +and some are available only if an appropriate engine is configured +in the configuration file. The output of the B command run with +unsupported options (for example B) includes a +list of ciphers, supported by your versesion of OpenSSL, including +ones provided by configured engines. + + base64 Base 64 bf-cbc Blowfish in CBC mode @@ -203,6 +250,9 @@ Blowfish and RC5 algorithms use a 128 bit key. desx DESX algorithm. + gost89 GOST 28147-89 in CFB mode (provided by ccgost engine) + gost89-cnt `GOST 28147-89 in CNT mode (provided by ccgost engine) + idea-cbc IDEA algorithm in CBC mode idea same as idea-cbc idea-cfb IDEA in CFB mode diff --git a/src/lib/libssl/src/doc/apps/gendsa.pod b/src/lib/libssl/src/doc/apps/gendsa.pod index 2c56cc7888..8c7f114ca0 100644 --- a/src/lib/libssl/src/doc/apps/gendsa.pod +++ b/src/lib/libssl/src/doc/apps/gendsa.pod @@ -40,7 +40,7 @@ all others. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/genrsa.pod b/src/lib/libssl/src/doc/apps/genrsa.pod index 25af4d1475..7dcac2a779 100644 --- a/src/lib/libssl/src/doc/apps/genrsa.pod +++ b/src/lib/libssl/src/doc/apps/genrsa.pod @@ -57,7 +57,7 @@ all others. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/ocsp.pod b/src/lib/libssl/src/doc/apps/ocsp.pod index b58ddc1788..af2e12e418 100644 --- a/src/lib/libssl/src/doc/apps/ocsp.pod +++ b/src/lib/libssl/src/doc/apps/ocsp.pod @@ -51,6 +51,7 @@ B B [B<-ndays n>] [B<-resp_key_id>] [B<-nrequest n>] +[B<-md5|-sha1|...>] =head1 DESCRIPTION @@ -206,6 +207,11 @@ information is immediately available. In this case the age of the B f is checked to see it is not older than B seconds old. By default this additional check is not performed. +=item B<-md5|-sha1|-sha256|-ripemod160|...> + +this option sets digest algorithm to use for certificate identification +in the OCSP request. By default SHA-1 is used. + =back =head1 OCSP SERVER OPTIONS diff --git a/src/lib/libssl/src/doc/apps/openssl.pod b/src/lib/libssl/src/doc/apps/openssl.pod index 964cdf0f02..738142e9ff 100644 --- a/src/lib/libssl/src/doc/apps/openssl.pod +++ b/src/lib/libssl/src/doc/apps/openssl.pod @@ -12,7 +12,7 @@ I [ I ] [ I ] -B [ B | B | B ] +B [ B | B | B | B | B | B] B BI [ I ] @@ -26,12 +26,14 @@ The B program is a command line tool for using the various cryptography functions of OpenSSL's B library from the shell. It can be used for - o Creation of RSA, DH and DSA key parameters + o Creation and management of private keys, public keys and parameters + o Public key cryptographic operations o Creation of X.509 certificates, CSRs and CRLs o Calculation of Message Digests o Encryption and Decryption with Ciphers o SSL/TLS Client and Server Tests o Handling of S/MIME signed or encrypted mail + o Time Stamp requests, generation and verification =head1 COMMAND SUMMARY @@ -44,6 +46,14 @@ and B output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present B utility. +The pseudo-commands B and +B list all cipher and message digest names, one entry per line. Aliases are listed as: + + from => to + +The pseudo-command B lists all supported public +key algorithms. + The pseudo-command BI tests whether a command of the specified name is available. If no command named I exists, it returns 0 (success) and prints BI; otherwise it returns 1 @@ -71,6 +81,10 @@ Certificate Authority (CA) Management. Cipher Suite Description Determination. +=item L|cms(1)> + +CMS (Cryptographic Message Syntax) utility + =item L|crl(1)> Certificate Revocation List (CRL) Management. @@ -88,25 +102,40 @@ Message Digest Calculation. Diffie-Hellman Parameter Management. Obsoleted by L|dhparam(1)>. +=item L|dhparam(1)> + +Generation and Management of Diffie-Hellman Parameters. Superseded by +L|genpkey(1)> and L|pkeyparam(1)> + + =item L|dsa(1)> DSA Data Management. =item L|dsaparam(1)> -DSA Parameter Generation. +DSA Parameter Generation and Management. Superseded by +L|genpkey(1)> and L|pkeyparam(1)> + +=item L|ec(1)> + +EC (Elliptic curve) key processing + +=item L|ecparam(1)> + +EC parameter manipulation and generation =item L|enc(1)> Encoding with Ciphers. -=item L|errstr(1)> +=item L|engine(1)> -Error Number to Error String Conversion. +Engine (loadble module) information and manipulation. -=item L|dhparam(1)> +=item L|errstr(1)> -Generation and Management of Diffie-Hellman Parameters. +Error Number to Error String Conversion. =item B @@ -115,11 +144,20 @@ Obsoleted by L|dhparam(1)>. =item L|gendsa(1)> -Generation of DSA Parameters. +Generation of DSA Private Key from Parameters. Superseded by +L|genpkey(1)> and L|pkey(1)> + +=item L|genpkey(1)> + +Generation of Private Key or Parameters. =item L|genrsa(1)> -Generation of RSA Parameters. +Generation of RSA Private Key. Superceded by L|genpkey(1)>. + +=item L|nseq(1)> + +Create or examine a netscape certificate sequence =item L|ocsp(1)> @@ -137,21 +175,35 @@ PKCS#12 Data Management. PKCS#7 Data Management. +=item L|pkey(1)> + +Public and private key management. + +=item L|pkeyparam(1)> + +Public key algorithm parameter management. + +=item L|pkeyutl(1)> + +Public key algorithm cryptographic operation utility. + =item L|rand(1)> Generate pseudo-random bytes. =item L|req(1)> -X.509 Certificate Signing Request (CSR) Management. +PKCS#10 X.509 Certificate Signing Request (CSR) Management. =item L|rsa(1)> -RSA Data Management. +RSA key management. + =item L|rsautl(1)> -RSA utility for signing, verification, encryption, and decryption. +RSA utility for signing, verification, encryption, and decryption. Superseded +by L|pkeyutl(1)> =item L|s_client(1)> @@ -185,6 +237,14 @@ S/MIME mail processing. Algorithm Speed Measurement. +=item L|spkac(1)> + +SPKAC printing and generating utility + +=item L|ts(1)> + +Time Stamping Authority tool (client/server) + =item L|verify(1)> X.509 Certificate Verification. @@ -227,6 +287,8 @@ SHA Digest SHA-1 Digest +=back + =item B SHA-224 Digest @@ -243,8 +305,6 @@ SHA-384 Digest SHA-512 Digest -=back - =head2 ENCODING AND CIPHER COMMANDS =over 10 @@ -339,7 +399,7 @@ read the password from standard input. L, L, L, L, L, L, L, L, L, -L, L, +L, L, L, L, L, L, L, L, L, L, @@ -348,12 +408,13 @@ L, L, L, L, L, L, L, L, L, -L, L +L, L, L =head1 HISTORY The openssl(1) document appeared in OpenSSL 0.9.2. The BIB<-commands> pseudo-commands were added in OpenSSL 0.9.3; +The BIB<-algorithms> pseudo-commands were added in OpenSSL 1.0.0; the BI pseudo-commands were added in OpenSSL 0.9.5a. For notes on the availability of other commands, see their individual manual pages. diff --git a/src/lib/libssl/src/doc/apps/pkcs12.pod b/src/lib/libssl/src/doc/apps/pkcs12.pod index 7d84146293..f69a5c5a4c 100644 --- a/src/lib/libssl/src/doc/apps/pkcs12.pod +++ b/src/lib/libssl/src/doc/apps/pkcs12.pod @@ -23,22 +23,23 @@ B B [B<-cacerts>] [B<-nokeys>] [B<-info>] -[B<-des>] -[B<-des3>] -[B<-idea>] -[B<-nodes>] +[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>] [B<-noiter>] -[B<-maciter>] +[B<-maciter | -nomaciter | -nomac>] [B<-twopass>] [B<-descert>] -[B<-certpbe>] -[B<-keypbe>] +[B<-certpbe cipher>] +[B<-keypbe cipher>] +[B<-macalg digest>] [B<-keyex>] [B<-keysig>] [B<-password arg>] [B<-passin arg>] [B<-passout arg>] [B<-rand file(s)>] +[B<-CAfile file>] +[B<-CApath dir>] +[B<-CSP name>] =head1 DESCRIPTION @@ -49,7 +50,7 @@ programs including Netscape, MSIE and MS Outlook. =head1 COMMAND OPTIONS There are a lot of options the meaning of some depends of whether a PKCS#12 file -is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the B<-export> option (see below). =head1 PARSING OPTIONS @@ -63,25 +64,25 @@ by default. =item B<-out filename> -The filename to write certificates and private keys to, standard output by default. -They are all written in PEM format. +The filename to write certificates and private keys to, standard output by +default. They are all written in PEM format. =item B<-pass arg>, B<-passin arg> -the PKCS#12 file (i.e. input file) password source. For more information about the -format of B see the B section in +the PKCS#12 file (i.e. input file) password source. For more information about +the format of B see the B section in L. =item B<-passout arg> -pass phrase source to encrypt any outputed private keys with. For more information -about the format of B see the B section in -L. +pass phrase source to encrypt any outputed private keys with. For more +information about the format of B see the B section +in L. =item B<-noout> -this option inhibits output of the keys and certificates to the output file version -of the PKCS#12 file. +this option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. =item B<-clcerts> @@ -116,6 +117,14 @@ use triple DES to encrypt private keys before outputting, this is the default. use IDEA to encrypt private keys before outputting. +=item B<-aes128>, B<-aes192>, B<-aes256> + +use AES to encrypt private keys before outputting. + +=item B<-camellia128>, B<-camellia192>, B<-camellia256> + +use Camellia to encrypt private keys before outputting. + =item B<-nodes> don't encrypt the private keys at all. @@ -148,10 +157,10 @@ by default. =item B<-in filename> -The filename to read certificates and private keys from, standard input by default. -They must all be in PEM format. The order doesn't matter but one private key and -its corresponding certificate should be present. If additional certificates are -present they will also be included in the PKCS#12 file. +The filename to read certificates and private keys from, standard input by +default. They must all be in PEM format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. =item B<-inkey filename> @@ -160,8 +169,8 @@ in the input file. =item B<-name friendlyname> -This specifies the "friendly name" for the certificate and private key. This name -is typically displayed in list boxes by software importing the file. +This specifies the "friendly name" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. =item B<-certfile filename> @@ -201,9 +210,11 @@ key is encrypted using triple DES and the certificate using 40 bit RC2. =item B<-keypbe alg>, B<-certpbe alg> these options allow the algorithm used to encrypt the private key and -certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms -can be selected it is advisable only to use PKCS#12 algorithms. See the list -in the B section for more information. +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name +can be used (see B section for more information). If a a cipher name +(as output by the B command is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. =item B<-keyex|-keysig> @@ -216,6 +227,10 @@ S/MIME signing, authenticode (ActiveX control signing) and SSL client authentication, however due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication. +=item B<-macalg digest> + +specify the MAC digest algorithm. If not included them SHA1 will be used. + =item B<-nomaciter>, B<-noiter> these options affect the iteration counts on the MAC and key algorithms. @@ -239,6 +254,10 @@ option. This option is included for compatibility with previous versions, it used to be needed to use MAC iterations counts but they are now used by default. +=item B<-nomac> + +don't attempt to provide the MAC integrity. + =item B<-rand file(s)> a file or files containing random data used to seed the random number @@ -247,6 +266,20 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-CAfile file> + +CA storage as a file. + +=item B<-CApath dir> + +CA storage as a directory. This directory must be a standard certificate +directory: that is a hash of each subject name (using B) should be +linked to each certificate. + +=item B<-CSP name> + +write B as a Microsoft CSP name. + =back =head1 NOTES diff --git a/src/lib/libssl/src/doc/apps/pkcs7.pod b/src/lib/libssl/src/doc/apps/pkcs7.pod index a0a636328b..acfb8100f0 100644 --- a/src/lib/libssl/src/doc/apps/pkcs7.pod +++ b/src/lib/libssl/src/doc/apps/pkcs7.pod @@ -62,7 +62,7 @@ is B<-print_certs> is set). =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/pkcs8.pod b/src/lib/libssl/src/doc/apps/pkcs8.pod index 68ecd65b10..84abee78f3 100644 --- a/src/lib/libssl/src/doc/apps/pkcs8.pod +++ b/src/lib/libssl/src/doc/apps/pkcs8.pod @@ -125,7 +125,7 @@ list of possible algorithms is included below. =item B<-engine id> -specifying an engine (by it's unique B string) will cause B +specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod index 82b565c9d4..ff48bbdf28 100644 --- a/src/lib/libssl/src/doc/apps/req.pod +++ b/src/lib/libssl/src/doc/apps/req.pod @@ -22,12 +22,13 @@ B B [B<-new>] [B<-rand file(s)>] [B<-newkey rsa:bits>] -[B<-newkey dsa:file>] +[B<-newkey alg:file>] [B<-nodes>] [B<-key filename>] [B<-keyform PEM|DER>] [B<-keyout filename>] -[B<-[md5|sha1|md2|mdc2]>] +[B<-keygen_engine id>] +[B<-[digest]>] [B<-config filename>] [B<-subj arg>] [B<-multivalue-rdn>] @@ -35,11 +36,15 @@ B B [B<-days n>] [B<-set_serial n>] [B<-asn1-kludge>] +[B<-no-asn1-kludge>] [B<-newhdr>] [B<-extensions section>] [B<-reqexts section>] [B<-utf8>] [B<-nameopt>] +[B<-reqopt>] +[B<-subject>] +[B<-subj arg>] [B<-batch>] [B<-verbose>] [B<-engine id>] @@ -91,6 +96,11 @@ see the B section in L. prints out the certificate request in text form. +=item B<-subject> + +prints out the request subject (or certificate subject if B<-x509> is +specified) + =item B<-pubkey> outputs the public key. @@ -118,6 +128,13 @@ in the configuration file and any requested extensions. If the B<-key> option is not used it will generate a new RSA private key using information specified in the configuration file. +=item B<-subj arg> + +Replaces subject field of input request with specified data and outputs +modified request. The arg must be formatted as +I, +characters may be escaped by \ (backslash), no spaces are skipped. + =item B<-rand file(s)> a file or files containing random data used to seed the random number @@ -129,10 +146,35 @@ all others. =item B<-newkey arg> this option creates a new certificate request and a new private -key. The argument takes one of two forms. B, where +key. The argument takes one of several forms. B, where B is the number of bits, generates an RSA key B -in size. B generates a DSA key using the parameters -in the file B. +in size. If B is omitted, i.e. B<-newkey rsa> specified, +the default key size, specified in the configuration file is used. + +All other algorithms support the B<-newkey alg:file> form, where file may be +an algorithm parameter file, created by the B command +or and X.509 certificate for a key with approriate algorithm. + +B generates a key using the parameter file or certificate B, +the algorithm is determined by the parameters. B use algorithm +B and parameter file B: the two algorithms must match or an +error occurs. B just uses algorithm B, and parameters, +if neccessary should be specified via B<-pkeyopt> parameter. + +B generates a DSA key using the parameters +in the file B. B generates EC key (usable both with +ECDSA or ECDH algorithms), B generates GOST R +34.10-2001 key (requires B engine configured in the configuration +file). If just B is specified a parameter set should be +specified by B<-pkeyopt paramset:X> + + +=item B<-pkeyopt opt:value> + +set the public key algorithm option B to B. The precise set of +options supported depends on the public key algorithm used and its +implementation. See B in the B manual page +for more details. =item B<-key filename> @@ -155,11 +197,15 @@ configuration file is used. if this option is specified then if a private key is created it will not be encrypted. -=item B<-[md5|sha1|md2|mdc2]> +=item B<-[digest]> + +this specifies the message digest to sign the request with (such as +B<-md5>, B<-sha1>). This overrides the digest algorithm specified in +the configuration file. -this specifies the message digest to sign the request with. This -overrides the digest algorithm specified in the configuration file. -This option is ignored for DSA requests: they always use SHA1. +Some public key algorithms may override this choice. For instance, DSA +signatures always use SHA1, GOST R 34.10 signatures always use +GOST R 34.11-94 (B<-md_gost94>). =item B<-config filename> @@ -227,6 +273,15 @@ B