diff options
| author | kris <kris@FreeBSD.org> | 2002-01-27 03:13:07 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2002-01-27 03:13:07 +0000 |
| commit | 1f8c2aa1763b5d8a328b2fd4053396e94ea48d35 (patch) | |
| tree | 844bea9e360a2132b36667e0042dd30ac9f931ff /crypto/openssl | |
| parent | 3b19ada1e8e5f87b844d2cc1e72907cfb7774fb6 (diff) | |
| download | FreeBSD-src-1f8c2aa1763b5d8a328b2fd4053396e94ea48d35.zip FreeBSD-src-1f8c2aa1763b5d8a328b2fd4053396e94ea48d35.tar.gz | |
Initial import of OpenSSL 0.9.6c
Diffstat (limited to 'crypto/openssl')
149 files changed, 5487 insertions, 838 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index f88867b..88e7e5f 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,246 @@ OpenSSL CHANGES _______________ + Changes between 0.9.6b and 0.9.6c [21 dec 2001] + + *) Fix BN_rand_range bug pointed out by Dominikus Scherkl + <Dominikus.Scherkl@biodata.com>. (The previous implementation + worked incorrectly for those cases where range = 10..._2 and + 3*range is two bits longer than range.) + [Bodo Moeller] + + *) Only add signing time to PKCS7 structures if it is not already + present. + [Steve Henson] + + *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", + OBJ_ld_ce should be OBJ_id_ce. + Also some ip-pda OIDs in crypto/objects/objects.txt were + incorrect (cf. RFC 3039). + [Matt Cooper, Frederic Giudicelli, Bodo Moeller] + + *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() + returns early because it has nothing to do. + [Andy Schneider <andy.schneider@bjss.co.uk>] + + *) [In 0.9.6c-engine release:] + Fix mutex callback return values in crypto/engine/hw_ncipher.c. + [Andy Schneider <andy.schneider@bjss.co.uk>] + + *) [In 0.9.6c-engine release:] + Add support for Cryptographic Appliance's keyserver technology. + (Use engine 'keyclient') + [Cryptographic Appliances and Geoff Thorpe] + + *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' + is called via tools/c89.sh because arguments have to be + rearranged (all '-L' options must appear before the first object + modules). + [Richard Shapiro <rshapiro@abinitio.com>] + + *) [In 0.9.6c-engine release:] + Add support for Broadcom crypto accelerator cards, backported + from 0.9.7. + [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for SureWare crypto accelerator cards from + Baltimore Technologies. (Use engine 'sureware') + [Baltimore Technologies and Mark Cox] + + *) [In 0.9.6c-engine release:] + Add support for crypto accelerator cards from Accelerated + Encryption Processing, www.aep.ie. (Use engine 'aep') + [AEP Inc. and Mark Cox] + + *) Add a configuration entry for gcc on UnixWare. + [Gary Benson <gbenson@redhat.com>] + + *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake + messages are stored in a single piece (fixed-length part and + variable-length part combined) and fix various bugs found on the way. + [Bodo Moeller] + + *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() + instead. BIO_gethostbyname() does not know what timeouts are + appropriate, so entries would stay in cache even when they have + become invalid. + [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com> + + *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when + faced with a pathologically small ClientHello fragment that does + not contain client_version: Instead of aborting with an error, + simply choose the highest available protocol version (i.e., + TLS 1.0 unless it is disabled). In practice, ClientHello + messages are never sent like this, but this change gives us + strictly correct behaviour at least for TLS. + [Bodo Moeller] + + *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() + never resets s->method to s->ctx->method when called from within + one of the SSL handshake functions. + [Bodo Moeller; problem pointed out by Niko Baric] + + *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert + (sent using the client's version number) if client_version is + smaller than the protocol version in use. Also change + ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if + the client demanded SSL 3.0 but only TLS 1.0 is enabled; then + the client will at least see that alert. + [Bodo Moeller] + + *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation + correctly. + [Bodo Moeller] + + *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a + client receives HelloRequest while in a handshake. + [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>] + + *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C + should end in 'break', not 'goto end' which circuments various + cleanups done in state SSL_ST_OK. But session related stuff + must be disabled for SSL_ST_OK in the case that we just sent a + HelloRequest. + + Also avoid some overhead by not calling ssl_init_wbio_buffer() + before just sending a HelloRequest. + [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>] + + *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't + reveal whether illegal block cipher padding was found or a MAC + verification error occured. (Neither SSLerr() codes nor alerts + are directly visible to potential attackers, but the information + may leak via logfiles.) + + Similar changes are not required for the SSL 2.0 implementation + because the number of padding bytes is sent in clear for SSL 2.0, + and the extra bytes are just ignored. However ssl/s2_pkt.c + failed to verify that the purported number of padding bytes is in + the legal range. + [Bodo Moeller] + + *) Add OpenUNIX-8 support including shared libraries + (Boyd Lynn Gerber <gerberb@zenez.com>). + [Lutz Jaenicke] + + *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid + 'wristwatch attack' using huge encoding parameters (cf. + James H. Manger's CRYPTO 2001 paper). Note that the + RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use + encoding parameters and hence was not vulnerable. + [Bodo Moeller] + + *) BN_sqr() bug fix. + [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>] + + *) Rabin-Miller test analyses assume uniformly distributed witnesses, + so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() + followed by modular reduction. + [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>] + + *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() + equivalent based on BN_pseudo_rand() instead of BN_rand(). + [Bodo Moeller] + + *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). + This function was broken, as the check for a new client hello message + to handle SGC did not allow these large messages. + (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.) + [Lutz Jaenicke] + + *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). + [Lutz Jaenicke] + + *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() + for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). + [Lutz Jaenicke] + + *) Rework the configuration and shared library support for Tru64 Unix. + The configuration part makes use of modern compiler features and + still retains old compiler behavior for those that run older versions + of the OS. The shared library support part includes a variant that + uses the RPATH feature, and is available through the special + configuration target "alpha-cc-rpath", which will never be selected + automatically. + [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte] + + *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() + with the same message size as in ssl3_get_certificate_request(). + Otherwise, if no ServerKeyExchange message occurs, CertificateRequest + messages might inadvertently be reject as too long. + [Petr Lampa <lampa@fee.vutbr.cz>] + + *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). + [Andy Polyakov] + + *) Modified SSL library such that the verify_callback that has been set + specificly for an SSL object with SSL_set_verify() is actually being + used. Before the change, a verify_callback set with this function was + ignored and the verify_callback() set in the SSL_CTX at the time of + the call was used. New function X509_STORE_CTX_set_verify_cb() introduced + to allow the necessary settings. + [Lutz Jaenicke] + + *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c + explicitly to NULL, as at least on Solaris 8 this seems not always to be + done automatically (in contradiction to the requirements of the C + standard). This made problems when used from OpenSSH. + [Lutz Jaenicke] + + *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored + dh->length and always used + + BN_rand_range(priv_key, dh->p). + + BN_rand_range() is not necessary for Diffie-Hellman, and this + specific range makes Diffie-Hellman unnecessarily inefficient if + dh->length (recommended exponent length) is much smaller than the + length of dh->p. We could use BN_rand_range() if the order of + the subgroup was stored in the DH structure, but we only have + dh->length. + + So switch back to + + BN_rand(priv_key, l, ...) + + where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 + otherwise. + [Bodo Moeller] + + *) In + + RSA_eay_public_encrypt + RSA_eay_private_decrypt + RSA_eay_private_encrypt (signing) + RSA_eay_public_decrypt (signature verification) + + (default implementations for RSA_public_encrypt, + RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), + always reject numbers >= n. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 + to synchronize access to 'locking_thread'. This is necessary on + systems where access to 'locking_thread' (an 'unsigned long' + variable) is not atomic. + [Bodo Moeller] + + *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID + *before* setting the 'crypto_lock_rand' flag. The previous code had + a race condition if 0 is a valid thread ID. + [Travis Vitek <vitek@roguewave.com>] + + *) Add support for shared libraries under Irix. + [Albert Chin-A-Young <china@thewrittenword.com>] + + *) Add configuration option to build on Linux on both big-endian and + little-endian MIPS. + [Ralf Baechle <ralf@uni-koblenz.de>] + + *) Add the possibility to create shared libraries on HP-UX. + [Richard Levitte] + Changes between 0.9.6a and 0.9.6b [9 Jul 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) @@ -56,7 +296,7 @@ [Ulf Möller, Bodo Möller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 - RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5 + RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client hello' messages. (Note that the attack is impractical against SSL 3.0 and TLS 1.0 anyway because length and version checking @@ -106,7 +346,7 @@ combination of a flag and a thread ID variable. Otherwise while one thread is in ssleay_rand_bytes (which sets the flag), *other* threads can enter ssleay_add_bytes without obeying - the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock + the CRYPTO_LOCK_RAND lock (and may even illegally release the lock that they do not hold after the first thread unsets add_do_not_lock). [Bodo Moeller] @@ -748,7 +988,7 @@ default is static libraries only, and the OpenSSL programs are always statically linked for now, but there are preparations for dynamic linking in place. - This has been tested on Linux and True64. + This has been tested on Linux and Tru64. [Richard Levitte] *) Randomness polling function for Win9x, as described in: diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index 607408c..e521280 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -116,10 +116,10 @@ my %table=( "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn", +"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn", "dist", "cc:-O::(unknown):::::", # Basic configs that should work on any (32 and less bit) box @@ -132,21 +132,21 @@ my %table=( # surrounds it with #APP #NO_APP comment pair which (at least Solaris # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 # but keep the assembler modules. -"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups # DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests @@ -180,17 +180,17 @@ my %table=( #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::", +"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-[g]cc' manually. # -mips4 flag is added by ./config when appropriate. -"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}", +"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}", +"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Unified HP-UX ANSI C configs. # Special notes: @@ -222,41 +222,44 @@ my %table=( # #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", # Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn", +"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler <ruemmler@cup.hp.com> # Kevin Steves <ks@hp.se> -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn", -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or # egcs. gcc 2.8.1 is also broken. -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, # please report your OS and compiler version to the openssl-bugs@openssl.org # mailing list. -"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux-gcc fails, try this one: -"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# HPUX 9.X on Motorola 68k platforms with gcc +"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::", # HPUX 10.X config. Supports threads. -"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): -"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # If hpux10-gcc fails, try this one: -"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl", +"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 11.X from www.globus.org. # Only works on PA-RISC 2.0 cpus, and not optimized. Why? @@ -267,12 +270,39 @@ my %table=( #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", -# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with -# the new compiler +# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion +# from the older DEC C Compiler to the newer compiler. It's now the +# same as the preferred entry, alpha-cc. If you are still using the +# older compiler (you're at 3.x or earlier, or perhaps very early 4.x) +# you should use `alphaold-cc'. +# +# "What's in a name? That which we call a rose +# By any other word would smell as sweet." +# +# - William Shakespeare, "Romeo & Juliet", Act II, scene II. +# +# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the +# vendor compiler, use alphaold-cc. +# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc. +# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc. +# +# There's also an alternate target available (which `config' will never +# select) called alpha-cc-rpath. This target builds an RPATH into the +# shared libraries, which is very convenient on Tru64 since binaries +# linked against that shared library will automatically inherit that RPATH, +# and hence know where to look for the openssl libraries, even if they're in +# an odd place. +# # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so", -"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", -"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", +# +"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared::.so", +"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::.so", +"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", +"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so", +"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath::.so", +# +# This probably belongs in a different section. +# "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Alpha Linux with GNU C and Compaq C setups @@ -302,15 +332,16 @@ my %table=( "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", +"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", +"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", +"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::", +"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -322,6 +353,9 @@ my %table=( # QNX 4 "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:", +# QNX 6 +"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", + # Linux on ARM "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -338,6 +372,15 @@ my %table=( "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +# OpenUNIX 8 +"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::", +"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic", +"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC", # IBM's AIX. "aix-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::", @@ -391,6 +434,12 @@ my %table=( # SIEMENS BS2000/OSD: an EBCDIC-based mainframe "BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# +"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + # Windows NT, Microsoft Visual C++ 4.0 "VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32", @@ -424,8 +473,9 @@ my %table=( "OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -##### MacOS X (a.k.a. Rhapsody) setup +##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", +"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", ##### Sony NEWS-OS 4.x "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", @@ -861,7 +911,16 @@ while (<IN>) s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/); + if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/ + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; + s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + } print OUT $_."\n"; } close(IN); diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index 23e212f..af13fd4 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -8,6 +8,7 @@ OpenSSL - Frequently Asked Questions * How can I contact the OpenSSL developers? * Where can I get a compiled version of OpenSSL? * Why aren't tools like 'autoconf' and 'libtool' used? +* What is an 'engine' version? [LEGAL] Legal questions @@ -27,13 +28,14 @@ OpenSSL - Frequently Asked Questions * How can I remove the passphrase on a private key? * Why can't I use OpenSSL certificates with SSL client authentication? * Why does my browser give a warning about a mismatched hostname? +* How do I install a CA certificate into a browser? [BUILD] Questions about building and testing OpenSSL * Why does the linker complain about undefined symbols? * Why does the OpenSSL test fail with "bc: command not found"? * Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL compilation fail on Alpha True64 Unix? +* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? * Why does the OpenSSL compilation fail with "ar: command not found"? * Why does the OpenSSL compilation fail on Win32 with VC++? @@ -57,7 +59,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.6b was released on July 9th, 2001. +OpenSSL 0.9.6b was released on December 21st, 2001. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -121,6 +123,12 @@ A number of Linux and *BSD distributions include OpenSSL. autoconf will probably be used in future OpenSSL versions. If it was less Unix-centric, it might have been used much earlier. +* What is an 'engine' version? + +With version 0.9.6 OpenSSL was extended to interface to external crypto +hardware. This was realized in a special release '0.9.6-engine'. With +version 0.9.7 (not yet released) the changes were merged into the main +development line, so that the special release is no longer necessary. [LEGAL] ======================================================================= @@ -146,7 +154,7 @@ holders claim that you infringe on their rights if you use OpenSSL with their software on operating systems that don't normally include OpenSSL. If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitely that +useful to choose an other license than the GPL, or state explicitly that "This program is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed." If you are using GPL software developed by others, you may want to ask the copyright holder @@ -186,7 +194,7 @@ environment variable HOME is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file .rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:" for HOME on +similarly to 0.9.6a, but will use a default of "C:\" for HOME on Windows systems if the environment variable has not been set. If the default seeding file does not exist or is too short, the "PRNG @@ -297,7 +305,7 @@ there is little point presenting a certificate which the server will reject. The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server sofware in uses. You can +CA list". How you do this depends on the server software in uses. You can print out the servers list of acceptable CAs using the OpenSSL s_client tool: openssl s_client -connect www.some.host:443 -prexit @@ -316,6 +324,26 @@ Browsers expect the server's hostname to match the value in the commonName (CN) field of the certificate. If it does not then you get a warning. +* How do I install a CA certificate into a browser? + +The usual way is to send the DER encoded certificate to the browser as +MIME type application/x-x509-ca-cert, for example by clicking on an appropriate +link. On MSIE certain extensions such as .der or .cacert may also work, or you +can import the certificate using the certificate import wizard. + +You can convert a certificate to DER form using the command: + +openssl x509 -in ca.pem -outform DER -out ca.der + +Occasionally someone suggests using a command such as: + +openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem + +DO NOT DO THIS! This command will give away your CAs private key and +reduces its security to zero: allowing anyone to forge certificates in +whatever name they choose. + + [BUILD] ======================================================================= * Why does the linker complain about undefined symbols? @@ -359,9 +387,9 @@ and compile/install it. GNU bc (see http://www.gnu.org/software/software.html for download instructions) can be safely used, for example. -* Why does the OpenSSL compilation fail on Alpha True64 Unix? +* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -On some Alpha installations running True64 Unix and Compaq C, the compilation +On some Alpha installations running Tru64 Unix and Compaq C, the compilation of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual memory to continue compilation.' As far as the tests have shown, this may be a compiler bug. What happens is that it eats up a lot of resident memory @@ -439,10 +467,43 @@ OpenSSL. This is described in the threads(3) manpage. * I've compiled a program under Windows and it crashes: why? -This is usually because you've missed the comment in INSTALL.W32. You -must link with the multithreaded DLL version of the VC++ runtime library -otherwise the conflict will cause a program to crash: typically on the -first BIO related read or write operation. +This is usually because you've missed the comment in INSTALL.W32. +Your application must link against the same version of the Win32 +C-Runtime against which your openssl libraries were linked. The +default version for OpenSSL is /MD - "Multithreaded DLL". + +If you are using Microsoft Visual C++'s IDE (Visual Studio), in +many cases, your new project most likely defaulted to "Debug +Singlethreaded" - /ML. This is NOT interchangeable with /MD and your +program will crash, typically on the first BIO related read or write +operation. + +For each of the six possible link stage configurations within Win32, +your application must link against the same by which OpenSSL was +built. If you are using MS Visual C++ (Studio) this can be changed +by: + +1. Select Settings... from the Project Menu. +2. Select the C/C++ Tab. +3. Select "Code Generation from the "Category" drop down list box +4. Select the Appropriate library (see table below) from the "Use + run-time library" drop down list box. Perform this step for both + your debug and release versions of your application (look at the + top left of the settings panel to change between the two) + + Single Threaded /ML - MS VC++ often defaults to + this for the release + version of a new project. + Debug Single Threaded /MLd - MS VC++ often defaults to + this for the debug version + of a new project. + Multithreaded /MT + Debug Multithreaded /MTd + Multithreaded DLL /MD - OpenSSL defaults to this. + Debug Multithreaded DLL /MDd + +Note that debug and release libraries are NOT interchangeable. If you +built OpenSSL with /MD your application must use /MD and cannot use /MDd. * How do I read or write a DER encoded buffer using the ASN1 functions? @@ -523,44 +584,16 @@ OpenSSL_add_all_algorithms(). See the manual page for more information. * Why can't the OpenSSH configure script detect OpenSSL? -There is a problem with OpenSSH 1.2.2p1, in that the configure script -can't find the installed OpenSSL libraries. The problem is actually -a small glitch that is easily solved with the following patch to be -applied to the OpenSSH distribution: - ------ snip:start ----- ---- openssh-1.2.2p1/configure.in.orig Thu Mar 23 18:56:58 2000 -+++ openssh-1.2.2p1/configure.in Thu Mar 23 18:55:05 2000 -@@ -152,10 +152,10 @@ - AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) - for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do - if test ! -z "$ssldir" ; then -- LIBS="$saved_LIBS -L$ssldir" -+ LIBS="$saved_LIBS -L$ssldir/lib" - CFLAGS="$CFLAGS -I$ssldir/include" - if test "x$need_dash_r" = "x1" ; then -- LIBS="$LIBS -R$ssldir" -+ LIBS="$LIBS -R$ssldir/lib" - fi - fi - LIBS="$LIBS -lcrypto" ---- openssh-1.2.2p1/configure.orig Thu Mar 23 18:55:02 2000 -+++ openssh-1.2.2p1/configure Thu Mar 23 18:57:08 2000 -@@ -1890,10 +1890,10 @@ - echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5 - for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do - if test ! -z "$ssldir" ; then -- LIBS="$saved_LIBS -L$ssldir" -+ LIBS="$saved_LIBS -L$ssldir/lib" - CFLAGS="$CFLAGS -I$ssldir/include" - if test "x$need_dash_r" = "x1" ; then -- LIBS="$LIBS -R$ssldir" -+ LIBS="$LIBS -R$ssldir/lib" - fi - fi - LIBS="$LIBS -lcrypto" ------ snip:end ----- +Several reasons for problems with the automatic detection exist. +OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. +Sometimes the distribution has installed an older version in the system +locations that is detected instead of a new one installed. The OpenSSL +library might have been compiled for another CPU or another mode (32/64 bits). +Permissions might be wrong. +The general answer is to check the config.log file generated when running +the OpenSSH configure script. It should contain the detailed information +on why the OpenSSL library was not detected or considered incompatible. * Can I use OpenSSL's SSL library with non-blocking I/O? @@ -579,7 +612,7 @@ SSL_write() will try to continue any pending handshake. * Why doesn't my server application receive a client certificate? Due to the TLS protocol definition, a client will only send a certificate, -if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the +if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the SSL_CTX_set_verify() function to enable the use of client certificates. diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index 26de86d..f958417 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -256,28 +256,169 @@ do_linux-shared: do_gnu-shared do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ done +DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ + collect2=`gcc -print-prog-name=collect2 2>&1` && \ + [ -n "$$collect2" ] && \ + my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ + [ -n "$$my_ld" ] && \ + $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 + +# This assumes that GNU utilities are *not* used +do_alpha-osf1-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -o lib$$i.so \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + # This assumes that GNU utilities are *not* used +# The difference between alpha-osf1-shared and tru64-shared is the `-msym' +# option passed to the linker. do_tru64-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x; ${CC} -shared -no_archive -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ - done + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -msym -o lib$$i.so \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +# The difference between tru64-shared and tru64-shared-rpath is the +# -rpath ${INSTALLTOP}/lib passed to the linker. +do_tru64-shared-rpath: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -msym -o lib$$i.so \ + -rpath ${INSTALLTOP}/lib \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + # This assumes that GNU utilities are *not* used do_solaris-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ + set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# UnixWare 7 and OpenUNIX 8 native compilers used +do_svr5-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ + find . -name "*.o" -print > allobjs ; \ + OBJS= ; export OBJS ; \ + for obj in `ar t lib$$i.a` ; do \ + OBJS="$${OBJS} `grep $$obj allobjs`" ; \ + done ; \ + set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +do_irix-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +do_hpux-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld +vnocompatwarnings \ + -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + +# This assumes that GNU utilities are *not* used +do_hpux64-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + +# The following method is said to work on all platforms. Tests will +# determine if that's how it's gong to be used. +# This assumes that for all but GNU systems, GNU utilities are *not* used. +# ALLSYMSFLAGS would be: +# GNU systems: --whole-archive +# Tru64 Unix: -all +# Solaris: -z allextract +# Irix: -all +# HP/UX-32bit: -Fl +# HP/UX-64bit: +forceload +# AIX: -bnogc +# SHAREDFLAGS would be: +# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# Tru64 Unix: -shared \ +# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" +# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# HP/UX-32bit: +vnocompatwarnings -b -z +s \ +# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} +# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} +# AIX: -G -bE:lib$$i.exp -bM:SRE +# SHAREDCMD would be: +# GNU systems: $(CC) +# Tru64 Unix: $(CC) +# Solaris: $(CC) +# Irix: $(CC) +# HP/UX-32bit: /usr/ccs/bin/ld +# HP/UX-64bit: /usr/ccs/bin/ld +# AIX: $(CC) +ALLSYMSFLAG=-bnogc +SHAREDFLAGS=-G -bE:lib$$i.exp -bM:SRE +SHAREDCMD=$(CC) +do_aix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + ( set -x; \ + ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \ + ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ + $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \ + $$libs ${EX_LIBS} ) ) \ + || exit 1; \ libs="$$libs -l$$i"; \ done @@ -350,7 +491,7 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests ); + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests ); @apps/openssl version -a report: @@ -384,25 +525,25 @@ tags: done; errors: - perl util/mkerr.pl -recurse -write + $(PERL) util/mkerr.pl -recurse -write stacks: - perl util/mkstack.pl -write + $(PERL) util/mkstack.pl -write util/libeay.num:: - perl util/mkdef.pl crypto update + $(PERL) util/mkdef.pl crypto update util/ssleay.num:: - perl util/mkdef.pl ssl update + $(PERL) util/mkdef.pl ssl update crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl - perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h + $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt - perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h + $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ - perl Configure TABLE) > TABLE + $(PERL) Configure TABLE) > TABLE update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE @@ -459,8 +600,8 @@ install: all install_docs do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi \ done; \ ( here="`pwd`"; \ diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl index d187481..5a37b6e 100644 --- a/crypto/openssl/Makefile.ssl +++ b/crypto/openssl/Makefile.ssl @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.6b +VERSION=0.9.6c MAJOR=0 MINOR=9.6 SHLIB_VERSION_NUMBER=0.9.6 @@ -258,28 +258,169 @@ do_linux-shared: do_gnu-shared do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ done +DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \ + collect2=`gcc -print-prog-name=collect2 2>&1` && \ + [ -n "$$collect2" ] && \ + my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \ + [ -n "$$my_ld" ] && \ + $$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1 + +# This assumes that GNU utilities are *not* used +do_alpha-osf1-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -o lib$$i.so \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + # This assumes that GNU utilities are *not* used +# The difference between alpha-osf1-shared and tru64-shared is the `-msym' +# option passed to the linker. do_tru64-shared: - libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x; ${CC} -shared -no_archive -o lib$$i.so \ - -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ - -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ - done + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -msym -o lib$$i.so \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +# The difference between tru64-shared and tru64-shared-rpath is the +# -rpath ${INSTALLTOP}/lib passed to the linker. +do_tru64-shared-rpath: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -msym -o lib$$i.so \ + -rpath ${INSTALLTOP}/lib \ + -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ + -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + # This assumes that GNU utilities are *not* used do_solaris-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ + set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# UnixWare 7 and OpenUNIX 8 native compilers used +do_svr5-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ + find . -name "*.o" -print > allobjs ; \ + OBJS= ; export OBJS ; \ + for obj in `ar t lib$$i.a` ; do \ + OBJS="$${OBJS} `grep $$obj allobjs`" ; \ + done ; \ + set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +do_irix-shared: + if ${DETECT_GNU_LD}; then \ + $(MAKE) do_gnu-shared; \ + else \ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ + libs="$$libs -l$$i"; \ + done; \ + fi + +# This assumes that GNU utilities are *not* used +do_hpux-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld +vnocompatwarnings \ + -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + -Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + +# This assumes that GNU utilities are *not* used +do_hpux64-shared: + libs='${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; /usr/ccs/bin/ld -b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ + +forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + libs="$$libs -L. -l$$i"; \ + done + +# The following method is said to work on all platforms. Tests will +# determine if that's how it's gong to be used. +# This assumes that for all but GNU systems, GNU utilities are *not* used. +# ALLSYMSFLAGS would be: +# GNU systems: --whole-archive +# Tru64 Unix: -all +# Solaris: -z allextract +# Irix: -all +# HP/UX-32bit: -Fl +# HP/UX-64bit: +forceload +# AIX: -bnogc +# SHAREDFLAGS would be: +# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# Tru64 Unix: -shared \ +# -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" +# Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# Irix: -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} +# HP/UX-32bit: +vnocompatwarnings -b -z +s \ +# +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} +# HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} +# AIX: -G -bE:lib$$i.exp -bM:SRE +# SHAREDCMD would be: +# GNU systems: $(CC) +# Tru64 Unix: $(CC) +# Solaris: $(CC) +# Irix: $(CC) +# HP/UX-32bit: /usr/ccs/bin/ld +# HP/UX-64bit: /usr/ccs/bin/ld +# AIX: $(CC) +ALLSYMSFLAG=-bnogc +SHAREDFLAGS=-G -bE:lib$$i.exp -bM:SRE +SHAREDCMD=$(CC) +do_aix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ - set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \ + ( set -x; \ + ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \ + ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ + $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \ + $$libs ${EX_LIBS} ) ) \ + || exit 1; \ libs="$$libs -l$$i"; \ done @@ -352,7 +493,7 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ - $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests ); + $(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' EXE_EXT='${EXE_EXT}' tests ); @apps/openssl version -a report: @@ -386,25 +527,25 @@ tags: done; errors: - perl util/mkerr.pl -recurse -write + $(PERL) util/mkerr.pl -recurse -write stacks: - perl util/mkstack.pl -write + $(PERL) util/mkstack.pl -write util/libeay.num:: - perl util/mkdef.pl crypto update + $(PERL) util/mkdef.pl crypto update util/ssleay.num:: - perl util/mkdef.pl ssl update + $(PERL) util/mkdef.pl ssl update crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl - perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h + $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt - perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h + $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ - perl Configure TABLE) > TABLE + $(PERL) Configure TABLE) > TABLE update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE @@ -461,8 +602,8 @@ install: all install_docs do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp -f $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ fi \ done; \ ( here="`pwd`"; \ diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index f45d8e5..87728bb 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c: + + o Various SSL/TLS library bugfixes. + o BIGNUM library fixes. + o RSA OAEP and random number generation fixes. + o Object identifiers corrected and added. + o Add assembler BN routines for IA64. + o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8, + MIPS Linux; shared library support for Irix, HP-UX. + o Add crypto accelerator support for AEP, Baltimore SureWare, + Broadcom and Cryptographic Appliance's keyserver + [in 0.9.6c-engine release]. + Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b: o Security fix: PRNG improvements. diff --git a/crypto/openssl/README b/crypto/openssl/README index a31932b..cffb087 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.6b 9 Jul 2001 + OpenSSL 0.9.6c 21 dec 2001 Copyright (c) 1998-2001 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -62,7 +62,7 @@ X.509v3 certificates X509 encoding/decoding into/from binary ASN1 and a PEM - based ascii-binary encoding which supports encryption with a + based ASCII-binary encoding which supports encryption with a private key. Program to generate RSA and DSA certificate requests and to generate RSA and DSA certificates. @@ -97,7 +97,7 @@ locations around the world. _YOU_ are responsible for ensuring that your use of any algorithms is legal by checking if there are any patents in your country. The file contains some of the patents that we know about or are - rumoured to exist. This is not a definitive list. + rumored to exist. This is not a definitive list. RSA Security holds software patents on the RC5 algorithm. If you intend to use this cipher, you must contact RSA Security for @@ -107,8 +107,8 @@ only be used with RSA Security's permission. The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, - Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should - be contacted if that algorithm is to be used, their web page is + Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They + should be contacted if that algorithm is to be used; their web page is http://www.ascom.ch/. INSTALLATION @@ -119,8 +119,8 @@ INSTALL.VMS. Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions, you will probably have to look at the code to work out - how to used them. Look at the example programs. + lists the functions; you will probably have to look at the code to work out + how to use them. Look at the example programs. SUPPORT ------- diff --git a/crypto/openssl/README.ENGINE b/crypto/openssl/README.ENGINE index 3d88ed1..43e39d5 100644 --- a/crypto/openssl/README.ENGINE +++ b/crypto/openssl/README.ENGINE @@ -5,7 +5,7 @@ With OpenSSL 0.9.6, a new component has been added to support external crypto devices, for example accelerator cards. The component is called ENGINE, and has still a pretty experimental status and almost no - documentation. It's designed to be faily easily extensible by the + documentation. It's designed to be fairly easily extensible by the calling programs. There's currently built-in support for the following crypto devices: @@ -48,7 +48,7 @@ No external crypto device is chosen unless you say so. You have actively tell the openssl utility commands to use it through a new command line switch called "-engine". And if you want to use the ENGINE library to - do something similar, you must also explicitely choose an external crypto + do something similar, you must also explicitly choose an external crypto device, or the built-in crypto routines will be used, just as in the default OpenSSL distribution. @@ -56,7 +56,7 @@ PROBLEMS ======== - It seems like the ENGINE part doesn't work too well with Cryptoswift on + It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32. A quick test done right before the release showed that trying "openssl speed -engine cswift" generated errors. If the DSO gets enabled, an attempt is made to write at memory address 0x00000002. diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index b123236..7b61dc6 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -383,8 +383,7 @@ bad: BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); - - BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); + BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); BIO_printf(bio_err," -config file request template file.\n"); BIO_printf(bio_err," -new new request.\n"); BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index aa19e0a..9cfe2b1 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -896,5 +896,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio,"---\n"); if (peer != NULL) X509_free(peer); + /* flush, or debugging output gets mixed with http response */ + BIO_flush(bio); } diff --git a/crypto/openssl/config b/crypto/openssl/config index c69ea6d..354621f 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -68,6 +68,11 @@ if [ "x$XREL" != "x" ]; then 4.2) echo "whatever-whatever-unixware1"; exit 0 ;; + OpenUNIX) + if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then + echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0 + fi + ;; 5) if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then echo "${MACHINE}-sco-unixware7"; exit 0 @@ -195,15 +200,33 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "${MACHINE}-whatever-openbsd"; exit 0 ;; + OpenUNIX:*) + echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0 + ;; + OSF1:*:*:*alpha*) - echo "${MACHINE}-dec-osf"; exit 0 + OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'` + case "$OSFMAJOR" in + 4|5) + echo "${MACHINE}-dec-tru64"; exit 0 + ;; + 1|2|3) + echo "${MACHINE}-dec-osf"; exit 0 + ;; + *) + echo "${MACHINE}-dec-osf"; exit 0 + ;; + esac ;; QNX:*) - case "$VERSION" in + case "$RELEASE" in 4*) echo "${MACHINE}-whatever-qnx4" ;; + 6*) + echo "${MACHINE}-whatever-qnx6" + ;; *) echo "${MACHINE}-whatever-qnx" ;; @@ -219,6 +242,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "ppc-apple-rhapsody"; exit 0 ;; + Darwin:*) + echo "ppc-apple-darwin"; exit 0 + ;; + SunOS:5.*) echo "${MACHINE}-whatever-solaris2"; exit 0 ;; @@ -271,6 +298,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "mips-sony-newsos4"; exit 0; ;; + CYGWIN*) + echo "${MACHINE}-whatever-cygwin32"; exit 0 + ;; + esac # @@ -435,11 +466,27 @@ case "$GUESSOS" in esac fi ;; - mips-*-linux?) OUT="linux-mips" ;; + mips-*-linux?) + cat >dummy.c <<EOF +#include <stdio.h> /* for printf() prototype */ + int main (argc, argv) int argc; char *argv[]; { +#ifdef __MIPSEB__ + printf ("linux-%s\n", argv[1]); +#endif +#ifdef __MIPSEL__ + printf ("linux-%sel\n", argv[1]); +#endif + return 0; +} +EOF + ${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}` + rm dummy dummy.c + ;; ppc-*-linux2) OUT="linux-ppc" ;; m68k-*-linux*) OUT="linux-m68k" ;; ia64-*-linux?) OUT="linux-ia64" ;; ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;; + ppc-apple-darwin) OUT="darwin-ppc-cc" ;; sparc64-*-linux2) #Before we can uncomment following lines we have to wait at least #till 64-bit glibc for SPARC is operational:-( @@ -485,7 +532,15 @@ case "$GUESSOS" in pmax*-*-openbsd) OUT="OpenBSD-mips" ;; *-*-openbsd) OUT="OpenBSD" ;; *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;; - *-*-osf) OUT="alpha-cc" ;; + *-*-osf) OUT="alphaold-cc" ;; + *-*-tru64) OUT="alpha-cc" ;; + *-*-OpenUNIX*) + if [ "$CC" = "gcc" ]; then + OUT="OpenUNIX-8-gcc" + else + OUT="OpenUNIX-8" + fi + ;; *-*-unixware7) OUT="unixware-7" ;; *-*-UnixWare7) OUT="unixware-7" ;; *-*-Unixware7) OUT="unixware-7" ;; @@ -505,6 +560,8 @@ case "$GUESSOS" in # *-aix) OUT="aix-$CC" ;; # *-dgux) OUT="dgux" ;; mips-sony-newsos4) OUT="newsos4-gcc" ;; + *-*-cygwin32) OUT="CygWin32" + options="$options no-threads no-asm" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac @@ -533,7 +590,7 @@ case "$GUESSOS" in i386-*) options="$options 386" ;; esac -for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha +for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha do if [ ! -d crypto/$i ] then diff --git a/crypto/openssl/crypto/asn1/a_strnid.c b/crypto/openssl/crypto/asn1/a_strnid.c index 732e68f..b7db681 100644 --- a/crypto/openssl/crypto/asn1/a_strnid.c +++ b/crypto/openssl/crypto/asn1/a_strnid.c @@ -105,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p) mask = strtoul(p + 5, &end, 0); if(*end) return 0; } else if(!strcmp(p, "nombstr")) - mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING); + mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); else if(!strcmp(p, "pkix")) - mask = ~B_ASN1_T61STRING; + mask = ~((unsigned long)B_ASN1_T61STRING); else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; else if(!strcmp(p, "default")) mask = 0xFFFFFFFFL; diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h index 6f956b1..65dc5ed 100644 --- a/crypto/openssl/crypto/asn1/asn1.h +++ b/crypto/openssl/crypto/asn1/asn1.h @@ -834,8 +834,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a); int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); -void ERR_load_ASN1_strings(void); - /* Not used that much at this point, except for the first two */ ASN1_METHOD *X509_asn1_meth(void); ASN1_METHOD *RSAPrivateKey_asn1_meth(void); @@ -877,6 +875,7 @@ void ASN1_STRING_TABLE_cleanup(void); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_ASN1_strings(void); /* Error codes for the ASN1 functions. */ @@ -1148,4 +1147,3 @@ void ASN1_STRING_TABLE_cleanup(void); } #endif #endif - diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c index 91a0494..f0a50c2 100644 --- a/crypto/openssl/crypto/bio/b_print.c +++ b/crypto/openssl/crypto/bio/b_print.c @@ -569,7 +569,7 @@ pow10(int exp) } static long -round(LDOUBLE value) +roundv(LDOUBLE value) { long intpart; intpart = (long) value; @@ -621,7 +621,7 @@ fmtfp( /* we "cheat" by converting the fractional part to integer by multiplying by a factor of 10 */ - fracpart = round((pow10(max)) * (ufvalue - intpart)); + fracpart = roundv((pow10(max)) * (ufvalue - intpart)); if (fracpart >= pow10(max)) { intpart++; diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c index 62cc3f1..7dfcbab 100644 --- a/crypto/openssl/crypto/bio/b_sock.c +++ b/crypto/openssl/crypto/bio/b_sock.c @@ -95,8 +95,10 @@ static struct ghbn_cache_st } ghbn_cache[GHBN_NUM]; static int get_ip(const char *str,unsigned char *ip); +#if 0 static void ghbn_free(struct hostent *a); static struct hostent *ghbn_dup(struct hostent *a); +#endif int BIO_get_host_ip(const char *str, unsigned char *ip) { int i; @@ -266,6 +268,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) return(1); } +#if 0 static struct hostent *ghbn_dup(struct hostent *a) { struct hostent *ret; @@ -342,21 +345,27 @@ static void ghbn_free(struct hostent *a) if (a->h_name != NULL) OPENSSL_free(a->h_name); OPENSSL_free(a); } +#endif struct hostent *BIO_gethostbyname(const char *name) { +#if 1 + /* Caching gethostbyname() results forever is wrong, + * so we have to let the true gethostbyname() worry about this */ + return gethostbyname(name); +#else struct hostent *ret; int i,lowi=0,j; unsigned long low= (unsigned long)-1; -/* return(gethostbyname(name)); */ -#if 0 /* It doesn't make sense to use locking here: The function interface - * is not thread-safe, because threads can never be sure when - * some other thread destroys the data they were given a pointer to. - */ +# if 0 + /* It doesn't make sense to use locking here: The function interface + * is not thread-safe, because threads can never be sure when + * some other thread destroys the data they were given a pointer to. + */ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); -#endif +# endif j=strlen(name); if (j < 128) { @@ -384,20 +393,21 @@ struct hostent *BIO_gethostbyname(const char *name) * parameter is 'char *', instead of 'const char *' */ ret=gethostbyname( -#ifndef CONST_STRICT +# ifndef CONST_STRICT (char *) -#endif +# endif name); if (ret == NULL) goto end; if (j > 128) /* too big to cache */ { -#if 0 /* If we were trying to make this function thread-safe (which - * is bound to fail), we'd have to give up in this case - * (or allocate more memory). */ +# if 0 + /* If we were trying to make this function thread-safe (which + * is bound to fail), we'd have to give up in this case + * (or allocate more memory). */ ret = NULL; -#endif +# endif goto end; } @@ -421,12 +431,14 @@ struct hostent *BIO_gethostbyname(const char *name) ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits; } end: -#if 0 +# if 0 CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); -#endif +# endif return(ret); +#endif } + int BIO_sock_init(void) { #ifdef WINDOWS diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h index 97003b5..3777f28 100644 --- a/crypto/openssl/crypto/bio/bio.h +++ b/crypto/openssl/crypto/bio/bio.h @@ -431,7 +431,7 @@ int BIO_read_filename(BIO *b,const char *name); #define BIO_set_ssl_renegotiate_bytes(b,num) \ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); #define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); @@ -588,8 +588,6 @@ int BIO_sock_init(void ); void BIO_sock_cleanup(void); int BIO_set_tcp_ndelay(int sock,int turn_on); -void ERR_load_BIO_strings(void ); - BIO *BIO_new_socket(int sock, int close_flag); BIO *BIO_new_fd(int fd, int close_flag); BIO *BIO_new_connect(char *host_port); @@ -615,6 +613,7 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_BIO_strings(void); /* Error codes for the BIO functions. */ @@ -684,4 +683,3 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); } #endif #endif - diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c index 78c6ab4..4614ad4 100644 --- a/crypto/openssl/crypto/bio/bss_bio.c +++ b/crypto/openssl/crypto/bio/bss_bio.c @@ -474,7 +474,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_C_GET_WRITE_BUF_SIZE: - num = (long) b->size; + ret = (long) b->size; + break; case BIO_C_MAKE_BIO_PAIR: { diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl index ad36267..9e075a2 100644 --- a/crypto/openssl/crypto/bn/Makefile.ssl +++ b/crypto/openssl/crypto/bn/Makefile.ssl @@ -124,6 +124,8 @@ asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \ /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o +asm/ia64.o: asm/ia64.S + files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/openssl/crypto/bn/asm/ia64.S new file mode 100644 index 0000000..ae56066 --- /dev/null +++ b/crypto/openssl/crypto/bn/asm/ia64.S @@ -0,0 +1,1498 @@ +.explicit +.text +.ident "ia64.S, Version 1.1" +.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" + +// +// ==================================================================== +// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +// project. +// +// Rights for redistribution and usage in source and binary forms are +// granted according to the OpenSSL license. Warranty of any kind is +// disclaimed. +// ==================================================================== +// + +// Q. How much faster does it get? +// A. Here is the output from 'openssl speed rsa dsa' for vanilla +// 0.9.6a compiled with gcc version 2.96 20000731 (Red Hat +// Linux 7.1 2.96-81): +// +// sign verify sign/s verify/s +// rsa 512 bits 0.0036s 0.0003s 275.3 2999.2 +// rsa 1024 bits 0.0203s 0.0011s 49.3 894.1 +// rsa 2048 bits 0.1331s 0.0040s 7.5 250.9 +// rsa 4096 bits 0.9270s 0.0147s 1.1 68.1 +// sign verify sign/s verify/s +// dsa 512 bits 0.0035s 0.0043s 288.3 234.8 +// dsa 1024 bits 0.0111s 0.0135s 90.0 74.2 +// +// And here is similar output but for this assembler +// implementation:-) +// +// sign verify sign/s verify/s +// rsa 512 bits 0.0021s 0.0001s 549.4 9638.5 +// rsa 1024 bits 0.0055s 0.0002s 183.8 4481.1 +// rsa 2048 bits 0.0244s 0.0006s 41.4 1726.3 +// rsa 4096 bits 0.1295s 0.0018s 7.7 561.5 +// sign verify sign/s verify/s +// dsa 512 bits 0.0012s 0.0013s 891.9 756.6 +// dsa 1024 bits 0.0023s 0.0028s 440.4 376.2 +// +// Yes, you may argue that it's not fair comparison as it's +// possible to craft the C implementation with BN_UMULT_HIGH +// inline assembler macro. But of course! Here is the output +// with the macro: +// +// sign verify sign/s verify/s +// rsa 512 bits 0.0020s 0.0002s 495.0 6561.0 +// rsa 1024 bits 0.0086s 0.0004s 116.2 2235.7 +// rsa 2048 bits 0.0519s 0.0015s 19.3 667.3 +// rsa 4096 bits 0.3464s 0.0053s 2.9 187.7 +// sign verify sign/s verify/s +// dsa 512 bits 0.0016s 0.0020s 613.1 510.5 +// dsa 1024 bits 0.0045s 0.0054s 221.0 183.9 +// +// My code is still way faster, huh:-) And I believe that even +// higher performance can be achieved. Note that as keys get +// longer, performance gain is larger. Why? According to the +// profiler there is another player in the field, namely +// BN_from_montgomery consuming larger and larger portion of CPU +// time as keysize decreases. I therefore consider putting effort +// to assembler implementation of the following routine: +// +// void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0) +// { +// int i,j; +// BN_ULONG v; +// +// for (i=0; i<nl; i++) +// { +// v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); +// nrp++; +// rp++; +// if (((nrp[-1]+=v)&BN_MASK2) < v) +// for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ; +// } +// } +// +// It might as well be beneficial to implement even combaX +// variants, as it appears as it can literally unleash the +// performance (see comment section to bn_mul_comba8 below). +// +// And finally for your reference the output for 0.9.6a compiled +// with SGIcc version 0.01.0-12 (keep in mind that for the moment +// of this writing it's not possible to convince SGIcc to use +// BN_UMULT_HIGH inline assembler macro, yet the code is fast, +// i.e. for a compiler generated one:-): +// +// sign verify sign/s verify/s +// rsa 512 bits 0.0022s 0.0002s 452.7 5894.3 +// rsa 1024 bits 0.0097s 0.0005s 102.7 2002.9 +// rsa 2048 bits 0.0578s 0.0017s 17.3 600.2 +// rsa 4096 bits 0.3838s 0.0061s 2.6 164.5 +// sign verify sign/s verify/s +// dsa 512 bits 0.0018s 0.0022s 547.3 459.6 +// dsa 1024 bits 0.0051s 0.0062s 196.6 161.3 +// +// Oh! Benchmarks were performed on 733MHz Lion-class Itanium +// system running Redhat Linux 7.1 (very special thanks to Ray +// McCaffity of Williams Communications for providing an account). +// +// Q. What's the heck with 'rum 1<<5' at the end of every function? +// A. Well, by clearing the "upper FP registers written" bit of the +// User Mask I want to excuse the kernel from preserving upper +// (f32-f128) FP register bank over process context switch, thus +// minimizing bus bandwidth consumption during the switch (i.e. +// after PKI opration completes and the program is off doing +// something else like bulk symmetric encryption). Having said +// this, I also want to point out that it might be good idea +// to compile the whole toolkit (as well as majority of the +// programs for that matter) with -mfixed-range=f32-f127 command +// line option. No, it doesn't prevent the compiler from writing +// to upper bank, but at least discourages to do so. If you don't +// like the idea you have the option to compile the module with +// -Drum=nop.m in command line. +// + +#if 1 +// +// bn_[add|sub]_words routines. +// +// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the +// data reside in L1 cache, i.e. 2 ticks away). It's possible to +// compress the epilogue and get down to 2*n+6, but at the cost of +// scalability (the neat feature of this implementation is that it +// shall automagically spin in n+5 on "wider" IA-64 implementations:-) +// I consider that the epilogue is short enough as it is to trade tiny +// performance loss on Itanium for scalability. +// +// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num) +// +.global bn_add_words# +.proc bn_add_words# +.align 64 +.skip 32 // makes the loop body aligned at 64-byte boundary +bn_add_words: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,4,12,0,16 + cmp4.le p6,p0=r35,r0 };; +{ .mfb; mov r8=r0 // return value +(p6) br.ret.spnt.many b0 };; + + .save ar.lc,r3 +{ .mib; sub r10=r35,r0,1 + mov r3=ar.lc + brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 + } + .body +{ .mib; mov r14=r32 // rp + mov r9=pr };; +{ .mii; mov r15=r33 // ap + mov ar.lc=r10 + mov ar.ec=6 } +{ .mib; mov r16=r34 // bp + mov pr.rot=1<<16 };; + +.L_bn_add_words_ctop: +{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++) + (p18) add r39=r37,r34 + (p19) cmp.ltu.unc p56,p0=r40,r38 } +{ .mfb; (p0) nop.m 0x0 + (p0) nop.f 0x0 + (p0) nop.b 0x0 } +{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++) + (p58) cmp.eq.or p57,p0=-1,r41 // (p20) + (p58) add r41=1,r41 } // (p20) +{ .mfb; (p21) st8 [r14]=r42,8 // *(rp++)=r + (p0) nop.f 0x0 + br.ctop.sptk .L_bn_add_words_ctop };; +.L_bn_add_words_cend: + +{ .mii; +(p59) add r8=1,r8 // return value + mov pr=r9,-1 + mov ar.lc=r3 } +{ .mbb; nop.b 0x0 + br.ret.sptk.many b0 };; +.endp bn_add_words# + +// +// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num) +// +.global bn_sub_words# +.proc bn_sub_words# +.align 64 +.skip 32 // makes the loop body aligned at 64-byte boundary +bn_sub_words: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,4,12,0,16 + cmp4.le p6,p0=r35,r0 };; +{ .mfb; mov r8=r0 // return value +(p6) br.ret.spnt.many b0 };; + + .save ar.lc,r3 +{ .mib; sub r10=r35,r0,1 + mov r3=ar.lc + brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 + } + .body +{ .mib; mov r14=r32 // rp + mov r9=pr };; +{ .mii; mov r15=r33 // ap + mov ar.lc=r10 + mov ar.ec=6 } +{ .mib; mov r16=r34 // bp + mov pr.rot=1<<16 };; + +.L_bn_sub_words_ctop: +{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++) + (p18) sub r39=r37,r34 + (p19) cmp.gtu.unc p56,p0=r40,r38 } +{ .mfb; (p0) nop.m 0x0 + (p0) nop.f 0x0 + (p0) nop.b 0x0 } +{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++) + (p58) cmp.eq.or p57,p0=0,r41 // (p20) + (p58) add r41=-1,r41 } // (p20) +{ .mbb; (p21) st8 [r14]=r42,8 // *(rp++)=r + (p0) nop.b 0x0 + br.ctop.sptk .L_bn_sub_words_ctop };; +.L_bn_sub_words_cend: + +{ .mii; +(p59) add r8=1,r8 // return value + mov pr=r9,-1 + mov ar.lc=r3 } +{ .mbb; nop.b 0x0 + br.ret.sptk.many b0 };; +.endp bn_sub_words# +#endif + +#if 0 +#define XMA_TEMPTATION +#endif + +#if 1 +// +// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +// +.global bn_mul_words# +.proc bn_mul_words# +.align 64 +.skip 32 // makes the loop body aligned at 64-byte boundary +bn_mul_words: + .prologue + .fframe 0 + .save ar.pfs,r2 +#ifdef XMA_TEMPTATION +{ .mfi; alloc r2=ar.pfs,4,0,0,0 };; +#else +{ .mfi; alloc r2=ar.pfs,4,4,0,8 };; +#endif +{ .mib; mov r8=r0 // return value + cmp4.le p6,p0=r34,r0 +(p6) br.ret.spnt.many b0 };; + + .save ar.lc,r3 +{ .mii; sub r10=r34,r0,1 + mov r3=ar.lc + mov r9=pr };; + + .body +{ .mib; setf.sig f8=r35 // w + mov pr.rot=0x400001<<16 + // ------^----- serves as (p48) at first (p26) + brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 + } + +#ifndef XMA_TEMPTATION + +{ .mii; mov r14=r32 // rp + mov r15=r33 // ap + mov ar.lc=r10 } +{ .mii; mov r39=0 // serves as r33 at first (p26) + mov ar.ec=12 };; + +// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2 +// cache (i.e. 9 ticks away) as floating point load/store instructions +// bypass L1 cache and L2 latency is actually best-case scenario for +// ldf8. The loop is not scalable and shall run in 2*(n+11) even on +// "wider" IA-64 implementations. It's a trade-off here. n+22 loop +// would give us ~5% in *overall* performance improvement on "wider" +// IA-64, but would hurt Itanium for about same because of longer +// epilogue. As it's a matter of few percents in either case I've +// chosen to trade the scalability for development time (you can see +// this very instruction sequence in bn_mul_add_words loop which in +// turn is scalable). +.L_bn_mul_words_ctop: +{ .mfi; (p25) getf.sig r36=f49 // low + (p21) xmpy.lu f45=f37,f8 + (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p16) ldf8 f32=[r15],8 + (p21) xmpy.hu f38=f37,f8 + (p0) nop.i 0x0 };; +{ .mii; (p26) getf.sig r32=f43 // high + .pred.rel "mutex",p48,p52 + (p48) add r38=r37,r33 // (p26) + (p52) add r38=r37,r33,1 } // (p26) +{ .mfb; (p27) st8 [r14]=r39,8 + (p0) nop.f 0x0 + br.ctop.sptk .L_bn_mul_words_ctop };; +.L_bn_mul_words_cend: + +{ .mii; nop.m 0x0 +.pred.rel "mutex",p49,p53 +(p49) add r8=r34,r0 +(p53) add r8=r34,r0,1 } +{ .mfb; nop.m 0x0 + nop.f 0x0 + nop.b 0x0 } + +#else // XMA_TEMPTATION + + setf.sig f37=r0 // serves as carry at (p18) tick + mov ar.lc=r10 + mov ar.ec=5;; + +// Most of you examining this code very likely wonder why in the name +// of Intel the following loop is commented out? Indeed, it looks so +// neat that you find it hard to believe that it's something wrong +// with it, right? The catch is that every iteration depends on the +// result from previous one and the latter isn't available instantly. +// The loop therefore spins at the latency of xma minus 1, or in other +// words at 6*(n+4) ticks:-( Compare to the "production" loop above +// that runs in 2*(n+11) where the low latency problem is worked around +// by moving the dependency to one-tick latent interger ALU. Note that +// "distance" between ldf8 and xma is not latency of ldf8, but the +// *difference* between xma and ldf8 latencies. +.L_bn_mul_words_ctop: +{ .mfi; (p16) ldf8 f32=[r33],8 + (p18) xma.hu f38=f34,f8,f39 } +{ .mfb; (p20) stf8 [r32]=f37,8 + (p18) xma.lu f35=f34,f8,f39 + br.ctop.sptk .L_bn_mul_words_ctop };; +.L_bn_mul_words_cend: + + getf.sig r8=f41 // the return value + +#endif // XMA_TEMPTATION + +{ .mii; nop.m 0x0 + mov pr=r9,-1 + mov ar.lc=r3 } +{ .mfb; rum 1<<5 // clear um.mfh + nop.f 0x0 + br.ret.sptk.many b0 };; +.endp bn_mul_words# +#endif + +#if 1 +// +// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +// +.global bn_mul_add_words# +.proc bn_mul_add_words# +.align 64 +//.skip 0 // makes the loop split at 64-byte boundary +bn_mul_add_words: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,4,12,0,16 + cmp4.le p6,p0=r34,r0 };; +{ .mfb; mov r8=r0 // return value +(p6) br.ret.spnt.many b0 };; + + .save ar.lc,r3 +{ .mii; sub r10=r34,r0,1 + mov r3=ar.lc + mov r9=pr };; + + .body +{ .mib; setf.sig f8=r35 // w + mov pr.rot=0x400001<<16 + // ------^----- serves as (p48) at first (p26) + brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 + } +{ .mii; mov r14=r32 // rp + mov r15=r33 // ap + mov ar.lc=r10 } +{ .mii; mov r39=0 // serves as r33 at first (p26) + mov r18=r32 // rp copy + mov ar.ec=14 };; + +// This loop spins in 3*(n+13) ticks on Itanium and should spin in +// 2*(n+13) on "wider" IA-64 implementations (to be verified with new +// µ-architecture manuals as they become available). As usual it's +// possible to compress the epilogue, down to 10 in this case, at the +// cost of scalability. Compressed (and therefore non-scalable) loop +// running at 3*(n+10) would buy you ~10% on Itanium but take ~35% +// from "wider" IA-64 so let it be scalable! Special attention was +// paid for having the loop body split at 64-byte boundary. ld8 is +// scheduled for L1 cache as the data is more than likely there. +// Indeed, bn_mul_words has put it there a moment ago:-) +.L_bn_mul_add_words_ctop: +{ .mfi; (p25) getf.sig r36=f49 // low + (p21) xmpy.lu f45=f37,f8 + (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p16) ldf8 f32=[r15],8 + (p21) xmpy.hu f38=f37,f8 + (p27) add r43=r43,r39 };; +{ .mii; (p26) getf.sig r32=f43 // high + .pred.rel "mutex",p48,p52 + (p48) add r38=r37,r33 // (p26) + (p52) add r38=r37,r33,1 } // (p26) +{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39 + (p0) nop.f 0x0 + (p0) nop.b 0x0 } +{ .mii; (p26) ld8 r42=[r18],8 + (p58) cmp.eq.or p57,p0=-1,r44 + (p58) add r44=1,r44 } +{ .mfb; (p29) st8 [r14]=r45,8 + (p0) nop.f 0x0 + br.ctop.sptk .L_bn_mul_add_words_ctop};; +.L_bn_mul_add_words_cend: + +{ .mii; nop.m 0x0 +.pred.rel "mutex",p51,p55 +(p51) add r8=r36,r0 +(p55) add r8=r36,r0,1 } +{ .mfb; nop.m 0x0 + nop.f 0x0 + nop.b 0x0 };; +{ .mii; +(p59) add r8=1,r8 + mov pr=r9,-1 + mov ar.lc=r3 } +{ .mfb; rum 1<<5 // clear um.mfh + nop.f 0x0 + br.ret.sptk.many b0 };; +.endp bn_mul_add_words# +#endif + +#if 1 +// +// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num) +// +.global bn_sqr_words# +.proc bn_sqr_words# +.align 64 +.skip 32 // makes the loop body aligned at 64-byte boundary +bn_sqr_words: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,3,0,0,0 + sxt4 r34=r34 };; +{ .mii; cmp.le p6,p0=r34,r0 + mov r8=r0 } // return value +{ .mfb; nop.f 0x0 +(p6) br.ret.spnt.many b0 };; + + .save ar.lc,r3 +{ .mii; sub r10=r34,r0,1 + mov r3=ar.lc + mov r9=pr };; + + .body +{ .mib; + mov pr.rot=1<<16 + brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 + } +{ .mii; add r34=8,r32 + mov ar.lc=r10 + mov ar.ec=18 };; + +// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's +// possible to compress the epilogue (I'm getting tired to write this +// comment over and over) and get down to 2*n+16 at the cost of +// scalability. The decision will very likely be reconsidered after the +// benchmark program is profiled. I.e. if perfomance gain on Itanium +// will appear larger than loss on "wider" IA-64, then the loop should +// be explicitely split and the epilogue compressed. +.L_bn_sqr_words_ctop: +{ .mfi; (p16) ldf8 f32=[r33],8 + (p25) xmpy.lu f42=f41,f41 + (p0) nop.i 0x0 } +{ .mib; (p33) stf8 [r32]=f50,16 + (p0) nop.i 0x0 + (p0) nop.b 0x0 } +{ .mfi; (p0) nop.m 0x0 + (p25) xmpy.hu f52=f41,f41 + (p0) nop.i 0x0 } +{ .mib; (p33) stf8 [r34]=f60,16 + (p0) nop.i 0x0 + br.ctop.sptk .L_bn_sqr_words_ctop };; +.L_bn_sqr_words_cend: + +{ .mii; nop.m 0x0 + mov pr=r9,-1 + mov ar.lc=r3 } +{ .mfb; rum 1<<5 // clear um.mfh + nop.f 0x0 + br.ret.sptk.many b0 };; +.endp bn_sqr_words# +#endif + +#if 1 +// Apparently we win nothing by implementing special bn_sqr_comba8. +// Yes, it is possible to reduce the number of multiplications by +// almost factor of two, but then the amount of additions would +// increase by factor of two (as we would have to perform those +// otherwise performed by xma ourselves). Normally we would trade +// anyway as multiplications are way more expensive, but not this +// time... Multiplication kernel is fully pipelined and as we drain +// one 128-bit multiplication result per clock cycle multiplications +// are effectively as inexpensive as additions. Special implementation +// might become of interest for "wider" IA-64 implementation as you'll +// be able to get through the multiplication phase faster (there won't +// be any stall issues as discussed in the commentary section below and +// you therefore will be able to employ all 4 FP units)... But these +// Itanium days it's simply too hard to justify the effort so I just +// drop down to bn_mul_comba8 code:-) +// +// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) +// +.global bn_sqr_comba8# +.proc bn_sqr_comba8# +.align 64 +bn_sqr_comba8: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,2,1,0,0 + mov r34=r33 + add r14=8,r33 };; + .body +{ .mii; add r17=8,r34 + add r15=16,r33 + add r18=16,r34 } +{ .mfb; add r16=24,r33 + br .L_cheat_entry_point8 };; +.endp bn_sqr_comba8# +#endif + +#if 1 +// I've estimated this routine to run in ~120 ticks, but in reality +// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra +// cycles consumed for instructions fetch? Or did I misinterpret some +// clause in Itanium µ-architecture manual? Comments are welcomed and +// highly appreciated. +// +// However! It should be noted that even 160 ticks is darn good result +// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the +// C version (compiled with gcc with inline assembler). I really +// kicked compiler's butt here, didn't I? Yeah! This brings us to the +// following statement. It's damn shame that this routine isn't called +// very often nowadays! According to the profiler most CPU time is +// consumed by bn_mul_add_words called from BN_from_montgomery. In +// order to estimate what we're missing, I've compared the performance +// of this routine against "traditional" implementation, i.e. against +// following routine: +// +// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) +// { r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]); +// r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]); +// r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]); +// r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]); +// r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]); +// r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]); +// r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]); +// r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); +// } +// +// The one below is over 8 times faster than the one above:-( Even +// more reasons to "combafy" bn_mul_add_mont... +// +// And yes, this routine really made me wish there were an optimizing +// assembler! It also feels like it deserves a dedication. +// +// To my wife for being there and to my kids... +// +// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) +// +#define carry1 r14 +#define carry2 r15 +#define carry3 r34 +.global bn_mul_comba8# +.proc bn_mul_comba8# +.align 64 +bn_mul_comba8: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,3,0,0,0 + add r14=8,r33 + add r17=8,r34 } + .body +{ .mii; add r15=16,r33 + add r18=16,r34 + add r16=24,r33 } +.L_cheat_entry_point8: +{ .mmi; add r19=24,r34 + + ldf8 f32=[r33],32 };; + +{ .mmi; ldf8 f120=[r34],32 + ldf8 f121=[r17],32 } +{ .mmi; ldf8 f122=[r18],32 + ldf8 f123=[r19],32 };; +{ .mmi; ldf8 f124=[r34] + ldf8 f125=[r17] } +{ .mmi; ldf8 f126=[r18] + ldf8 f127=[r19] } + +{ .mmi; ldf8 f33=[r14],32 + ldf8 f34=[r15],32 } +{ .mmi; ldf8 f35=[r16],32;; + ldf8 f36=[r33] } +{ .mmi; ldf8 f37=[r14] + ldf8 f38=[r15] } +{ .mfi; ldf8 f39=[r16] +// -------\ Entering multiplier's heaven /------- +// ------------\ /------------ +// -----------------\ /----------------- +// ----------------------\/---------------------- + xma.hu f41=f32,f120,f0 } +{ .mfi; xma.lu f40=f32,f120,f0 };; // (*) +{ .mfi; xma.hu f51=f32,f121,f0 } +{ .mfi; xma.lu f50=f32,f121,f0 };; +{ .mfi; xma.hu f61=f32,f122,f0 } +{ .mfi; xma.lu f60=f32,f122,f0 };; +{ .mfi; xma.hu f71=f32,f123,f0 } +{ .mfi; xma.lu f70=f32,f123,f0 };; +{ .mfi; xma.hu f81=f32,f124,f0 } +{ .mfi; xma.lu f80=f32,f124,f0 };; +{ .mfi; xma.hu f91=f32,f125,f0 } +{ .mfi; xma.lu f90=f32,f125,f0 };; +{ .mfi; xma.hu f101=f32,f126,f0 } +{ .mfi; xma.lu f100=f32,f126,f0 };; +{ .mfi; xma.hu f111=f32,f127,f0 } +{ .mfi; xma.lu f110=f32,f127,f0 };;// +// (*) You can argue that splitting at every second bundle would +// prevent "wider" IA-64 implementations from achieving the peak +// performance. Well, not really... The catch is that if you +// intend to keep 4 FP units busy by splitting at every fourth +// bundle and thus perform these 16 multiplications in 4 ticks, +// the first bundle *below* would stall because the result from +// the first xma bundle *above* won't be available for another 3 +// ticks (if not more, being an optimist, I assume that "wider" +// implementation will have same latency:-). This stall will hold +// you back and the performance would be as if every second bundle +// were split *anyway*... +{ .mfi; getf.sig r16=f40 + xma.hu f42=f33,f120,f41 + add r33=8,r32 } +{ .mfi; xma.lu f41=f33,f120,f41 };; +{ .mfi; getf.sig r24=f50 + xma.hu f52=f33,f121,f51 } +{ .mfi; xma.lu f51=f33,f121,f51 };; +{ .mfi; st8 [r32]=r16,16 + xma.hu f62=f33,f122,f61 } +{ .mfi; xma.lu f61=f33,f122,f61 };; +{ .mfi; xma.hu f72=f33,f123,f71 } +{ .mfi; xma.lu f71=f33,f123,f71 };; +{ .mfi; xma.hu f82=f33,f124,f81 } +{ .mfi; xma.lu f81=f33,f124,f81 };; +{ .mfi; xma.hu f92=f33,f125,f91 } +{ .mfi; xma.lu f91=f33,f125,f91 };; +{ .mfi; xma.hu f102=f33,f126,f101 } +{ .mfi; xma.lu f101=f33,f126,f101 };; +{ .mfi; xma.hu f112=f33,f127,f111 } +{ .mfi; xma.lu f111=f33,f127,f111 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r25=f41 + xma.hu f43=f34,f120,f42 } +{ .mfi; xma.lu f42=f34,f120,f42 };; +{ .mfi; getf.sig r16=f60 + xma.hu f53=f34,f121,f52 } +{ .mfi; xma.lu f52=f34,f121,f52 };; +{ .mfi; getf.sig r17=f51 + xma.hu f63=f34,f122,f62 + add r25=r25,r24 } +{ .mfi; xma.lu f62=f34,f122,f62 + mov carry1=0 };; +{ .mfi; cmp.ltu p6,p0=r25,r24 + xma.hu f73=f34,f123,f72 } +{ .mfi; xma.lu f72=f34,f123,f72 };; +{ .mfi; st8 [r33]=r25,16 + xma.hu f83=f34,f124,f82 +(p6) add carry1=1,carry1 } +{ .mfi; xma.lu f82=f34,f124,f82 };; +{ .mfi; xma.hu f93=f34,f125,f92 } +{ .mfi; xma.lu f92=f34,f125,f92 };; +{ .mfi; xma.hu f103=f34,f126,f102 } +{ .mfi; xma.lu f102=f34,f126,f102 };; +{ .mfi; xma.hu f113=f34,f127,f112 } +{ .mfi; xma.lu f112=f34,f127,f112 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r18=f42 + xma.hu f44=f35,f120,f43 + add r17=r17,r16 } +{ .mfi; xma.lu f43=f35,f120,f43 };; +{ .mfi; getf.sig r24=f70 + xma.hu f54=f35,f121,f53 } +{ .mfi; mov carry2=0 + xma.lu f53=f35,f121,f53 };; +{ .mfi; getf.sig r25=f61 + xma.hu f64=f35,f122,f63 + cmp.ltu p7,p0=r17,r16 } +{ .mfi; add r18=r18,r17 + xma.lu f63=f35,f122,f63 };; +{ .mfi; getf.sig r26=f52 + xma.hu f74=f35,f123,f73 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r18,r17 + xma.lu f73=f35,f123,f73 + add r18=r18,carry1 };; +{ .mfi; + xma.hu f84=f35,f124,f83 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r18,carry1 + xma.lu f83=f35,f124,f83 };; +{ .mfi; st8 [r32]=r18,16 + xma.hu f94=f35,f125,f93 +(p7) add carry2=1,carry2 } +{ .mfi; xma.lu f93=f35,f125,f93 };; +{ .mfi; xma.hu f104=f35,f126,f103 } +{ .mfi; xma.lu f103=f35,f126,f103 };; +{ .mfi; xma.hu f114=f35,f127,f113 } +{ .mfi; mov carry1=0 + xma.lu f113=f35,f127,f113 + add r25=r25,r24 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r27=f43 + xma.hu f45=f36,f120,f44 + cmp.ltu p6,p0=r25,r24 } +{ .mfi; xma.lu f44=f36,f120,f44 + add r26=r26,r25 };; +{ .mfi; getf.sig r16=f80 + xma.hu f55=f36,f121,f54 +(p6) add carry1=1,carry1 } +{ .mfi; xma.lu f54=f36,f121,f54 };; +{ .mfi; getf.sig r17=f71 + xma.hu f65=f36,f122,f64 + cmp.ltu p6,p0=r26,r25 } +{ .mfi; xma.lu f64=f36,f122,f64 + add r27=r27,r26 };; +{ .mfi; getf.sig r18=f62 + xma.hu f75=f36,f123,f74 +(p6) add carry1=1,carry1 } +{ .mfi; cmp.ltu p6,p0=r27,r26 + xma.lu f74=f36,f123,f74 + add r27=r27,carry2 };; +{ .mfi; getf.sig r19=f53 + xma.hu f85=f36,f124,f84 +(p6) add carry1=1,carry1 } +{ .mfi; xma.lu f84=f36,f124,f84 + cmp.ltu p6,p0=r27,carry2 };; +{ .mfi; st8 [r33]=r27,16 + xma.hu f95=f36,f125,f94 +(p6) add carry1=1,carry1 } +{ .mfi; xma.lu f94=f36,f125,f94 };; +{ .mfi; xma.hu f105=f36,f126,f104 } +{ .mfi; mov carry2=0 + xma.lu f104=f36,f126,f104 + add r17=r17,r16 };; +{ .mfi; xma.hu f115=f36,f127,f114 + cmp.ltu p7,p0=r17,r16 } +{ .mfi; xma.lu f114=f36,f127,f114 + add r18=r18,r17 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r20=f44 + xma.hu f46=f37,f120,f45 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r18,r17 + xma.lu f45=f37,f120,f45 + add r19=r19,r18 };; +{ .mfi; getf.sig r24=f90 + xma.hu f56=f37,f121,f55 } +{ .mfi; xma.lu f55=f37,f121,f55 };; +{ .mfi; getf.sig r25=f81 + xma.hu f66=f37,f122,f65 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r19,r18 + xma.lu f65=f37,f122,f65 + add r20=r20,r19 };; +{ .mfi; getf.sig r26=f72 + xma.hu f76=f37,f123,f75 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r20,r19 + xma.lu f75=f37,f123,f75 + add r20=r20,carry1 };; +{ .mfi; getf.sig r27=f63 + xma.hu f86=f37,f124,f85 +(p7) add carry2=1,carry2 } +{ .mfi; xma.lu f85=f37,f124,f85 + cmp.ltu p7,p0=r20,carry1 };; +{ .mfi; getf.sig r28=f54 + xma.hu f96=f37,f125,f95 +(p7) add carry2=1,carry2 } +{ .mfi; st8 [r32]=r20,16 + xma.lu f95=f37,f125,f95 };; +{ .mfi; xma.hu f106=f37,f126,f105 } +{ .mfi; mov carry1=0 + xma.lu f105=f37,f126,f105 + add r25=r25,r24 };; +{ .mfi; xma.hu f116=f37,f127,f115 + cmp.ltu p6,p0=r25,r24 } +{ .mfi; xma.lu f115=f37,f127,f115 + add r26=r26,r25 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r29=f45 + xma.hu f47=f38,f120,f46 +(p6) add carry1=1,carry1 } +{ .mfi; cmp.ltu p6,p0=r26,r25 + xma.lu f46=f38,f120,f46 + add r27=r27,r26 };; +{ .mfi; getf.sig r16=f100 + xma.hu f57=f38,f121,f56 +(p6) add carry1=1,carry1 } +{ .mfi; cmp.ltu p6,p0=r27,r26 + xma.lu f56=f38,f121,f56 + add r28=r28,r27 };; +{ .mfi; getf.sig r17=f91 + xma.hu f67=f38,f122,f66 +(p6) add carry1=1,carry1 } +{ .mfi; cmp.ltu p6,p0=r28,r27 + xma.lu f66=f38,f122,f66 + add r29=r29,r28 };; +{ .mfi; getf.sig r18=f82 + xma.hu f77=f38,f123,f76 +(p6) add carry1=1,carry1 } +{ .mfi; cmp.ltu p6,p0=r29,r28 + xma.lu f76=f38,f123,f76 + add r29=r29,carry2 };; +{ .mfi; getf.sig r19=f73 + xma.hu f87=f38,f124,f86 +(p6) add carry1=1,carry1 } +{ .mfi; xma.lu f86=f38,f124,f86 + cmp.ltu p6,p0=r29,carry2 };; +{ .mfi; getf.sig r20=f64 + xma.hu f97=f38,f125,f96 +(p6) add carry1=1,carry1 } +{ .mfi; st8 [r33]=r29,16 + xma.lu f96=f38,f125,f96 };; +{ .mfi; getf.sig r21=f55 + xma.hu f107=f38,f126,f106 } +{ .mfi; mov carry2=0 + xma.lu f106=f38,f126,f106 + add r17=r17,r16 };; +{ .mfi; xma.hu f117=f38,f127,f116 + cmp.ltu p7,p0=r17,r16 } +{ .mfi; xma.lu f116=f38,f127,f116 + add r18=r18,r17 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r22=f46 + xma.hu f48=f39,f120,f47 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r18,r17 + xma.lu f47=f39,f120,f47 + add r19=r19,r18 };; +{ .mfi; getf.sig r24=f110 + xma.hu f58=f39,f121,f57 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r19,r18 + xma.lu f57=f39,f121,f57 + add r20=r20,r19 };; +{ .mfi; getf.sig r25=f101 + xma.hu f68=f39,f122,f67 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r20,r19 + xma.lu f67=f39,f122,f67 + add r21=r21,r20 };; +{ .mfi; getf.sig r26=f92 + xma.hu f78=f39,f123,f77 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r21,r20 + xma.lu f77=f39,f123,f77 + add r22=r22,r21 };; +{ .mfi; getf.sig r27=f83 + xma.hu f88=f39,f124,f87 +(p7) add carry2=1,carry2 } +{ .mfi; cmp.ltu p7,p0=r22,r21 + xma.lu f87=f39,f124,f87 + add r22=r22,carry1 };; +{ .mfi; getf.sig r28=f74 + xma.hu f98=f39,f125,f97 +(p7) add carry2=1,carry2 } +{ .mfi; xma.lu f97=f39,f125,f97 + cmp.ltu p7,p0=r22,carry1 };; +{ .mfi; getf.sig r29=f65 + xma.hu f108=f39,f126,f107 +(p7) add carry2=1,carry2 } +{ .mfi; st8 [r32]=r22,16 + xma.lu f107=f39,f126,f107 };; +{ .mfi; getf.sig r30=f56 + xma.hu f118=f39,f127,f117 } +{ .mfi; xma.lu f117=f39,f127,f117 };;// +//-------------------------------------------------// +// Leaving muliplier's heaven... Quite a ride, huh? + +{ .mii; getf.sig r31=f47 + add r25=r25,r24 + mov carry1=0 };; +{ .mii; getf.sig r16=f111 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mfb; getf.sig r17=f102 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r27=r27,r26 };; +{ .mfb; nop.m 0x0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r27,r26 + add r28=r28,r27 };; +{ .mii; getf.sig r18=f93 + add r17=r17,r16 + mov carry3=0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r28,r27 + add r29=r29,r28 };; +{ .mii; getf.sig r19=f84 + cmp.ltu p7,p0=r17,r16 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r29,r28 + add r30=r30,r29 };; +{ .mii; getf.sig r20=f75 + add r18=r18,r17 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r30,r29 + add r31=r31,r30 };; +{ .mfb; getf.sig r21=f66 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r18,r17 + add r19=r19,r18 } +{ .mfb; nop.m 0x0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r31,r30 + add r31=r31,carry2 };; +{ .mfb; getf.sig r22=f57 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r19,r18 + add r20=r20,r19 } +{ .mfb; nop.m 0x0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r31,carry2 };; +{ .mfb; getf.sig r23=f48 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r20,r19 + add r21=r21,r20 } +{ .mii; +(p6) add carry1=1,carry1 } +{ .mfb; st8 [r33]=r31,16 };; + +{ .mfb; getf.sig r24=f112 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r21,r20 + add r22=r22,r21 };; +{ .mfb; getf.sig r25=f103 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r22,r21 + add r23=r23,r22 };; +{ .mfb; getf.sig r26=f94 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r23,r22 + add r23=r23,carry1 };; +{ .mfb; getf.sig r27=f85 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p8=r23,carry1};; +{ .mii; getf.sig r28=f76 + add r25=r25,r24 + mov carry1=0 } +{ .mii; st8 [r32]=r23,16 + (p7) add carry2=1,carry3 + (p8) add carry2=0,carry3 };; + +{ .mfb; nop.m 0x0 } +{ .mii; getf.sig r29=f67 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mfb; getf.sig r30=f58 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r27=r27,r26 };; +{ .mfb; getf.sig r16=f113 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r27,r26 + add r28=r28,r27 };; +{ .mfb; getf.sig r17=f104 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r28,r27 + add r29=r29,r28 };; +{ .mfb; getf.sig r18=f95 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r29,r28 + add r30=r30,r29 };; +{ .mii; getf.sig r19=f86 + add r17=r17,r16 + mov carry3=0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r30,r29 + add r30=r30,carry2 };; +{ .mii; getf.sig r20=f77 + cmp.ltu p7,p0=r17,r16 + add r18=r18,r17 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r30,carry2 };; +{ .mfb; getf.sig r21=f68 } +{ .mii; st8 [r33]=r30,16 +(p6) add carry1=1,carry1 };; + +{ .mfb; getf.sig r24=f114 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r18,r17 + add r19=r19,r18 };; +{ .mfb; getf.sig r25=f105 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r19,r18 + add r20=r20,r19 };; +{ .mfb; getf.sig r26=f96 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r20,r19 + add r21=r21,r20 };; +{ .mfb; getf.sig r27=f87 } +{ .mii; (p7) add carry3=1,carry3 + cmp.ltu p7,p0=r21,r20 + add r21=r21,carry1 };; +{ .mib; getf.sig r28=f78 + add r25=r25,r24 } +{ .mib; (p7) add carry3=1,carry3 + cmp.ltu p7,p8=r21,carry1};; +{ .mii; st8 [r32]=r21,16 + (p7) add carry2=1,carry3 + (p8) add carry2=0,carry3 } + +{ .mii; mov carry1=0 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mfb; getf.sig r16=f115 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r27=r27,r26 };; +{ .mfb; getf.sig r17=f106 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r27,r26 + add r28=r28,r27 };; +{ .mfb; getf.sig r18=f97 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r28,r27 + add r28=r28,carry2 };; +{ .mib; getf.sig r19=f88 + add r17=r17,r16 } +{ .mib; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r28,carry2 };; +{ .mii; st8 [r33]=r28,16 +(p6) add carry1=1,carry1 } + +{ .mii; mov carry2=0 + cmp.ltu p7,p0=r17,r16 + add r18=r18,r17 };; +{ .mfb; getf.sig r24=f116 } +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r18,r17 + add r19=r19,r18 };; +{ .mfb; getf.sig r25=f107 } +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r19,r18 + add r19=r19,carry1 };; +{ .mfb; getf.sig r26=f98 } +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r19,carry1};; +{ .mii; st8 [r32]=r19,16 + (p7) add carry2=1,carry2 } + +{ .mfb; add r25=r25,r24 };; + +{ .mfb; getf.sig r16=f117 } +{ .mii; mov carry1=0 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mfb; getf.sig r17=f108 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r26=r26,carry2 };; +{ .mfb; nop.m 0x0 } +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,carry2 };; +{ .mii; st8 [r33]=r26,16 +(p6) add carry1=1,carry1 } + +{ .mfb; add r17=r17,r16 };; +{ .mfb; getf.sig r24=f118 } +{ .mii; mov carry2=0 + cmp.ltu p7,p0=r17,r16 + add r17=r17,carry1 };; +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r17,carry1};; +{ .mii; st8 [r32]=r17 + (p7) add carry2=1,carry2 };; +{ .mfb; add r24=r24,carry2 };; +{ .mib; st8 [r33]=r24 } + +{ .mib; rum 1<<5 // clear um.mfh + br.ret.sptk.many b0 };; +.endp bn_mul_comba8# +#undef carry3 +#undef carry2 +#undef carry1 +#endif + +#if 1 +// It's possible to make it faster (see comment to bn_sqr_comba8), but +// I reckon it doesn't worth the effort. Basically because the routine +// (actually both of them) practically never called... So I just play +// same trick as with bn_sqr_comba8. +// +// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) +// +.global bn_sqr_comba4# +.proc bn_sqr_comba4# +.align 64 +bn_sqr_comba4: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,2,1,0,0 + mov r34=r33 + add r14=8,r33 };; + .body +{ .mii; add r17=8,r34 + add r15=16,r33 + add r18=16,r34 } +{ .mfb; add r16=24,r33 + br .L_cheat_entry_point4 };; +.endp bn_sqr_comba4# +#endif + +#if 1 +// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever... +// +// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) +// +#define carry1 r14 +#define carry2 r15 +.global bn_mul_comba4# +.proc bn_mul_comba4# +.align 64 +bn_mul_comba4: + .prologue + .fframe 0 + .save ar.pfs,r2 +{ .mii; alloc r2=ar.pfs,3,0,0,0 + add r14=8,r33 + add r17=8,r34 } + .body +{ .mii; add r15=16,r33 + add r18=16,r34 + add r16=24,r33 };; +.L_cheat_entry_point4: +{ .mmi; add r19=24,r34 + + ldf8 f32=[r33] } + +{ .mmi; ldf8 f120=[r34] + ldf8 f121=[r17] };; +{ .mmi; ldf8 f122=[r18] + ldf8 f123=[r19] } + +{ .mmi; ldf8 f33=[r14] + ldf8 f34=[r15] } +{ .mfi; ldf8 f35=[r16] + + xma.hu f41=f32,f120,f0 } +{ .mfi; xma.lu f40=f32,f120,f0 };; +{ .mfi; xma.hu f51=f32,f121,f0 } +{ .mfi; xma.lu f50=f32,f121,f0 };; +{ .mfi; xma.hu f61=f32,f122,f0 } +{ .mfi; xma.lu f60=f32,f122,f0 };; +{ .mfi; xma.hu f71=f32,f123,f0 } +{ .mfi; xma.lu f70=f32,f123,f0 };;// +// Major stall takes place here, and 3 more places below. Result from +// first xma is not available for another 3 ticks. +{ .mfi; getf.sig r16=f40 + xma.hu f42=f33,f120,f41 + add r33=8,r32 } +{ .mfi; xma.lu f41=f33,f120,f41 };; +{ .mfi; getf.sig r24=f50 + xma.hu f52=f33,f121,f51 } +{ .mfi; xma.lu f51=f33,f121,f51 };; +{ .mfi; st8 [r32]=r16,16 + xma.hu f62=f33,f122,f61 } +{ .mfi; xma.lu f61=f33,f122,f61 };; +{ .mfi; xma.hu f72=f33,f123,f71 } +{ .mfi; xma.lu f71=f33,f123,f71 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r25=f41 + xma.hu f43=f34,f120,f42 } +{ .mfi; xma.lu f42=f34,f120,f42 };; +{ .mfi; getf.sig r16=f60 + xma.hu f53=f34,f121,f52 } +{ .mfi; xma.lu f52=f34,f121,f52 };; +{ .mfi; getf.sig r17=f51 + xma.hu f63=f34,f122,f62 + add r25=r25,r24 } +{ .mfi; mov carry1=0 + xma.lu f62=f34,f122,f62 };; +{ .mfi; st8 [r33]=r25,16 + xma.hu f73=f34,f123,f72 + cmp.ltu p6,p0=r25,r24 } +{ .mfi; xma.lu f72=f34,f123,f72 };;// +//-------------------------------------------------// +{ .mfi; getf.sig r18=f42 + xma.hu f44=f35,f120,f43 +(p6) add carry1=1,carry1 } +{ .mfi; add r17=r17,r16 + xma.lu f43=f35,f120,f43 + mov carry2=0 };; +{ .mfi; getf.sig r24=f70 + xma.hu f54=f35,f121,f53 + cmp.ltu p7,p0=r17,r16 } +{ .mfi; xma.lu f53=f35,f121,f53 };; +{ .mfi; getf.sig r25=f61 + xma.hu f64=f35,f122,f63 + add r18=r18,r17 } +{ .mfi; xma.lu f63=f35,f122,f63 +(p7) add carry2=1,carry2 };; +{ .mfi; getf.sig r26=f52 + xma.hu f74=f35,f123,f73 + cmp.ltu p7,p0=r18,r17 } +{ .mfi; xma.lu f73=f35,f123,f73 + add r18=r18,carry1 };; +//-------------------------------------------------// +{ .mii; st8 [r32]=r18,16 +(p7) add carry2=1,carry2 + cmp.ltu p7,p0=r18,carry1 };; + +{ .mfi; getf.sig r27=f43 // last major stall +(p7) add carry2=1,carry2 };; +{ .mii; getf.sig r16=f71 + add r25=r25,r24 + mov carry1=0 };; +{ .mii; getf.sig r17=f62 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r27=r27,r26 };; +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r27,r26 + add r27=r27,carry2 };; +{ .mii; getf.sig r18=f53 +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r27,carry2 };; +{ .mfi; st8 [r33]=r27,16 +(p6) add carry1=1,carry1 } + +{ .mii; getf.sig r19=f44 + add r17=r17,r16 + mov carry2=0 };; +{ .mii; getf.sig r24=f72 + cmp.ltu p7,p0=r17,r16 + add r18=r18,r17 };; +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r18,r17 + add r19=r19,r18 };; +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r19,r18 + add r19=r19,carry1 };; +{ .mii; getf.sig r25=f63 + (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r19,carry1};; +{ .mii; st8 [r32]=r19,16 + (p7) add carry2=1,carry2 } + +{ .mii; getf.sig r26=f54 + add r25=r25,r24 + mov carry1=0 };; +{ .mii; getf.sig r16=f73 + cmp.ltu p6,p0=r25,r24 + add r26=r26,r25 };; +{ .mii; +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,r25 + add r26=r26,carry2 };; +{ .mii; getf.sig r17=f64 +(p6) add carry1=1,carry1 + cmp.ltu p6,p0=r26,carry2 };; +{ .mii; st8 [r33]=r26,16 +(p6) add carry1=1,carry1 } + +{ .mii; getf.sig r24=f74 + add r17=r17,r16 + mov carry2=0 };; +{ .mii; cmp.ltu p7,p0=r17,r16 + add r17=r17,carry1 };; + +{ .mii; (p7) add carry2=1,carry2 + cmp.ltu p7,p0=r17,carry1};; +{ .mii; st8 [r32]=r17,16 + (p7) add carry2=1,carry2 };; + +{ .mii; add r24=r24,carry2 };; +{ .mii; st8 [r33]=r24 } + +{ .mib; rum 1<<5 // clear um.mfh + br.ret.sptk.many b0 };; +.endp bn_mul_comba4# +#undef carry2 +#undef carry1 +#endif + +#if 1 +// +// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) +// +// In the nutshell it's a port of my MIPS III/IV implementation. +// +#define AT r14 +#define H r16 +#define HH r20 +#define L r17 +#define D r18 +#define DH r22 +#define I r21 + +#if 0 +// Some preprocessors (most notably HP-UX) apper to be allergic to +// macros enclosed to parenthesis as these three will be. +#define cont p16 +#define break p0 // p20 +#define equ p24 +#else +cont=p16 +break=p0 +equ=p24 +#endif + +.global abort# +.global bn_div_words# +.proc bn_div_words# +.align 64 +bn_div_words: + .prologue + .fframe 0 + .save ar.pfs,r2 + .save b0,r3 +{ .mii; alloc r2=ar.pfs,3,5,0,8 + mov r3=b0 + mov r10=pr };; +{ .mmb; cmp.eq p6,p0=r34,r0 + mov r8=-1 +(p6) br.ret.spnt.many b0 };; + + .body +{ .mii; mov H=r32 // save h + mov ar.ec=0 // don't rotate at exit + mov pr.rot=0 } +{ .mii; mov L=r33 // save l + mov r36=r0 };; + +.L_divw_shift: // -vv- note signed comparison +{ .mfi; (p0) cmp.lt p16,p0=r0,r34 // d + (p0) shladd r33=r34,1,r0 } +{ .mfb; (p0) add r35=1,r36 + (p0) nop.f 0x0 +(p16) br.wtop.dpnt .L_divw_shift };; + +{ .mii; mov D=r34 + shr.u DH=r34,32 + sub r35=64,r36 };; +{ .mii; setf.sig f7=DH + shr.u AT=H,r35 + mov I=r36 };; +{ .mib; cmp.ne p6,p0=r0,AT + shl H=H,r36 +(p6) br.call.spnt.clr b0=abort };; // overflow, die... + +{ .mfi; fcvt.xuf.s1 f7=f7 + shr.u AT=L,r35 };; +{ .mii; shl L=L,r36 + or H=H,AT };; + +{ .mii; nop.m 0x0 + cmp.leu p6,p0=D,H;; +(p6) sub H=H,D } + +{ .mlx; setf.sig f14=D + movl AT=0xffffffff };; +/////////////////////////////////////////////////////////// +{ .mii; setf.sig f6=H + shr.u HH=H,32;; + cmp.eq p6,p7=HH,DH };; +{ .mfb; +(p6) setf.sig f8=AT +(p7) fcvt.xuf.s1 f6=f6 +(p7) br.call.sptk b6=.L_udiv64_32_b6 };; + +{ .mfi; getf.sig r33=f8 // q + xmpy.lu f9=f8,f14 } +{ .mfi; xmpy.hu f10=f8,f14 + shrp H=H,L,32 };; + +{ .mmi; getf.sig r35=f9 // tl + getf.sig r31=f10 };; // th + +.L_divw_1st_iter: +{ .mii; (p0) add r32=-1,r33 + (p0) cmp.eq equ,cont=HH,r31 };; +{ .mii; (p0) cmp.ltu p8,p0=r35,D + (p0) sub r34=r35,D + (equ) cmp.leu break,cont=r35,H };; +{ .mib; (cont) cmp.leu cont,break=HH,r31 + (p8) add r31=-1,r31 +(cont) br.wtop.spnt .L_divw_1st_iter };; +/////////////////////////////////////////////////////////// +{ .mii; sub H=H,r35 + shl r8=r33,32 + shl L=L,32 };; +/////////////////////////////////////////////////////////// +{ .mii; setf.sig f6=H + shr.u HH=H,32;; + cmp.eq p6,p7=HH,DH };; +{ .mfb; +(p6) setf.sig f8=AT +(p7) fcvt.xuf.s1 f6=f6 +(p7) br.call.sptk b6=.L_udiv64_32_b6 };; + +{ .mfi; getf.sig r33=f8 // q + xmpy.lu f9=f8,f14 } +{ .mfi; xmpy.hu f10=f8,f14 + shrp H=H,L,32 };; + +{ .mmi; getf.sig r35=f9 // tl + getf.sig r31=f10 };; // th + +.L_divw_2nd_iter: +{ .mii; (p0) add r32=-1,r33 + (p0) cmp.eq equ,cont=HH,r31 };; +{ .mii; (p0) cmp.ltu p8,p0=r35,D + (p0) sub r34=r35,D + (equ) cmp.leu break,cont=r35,H };; +{ .mib; (cont) cmp.leu cont,break=HH,r31 + (p8) add r31=-1,r31 +(cont) br.wtop.spnt .L_divw_2nd_iter };; +/////////////////////////////////////////////////////////// +{ .mii; sub H=H,r35 + or r8=r8,r33 + mov ar.pfs=r2 };; +{ .mii; shr.u r9=H,I // remainder if anybody wants it + mov pr=r10,-1 } +{ .mfb; br.ret.sptk.many b0 };; + +// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division +// procedure. +// +// inputs: f6 = (double)a, f7 = (double)b +// output: f8 = (int)(a/b) +// clobbered: f8,f9,f10,f11,pred +pred=p15 +// This procedure is essentially Intel code and therefore is +// copyrighted to Intel Corporation (I suppose...). It's sligtly +// modified for specific needs. +.align 32 +.skip 16 +.L_udiv64_32_b6: + frcpa.s1 f8,pred=f6,f7;; // [0] y0 = 1 / b + +(pred) fnma.s1 f9=f7,f8,f1 // [5] e0 = 1 - b * y0 +(pred) fmpy.s1 f10=f6,f8;; // [5] q0 = a * y0 +(pred) fmpy.s1 f11=f9,f9 // [10] e1 = e0 * e0 +(pred) fma.s1 f10=f9,f10,f10;; // [10] q1 = q0 + e0 * q0 +(pred) fma.s1 f8=f9,f8,f8 //;; // [15] y1 = y0 + e0 * y0 +(pred) fma.s1 f9=f11,f10,f10;; // [15] q2 = q1 + e1 * q1 +(pred) fma.s1 f8=f11,f8,f8 //;; // [20] y2 = y1 + e1 * y1 +(pred) fnma.s1 f10=f7,f9,f6;; // [20] r2 = a - b * q2 +(pred) fma.s1 f8=f10,f8,f9;; // [25] q3 = q2 + r2 * y2 + + fcvt.fxu.trunc.s1 f8=f8 // [30] q = trunc(q3) + br.ret.sptk.many b6;; +.endp bn_div_words# +#endif diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h index b232c2c..7ce9d8c 100644 --- a/crypto/openssl/crypto/bn/bn.h +++ b/crypto/openssl/crypto/bn/bn.h @@ -90,7 +90,9 @@ extern "C" { * be on. Again this in only really a problem on machines * using "long long's", are 32bit, and are not using my assembler code. */ #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux) -#define BN_DIV2W +# ifndef BN_DIV2W +# define BN_DIV2W +# endif #endif /* assuming long is 64bit - this is the DEC Alpha @@ -329,6 +331,7 @@ void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -403,7 +406,6 @@ int BN_is_prime(const BIGNUM *p,int nchecks, int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, int do_trial_division); -void ERR_load_BN_strings(void ); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); @@ -474,6 +476,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_BN_strings(void); /* Error codes for the BN functions. */ @@ -517,4 +520,3 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); } #endif #endif - diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c index c328b5b..613a268 100644 --- a/crypto/openssl/crypto/bn/bn_div.c +++ b/crypto/openssl/crypto/bn/bn_div.c @@ -128,7 +128,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W) # if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) +# if defined(__i386) || defined (__i386__) /* * There were two reasons for implementing this template: * - GNU C generates a call to a function (__udivdi3 to be exact) diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c index a5f01b9..8b782fa 100644 --- a/crypto/openssl/crypto/bn/bn_prime.c +++ b/crypto/openssl/crypto/bn/bn_prime.c @@ -225,12 +225,15 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, BN_MONT_CTX *mont = NULL; const BIGNUM *A = NULL; + if (BN_cmp(a, BN_value_one()) <= 0) + return 0; + if (checks == BN_prime_checks) checks = BN_prime_checks_for_size(BN_num_bits(a)); /* first look for small factors */ if (!BN_is_odd(a)) - return(0); + return 0; if (do_trial_division) { for (i = 1; i < NUMPRIMES; i++) @@ -289,11 +292,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, for (i = 0; i < checks; i++) { - if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0)) + if (!BN_pseudo_rand_range(check, A1)) goto err; - if (BN_cmp(check, A1) >= 0) - if (!BN_sub(check, check, A1)) - goto err; if (!BN_add_word(check, 1)) goto err; /* now 1 <= check < A */ diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c index acd0619..4944ffb 100644 --- a/crypto/openssl/crypto/bn/bn_rand.c +++ b/crypto/openssl/crypto/bn/bn_rand.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <time.h> @@ -172,8 +225,9 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) #endif /* random number r: 0 <= r < range */ -int BN_rand_range(BIGNUM *r, BIGNUM *range) +static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) { + int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; int n; if (range->neg || BN_is_zero(range)) @@ -184,26 +238,19 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) n = BN_num_bits(range); /* n > 0 */ + /* BN_is_bit_set(range, n - 1) always holds */ + if (n == 1) { if (!BN_zero(r)) return 0; } - else if (BN_is_bit_set(range, n - 2)) + else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { - do - { - /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, -1, 0)) return 0; - } - while (BN_cmp(r, range) >= 0); - } - else - { - /* range = 10..._2, + /* range = 100..._2, * so 3*range (= 11..._2) is exactly one bit longer than range */ do { - if (!BN_rand(r, n + 1, -1, 0)) return 0; + if (!bn_rand(r, n + 1, -1, 0)) return 0; /* If r < 3*range, use r := r MOD range * (which is either r, r - range, or r - 2*range). * Otherwise, iterate once more. @@ -218,6 +265,26 @@ int BN_rand_range(BIGNUM *r, BIGNUM *range) } while (BN_cmp(r, range) >= 0); } + else + { + do + { + /* range = 11..._2 or range = 101..._2 */ + if (!bn_rand(r, n, -1, 0)) return 0; + } + while (BN_cmp(r, range) >= 0); + } return 1; } + + +int BN_rand_range(BIGNUM *r, BIGNUM *range) + { + return bn_rand_range(0, r, range); + } + +int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) + { + return bn_rand_range(1, r, range); + } diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c index 75f4f38..09bd337 100644 --- a/crypto/openssl/crypto/bn/bn_sqr.c +++ b/crypto/openssl/crypto/bn/bn_sqr.c @@ -245,7 +245,7 @@ printf(" bn_sqr_recursive %d * %d\n",n2,n2); if (!zero) bn_sqr_recursive(&(t[n2]),t,n,p); else - memset(&(t[n2]),0,n*sizeof(BN_ULONG)); + memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); bn_sqr_recursive(r,a,n,p); bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/openssl/crypto/buffer/buffer.h index bff26bf..11e2d035 100644 --- a/crypto/openssl/crypto/buffer/buffer.h +++ b/crypto/openssl/crypto/buffer/buffer.h @@ -75,12 +75,11 @@ void BUF_MEM_free(BUF_MEM *a); int BUF_MEM_grow(BUF_MEM *str, int len); char * BUF_strdup(const char *str); -void ERR_load_BUF_strings(void ); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ @@ -95,4 +94,3 @@ void ERR_load_BUF_strings(void ); } #endif #endif - diff --git a/crypto/openssl/crypto/comp/Makefile.ssl b/crypto/openssl/crypto/comp/Makefile.ssl index ba705c2..a61c7de 100644 --- a/crypto/openssl/crypto/comp/Makefile.ssl +++ b/crypto/openssl/crypto/comp/Makefile.ssl @@ -22,10 +22,10 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= comp_lib.c \ +LIBSRC= comp_lib.c comp_err.c \ c_rle.c c_zlib.c -LIBOBJ= comp_lib.o \ +LIBOBJ= comp_lib.o comp_err.o \ c_rle.o c_zlib.o SRC= $(LIBSRC) @@ -94,6 +94,11 @@ c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h +comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h +comp_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h +comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +comp_err.o: ../../include/openssl/symhacks.h comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h diff --git a/crypto/openssl/crypto/comp/comp.h b/crypto/openssl/crypto/comp/comp.h index 0922609..c26c209 100644 --- a/crypto/openssl/crypto/comp/comp.h +++ b/crypto/openssl/crypto/comp/comp.h @@ -47,6 +47,7 @@ COMP_METHOD *COMP_zlib(void ); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_COMP_strings(void); /* Error codes for the COMP functions. */ @@ -58,4 +59,3 @@ COMP_METHOD *COMP_zlib(void ); } #endif #endif - diff --git a/crypto/openssl/crypto/conf/conf.h b/crypto/openssl/crypto/conf/conf.h index cd40a0d..31e4005 100644 --- a/crypto/openssl/crypto/conf/conf.h +++ b/crypto/openssl/crypto/conf/conf.h @@ -108,7 +108,6 @@ long CONF_get_number(LHASH *conf,char *group,char *name); void CONF_free(LHASH *conf); int CONF_dump_fp(LHASH *conf, FILE *out); int CONF_dump_bio(LHASH *conf, BIO *out); -void ERR_load_CONF_strings(void ); /* New conf code. The semantics are different from the functions above. If that wasn't the case, the above functions would have been replaced */ @@ -145,6 +144,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_CONF_strings(void); /* Error codes for the CONF functions. */ @@ -176,4 +176,3 @@ int NCONF_dump_bio(CONF *conf, BIO *out); } #endif #endif - diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index fdb416d..8fd2d4d 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -90,6 +90,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ssl_sess_cert", "ssl", "rand", + "rand2", "debug_malloc", "BIO", "gethostbyname", @@ -100,7 +101,7 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "debug_malloc2", "dso", "dynlock", -#if CRYPTO_NUM_LOCKS != 28 +#if CRYPTO_NUM_LOCKS != 29 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; @@ -227,7 +228,10 @@ void CRYPTO_destroy_dynlockid(int i) CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) + { + CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); return; + } pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); if (pointer != NULL) { diff --git a/crypto/openssl/crypto/crypto.h b/crypto/openssl/crypto/crypto.h index 09ae4cb..8fba871 100644 --- a/crypto/openssl/crypto/crypto.h +++ b/crypto/openssl/crypto/crypto.h @@ -112,17 +112,18 @@ extern "C" { #define CRYPTO_LOCK_SSL_SESS_CERT 15 #define CRYPTO_LOCK_SSL 16 #define CRYPTO_LOCK_RAND 17 -#define CRYPTO_LOCK_MALLOC 18 -#define CRYPTO_LOCK_BIO 19 -#define CRYPTO_LOCK_GETHOSTBYNAME 20 -#define CRYPTO_LOCK_GETSERVBYNAME 21 -#define CRYPTO_LOCK_READDIR 22 -#define CRYPTO_LOCK_RSA_BLINDING 23 -#define CRYPTO_LOCK_DH 24 -#define CRYPTO_LOCK_MALLOC2 25 -#define CRYPTO_LOCK_DSO 26 -#define CRYPTO_LOCK_DYNLOCK 27 -#define CRYPTO_NUM_LOCKS 28 +#define CRYPTO_LOCK_RAND2 18 +#define CRYPTO_LOCK_MALLOC 19 +#define CRYPTO_LOCK_BIO 20 +#define CRYPTO_LOCK_GETHOSTBYNAME 21 +#define CRYPTO_LOCK_GETSERVBYNAME 22 +#define CRYPTO_LOCK_READDIR 23 +#define CRYPTO_LOCK_RSA_BLINDING 24 +#define CRYPTO_LOCK_DH 25 +#define CRYPTO_LOCK_MALLOC2 26 +#define CRYPTO_LOCK_DSO 27 +#define CRYPTO_LOCK_DYNLOCK 28 +#define CRYPTO_NUM_LOCKS 29 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -350,6 +351,9 @@ int CRYPTO_push_info_(const char *info, const char *file, int line); int CRYPTO_pop_info(void); int CRYPTO_remove_all_info(void); + +/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; + * used as default in CRYPTO_MDEBUG compilations): */ /* The last argument has the following significance: * * 0: called before the actual memory allocation has taken place @@ -358,18 +362,18 @@ int CRYPTO_remove_all_info(void); void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); void CRYPTO_dbg_free(void *addr,int before_p); - /* Tell the debugging code about options. By default, the following values * apply: * - * 0: Clear all options. - * 1: Set the "Show Time" option. - * 2: Set the "Show Thread Number" option. - * 3: 1 + 2 + * 0: Clear all options. + * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. + * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. + * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 */ void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); + #ifndef NO_FP_API void CRYPTO_mem_leaks_fp(FILE *); #endif @@ -377,12 +381,11 @@ void CRYPTO_mem_leaks(struct bio_st *bio); /* unsigned long order, char *file, int line, int num_bytes, char *addr */ void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *)); -void ERR_load_CRYPTO_strings(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_CRYPTO_strings(void); /* Error codes for the CRYPTO functions. */ @@ -399,4 +402,3 @@ void ERR_load_CRYPTO_strings(void); } #endif #endif - diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/openssl/crypto/dh/dh.h index a15fc1c..3fdd39f 100644 --- a/crypto/openssl/crypto/dh/dh.h +++ b/crypto/openssl/crypto/dh/dh.h @@ -177,12 +177,12 @@ int DHparams_print(BIO *bp, DH *x); #else int DHparams_print(char *bp, DH *x); #endif -void ERR_load_DH_strings(void ); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ @@ -201,4 +201,3 @@ void ERR_load_DH_strings(void ); } #endif #endif - diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index a6469ca..17b267f 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -99,6 +99,8 @@ DH_METHOD *DH_OpenSSL(void) static int generate_key(DH *dh) { int ok=0; + int generate_new_key=0; + unsigned l; BN_CTX ctx; BN_MONT_CTX *mont; BIGNUM *pub_key=NULL,*priv_key=NULL; @@ -109,9 +111,7 @@ static int generate_key(DH *dh) { priv_key=BN_new(); if (priv_key == NULL) goto err; - do - if (!BN_rand_range(priv_key, dh->p)) goto err; - while (BN_is_zero(priv_key)); + generate_new_key=1; } else priv_key=dh->priv_key; @@ -132,8 +132,12 @@ static int generate_key(DH *dh) } mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) - goto err; + if (generate_new_key) + { + l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ + if (!BN_rand(priv_key, l, 0, 0)) goto err; + } + if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err; dh->pub_key=pub_key; dh->priv_key=priv_key; diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c index 8516bda..a462707 100644 --- a/crypto/openssl/crypto/dh/dh_lib.c +++ b/crypto/openssl/crypto/dh/dh_lib.c @@ -63,7 +63,7 @@ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; -static DH_METHOD *default_DH_method; +static DH_METHOD *default_DH_method = NULL; static int dh_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h index e98fa389..c486689 100644 --- a/crypto/openssl/crypto/dsa/dsa.h +++ b/crypto/openssl/crypto/dsa/dsa.h @@ -178,8 +178,6 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); -void ERR_load_DSA_strings(void ); - DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); @@ -216,6 +214,7 @@ DH *DSA_dup_DH(DSA *r); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_DSA_strings(void); /* Error codes for the DSA functions. */ @@ -242,4 +241,3 @@ DH *DSA_dup_DH(DSA *r); } #endif #endif - diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index 5dfc0ee..8920c3f 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -66,7 +66,7 @@ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; -static DSA_METHOD *default_DSA_method; +static DSA_METHOD *default_DSA_method = NULL; static int dsa_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; diff --git a/crypto/openssl/crypto/dso/dso.h b/crypto/openssl/crypto/dso/dso.h index bed7c46..c1136ec 100644 --- a/crypto/openssl/crypto/dso/dso.h +++ b/crypto/openssl/crypto/dso/dso.h @@ -194,12 +194,11 @@ DSO_METHOD *DSO_METHOD_win32(void); /* If VMS is defined, use shared images. If not, return NULL. */ DSO_METHOD *DSO_METHOD_vms(void); -void ERR_load_DSO_strings(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ @@ -247,4 +246,3 @@ void ERR_load_DSO_strings(void); } #endif #endif - diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c index be4a71e..94a2838 100644 --- a/crypto/openssl/crypto/err/err.c +++ b/crypto/openssl/crypto/err/err.c @@ -784,7 +784,7 @@ void ERR_add_error_data(int num, ...) if (p == NULL) { OPENSSL_free(str); - return; + goto err; } else str=p; @@ -794,6 +794,7 @@ void ERR_add_error_data(int num, ...) } ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); +err: va_end(args); } diff --git a/crypto/openssl/crypto/err/err.h b/crypto/openssl/crypto/err/err.h index 2c3d39c..af6c4d4 100644 --- a/crypto/openssl/crypto/err/err.h +++ b/crypto/openssl/crypto/err/err.h @@ -132,6 +132,7 @@ typedef struct err_state_st #define ERR_LIB_PKCS12 35 #define ERR_LIB_RAND 36 #define ERR_LIB_DSO 37 +#define ERR_LIB_COMP 41 #define ERR_LIB_USER 128 @@ -161,6 +162,7 @@ typedef struct err_state_st #define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__) #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__) #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__) +#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),ERR_file_name,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -210,6 +212,7 @@ typedef struct err_state_st #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 #define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 #define ERR_R_DSO_LIB ERR_LIB_DSO +#define ERR_R_COMP_LIB ERR_LIB_COMP /* fatal error */ #define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/openssl/crypto/evp/bio_b64.c index af6fa2a..f12eac1 100644 --- a/crypto/openssl/crypto/evp/bio_b64.c +++ b/crypto/openssl/crypto/evp/bio_b64.c @@ -465,7 +465,8 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_WPENDING: /* More to write in buffer */ ret=ctx->buf_len-ctx->buf_off; - if ((ret == 0) && (ctx->base64.num != 0)) + if ((ret == 0) && (ctx->encode != B64_NONE) + && (ctx->base64.num != 0)) ret=1; else if (ret <= 0) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -500,7 +501,7 @@ again: goto again; } } - else if (ctx->base64.num != 0) + else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { ctx->buf_off=0; EVP_EncodeFinal(&(ctx->base64), diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index 0f27df4..a61e46b 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -603,8 +603,6 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -void ERR_load_EVP_strings(void ); - void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); @@ -777,6 +775,7 @@ void EVP_PBE_cleanup(void); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ @@ -849,4 +848,3 @@ void EVP_PBE_cleanup(void); } #endif #endif - diff --git a/crypto/openssl/crypto/evp/m_md4.c b/crypto/openssl/crypto/evp/m_md4.c index 6a24ceb..e5005ab 100644 --- a/crypto/openssl/crypto/evp/m_md4.c +++ b/crypto/openssl/crypto/evp/m_md4.c @@ -66,7 +66,7 @@ static EVP_MD md4_md= { NID_md4, - 0, + NID_md4WithRSAEncryption, MD4_DIGEST_LENGTH, MD4_Init, MD4_Update, diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h index 1a404a4..ad7c419 100644 --- a/crypto/openssl/crypto/md32_common.h +++ b/crypto/openssl/crypto/md32_common.h @@ -198,7 +198,7 @@ * * <appro@fy.chalmers.se> */ -# if defined(__i386) +# if defined(__i386) || defined(__i386__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ( \ "roll %1,%0" \ @@ -224,7 +224,7 @@ */ # if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM) /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */ -# if defined(__i386) && !defined(I386_ONLY) +# if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) # define BE_FETCH32(a) ({ register unsigned int l=(a);\ asm ( \ "bswapl %0" \ diff --git a/crypto/openssl/crypto/md4/md4_locl.h b/crypto/openssl/crypto/md4/md4_locl.h index 0a2b390..a8d31d7 100644 --- a/crypto/openssl/crypto/md4/md4_locl.h +++ b/crypto/openssl/crypto/md4/md4_locl.h @@ -68,7 +68,7 @@ void md4_block_host_order (MD4_CTX *c, const void *p,int num); void md4_block_data_order (MD4_CTX *c, const void *p,int num); -#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) /* * *_block_host_order is expected to handle aligned data while * *_block_data_order - unaligned. As algorithm and host (x86) diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/openssl/crypto/md5/md5_locl.h index c912484..f35d6f1 100644 --- a/crypto/openssl/crypto/md5/md5_locl.h +++ b/crypto/openssl/crypto/md5/md5_locl.h @@ -66,7 +66,7 @@ #endif #ifdef MD5_ASM -# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) # define md5_block_host_order md5_block_asm_host_order # elif defined(__sparc) && defined(ULTRASPARC) void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num); @@ -77,7 +77,7 @@ void md5_block_host_order (MD5_CTX *c, const void *p,int num); void md5_block_data_order (MD5_CTX *c, const void *p,int num); -#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) /* * *_block_host_order is expected to handle aligned data while * *_block_data_order - unaligned. As algorithm and host (x86) diff --git a/crypto/openssl/crypto/objects/Makefile.ssl b/crypto/openssl/crypto/objects/Makefile.ssl index 1b43d80..c4cbc50 100644 --- a/crypto/openssl/crypto/objects/Makefile.ssl +++ b/crypto/openssl/crypto/objects/Makefile.ssl @@ -43,6 +43,13 @@ lib: $(LIBOBJ) - $(RANLIB) $(LIB) @touch lib +obj_dat.h: obj_dat.pl obj_mac.h + perl obj_dat.pl obj_mac.h obj_dat.h + +# objects.pl both reads and writes obj_mac.num +obj_mac.h: objects.pl objects.txt obj_mac.num + perl objects.pl objects.txt obj_mac.num obj_mac.h + files: $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h index f0d8241..47c6b9a 100644 --- a/crypto/openssl/crypto/objects/obj_dat.h +++ b/crypto/openssl/crypto/objects/obj_dat.h @@ -1,4 +1,10 @@ -/* lib/obj/obj_dat.h */ +/* crypto/objects/obj_dat.h */ + +/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the + * following command: + * perl obj_dat.pl objects.h obj_dat.h + */ + /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,17 +62,12 @@ * [including the GNU Public Licence.] */ -/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the - * following command: - * perl obj_dat.pl objects.h obj_dat.h - */ +#define NUM_NID 404 +#define NUM_SN 402 +#define NUM_LN 402 +#define NUM_OBJ 376 -#define NUM_NID 393 -#define NUM_SN 392 -#define NUM_LN 392 -#define NUM_OBJ 366 - -static unsigned char lvalues[2896]={ +static unsigned char lvalues[2941]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -390,49 +391,59 @@ static unsigned char lvalues[2896]={ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_pseudonym */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x06, /* [2631] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2639] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2647] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2655] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2663] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2671] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2679] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2687] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2695] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2703] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2711] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2719] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2727] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2736] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2745] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2754] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2763] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2772] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2781] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2790] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2799] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2808] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2817] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2826] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2830] OBJ_rsaSignature */ -0x55,0x08, /* [2835] OBJ_X500algorithms */ -0x2B, /* [2837] OBJ_org */ -0x2B,0x06, /* [2838] OBJ_dod */ -0x2B,0x06,0x01, /* [2840] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2843] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2847] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2851] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2855] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2859] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2863] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2867] OBJ_Mail */ -0x01, /* [2871] OBJ_Enterprises */ -0xBA,0x82,0x58, /* [2872] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ +0x55,0x08, /* [2827] OBJ_X500algorithms */ +0x2B, /* [2829] OBJ_org */ +0x2B,0x06, /* [2830] OBJ_dod */ +0x2B,0x06,0x01, /* [2832] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ +0x01, /* [2863] OBJ_Enterprises */ +0xBA,0x82,0x58, /* [2864] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2867] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2877] OBJ_Domain */ +0x50, /* [2887] OBJ_joint_iso_ccitt */ +0x55,0x01,0x05, /* [2888] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2891] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2895] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2904] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2912] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2920] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2928] OBJ_role */ +0x55,0x1D,0x24, /* [2931] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2934] OBJ_target_information */ +0x55,0x1D,0x38, /* [2937] OBJ_no_rev_avail */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -576,7 +587,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"G","givenName",NID_givenName,3,&(lvalues[535]),0}, {"S","surname",NID_surname,3,&(lvalues[538]),0}, {"I","initials",NID_initials,3,&(lvalues[541]),0}, -{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[544]),0}, +{"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3, + &(lvalues[544]),0}, {"crlDistributionPoints","X509v3 CRL Distribution Points", NID_crl_distribution_points,3,&(lvalues[547]),0}, {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0}, @@ -985,66 +997,84 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[2591]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, 8,&(lvalues[2599]),0}, -{"id-pda-pseudonym","id-pda-pseudonym",NID_id_pda_pseudonym,8, - &(lvalues[2607]),0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2615]),0}, +{NULL,NULL,NID_undef,0,NULL}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2623]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2631]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2639]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2647]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2655]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2663]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2671]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2679]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2687]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2695]),0}, + &(lvalues[2687]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2703]),0}, + &(lvalues[2695]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2711]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2719]),0}, + &(lvalues[2703]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2727]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2736]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0}, + &(lvalues[2719]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0}, -{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, +{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2772]),0}, + 9,&(lvalues[2764]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2781]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2790]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2799]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2808]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2817]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2826]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2830]),0}, + &(lvalues[2809]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2835]),0}, -{"ORG","org",NID_org,1,&(lvalues[2837]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2838]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2840]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2843]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2847]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2851]),0}, -{"private","Private",NID_Private,4,&(lvalues[2855]),0}, -{"security","Security",NID_Security,4,&(lvalues[2859]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2863]),0}, -{"mail","Mail",NID_Mail,4,&(lvalues[2867]),0}, -{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2871]),0}, -{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0}, + NID_X500algorithms,2,&(lvalues[2827]),0}, +{"ORG","org",NID_org,1,&(lvalues[2829]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, +{"private","Private",NID_Private,4,&(lvalues[2847]),0}, +{"security","Security",NID_Security,4,&(lvalues[2851]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, +{"mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, +{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2863]),0}, +{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2864]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2867]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2877]),0}, +{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1, + &(lvalues[2887]),0}, +{"selected-attribute-types","Selected Attribute Types", + NID_selected_attribute_types,3,&(lvalues[2888]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2891]),0}, +{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, + &(lvalues[2895]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2904]),0}, +{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, + &(lvalues[2912]),0}, +{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, + &(lvalues[2920]),0}, +{"role","role",NID_role,3,&(lvalues[2928]),0}, +{"policyConstraints","X509v3 Policy Constraints", + NID_policy_constraints,3,&(lvalues[2931]),0}, +{"targetInformation","X509v3 AC Targeting",NID_target_information,3, + &(lvalues[2934]),0}, +{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, + &(lvalues[2937]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -1093,6 +1123,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[46]),/* "IDEA-OFB" */ &(nid_objs[181]),/* "ISO" */ &(nid_objs[183]),/* "ISO-US" */ +&(nid_objs[393]),/* "JOINT-ISO-CCITT" */ &(nid_objs[15]),/* "L" */ &(nid_objs[ 3]),/* "MD2" */ &(nid_objs[257]),/* "MD4" */ @@ -1138,6 +1169,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[124]),/* "RLE" */ &(nid_objs[19]),/* "RSA" */ &(nid_objs[ 7]),/* "RSA-MD2" */ +&(nid_objs[396]),/* "RSA-MD4" */ &(nid_objs[ 8]),/* "RSA-MD5" */ &(nid_objs[96]),/* "RSA-MDC2" */ &(nid_objs[104]),/* "RSA-NP-MD5" */ @@ -1154,7 +1186,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[16]),/* "ST" */ &(nid_objs[143]),/* "SXNetID" */ &(nid_objs[106]),/* "T" */ -&(nid_objs[102]),/* "UID" */ &(nid_objs[ 0]),/* "UNDEF" */ &(nid_objs[11]),/* "X500" */ &(nid_objs[378]),/* "X500algorithms" */ @@ -1164,6 +1195,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[125]),/* "ZLIB" */ &(nid_objs[289]),/* "aaControls" */ &(nid_objs[287]),/* "ac-auditEntity" */ +&(nid_objs[397]),/* "ac-proxying" */ &(nid_objs[288]),/* "ac-targeting" */ &(nid_objs[368]),/* "acceptableResponses" */ &(nid_objs[363]),/* "ad_timestamping" */ @@ -1178,6 +1210,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[152]),/* "certBag" */ &(nid_objs[89]),/* "certificatePolicies" */ &(nid_objs[54]),/* "challengePassword" */ +&(nid_objs[395]),/* "clearance" */ &(nid_objs[130]),/* "clientAuth" */ &(nid_objs[131]),/* "codeSigning" */ &(nid_objs[50]),/* "contentType" */ @@ -1204,6 +1237,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[355]),/* "id-aca-accessIdentity" */ &(nid_objs[354]),/* "id-aca-authenticationInfo" */ &(nid_objs[356]),/* "id-aca-chargingIdentity" */ +&(nid_objs[399]),/* "id-aca-encAttrs" */ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ @@ -1275,7 +1309,6 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[348]),/* "id-pda-dateOfBirth" */ &(nid_objs[351]),/* "id-pda-gender" */ &(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[350]),/* "id-pda-pseudonym" */ &(nid_objs[175]),/* "id-pe" */ &(nid_objs[261]),/* "id-pkip" */ &(nid_objs[258]),/* "id-pkix-mod" */ @@ -1386,6 +1419,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[137]),/* "msSGC" */ &(nid_objs[173]),/* "name" */ &(nid_objs[369]),/* "noCheck" */ +&(nid_objs[403]),/* "noRevAvail" */ &(nid_objs[72]),/* "nsBaseUrl" */ &(nid_objs[76]),/* "nsCaPolicyUrl" */ &(nid_objs[74]),/* "nsCaRevocationUrl" */ @@ -1413,9 +1447,11 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[22]),/* "pkcs7-signedData" */ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */ &(nid_objs[47]),/* "pkcs9" */ +&(nid_objs[401]),/* "policyConstraints" */ &(nid_objs[385]),/* "private" */ &(nid_objs[84]),/* "privateKeyUsagePeriod" */ &(nid_objs[286]),/* "qcStatements" */ +&(nid_objs[400]),/* "role" */ &(nid_objs[ 6]),/* "rsaEncryption" */ &(nid_objs[377]),/* "rsaSignature" */ &(nid_objs[ 1]),/* "rsadsi" */ @@ -1426,15 +1462,19 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[159]),/* "sdsiCertificate" */ &(nid_objs[154]),/* "secretBag" */ &(nid_objs[386]),/* "security" */ +&(nid_objs[394]),/* "selected-attribute-types" */ &(nid_objs[129]),/* "serverAuth" */ &(nid_objs[371]),/* "serviceLocator" */ &(nid_objs[52]),/* "signingTime" */ &(nid_objs[387]),/* "snmpv2" */ &(nid_objs[85]),/* "subjectAltName" */ +&(nid_objs[398]),/* "subjectInfoAccess" */ &(nid_objs[82]),/* "subjectKeyIdentifier" */ +&(nid_objs[402]),/* "targetInformation" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[133]),/* "timeStamping" */ &(nid_objs[375]),/* "trustRoot" */ +&(nid_objs[102]),/* "uniqueIdentifier" */ &(nid_objs[55]),/* "unstructuredAddress" */ &(nid_objs[49]),/* "unstructuredName" */ &(nid_objs[373]),/* "valid" */ @@ -1503,12 +1543,15 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[167]),/* "S/MIME Capabilities" */ &(nid_objs[387]),/* "SNMPv2" */ &(nid_objs[386]),/* "Security" */ +&(nid_objs[394]),/* "Selected Attribute Types" */ &(nid_objs[143]),/* "Strong Extranet ID" */ +&(nid_objs[398]),/* "Subject Information Access" */ &(nid_objs[130]),/* "TLS Web Client Authentication" */ &(nid_objs[129]),/* "TLS Web Server Authentication" */ &(nid_objs[133]),/* "Time Stamping" */ &(nid_objs[375]),/* "Trust Root" */ &(nid_objs[12]),/* "X509" */ +&(nid_objs[402]),/* "X509v3 AC Targeting" */ &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */ &(nid_objs[87]),/* "X509v3 Basic Constraints" */ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */ @@ -1519,6 +1562,8 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ +&(nid_objs[403]),/* "X509v3 No Revocation Available" */ +&(nid_objs[401]),/* "X509v3 Policy Constraints" */ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */ @@ -1526,6 +1571,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[185]),/* "X9.57 CM ?" */ &(nid_objs[289]),/* "aaControls" */ &(nid_objs[287]),/* "ac-auditEntity" */ +&(nid_objs[397]),/* "ac-proxying" */ &(nid_objs[288]),/* "ac-targeting" */ &(nid_objs[364]),/* "ad dvcs" */ &(nid_objs[376]),/* "algorithm" */ @@ -1539,6 +1585,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[111]),/* "cast5-ofb" */ &(nid_objs[152]),/* "certBag" */ &(nid_objs[54]),/* "challengePassword" */ +&(nid_objs[395]),/* "clearance" */ &(nid_objs[13]),/* "commonName" */ &(nid_objs[50]),/* "contentType" */ &(nid_objs[53]),/* "countersignature" */ @@ -1581,6 +1628,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[355]),/* "id-aca-accessIdentity" */ &(nid_objs[354]),/* "id-aca-authenticationInfo" */ &(nid_objs[356]),/* "id-aca-chargingIdentity" */ +&(nid_objs[399]),/* "id-aca-encAttrs" */ &(nid_objs[357]),/* "id-aca-group" */ &(nid_objs[358]),/* "id-aca-role" */ &(nid_objs[176]),/* "id-ad" */ @@ -1652,7 +1700,6 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[348]),/* "id-pda-dateOfBirth" */ &(nid_objs[351]),/* "id-pda-gender" */ &(nid_objs[349]),/* "id-pda-placeOfBirth" */ -&(nid_objs[350]),/* "id-pda-pseudonym" */ &(nid_objs[175]),/* "id-pe" */ &(nid_objs[261]),/* "id-pkip" */ &(nid_objs[258]),/* "id-pkix-mod" */ @@ -1747,12 +1794,14 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[46]),/* "idea-ofb" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[181]),/* "iso" */ +&(nid_objs[393]),/* "joint-iso-ccitt" */ &(nid_objs[150]),/* "keyBag" */ &(nid_objs[157]),/* "localKeyID" */ &(nid_objs[15]),/* "localityName" */ &(nid_objs[ 3]),/* "md2" */ &(nid_objs[ 7]),/* "md2WithRSAEncryption" */ &(nid_objs[257]),/* "md4" */ +&(nid_objs[396]),/* "md4WithRSAEncryption" */ &(nid_objs[ 4]),/* "md5" */ &(nid_objs[114]),/* "md5-sha1" */ &(nid_objs[104]),/* "md5WithRSA" */ @@ -1806,6 +1855,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[123]),/* "rc5-ofb" */ &(nid_objs[117]),/* "ripemd160" */ &(nid_objs[119]),/* "ripemd160WithRSA" */ +&(nid_objs[400]),/* "role" */ &(nid_objs[19]),/* "rsa" */ &(nid_objs[ 6]),/* "rsaEncryption" */ &(nid_objs[377]),/* "rsaSignature" */ @@ -1843,6 +1893,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[181]),/* OBJ_iso 1 */ &(nid_objs[182]),/* OBJ_member_body 1 2 */ &(nid_objs[379]),/* OBJ_org 1 3 */ +&(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */ &(nid_objs[11]),/* OBJ_X500 2 5 */ &(nid_objs[380]),/* OBJ_dod 1 3 6 */ &(nid_objs[12]),/* OBJ_X509 2 5 4 */ @@ -1850,6 +1901,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[81]),/* OBJ_id_ce 2 5 29 */ &(nid_objs[183]),/* OBJ_ISO_US 1 2 840 */ &(nid_objs[381]),/* OBJ_iana 1 3 6 1 */ +&(nid_objs[394]),/* OBJ_selected_attribute_types 2 5 1 5 */ &(nid_objs[13]),/* OBJ_commonName 2 5 4 3 */ &(nid_objs[100]),/* OBJ_surname 2 5 4 4 */ &(nid_objs[105]),/* OBJ_serialNumber 2 5 4 5 */ @@ -1865,6 +1917,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[101]),/* OBJ_initials 2 5 4 43 */ &(nid_objs[102]),/* OBJ_uniqueIdentifier 2 5 4 45 */ &(nid_objs[174]),/* OBJ_dnQualifier 2 5 4 46 */ +&(nid_objs[400]),/* OBJ_role 2 5 4 72 */ &(nid_objs[82]),/* OBJ_subject_key_identifier 2 5 29 14 */ &(nid_objs[83]),/* OBJ_key_usage 2 5 29 15 */ &(nid_objs[84]),/* OBJ_private_key_usage_period 2 5 29 16 */ @@ -1878,7 +1931,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[103]),/* OBJ_crl_distribution_points 2 5 29 31 */ &(nid_objs[89]),/* OBJ_certificate_policies 2 5 29 32 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ +&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ +&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ +&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ &(nid_objs[390]),/* OBJ_dcObject 1466 344 */ &(nid_objs[382]),/* OBJ_Directory 1 3 6 1 1 */ &(nid_objs[383]),/* OBJ_Management 1 3 6 1 2 */ @@ -1888,6 +1944,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[387]),/* OBJ_SNMPv2 1 3 6 1 6 */ &(nid_objs[388]),/* OBJ_Mail 1 3 6 1 7 */ &(nid_objs[376]),/* OBJ_algorithm 1 3 14 3 2 */ +&(nid_objs[395]),/* OBJ_clearance 2 5 1 5 55 */ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ @@ -1970,6 +2027,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ &(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ &(nid_objs[292]),/* OBJ_sbqp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +&(nid_objs[397]),/* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ +&(nid_objs[398]),/* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ &(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ &(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ &(nid_objs[293]),/* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -2027,15 +2086,15 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[347]),/* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ &(nid_objs[348]),/* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ &(nid_objs[349]),/* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ -&(nid_objs[350]),/* OBJ_id_pda_pseudonym 1 3 6 1 5 5 7 9 3 */ -&(nid_objs[351]),/* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 4 */ -&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 5 */ -&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 6 */ +&(nid_objs[351]),/* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ +&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ +&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ &(nid_objs[354]),/* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ &(nid_objs[355]),/* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ &(nid_objs[356]),/* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ &(nid_objs[357]),/* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ &(nid_objs[358]),/* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ +&(nid_objs[399]),/* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ &(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ &(nid_objs[360]),/* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ &(nid_objs[361]),/* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ @@ -2050,6 +2109,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ &(nid_objs[ 6]),/* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +&(nid_objs[396]),/* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ &(nid_objs[28]),/* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl index 11066df..be92f18 100644 --- a/crypto/openssl/crypto/objects/obj_dat.pl +++ b/crypto/openssl/crypto/objects/obj_dat.pl @@ -164,7 +164,13 @@ foreach (sort obj_cmp @a) } print OUT <<'EOF'; -/* lib/obj/obj_dat.h */ +/* crypto/objects/obj_dat.h */ + +/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the + * following command: + * perl obj_dat.pl objects.h obj_dat.h + */ + /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -222,11 +228,6 @@ print OUT <<'EOF'; * [including the GNU Public Licence.] */ -/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the - * following command: - * perl obj_dat.pl objects.h obj_dat.h - */ - EOF printf OUT "#define NUM_NID %d\n",$n; diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h index 401b1e5..ad2e423 100644 --- a/crypto/openssl/crypto/objects/obj_mac.h +++ b/crypto/openssl/crypto/objects/obj_mac.h @@ -1,4 +1,10 @@ -/* lib/obj/obj_mac.h */ +/* crypto/objects/obj_mac.h */ + +/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the + * following command: + * perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,11 +62,6 @@ * [including the GNU Public Licence.] */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h - */ - #define SN_undef "UNDEF" #define LN_undef "undefined" #define NID_undef 0 @@ -71,11 +72,25 @@ #define NID_iso 181 #define OBJ_iso 1L +#define SN_joint_iso_ccitt "JOINT-ISO-CCITT" +#define LN_joint_iso_ccitt "joint-iso-ccitt" +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt 2L + #define SN_member_body "member-body" #define LN_member_body "ISO Member Body" #define NID_member_body 182 #define OBJ_member_body OBJ_iso,2L +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_ccitt,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + #define SN_ISO_US "ISO-US" #define LN_ISO_US "ISO US Member Body" #define NID_ISO_US 183 @@ -145,6 +160,11 @@ #define NID_md2WithRSAEncryption 7 #define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + #define SN_md5WithRSAEncryption "RSA-MD5" #define LN_md5WithRSAEncryption "md5WithRSAEncryption" #define NID_md5WithRSAEncryption 8 @@ -956,6 +976,15 @@ #define NID_sbqp_routerIdentifier 292 #define OBJ_sbqp_routerIdentifier OBJ_id_pe,9L +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 @@ -1228,21 +1257,17 @@ #define NID_id_pda_placeOfBirth 349 #define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L -#define SN_id_pda_pseudonym "id-pda-pseudonym" -#define NID_id_pda_pseudonym 350 -#define OBJ_id_pda_pseudonym OBJ_id_pda,3L - #define SN_id_pda_gender "id-pda-gender" #define NID_id_pda_gender 351 -#define OBJ_id_pda_gender OBJ_id_pda,4L +#define OBJ_id_pda_gender OBJ_id_pda,3L #define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" #define NID_id_pda_countryOfCitizenship 352 -#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,5L +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L #define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" #define NID_id_pda_countryOfResidence 353 -#define OBJ_id_pda_countryOfResidence OBJ_id_pda,6L +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L #define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" #define NID_id_aca_authenticationInfo 354 @@ -1264,6 +1289,10 @@ #define NID_id_aca_role 358 #define OBJ_id_aca_role OBJ_id_aca,5L +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + #define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" #define NID_id_qcs_pkixQCSyntax_v1 359 #define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L @@ -1545,7 +1574,6 @@ #define NID_initials 101 #define OBJ_initials OBJ_X509,43L -#define SN_uniqueIdentifier "UID" #define LN_uniqueIdentifier "uniqueIdentifier" #define NID_uniqueIdentifier 102 #define OBJ_uniqueIdentifier OBJ_X509,45L @@ -1555,6 +1583,11 @@ #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + #define SN_X500algorithms "X500algorithms" #define LN_X500algorithms "directory services - algorithms" #define NID_X500algorithms 378 @@ -1644,11 +1677,26 @@ #define NID_authority_key_identifier 90 #define OBJ_authority_key_identifier OBJ_id_ce,35L +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + #define SN_ext_key_usage "extendedKeyUsage" #define LN_ext_key_usage "X509v3 Extended Key Usage" #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + #define SN_netscape "Netscape" #define LN_netscape "Netscape Communications Corp." #define NID_netscape 57 diff --git a/crypto/openssl/crypto/objects/obj_mac.num b/crypto/openssl/crypto/objects/obj_mac.num index d73a513..a6baa8c 100644 --- a/crypto/openssl/crypto/objects/obj_mac.num +++ b/crypto/openssl/crypto/objects/obj_mac.num @@ -390,3 +390,14 @@ Enterprises 389 dcObject 390 domainComponent 391 Domain 392 +joint_iso_ccitt 393 +selected_attribute_types 394 +clearance 395 +md4WithRSAEncryption 396 +ac_proxying 397 +sinfo_access 398 +id_aca_encAttrs 399 +role 400 +policy_constraints 401 +target_information 402 +no_rev_avail 403 diff --git a/crypto/openssl/crypto/objects/objects.h b/crypto/openssl/crypto/objects/objects.h index c099e2e..990a6b8 100644 --- a/crypto/openssl/crypto/objects/objects.h +++ b/crypto/openssl/crypto/objects/objects.h @@ -452,54 +452,54 @@ #define LN_desx_cbc "desx-cbc" #define NID_desx_cbc 80 -#define SN_ld_ce "ld-ce" -#define NID_ld_ce 81 -#define OBJ_ld_ce 2L,5L,29L +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce 2L,5L,29L #define SN_subject_key_identifier "subjectKeyIdentifier" #define LN_subject_key_identifier "X509v3 Subject Key Identifier" #define NID_subject_key_identifier 82 -#define OBJ_subject_key_identifier OBJ_ld_ce,14L +#define OBJ_subject_key_identifier OBJ_id_ce,14L #define SN_key_usage "keyUsage" #define LN_key_usage "X509v3 Key Usage" #define NID_key_usage 83 -#define OBJ_key_usage OBJ_ld_ce,15L +#define OBJ_key_usage OBJ_id_ce,15L #define SN_private_key_usage_period "privateKeyUsagePeriod" #define LN_private_key_usage_period "X509v3 Private Key Usage Period" #define NID_private_key_usage_period 84 -#define OBJ_private_key_usage_period OBJ_ld_ce,16L +#define OBJ_private_key_usage_period OBJ_id_ce,16L #define SN_subject_alt_name "subjectAltName" #define LN_subject_alt_name "X509v3 Subject Alternative Name" #define NID_subject_alt_name 85 -#define OBJ_subject_alt_name OBJ_ld_ce,17L +#define OBJ_subject_alt_name OBJ_id_ce,17L #define SN_issuer_alt_name "issuerAltName" #define LN_issuer_alt_name "X509v3 Issuer Alternative Name" #define NID_issuer_alt_name 86 -#define OBJ_issuer_alt_name OBJ_ld_ce,18L +#define OBJ_issuer_alt_name OBJ_id_ce,18L #define SN_basic_constraints "basicConstraints" #define LN_basic_constraints "X509v3 Basic Constraints" #define NID_basic_constraints 87 -#define OBJ_basic_constraints OBJ_ld_ce,19L +#define OBJ_basic_constraints OBJ_id_ce,19L #define SN_crl_number "crlNumber" #define LN_crl_number "X509v3 CRL Number" #define NID_crl_number 88 -#define OBJ_crl_number OBJ_ld_ce,20L +#define OBJ_crl_number OBJ_id_ce,20L #define SN_certificate_policies "certificatePolicies" #define LN_certificate_policies "X509v3 Certificate Policies" #define NID_certificate_policies 89 -#define OBJ_certificate_policies OBJ_ld_ce,32L +#define OBJ_certificate_policies OBJ_id_ce,32L #define SN_authority_key_identifier "authorityKeyIdentifier" #define LN_authority_key_identifier "X509v3 Authority Key Identifier" #define NID_authority_key_identifier 90 -#define OBJ_authority_key_identifier OBJ_ld_ce,35L +#define OBJ_authority_key_identifier OBJ_id_ce,35L #define SN_bf_cbc "BF-CBC" #define LN_bf_cbc "bf-cbc" @@ -560,7 +560,7 @@ #define SN_crl_distribution_points "crlDistributionPoints" #define LN_crl_distribution_points "X509v3 CRL Distribution Points" #define NID_crl_distribution_points 103 -#define OBJ_crl_distribution_points OBJ_ld_ce,31L +#define OBJ_crl_distribution_points OBJ_id_ce,31L #define SN_md5WithRSA "RSA-NP-MD5" #define LN_md5WithRSA "md5WithRSA" @@ -677,7 +677,7 @@ #define SN_ext_key_usage "extendedKeyUsage" #define LN_ext_key_usage "X509v3 Extended Key Usage" #define NID_ext_key_usage 126 -#define OBJ_ext_key_usage OBJ_ld_ce,37 +#define OBJ_ext_key_usage OBJ_id_ce,37 #define SN_id_pkix "PKIX" #define NID_id_pkix 127 @@ -751,17 +751,17 @@ #define SN_delta_crl "deltaCRL" #define LN_delta_crl "X509v3 Delta CRL Indicator" #define NID_delta_crl 140 -#define OBJ_delta_crl OBJ_ld_ce,27L +#define OBJ_delta_crl OBJ_id_ce,27L #define SN_crl_reason "CRLReason" #define LN_crl_reason "CRL Reason Code" #define NID_crl_reason 141 -#define OBJ_crl_reason OBJ_ld_ce,21L +#define OBJ_crl_reason OBJ_id_ce,21L #define SN_invalidity_date "invalidityDate" #define LN_invalidity_date "Invalidity Date" #define NID_invalidity_date 142 -#define OBJ_invalidity_date OBJ_ld_ce,24L +#define OBJ_invalidity_date OBJ_id_ce,24L #define SN_sxnet "SXNetID" #define LN_sxnet "Strong Extranet ID" @@ -1005,8 +1005,6 @@ int OBJ_sn2nid(const char *s); int OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b); char * OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)(const void *, const void *)); -void ERR_load_OBJ_strings(void ); - int OBJ_new_nid(int num); int OBJ_add_object(ASN1_OBJECT *obj); int OBJ_create(char *oid,char *sn,char *ln); @@ -1017,6 +1015,7 @@ int OBJ_create_objects(BIO *in); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_OBJ_strings(void); /* Error codes for the OBJ functions. */ @@ -1035,4 +1034,3 @@ int OBJ_create_objects(BIO *in); } #endif #endif - diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/openssl/crypto/objects/objects.pl index c956bbb..2b8106e 100644 --- a/crypto/openssl/crypto/objects/objects.pl +++ b/crypto/openssl/crypto/objects/objects.pl @@ -114,7 +114,13 @@ close NUMOUT; open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; print OUT <<'EOF'; -/* lib/obj/obj_mac.h */ +/* crypto/objects/obj_mac.h */ + +/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the + * following command: + * perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,11 +178,6 @@ print OUT <<'EOF'; * [including the GNU Public Licence.] */ -/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the - * following command: - * perl objects.pl objects.txt obj_mac.num obj_mac.h - */ - #define SN_undef "UNDEF" #define LN_undef "undefined" #define NID_undef 0 diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt index 3d443cf..5f179a5 100644 --- a/crypto/openssl/crypto/objects/objects.txt +++ b/crypto/openssl/crypto/objects/objects.txt @@ -1,7 +1,13 @@ 1 : ISO : iso +2 : JOINT-ISO-CCITT : joint-iso-ccitt + iso 2 : member-body : ISO Member Body +joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types + +selected-attribute-types 55 : clearance + member-body 840 : ISO-US : ISO US Member Body ISO-US 10040 : X9-57 : X9.57 X9-57 4 : X9cm : X9.57 CM ? @@ -26,6 +32,7 @@ rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS pkcs 1 : pkcs1 pkcs1 1 : : rsaEncryption pkcs1 2 : RSA-MD2 : md2WithRSAEncryption +pkcs1 3 : RSA-MD4 : md4WithRSAEncryption pkcs1 4 : RSA-MD5 : md5WithRSAEncryption pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption @@ -302,6 +309,9 @@ id-pe 6 : aaControls id-pe 7 : sbqp-ipAddrBlock id-pe 8 : sbqp-autonomousSysNum id-pe 9 : sbqp-routerIdentifier +id-pe 10 : ac-proxying +!Cname sinfo-access +id-pe 11 : subjectInfoAccess : Subject Information Access # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -406,7 +416,9 @@ id-aca 1 : id-aca-authenticationInfo id-aca 2 : id-aca-accessIdentity id-aca 3 : id-aca-chargingIdentity id-aca 4 : id-aca-group +# attention : the following seems to be obsolete, replace by 'role' id-aca 5 : id-aca-role +id-aca 6 : id-aca-encAttrs # qualified certificate statements id-qcs 1 : id-qcs-pkixQCSyntax-v1 @@ -496,8 +508,9 @@ X509 13 : D : description X509 41 : name : name X509 42 : G : givenName X509 43 : I : initials -X509 45 : UID : uniqueIdentifier +X509 45 : : uniqueIdentifier X509 46 : dnQualifier : dnQualifier +X509 72 : role : role X500 8 : X500algorithms : directory services - algorithms X500algorithms 1 1 : RSA : rsa @@ -531,8 +544,14 @@ id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points id-ce 32 : certificatePolicies : X509v3 Certificate Policies !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier +!Cname policy-constraints +id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname target-information +id-ce 55 : targetInformation : X509v3 AC Targeting +!Cname no-rev-avail +id-ce 56 : noRevAvail : X509v3 No Revocation Available !Cname netscape 2 16 840 1 113730 : Netscape : Netscape Communications Corp. diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 45c7dc8..4436e3d 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090602fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b 9 Jul 2001" +#define OPENSSL_VERSION_NUMBER 0x0090603fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6c 21 dec 2001" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -44,13 +44,13 @@ * * libcrypto.so.0 * - * On True64 it works a little bit differently. There, the shared library - * version is stored in the file, and is actually a series of versions, - * separated by colons. The rightmost version present in the library when - * linking an application is stored in the application to be matched at - * run time. When the application is run, a check is done to see if the - * library version stored in the application matches any of the versions - * in the version string of the library itself. + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series + * of versions, separated by colons. The rightmost version present in the + * library when linking an application is stored in the application to be + * matched at run time. When the application is run, a check is done to + * see if the library version stored in the application matches any of the + * versions in the version string of the library itself. * This version string can be constructed in any way, depending on what * kind of matching is desired. However, to implement the same scheme as * the one used in the other unixen, all compatible versions, from lowest @@ -73,7 +73,7 @@ * However, it's nice and more understandable if it actually does. * The current library version is stored in the macro SHLIB_VERSION_NUMBER, * which is just a piece of text in the format "M.m.e" (Major, minor, edit). - * For the sake of True64 and any other OS that behaves in similar ways, + * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, * we need to keep a history of version numbers, which is done in the * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and * should only keep the versions that are binary compatible with the current. diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/openssl/crypto/pem/pem.h index 6d3c446..3867b2b 100644 --- a/crypto/openssl/crypto/pem/pem.h +++ b/crypto/openssl/crypto/pem/pem.h @@ -524,8 +524,6 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -void ERR_load_PEM_strings(void); - void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); @@ -614,6 +612,7 @@ int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ @@ -664,4 +663,3 @@ int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, } #endif #endif - diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/openssl/crypto/pkcs12/pkcs12.h index e529154..fefa1a6 100644 --- a/crypto/openssl/crypto/pkcs12/pkcs12.h +++ b/crypto/openssl/crypto/pkcs12/pkcs12.h @@ -267,7 +267,6 @@ PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp, long length); void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); -void ERR_load_PKCS12_strings(void); void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); @@ -284,6 +283,7 @@ int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_PKCS12_strings(void); /* Error codes for the PKCS12 functions. */ @@ -342,4 +342,3 @@ int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); } #endif #endif - diff --git a/crypto/openssl/crypto/pkcs7/pk7_attr.c b/crypto/openssl/crypto/pkcs7/pk7_attr.c index 6ae264c..5ff5a88 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_attr.c +++ b/crypto/openssl/crypto/pkcs7/pk7_attr.c @@ -1,9 +1,59 @@ /* pk7_attr.c */ -/* S/MIME code. - * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) - * All Rights Reserved. - * Redistribution of this code without the authors permission is expressly - * prohibited. +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ #include <stdio.h> diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index bf43d030..2b60cab 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -558,11 +558,15 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) ASN1_UTCTIME *sign_time; const EVP_MD *md_tmp; - /* Add signing time */ - sign_time=X509_gmtime_adj(NULL,0); - PKCS7_add_signed_attribute(si, - NID_pkcs9_signingTime, - V_ASN1_UTCTIME,sign_time); + /* Add signing time if not already present */ + if (!PKCS7_get_signed_attribute(si, + NID_pkcs9_signingTime)) + { + sign_time=X509_gmtime_adj(NULL,0); + PKCS7_add_signed_attribute(si, + NID_pkcs9_signingTime, + V_ASN1_UTCTIME,sign_time); + } /* Add digest */ md_tmp=EVP_MD_CTX_md(&ctx_tmp); diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h index 1b817e6..5baaa78 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7.h +++ b/crypto/openssl/crypto/pkcs7/pkcs7.h @@ -353,8 +353,6 @@ int i2d_PKCS7(PKCS7 *a, PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length); -void ERR_load_PKCS7_strings(void); - long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); @@ -422,6 +420,7 @@ int SMIME_text(BIO *in, BIO *out); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_PKCS7_strings(void); /* Error codes for the PKCS7 functions. */ @@ -502,4 +501,3 @@ int SMIME_text(BIO *in, BIO *out); } #endif #endif - diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/openssl/crypto/rand/md_rand.c index 04b9d69..349629c 100644 --- a/crypto/openssl/crypto/rand/md_rand.c +++ b/crypto/openssl/crypto/rand/md_rand.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -144,6 +144,7 @@ static int initialized=0; static unsigned int crypto_lock_rand = 0; /* may be set only when a thread * holds CRYPTO_LOCK_RAND * (to prevent double locking) */ +/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ @@ -210,7 +211,14 @@ static void ssleay_rand_add(const void *buf, int num, double add) */ /* check if we already have the lock */ - do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + if (crypto_lock_rand) + { + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); + do_not_lock = (locking_thread == CRYPTO_thread_id()); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } + else + do_not_lock = 0; if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx=state_index; @@ -361,8 +369,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - crypto_lock_rand = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); locking_thread = CRYPTO_thread_id(); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; if (!initialized) { @@ -435,7 +445,6 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; - locking_thread = 0; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); while (num > 0) @@ -521,15 +530,24 @@ static int ssleay_rand_status(void) /* check if we already have the lock * (could happen if a RAND_poll() implementation calls RAND_status()) */ - do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + if (crypto_lock_rand) + { + CRYPTO_r_lock(CRYPTO_LOCK_RAND2); + do_not_lock = (locking_thread == CRYPTO_thread_id()); + CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } + else + do_not_lock = 0; if (!do_not_lock) { CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - crypto_lock_rand = 1; + CRYPTO_w_lock(CRYPTO_LOCK_RAND2); locking_thread = CRYPTO_thread_id(); + CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; } if (!initialized) @@ -544,7 +562,6 @@ static int ssleay_rand_status(void) { /* before unlocking, we must clear 'crypto_lock_rand' */ crypto_lock_rand = 0; - locking_thread = 0; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); } diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h index 918f865..b00d972 100644 --- a/crypto/openssl/crypto/rand/rand.h +++ b/crypto/openssl/crypto/rand/rand.h @@ -93,7 +93,6 @@ const char *RAND_file_name(char *file,size_t num); int RAND_status(void); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); -void ERR_load_RAND_strings(void); int RAND_poll(void); #ifdef __cplusplus @@ -115,10 +114,15 @@ int RAND_event(UINT, WPARAM, LPARAM); #endif #endif +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ @@ -128,5 +132,7 @@ int RAND_event(UINT, WPARAM, LPARAM); /* Reason codes. */ #define RAND_R_PRNG_NOT_SEEDED 100 +#ifdef __cplusplus +} +#endif #endif - diff --git a/crypto/openssl/crypto/ripemd/rmd_locl.h b/crypto/openssl/crypto/ripemd/rmd_locl.h index f537b88..7b835df 100644 --- a/crypto/openssl/crypto/ripemd/rmd_locl.h +++ b/crypto/openssl/crypto/ripemd/rmd_locl.h @@ -71,7 +71,7 @@ * <appro@fy.chalmers.se> */ #ifdef RMD160_ASM -# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) # define ripemd160_block_host_order ripemd160_block_asm_host_order # endif #endif @@ -79,7 +79,7 @@ void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num); void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); -#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) #define ripemd160_block_data_order ripemd160_block_host_order #endif diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index fef4ef5..28912b3 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -202,8 +202,6 @@ RSA_METHOD *RSA_PKCS1_SSLeay(void); RSA_METHOD *RSA_null_method(void); -void ERR_load_RSA_strings(void ); - RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPublicKey(RSA *a, unsigned char **pp); RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); @@ -275,6 +273,7 @@ void *RSA_get_ex_data(RSA *r, int idx); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ @@ -316,6 +315,7 @@ void *RSA_get_ex_data(RSA *r, int idx); #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 #define RSA_R_DATA_TOO_LARGE 109 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 #define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 @@ -342,4 +342,3 @@ void *RSA_get_ex_data(RSA *r, int idx); } #endif #endif - diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index 3e38320..cafdc41 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -78,8 +78,8 @@ static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ "Eric Young's PKCS#1 RSA", RSA_eay_public_encrypt, - RSA_eay_public_decrypt, - RSA_eay_private_encrypt, + RSA_eay_public_decrypt, /* signature verification */ + RSA_eay_private_encrypt, /* signing */ RSA_eay_private_decrypt, RSA_eay_mod_exp, BN_mod_exp_mont, @@ -136,6 +136,13 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, if (BN_bin2bn(buf,num,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { BN_MONT_CTX* bn_mont_ctx; @@ -183,6 +190,7 @@ err: return(r); } +/* signing */ static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -218,6 +226,13 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + /* usually the padding functions would catch this */ + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); @@ -292,6 +307,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, /* make data into a big number */ if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) @@ -352,6 +373,7 @@ err: return(r); } +/* signature verification */ static int RSA_eay_public_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -383,6 +405,13 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from, } if (BN_bin2bn(from,flen,&f) == NULL) goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + /* do the decrypt */ if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { diff --git a/crypto/openssl/crypto/rsa/rsa_err.c b/crypto/openssl/crypto/rsa/rsa_err.c index 1cde7c0..bff7cf5 100644 --- a/crypto/openssl/crypto/rsa/rsa_err.c +++ b/crypto/openssl/crypto/rsa/rsa_err.c @@ -106,6 +106,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, {RSA_R_DATA_TOO_LARGE ,"data too large"}, {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, {RSA_R_DATA_TOO_SMALL ,"data too small"}, {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c index 1849e55..4f0bbab 100644 --- a/crypto/openssl/crypto/rsa/rsa_oaep.c +++ b/crypto/openssl/crypto/rsa/rsa_oaep.c @@ -2,7 +2,22 @@ /* Written by Ulf Moeller. This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ -/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ +/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, + * <URL: http://www.shoup.net/papers/oaep.ps.Z> + * for problems with the security proof for the + * original OAEP scheme, which EME-OAEP is based on. + * + * A new proof can be found in E. Fujisaki, T. Okamoto, + * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", + * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>. + * The new proof has stronger requirements for the + * underlying permutation: "partial-one-wayness" instead + * of one-wayness. For the RSA function, this is + * an equivalent notion. + */ + #if !defined(NO_SHA) && !defined(NO_SHA1) #include <stdio.h> @@ -12,157 +27,174 @@ #include <openssl/sha.h> #include <openssl/rand.h> -int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen); +int MGF1(unsigned char *mask, long len, + unsigned char *seed, long seedlen); int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *from, int flen, unsigned char *param, int plen) - { - int i, emlen = tlen - 1; - unsigned char *db, *seed; - unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; - - if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) + unsigned char *from, int flen, + unsigned char *param, int plen) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return (0); - } + int i, emlen = tlen - 1; + unsigned char *db, *seed; + unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; - if (emlen < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); - return (0); - } - - dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); - if (dbmask == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return (0); - } + if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; + } + + if (emlen < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); + return 0; + } - to[0] = 0; - seed = to + 1; - db = to + SHA_DIGEST_LENGTH + 1; - - SHA1(param, plen, db); - memset(db + SHA_DIGEST_LENGTH, 0, - emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); - db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; - memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); - if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) - return (0); + dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return 0; + } + + to[0] = 0; + seed = to + 1; + db = to + SHA_DIGEST_LENGTH + 1; + + SHA1(param, plen, db); + memset(db + SHA_DIGEST_LENGTH, 0, + emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); + db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; + memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); + if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) + return 0; #ifdef PKCS_TESTVECT - memcpy(seed, + memcpy(seed, "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", 20); #endif - MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); - for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) - db[i] ^= dbmask[i]; + MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) + db[i] ^= dbmask[i]; - MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= seedmask[i]; + MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= seedmask[i]; - OPENSSL_free(dbmask); - return (1); - } + OPENSSL_free(dbmask); + return 1; + } int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, unsigned char *from, int flen, int num, unsigned char *param, int plen) - { - int i, dblen, mlen = -1; - unsigned char *maskeddb; - int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; - - if (--num < 2 * SHA_DIGEST_LENGTH + 1) - goto decoding_err; - - lzero = num - flen; - if (lzero < 0) - goto decoding_err; - maskeddb = from - lzero + SHA_DIGEST_LENGTH; - - dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen); - if (db == NULL) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return (-1); - } + int i, dblen, mlen = -1; + unsigned char *maskeddb; + int lzero; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + int bad = 0; + + if (--num < 2 * SHA_DIGEST_LENGTH + 1) + /* 'num' is the length of the modulus, i.e. does not depend on the + * particular ciphertext. */ + goto decoding_err; + + lzero = num - flen; + if (lzero < 0) + { + /* lzero == -1 */ + + /* signalling this error immediately after detection might allow + * for side-channel attacks (e.g. timing if 'plen' is huge + * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal + * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), + * so we use a 'bad' flag */ + bad = 1; + lzero = 0; + } + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + + dblen = num - SHA_DIGEST_LENGTH; + db = OPENSSL_malloc(dblen); + if (db == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return -1; + } - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = lzero; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= from[i - lzero]; - - MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); - for (i = 0; i < dblen; i++) - db[i] ^= maskeddb[i]; + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); + for (i = lzero; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= from[i - lzero]; - SHA1(param, plen, phash); + MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < dblen; i++) + db[i] ^= maskeddb[i]; - if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) - goto decoding_err; - else - { - for (i = SHA_DIGEST_LENGTH; i < dblen; i++) - if (db[i] != 0x00) - break; - if (db[i] != 0x01 || i++ >= dblen) - goto decoding_err; + SHA1(param, plen, phash); + + if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + goto decoding_err; else - { - mlen = dblen - i; - if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); - mlen = -1; + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + if (db[i] != 0x00) + break; + if (db[i] != 0x01 || i++ >= dblen) + goto decoding_err; + else + { + /* everything looks OK */ + + mlen = dblen - i; + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } + else + memcpy(to, db + i, mlen); + } } - else - memcpy(to, db + i, mlen); - } - } - OPENSSL_free(db); - return (mlen); + OPENSSL_free(db); + return mlen; decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - if (db != NULL) OPENSSL_free(db); - return -1; - } + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; + } int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) - { - long i, outlen = 0; - unsigned char cnt[4]; - SHA_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - - for (i = 0; outlen < len; i++) { - cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, - cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; - SHA1_Init(&c); - SHA1_Update(&c, seed, seedlen); - SHA1_Update(&c, cnt, 4); - if (outlen + SHA_DIGEST_LENGTH <= len) - { - SHA1_Final(mask + outlen, &c); - outlen += SHA_DIGEST_LENGTH; - } - else - { - SHA1_Final(md, &c); - memcpy(mask + outlen, md, len - outlen); - outlen = len; - } + long i, outlen = 0; + unsigned char cnt[4]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + + for (i = 0; outlen < len; i++) + { + cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, + cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; + SHA1_Init(&c); + SHA1_Update(&c, seed, seedlen); + SHA1_Update(&c, cnt, 4); + if (outlen + SHA_DIGEST_LENGTH <= len) + { + SHA1_Final(mask + outlen, &c); + outlen += SHA_DIGEST_LENGTH; + } + else + { + SHA1_Final(md, &c); + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + return 0; } - return (0); - } #endif diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_locl.h index 2f8aef8..631ba73 100644 --- a/crypto/openssl/crypto/sha/sha_locl.h +++ b/crypto/openssl/crypto/sha/sha_locl.h @@ -115,7 +115,7 @@ # endif # ifdef SHA1_ASM -# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) # define sha1_block_host_order sha1_block_asm_host_order # define DONT_IMPLEMENT_BLOCK_HOST_ORDER # define sha1_block_data_order sha1_block_asm_data_order diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h index 813c8ad..385c2e1 100644 --- a/crypto/openssl/crypto/x509/x509.h +++ b/crypto/openssl/crypto/x509/x509.h @@ -810,7 +810,6 @@ const char * X509_get_default_private_dir(void ); X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); -void ERR_load_X509_strings(void ); X509_ALGOR * X509_ALGOR_new(void ); void X509_ALGOR_free(X509_ALGOR *a); @@ -1220,6 +1219,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_X509_strings(void); /* Error codes for the X509 functions. */ @@ -1291,4 +1291,3 @@ int X509_TRUST_get_trust(X509_TRUST *xp); } #endif #endif - diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/openssl/crypto/x509/x509_trs.c index 86b3b79..934e541 100644 --- a/crypto/openssl/crypto/x509/x509_trs.c +++ b/crypto/openssl/crypto/x509/x509_trs.c @@ -79,7 +79,7 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; static X509_TRUST trstandard[] = { {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, -{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, +{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, }; diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/openssl/crypto/x509/x509_txt.c index cfb478d..ac04d41 100644 --- a/crypto/openssl/crypto/x509/x509_txt.c +++ b/crypto/openssl/crypto/x509/x509_txt.c @@ -95,7 +95,7 @@ const char *X509_verify_cert_error_string(long n) case X509_V_ERR_CRL_NOT_YET_VALID: return("CRL is not yet valid"); case X509_V_ERR_CERT_HAS_EXPIRED: - return("Certificate has expired"); + return("certificate has expired"); case X509_V_ERR_CRL_HAS_EXPIRED: return("CRL has expired"); case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 0f4110c..7a30092 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -911,6 +911,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; } +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) + { + ctx->verify_cb=verify_cb; + } + IMPLEMENT_STACK_OF(X509) IMPLEMENT_ASN1_SET_OF(X509) diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h index e289d53..4215102 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.h +++ b/crypto/openssl/crypto/x509/x509_vfy.h @@ -382,6 +382,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h index 0453b12..f810d46 100644 --- a/crypto/openssl/crypto/x509v3/x509v3.h +++ b/crypto/openssl/crypto/x509v3/x509v3.h @@ -354,7 +354,6 @@ typedef struct x509_purpose_st { DECLARE_STACK_OF(X509_PURPOSE) -void ERR_load_X509V3_strings(void); int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp); BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length); BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void); @@ -555,6 +554,7 @@ void X509_email_free(STACK *sk); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ @@ -650,4 +650,3 @@ void X509_email_free(STACK *sk); } #endif #endif - diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index d352925..cea9002 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -54,6 +54,11 @@ The options descriptions will be divided into each purpose. specifies the configuration file to use. +=item B<-name section> + +specifies the configuration file section to use (overrides +B<default_ca> in the B<ca> section). + =item B<-in filename> an input filename containing a single certificate request to be @@ -202,8 +207,20 @@ that some software (for example Netscape) can't handle V2 CRLs. =head1 CONFIGURATION FILE OPTIONS -The options for B<ca> are contained in the B<ca> section of the -configuration file. Many of these are identical to command line +The section of the configuration file containing options for B<ca> +is found as follows: If the B<-name> command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the B<default_ca> option of the B<ca> section +of the configuration file (or in the default section of the +configuration file). Besides B<default_ca>, the following options are +read directly from the B<ca> section: + RANDFILE + preserve + msie_hack +With the exception of B<RANDFILE>, this is probably a bug and may +change in future releases. + +Many of the configuration file options are identical to command line options. Where the option is present in the configuration file and the command line the command line value is used. Where an option is described as mandatory then it must be present in diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod index 0cbd199..e3c79a4 100644 --- a/crypto/openssl/doc/apps/openssl.pod +++ b/crypto/openssl/doc/apps/openssl.pod @@ -125,6 +125,10 @@ Generation of RSA Parameters. Generation of hashed passwords. +=item L<B<pkcs12>|pkcs12(1)> + +PKCS#12 Data Management. + =item L<B<pkcs7>|pkcs7(1)> PKCS#7 Data Management. diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod index 9045552..ea5c29c 100644 --- a/crypto/openssl/doc/apps/verify.pod +++ b/crypto/openssl/doc/apps/verify.pod @@ -200,13 +200,13 @@ the signature of the certificate is invalid. Unused. the certificate is not yet valid: the notBefore date is after the current time. -=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> +=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired> -the CRL is not yet valid. Unused. +the certificate has expired: that is the notAfter date is before the current time. -=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired> +=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> -the certificate has expired: that is the notAfter date is before the current time. +the CRL is not yet valid. Unused. =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod index cbae2fc..ecd410f 100644 --- a/crypto/openssl/doc/crypto/BN_rand.pod +++ b/crypto/openssl/doc/crypto/BN_rand.pod @@ -14,6 +14,8 @@ BN_rand, BN_pseudo_rand - generate pseudo-random number int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom); + =head1 DESCRIPTION BN_rand() generates a cryptographically strong pseudo-random number of @@ -31,6 +33,8 @@ protocols, but usually not for key generation etc. BN_rand_range() generates a cryptographically strong pseudo-random number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>. +BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(), +and hence numbers generated by it are not necessarily unpredictable. The PRNG must be seeded prior to calling BN_rand() or BN_rand_range(). @@ -49,5 +53,6 @@ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> BN_rand() is available in all versions of SSLeay and OpenSSL. BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case and the function BN_rand_range() were added in OpenSSL 0.9.6a. +BN_pseudo_rand_range() was added in OpenSSL 0.9.6c. =cut diff --git a/crypto/openssl/doc/crypto/bn.pod b/crypto/openssl/doc/crypto/bn.pod index d183028..1524bc2 100644 --- a/crypto/openssl/doc/crypto/bn.pod +++ b/crypto/openssl/doc/crypto/bn.pod @@ -61,6 +61,7 @@ bn - multiprecision integer arithmetics int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); diff --git a/crypto/openssl/doc/crypto/threads.pod b/crypto/openssl/doc/crypto/threads.pod index bc7ff9b..136844b 100644 --- a/crypto/openssl/doc/crypto/threads.pod +++ b/crypto/openssl/doc/crypto/threads.pod @@ -53,8 +53,10 @@ OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set. locking_function(int mode, int n, const char *file, int line) is -needed to perform locking on shared data structures. Multi-threaded -applications will crash at random if it is not set. +needed to perform locking on shared data structures. +(Note that OpenSSL uses a number of global data structures that +will be implicitly shared whenever multiple threads use OpenSSL.) +Multi-threaded applications will crash at random if it is not set. locking_function() must be able to handle up to CRYPTO_num_locks() different mutex locks. It sets the B<n>-th lock if B<mode> & diff --git a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod new file mode 100644 index 0000000..2a98739 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +=head1 DESCRIPTION + +SSL_COMP_add_compression_method() adds the compression method B<cm> with +the identifier B<id> to the list of available compression methods. This +list is globally maintained for all SSL operations within this application. +It cannot be set for specific SSL_CTX or SSL objects. + +=head1 NOTES + +The TLS standard (or SSLv3) allows the integration of compression methods +into the communication. The TLS RFC does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. + +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +SSL_COMP_add_compression_method() to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. + +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. + +The OpenSSL library has the compression methods B<COMP_rle()> and (when +especially enabled during compilation) B<COMP_zlib()> available. + +=head1 WARNINGS + +Once the identities of the compression methods for the TLS protocol have +been standardized, the compression API will most likely be changed. Using +it in the current state is not recommended. + +=head1 RETURN VALUES + +SSL_COMP_add_compression_method() may return the following values: + +=over 4 + +=item 1 + +The operation succeeded. + +=item 0 + +The operation failed. Check the error queue to find out the reason. + +=back + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod new file mode 100644 index 0000000..4228225 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod @@ -0,0 +1,34 @@ +=pod + +=head1 NAME + +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); + long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); + + long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); + long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); + +=head1 DESCRIPTION + +The SSL_*_ctrl() family of functions is used to manipulate settings of +the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments +B<larg>, B<parg>, or B<fp> are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. + +=head1 RETURN VALUES + +The return values of the SSL*_ctrl() functions depend on the command +supplied via the B<cmd> parameter. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_free.pod b/crypto/openssl/doc/ssl/SSL_CTX_free.pod index c716cde..55e592f 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_free.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_free.pod @@ -24,6 +24,8 @@ the certificates and keys. SSL_CTX_free() does not provide diagnostic information. +=head1 SEE ALSO + L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod b/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod index 0f63537..84a799f 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod @@ -58,7 +58,7 @@ failure. In server mode, when requesting a client certificate, the server must send the list of CAs of which it will accept client certificates. This list is not influenced by the contents of B<CAfile> or B<CApath> and must -explicitely be set using the +explicitly be set using the L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)> family of functions. @@ -118,7 +118,7 @@ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> - +L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, +L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_new.pod b/crypto/openssl/doc/ssl/SSL_CTX_new.pod index 1dae8b0..465220a 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_new.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_new.pod @@ -59,10 +59,6 @@ choice when compatibility is a concern. =back -If a generic method is used, it is necessary to explicitly set client or -server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> -or SSL_set_accept_state(). - The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or B<SSL_set_options()> functions. Using these options it is possible to choose diff --git a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod index b6f15b4..6e0ef00 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod @@ -70,12 +70,16 @@ proposed by the client. The get_session_cb() is always called, also when session caching was disabled. The get_session_cb() is passed the B<ssl> connection, the session id of length B<length> at the memory location B<data>. With the parameter B<copy> the callback can require the -SSL engine to increment the reference count of the SSL_SESSION object. +SSL engine to increment the reference count of the SSL_SESSION object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, -L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> +L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>, +L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod new file mode 100644 index 0000000..81286ee --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod @@ -0,0 +1,57 @@ +=pod + +=head1 NAME + +SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); + X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); + +=head1 DESCRIPTION + +SSL_CTX_set_cert_store() sets/replaces the certificate verification storage +of B<ctx> to/with B<store>. If another X505_STORE object is currently +set in B<ctx>, it will be X509_STORE_free()ed. + +SSL_CTX_get_cert_store() returns a pointer to the current certificate +verification storage. + +=head1 NOTES + +In order to verify the certificates presented by the peer, trusted CA +certificates must be accessed. These CA certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. + +Typically the trusted certificate store is handled indirectly via using +L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. +Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions +it is possible to manipulate the X509_STORE object beyond the +L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +call. + +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the verify_callback() be +overridden with the verify_callback() set via the +L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. + +=head1 RETURN VALUES + +SSL_CTX_set_cert_store() does not return diagnostic output. + +SSL_CTX_get_cert_store() returns the current setting. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, +L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, +L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod new file mode 100644 index 0000000..723fc14 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -0,0 +1,75 @@ +=pod + +=head1 NAME + +SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), + char *arg); + int (*callback)(); + +=head1 DESCRIPTION + +SSL_CTX_set_cert_verify_callback() sets the verification callback function for +B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at +the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored. + +=head1 NOTES + +Whenever a certificate is verified during a SSL/TLS handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback B<callback> is specified via +SSL_CTX_set_cert_verify_callback(), the supplied callback function is called +instead. By setting B<callback> to NULL, the default behaviour is restored. + +When the verification must be performed, B<callback> will be called with +the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg> +that can be specified when setting B<callback> are currently ignored. + +B<callback> should return 1 to indicate verification success and 0 to +indicate verification failure. If SSL_VERIFY_PEER is set and B<callback> +returns 0, the handshake will fail. As the verification procedure may +allow to continue the connection in case of failure (by always returning 1) +the verification result must be set in any case using the B<error> +member of B<x509_store_ctx>, so that the calling application will be informed +about the detailed result of the verification procedure! + +Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback> +function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>. + +=head1 WARNINGS + +Do not mix the verification callback described in this function with the +B<verify_callback> function called during the verification process. The +latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> +family of functions. + +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the B<verify_callback> function. + +=head1 BUGS + +It is possible to specify arguments to be passed to the verification callback. +Currently they are however not passed but ignored. + +The B<callback> function is not specified via a prototype, so that no +type checking takes place. + +=head1 RETURN VALUES + +SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, +L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, +L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod index 9a29eee..ed64f64 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -34,9 +34,25 @@ a necessary condition. On the client side, the inclusion into the list is also sufficient. On the server side, additional restrictions apply. All ciphers have additional requirements. ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding -certificate and key. A RSA cipher can only be chosen, when a RSA certificate is -available, the respective is valid for DSA ciphers. Ciphers using EDH need -a certificate and key and DH-parameters. +certificate and key. + +A RSA cipher can only be chosen, when a RSA certificate is available. +RSA export ciphers with a keylength of 512 bits for the RSA key require +a temporary 512 bit RSA key, as typically the supplied key has a length +of 1024 bit (see +L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). +RSA ciphers using EDH need a certificate and key and additional DH-parameters +(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). + +A DSA cipher can only be chosen, when a DSA certificate is available. +DSA ciphers always use DH key exchange and therefore need DH-parameters +(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). + +When these conditions are not met for any cipher in the list (e.g. a +client only supports export RSA ciphers with a asymmetric key length +of 512 bits and the server is not configured to use temporary RSA +keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated +and the handshake will fail. =head1 RETURN VALUES @@ -47,6 +63,8 @@ could be selected and 0 on complete failure. L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, L<ciphers(1)|ciphers(1)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod index a5343a1..2b87f01 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod @@ -40,6 +40,12 @@ then keep it in memory and use it several times. In the last case, the password could be stored into the B<userdata> storage and the pem_passwd_cb() only returns the password already stored. +When asking for the password interactively, pem_passwd_cb() can use +B<rwflag> to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. + Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public. diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod new file mode 100644 index 0000000..63d0b8d --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod @@ -0,0 +1,153 @@ +=pod + +=head1 NAME + +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); + + void SSL_set_info_callback(SSL *ssl, void (*callback)()); + void (*SSL_get_info_callback(SSL *ssl))(); + +=head1 DESCRIPTION + +SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to +obtain state information for SSL objects created from B<ctx> during connection +setup and use. The setting for B<ctx> is overridden from the setting for +a specific SSL object, if specified. +When B<callback> is NULL, not callback function is used. + +SSL_set_info_callback() sets the B<callback> function, that can be used to +obtain state information for B<ssl> during connection setup and use. +When B<callback> is NULL, the callback setting currently valid for +B<ctx> is used. + +SSL_CTX_get_info_callback() returns a pointer to the currently set information +callback function for B<ctx>. + +SSL_get_info_callback() returns a pointer to the currently set information +callback function for B<ssl>. + +=head1 NOTES + +When setting up a connection and during use, it is possible to obtain state +information from the SSL/TLS engine. When set, an information callback function +is called whenever the state changes, an alert appears, or an error occurs. + +The callback function is called as B<callback(SSL *ssl, int where, int ret)>. +The B<where> argument specifies information about where (in which context) +the callback function was called. If B<ret> is 0, an error condition occurred. +If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert +information. + +B<where> is a bitmask made up of the following bits: + +=over 4 + +=item SSL_CB_LOOP + +Callback has been called to indicate state change inside a loop. + +=item SSL_CB_EXIT + +Callback has been called to indicate error exit of a handshake function. +(May be soft error with retry option for non-blocking setups.) + +=item SSL_CB_READ + +Callback has been called during read operation. + +=item SSL_CB_WRITE + +Callback has been called during write operation. + +=item SSL_CB_ALERT + +Callback has been called due to an alert being sent or received. + +=item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) + +=item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) + +=item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) + +=item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) + +=item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) + +=item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) + +=item SSL_CB_HANDSHAKE_START + +Callback has been called because a new handshake is started. + +=item SSL_CB_HANDSHAKE_DONE 0x20 + +Callback has been called because a handshake is finished. + +=back + +The current state information can be obtained using the +L<SSL_state_string(3)|SSL_state_string(3)> family of functions. + +The B<ret> information can be evaluated using the +L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions. + +=head1 RETURN VALUES + +SSL_set_info_callback() does not provide diagnostic information. + +SSL_get_info_callback() returns the current setting. + +=head1 EXAMPLES + +The following example callback function prints state strings, information +about alerts being handled and error messages to the B<bio_err> BIO. + + void apps_ssl_info_callback(SSL *s, int where, int ret) + { + const char *str; + int w; + + w=where& ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) str="SSL_connect"; + else if (w & SSL_ST_ACCEPT) str="SSL_accept"; + else str="undefined"; + + if (where & SSL_CB_LOOP) + { + BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); + } + else if (where & SSL_CB_ALERT) + { + str=(where & SSL_CB_READ)?"read":"write"; + BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", + str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } + else if (where & SSL_CB_EXIT) + { + if (ret == 0) + BIO_printf(bio_err,"%s:failed in %s\n", + str,SSL_state_string_long(s)); + else if (ret < 0) + { + BIO_printf(bio_err,"%s:error in %s\n", + str,SSL_state_string_long(s)); + } + } + } + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>, +L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod index 9a035bb..9822544 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod @@ -37,6 +37,9 @@ The following mode changes are available: Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when just a single record has been written). When not set (the default), SSL_write() will only report success once the complete chunk was written. +Once SSL_write() returns with r, r bytes have been successfully written +and the next call to SSL_write() must only send the n-r bytes left, +imitating the behaviour of write(). =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod index 3dc7cc7..5842a31 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -17,10 +17,10 @@ SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - man =head1 DESCRIPTION SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>. -Options already set before are not cleared. +Options already set before are not cleared! SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>. -Options already set before are not cleared. +Options already set before are not cleared! SSL_CTX_get_options() returns the options set for B<ctx>. @@ -32,7 +32,12 @@ The behaviour of the SSL library can be changed by setting several options. The options are coded as bitmasks and can be combined by a logical B<or> operation (|). Options can only be added but can never be reset. -During a handshake, the option settings of the SSL object used. When +SSL_CTX_set_options() and SSL_set_options() affect the (external) +protocol behaviour of the SSL library. The (internal) behaviour of +the API can be changed by using the similar +L<SSL_CTX_set_modes(3)|SSL_CTX_set_modes(3)> and SSL_set_modes() functions. + +During a handshake, the option settings of the SSL object are used. When a new SSL object is created from a context using SSL_new(), the current option setting is copied. Changes to B<ctx> do not affect already created SSL objects. SSL_clear() does not affect the settings. @@ -122,11 +127,27 @@ The following B<modifying> options are available: =item SSL_OP_SINGLE_DH_USE -Always create a new key when using temporary DH parameters. +Always create a new key when using temporary/ephemeral DH parameters +(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). +This option must be used to prevent small subgroup attacks, when +the DH parameters were not generated using "strong" primes +(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>). +If "strong" primes were used, it is not strictly necessary to generate +a new DH key during each handshake but it is also recommended. +SSL_OP_SINGLE_DH_USE should therefore be enabled whenever +temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Also use the temporary RSA key when doing RSA operations. +Always use ephemeral (temporary) RSA key when doing RSA operations +(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). +According to the specifications this is only done, when a RSA key +can only be used for signature operations (namely under export ciphers +with restricted RSA keylength). By setting this option, ephemeral +RSA keys are always used. This option breaks compatibility with the +SSL/TLS specifications and may lead to interoperability problems with +clients and should therefore never be used. Ciphers with EDH (ephemeral +Diffie-Hellman) key exchange should be used instead. =item SSL_OP_PKCS1_CHECK_1 @@ -142,11 +163,6 @@ If we accept a netscape connection, demand a client cert, have a non-self-sighed CA which does not have it's CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta -=item SSL_OP_NON_EXPORT_FIRST - -On servers try to use non-export (stronger) ciphers first. This option does -not work under all circumstances (in the code it is declared "broken"). - =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG ... @@ -174,7 +190,10 @@ SSL_CTX_get_options() and SSL_get_options() return the current bitmask. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)> +L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, +L<dhparam(1)|dhparam(1)> =head1 HISTORY diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod new file mode 100644 index 0000000..1d0526d --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod @@ -0,0 +1,63 @@ +=pod + +=head1 NAME + +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); + int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); + + void SSL_set_quiet_shutdown(SSL *ssl, int mode); + int SSL_get_quiet_shutdown(SSL *ssl); + +=head1 DESCRIPTION + +SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be +B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time +L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1. + +SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>. + +SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be +B<mode>. The setting stays valid until B<ssl> is removed with +L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again. +It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called. +B<mode> may be 0 or 1. + +SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>. + +=head1 NOTES + +Normally when a SSL connection is finished, the parties must send out +"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)> +for a clean shutdown. + +When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)> +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like +L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no "close notify" alert +is sent to the peer. This behaviour violates the TLS standard. + +The default is normal shutdown behaviour as described by the TLS standard. + +=head1 RETURN VALUES + +SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return +diagnostic information. + +SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current +setting. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, +L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>, +L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod index 8bbfc78..9aa6c6b 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -97,6 +97,7 @@ SSL_CTX_get_session_cache_mode() returns the currently set cache mode. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, +L<SSL_session_reused(3)|SSL_session_reused(3)>, L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod index 21faed1..e3de27c 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod @@ -37,7 +37,10 @@ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either directly by the application or automatically (see L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>) -The default value for session timeout is 300 seconds. +The default value for session timeout is decided on a per protocol +basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>. +All currently supported protocols have the same default timeout value +of 300 seconds. =head1 RETURN VALUES @@ -50,6 +53,7 @@ SSL_CTX_get_timeout() returns the currently set timeout value. L<ssl(3)|ssl(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, -L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> +L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, +L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod new file mode 100644 index 0000000..29d1f8a --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -0,0 +1,170 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); + long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); + + void SSL_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); + long SSL_set_tmp_dh(SSL *ssl, DH *dh) + + DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); + +=head1 DESCRIPTION + +SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be +used when a DH parameters are required to B<tmp_dh_callback>. +The callback is inherited by all B<ssl> objects created from B<ctx>. + +SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>. +The key is inherited by all B<ssl> objects created from B<ctx>. + +SSL_set_tmp_dh_callback() sets the callback only for B<ssl>. + +SSL_set_tmp_dh() sets the parameters only for B<ssl>. + +These functions apply to SSL/TLS servers only. + +=head1 NOTES + +When using a cipher with RSA authentication, an ephemeral DH key exchange +can take place. Ciphers with DSA keys always use ephemeral DH keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary DH key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. + +Using ephemeral DH key exchange yields forward secrecy, as the connection +can only be decrypted, when the DH key is known. By generating a temporary +DH key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. + +In order to perform a DH key exchange the server must use a DH group +(DH parameters) and generate a DH key. The server will always generate a new +DH key during the negotiation, when the DH parameters are supplied via +callback and/or when the SSL_OP_SINGLE_DH_USE option of +L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will +immediately create a DH key, when DH parameters are supplied via +SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, +it may happen that a key is generated on initialization without later +being needed, while on the other hand the computer time during the +negotiation is being saved. + +If "strong" primes were used to generate the DH parameters, it is not strictly +necessary to generate a new key for each handshake but it does improve forward +secrecy. If it is not assured, that "strong" primes were used (see especially +the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used +in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE +has an impact on the computer time needed during negotiation, but it is not +very large, so application authors/users should consider to always enable +this option. + +As generating DH parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +DH parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing DH parameters is that an attacker +may specialize on a very often used DH group. Applications should therefore +generate their own DH parameters during the installation process using the +openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer +time needed for this generation, it is possible to use DSA parameters +instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE +is mandatory. + +Application authors may compile in DH parameters. Files dh512.pem, +dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +version of the OpenSSL distribution contain the 'SKIP' DH parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the B<-C> option of the +L<dhparam(1)|dhparam(1)> application. +Authors may also generate their own set of parameters using +L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were +generated. The generation of DH parameters during installation is therefore +recommended. + +An application may either directly specify the DH parameters or +can supply the DH parameters via a callback function. The callback approach +has the advantage, that the callback may supply DH parameters for different +key lengths. + +The B<tmp_dh_callback> is called with the B<keylength> needed and +the B<is_export> information. The B<is_export> flag is set, when the +ephemeral DH key exchange is performed with an export cipher. + +=head1 EXAMPLES + +Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +partly left out.) + + ... + /* Set up ephemeral DH stuff */ + DH *dh_512 = NULL; + DH *dh_1024 = NULL; + FILE *paramfile; + + ... + /* "openssl dhparam -out dh_param_512.pem -2 512" */ + paramfile = fopen("dh_param_512.pem", "r"); + if (paramfile) { + dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + fclose(paramfile); + } + /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ + paramfile = fopen("dh_param_1024.pem", "r"); + if (paramfile) { + dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + fclose(paramfile); + } + ... + + /* "openssl dhparam -C -2 512" etc... */ + DH *get_dh512() { ... } + DH *get_dh1024() { ... } + + DH *tmp_dh_callback(SSL *s, int is_export, int keylength) + { + DH *dh_tmp=NULL; + + switch (keylength) { + case 512: + if (!dh_512) + dh_512 = get_dh512(); + dh_tmp = dh_512; + break; + case 1024: + if (!dh_1024) + dh_1024 = get_dh1024(); + dh_tmp = dh_1024; + break; + default: + /* Generating a key on the fly is very costly, so use what is there */ + setup_dh_parameters_like_above(); + } + return(dh_tmp); + } + +=head1 RETURN VALUES + +SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return +diagnostic output. + +SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, +L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod new file mode 100644 index 0000000..f857759 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -0,0 +1,166 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); + long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); + long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); + + void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); + long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) + long SSL_need_tmp_rsa(SSL *ssl) + + RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); + +=head1 DESCRIPTION + +SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be +used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>. +The callback is inherited by all SSL objects newly created from B<ctx> +with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. + +SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be +B<rsa>. The key is inherited by all SSL objects newly created from B<ctx> +with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected. + +SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed +for RSA-based strength-limited 'exportable' ciphersuites because a RSA key +with a keysize larger than 512 bits is installed. + +SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>. + +SSL_set_tmp_rsa() sets the key only for B<ssl>. + +SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed, +for RSA-based strength-limited 'exportable' ciphersuites because a RSA key +with a keysize larger than 512 bits is installed. + +These functions apply to SSL/TLS servers only. + +=head1 NOTES + +When using a cipher with RSA authentication, an ephemeral RSA key exchange +can take place. In this case the session data are negotiated using the +ephemeral/temporary RSA key and the RSA key supplied and certified +by the certificate chain is only used for signing. + +Under previous export restrictions, ciphers with RSA keys shorter (512 bits) +than the usual key length of 1024 bits were created. To use these ciphers +with RSA keys of usual length, an ephemeral key exchange must be performed, +as the normal (certified) key cannot be directly used. + +Using ephemeral RSA key exchange yields forward secrecy, as the connection +can only be decrypted, when the RSA key is known. By generating a temporary +RSA key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) RSA key, as this key was +used for signing only. The downside is that creating a RSA key is +computationally expensive. + +Additionally, the use of ephemeral RSA key exchange is only allowed in +the TLS standard, when the RSA key can be used for signing only, that is +for export ciphers. Using ephemeral RSA key exchange for other purposes +violates the standard and can break interoperability with clients. +It is therefore strongly recommended to not use ephemeral RSA key +exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead +in order to achieve forward secrecy (see +L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). + +On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default +and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of +L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL +standard. When ephemeral RSA key exchange is required for export ciphers, +it will automatically be used without this option! + +An application may either directly specify the key or can supply the key via +a callback function. The callback approach has the advantage, that the +callback may generate the key only in case it is actually needed. As the +generation of a RSA key is however costly, it will lead to a significant +delay in the handshake procedure. Another advantage of the callback function +is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA +usage) while the explicit setting of the key is only useful for key size of +512 bits to satisfy the export restricted ciphers and does give away key length +if a longer key would be allowed. + +The B<tmp_rsa_callback> is called with the B<keylength> needed and +the B<is_export> information. The B<is_export> flag is set, when the +ephemeral RSA key exchange is performed with an export cipher. + +=head1 EXAMPLES + +Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the +generation of a RSA key costs a lot of computer time, they saved for later +reuse. For demonstration purposes, two keys for 512 bits and 1024 bits +respectively are generated. + + ... + /* Set up ephemeral RSA stuff */ + RSA *rsa_512 = NULL; + RSA *rsa_1024 = NULL; + + rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); + if (rsa_512 == NULL) + evaluate_error_queue(); + + rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); + if (rsa_1024 == NULL) + evaluate_error_queue(); + + ... + + RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) + { + RSA *rsa_tmp=NULL; + + switch (keylength) { + case 512: + if (rsa_512) + rsa_tmp = rsa_512; + else { /* generate on the fly, should not happen in this example */ + rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); + rsa_512 = rsa_tmp; /* Remember for later reuse */ + } + break; + case 1024: + if (rsa_1024) + rsa_tmp=rsa_1024; + else + should_not_happen_in_this_example(); + break; + default: + /* Generating a key on the fly is very costly, so use what is there */ + if (rsa_1024) + rsa_tmp=rsa_1024; + else + rsa_tmp=rsa_512; /* Use at least a shorter key */ + } + return(rsa_tmp); + } + +=head1 RETURN VALUES + +SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return +diagnostic output. + +SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. + +SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary +RSA key is needed and 0 otherwise. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, +L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, +L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod index fc0b761..5bb21ca 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod @@ -59,14 +59,14 @@ The handshake will be continued regardless of the verification result. B<Server mode:> the server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process -fails as indicated by B<verify_callback>, the TLS/SSL handshake is +fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags. B<Client mode:> the server certificate is verified. If the verification process -fails as indicated by B<verify_callback>, the TLS/SSL handshake is +fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, SSL_VERIFY_PEER is ignored. @@ -92,6 +92,15 @@ B<Client mode:> ignored Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be set at any time. +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>. +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the verify_callback() function, but the way this information is used +may be different. + SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up to which depth certificates in a chain are used during the verification procedure. If the certificate chain is longer than allowed, the certificates @@ -278,6 +287,7 @@ L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>, +L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>, L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>, L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)> diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod b/crypto/openssl/doc/ssl/SSL_SESSION_free.pod index df30ccb..558de01 100644 --- a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod +++ b/crypto/openssl/doc/ssl/SSL_SESSION_free.pod @@ -16,10 +16,40 @@ SSL_SESSION_free() decrements the reference count of B<session> and removes the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated memory, if the the reference count has reached 0. +=head1 NOTES + +SSL_SESSION objects are allocated, when a TLS/SSL handshake operation +is successfully completed. Depending on the settings, see +L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, +the SSL_SESSION objects are internally referenced by the SSL_CTX and +linked into its session cache. SSL objects may be using the SSL_SESSION object; +as a session may be reused, several SSL objects may be using one SSL_SESSION +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a SSL_SESSION object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an SSL_SESSION object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation. + +SSL_SESSION_free() must only be called for SSL_SESSION objects, for +which the reference count was explicitly incremented (e.g. +by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>) +or when the SSL_SESSION object was generated outside a TLS handshake +operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>. +It must not be called on other SSL_SESSION objects, as this would cause +incorrect reference counts and therefore program failures. + =head1 RETURN VALUES SSL_SESSION_free() does not provide diagnostic information. -L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)> +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, +L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, + L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod b/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod index cd33b73..ea3c2bc 100644 --- a/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod +++ b/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod @@ -58,6 +58,7 @@ If any of the function is passed the NULL pointer for the session B<s>, =head1 SEE ALSO L<ssl(3)|ssl(3)>, -L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)> +L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, +L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_accept.pod b/crypto/openssl/doc/ssl/SSL_accept.pod index 86f980d..ac6caf9 100644 --- a/crypto/openssl/doc/ssl/SSL_accept.pod +++ b/crypto/openssl/doc/ssl/SSL_accept.pod @@ -37,11 +37,6 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it -is necessary to call SSL_set_accept_state() -before calling SSL_accept() to explicitly switch the B<ssl> to server -mode. - =head1 RETURN VALUES The following return values can occur: diff --git a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod new file mode 100644 index 0000000..7837589 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod @@ -0,0 +1,228 @@ +=pod + +=head1 NAME + +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + char *SSL_alert_type_string(int value); + char *SSL_alert_type_string_long(int value); + + char *SSL_alert_desc_string(int value); + char *SSL_alert_desc_string_long(int value); + +=head1 DESCRIPTION + +SSL_alert_type_string() returns a one letter string indicating the +type of the alert specified by B<value>. + +SSL_alert_type_string_long() returns a string indicating the type of the alert +specified by B<value>. + +SSL_alert_desc_string() returns a two letter string as a short form +describing the reason of the alert specified by B<value>. + +SSL_alert_desc_string_long() returns a string describing the reason +of the alert specified by B<value>. + +=head1 NOTES + +When one side of an SSL/TLS communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). + +A warning alert is sent, when a non-fatal error condition occurs. The +"close notify" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors ("certificate expired", +"unsupported certificate"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. + +Several alert messages must be sent as fatal alert messages as specified +by the TLS RFC. A fatal alert always leads to a connection abort. + +=head1 RETURN VALUES + +The following strings can occur for SSL_alert_type_string() or +SSL_alert_type_string_long(): + +=over 4 + +=item "W"/"warning" + +=item "F"/"fatal" + +=item "U"/"unknown" + +This indicates that no support is available for this alert type. +Probably B<value> does not contain a correct alert message. + +=back + +The following strings can occur for SSL_alert_desc_string() or +SSL_alert_desc_string_long(): + +=over 4 + +=item "CN"/"close notify" + +The connection shall be closed. This is a warning alert. + +=item "UM"/"unexpected message" + +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. + +=item "BM"/"bad record mac" + +This alert is returned if a record is received with an incorrect +MAC. This message is always fatal. + +=item "DF"/"decompression failure" + +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. + +=item "HF"/"handshake failure" + +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. + +=item "NC"/"no certificate" + +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). + +=item "BC"/"bad certificate" + +A certificate was corrupt, contained signatures that did not +verify correctly, etc + +=item "UC"/"unsupported certificate" + +A certificate was of an unsupported type. + +=item "CR"/"certificate revoked" + +A certificate was revoked by its signer. + +=item "CE"/"certificate expired" + +A certificate has expired or is not currently valid. + +=item "CU"/"certificate unknown" + +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. + +=item "IP"/"illegal parameter" + +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. + +=item "DC"/"decryption failed" + +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. + +=item "RO"/"record overflow" + +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. + +=item "CA"/"unknown CA" + +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the CA certificate could not +be located or couldn't be matched with a known, trusted CA. This +message is always fatal. + +=item "AD"/"access denied" + +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. + +=item "DE"/"decode error" + +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. + +=item "CY"/"decrypt error" + +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. + +=item "ER"/"export restriction" + +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral RSA key for the RSA_EXPORT handshake method. This +message is always fatal. + +=item "PV"/"protocol version" + +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. + +=item "IS"/"insufficient security" + +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. + +=item "IE"/"internal error" + +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. + +=item "US"/"user canceled" + +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. + +=item "NR"/"no renegotiation" + +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. + +=item "UK"/"unknown" + +This indicates that no description is available for this alert type. +Probably B<value> does not contain a correct alert message. + +=back + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_connect.pod b/crypto/openssl/doc/ssl/SSL_connect.pod index bcc1677..766f187 100644 --- a/crypto/openssl/doc/ssl/SSL_connect.pod +++ b/crypto/openssl/doc/ssl/SSL_connect.pod @@ -34,11 +34,6 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. -When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it -is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> -before calling SSL_connect() to explicitly switch the B<ssl> to client -mode. - =head1 RETURN VALUES The following return values can occur: diff --git a/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod b/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod new file mode 100644 index 0000000..52d0227 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod @@ -0,0 +1,26 @@ +=pod + +=head1 NAME + +SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); + +=head1 DESCRIPTION + +SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which +B<ssl> was created with L<SSL_new(3)|SSL_new(3)>. + +=head1 RETURN VALUES + +The pointer to the SSL_CTX object is returned. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod b/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod new file mode 100644 index 0000000..8d43b31 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod @@ -0,0 +1,41 @@ +=pod + +=head1 NAME + +SSL_get_default_timeout - get default session timeout value + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + long SSL_get_default_timeout(SSL *ssl); + +=head1 DESCRIPTION + +SSL_get_default_timeout() returns the default timeout value assigned to +SSL_SESSION objects negotiated for the protocol valid for B<ssl>. + +=head1 NOTES + +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default +timeout for the protocol will be used. + +SSL_get_default_timeout() return this hardcoded value, which is 300 seconds +for all currently supported protocols (SSLv2, SSLv3, and TLSv1). + +=head1 RETURN VALUES + +See description. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, +L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, +L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, +L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, +L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_get_error.pod b/crypto/openssl/doc/ssl/SSL_get_error.pod index d95eec7..f700bf0 100644 --- a/crypto/openssl/doc/ssl/SSL_get_error.pod +++ b/crypto/openssl/doc/ssl/SSL_get_error.pod @@ -69,13 +69,13 @@ to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. -=item SSL_ERROR_WANT_CONNECT +=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT The operation did not complete; the same TLS/SSL I/O function should be called again later. The underlying BIO was not connected yet to the peer -and the call would block in connect(). The SSL function should be -called again when the connection is established. This messages can only -appear with a BIO_s_connect() BIO. +and the call would block in connect()/accept(). The SSL function should be +called again when the connection is established. These messages can only +appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively. In order to find out, when the connection has been successfully established, on many platforms select() or poll() for writing on the socket file descriptor can be used. diff --git a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod b/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod index 18d1db5..60635a9 100644 --- a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod +++ b/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod @@ -19,7 +19,7 @@ peer presented. If the peer did not present a certificate, NULL is returned. Due to the protocol definition, a TLS/SSL server will always send a certificate, if present. A client will only send a certificate when -explicitely requested to do so by the server (see +explicitly requested to do so by the server (see L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher is used, no certificates are sent. diff --git a/crypto/openssl/doc/ssl/SSL_get_session.pod b/crypto/openssl/doc/ssl/SSL_get_session.pod index a0266e2..dd9aba4 100644 --- a/crypto/openssl/doc/ssl/SSL_get_session.pod +++ b/crypto/openssl/doc/ssl/SSL_get_session.pod @@ -37,8 +37,16 @@ if the session is valid, it can be removed at any time due to timeout during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>. If the data is to be kept, SSL_get1_session() will increment the reference -count and the session will stay in memory until explicitly freed with -L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state. +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once +to decrement the reference count again. + +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). =head1 RETURN VALUES diff --git a/crypto/openssl/doc/ssl/SSL_new.pod b/crypto/openssl/doc/ssl/SSL_new.pod index 3b084e8..25300e9 100644 --- a/crypto/openssl/doc/ssl/SSL_new.pod +++ b/crypto/openssl/doc/ssl/SSL_new.pod @@ -38,6 +38,7 @@ The return value points to an allocated SSL structure. L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>, L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, +L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>, L<ssl(3)|ssl(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_read.pod b/crypto/openssl/doc/ssl/SSL_read.pod index cc7aa1a..f6c37f7 100644 --- a/crypto/openssl/doc/ssl/SSL_read.pod +++ b/crypto/openssl/doc/ssl/SSL_read.pod @@ -25,11 +25,10 @@ the SSL_read() operation. The behaviour of SSL_read() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been -initialized to client or server mode. This is not the case if a generic -method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that +initialized to client or server mode. This is being done by calling L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -must be used before the first call to an SSL_read() or -L<SSL_write(3)|SSL_write(3)> function). +before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)> +function. SSL_read() works based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a @@ -84,9 +83,20 @@ bytes actually read from the TLS/SSL connection. =item 0 -The read operation was not successful, probably because no data was -available. Call SSL_get_error() with the return value B<ret> to find out, -whether an error occurred. +The read operation was not successful. The reason may either be a clean +shutdown due to a "close notify" alert sent by the peer (in which case +the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set +(see L<SSL_shutdown(3)|SSL_shutdown(3)>, +L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that +the peer simply shut down the underlying transport and the shutdown is +incomplete. Call SSL_get_error() with the return value B<ret> to find out, +whether an error occurred or the connection was shut down cleanly +(SSL_ERROR_ZERO_RETURN). + +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, whether the closure was initiated by the peer or by something +else. =item E<lt>0 @@ -102,6 +112,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, +L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_rstate_string.pod b/crypto/openssl/doc/ssl/SSL_rstate_string.pod new file mode 100644 index 0000000..6dbbb99 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_rstate_string.pod @@ -0,0 +1,59 @@ +=pod + +=head1 NAME + +SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + char *SSL_rstate_string(SSL *ssl); + char *SSL_rstate_string_long(SSL *ssl); + +=head1 DESCRIPTION + +SSL_rstate_string() returns a 2 letter string indicating the current read state +of the SSL object B<ssl>. + +SSL_rstate_string_long() returns a string indicating the current read state of +the SSL object B<ssl>. + +=head1 NOTES + +When performing a read operation, the SSL/TLS engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return "RD"/"read done". + +This function should only seldom be needed in applications. + +=head1 RETURN VALUES + +SSL_rstate_string() and SSL_rstate_string_long() can return the following +values: + +=over 4 + +=item "RH"/"read header" + +The header of the record is being evaluated. + +=item "RB"/"read body" + +The body of the record is being evaluated. + +=item "RD"/"read done" + +The record has been completely processed. + +=item "unknown"/"unknown" + +The read state is unknown. This should never happen. + +=back + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_session_reused.pod b/crypto/openssl/doc/ssl/SSL_session_reused.pod new file mode 100644 index 0000000..da7d062 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_session_reused.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +SSL_session_reused - query whether a reused session was negotiated during handshake + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_session_reused(SSL *ssl); + +=head1 DESCRIPTION + +Query, whether a reused session was negotiated during the handshake. + +=head1 NOTES + +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item 0 + +A new session was negotiated. + +=item 1 + +A session was reused. + +=back + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, +L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_set_connect_state.pod b/crypto/openssl/doc/ssl/SSL_set_connect_state.pod index a8c4463..7adf8ad 100644 --- a/crypto/openssl/doc/ssl/SSL_set_connect_state.pod +++ b/crypto/openssl/doc/ssl/SSL_set_connect_state.pod @@ -14,9 +14,9 @@ SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in clie =head1 DESCRIPTION -SSL_set_connect_state() B<ssl> to work in client mode. +SSL_set_connect_state() sets B<ssl> to work in client mode. -SSL_set_accept_state() B<ssl> to work in server mode. +SSL_set_accept_state() sets B<ssl> to work in server mode. =head1 NOTES @@ -27,12 +27,17 @@ server connections. (The method might have been changed with L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or SSL_set_ssl_method().) -In order to successfully accomplish the handshake, the SSL routines need -to know whether they should act in server or client mode. If the generic -method was used, this is not clear from the method itself and must be set -with either SSL_set_connect_state() or SSL_set_accept_state(). If these -routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)> -is called is server mode. +When beginning a new handshake, the SSL engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. + +When using the L<SSL_connect(3)|SSL_connect(3)> or +L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the +handshake routines must be explicitly set in advance using either +SSL_set_connect_state() or SSL_set_accept_state(). =head1 RETURN VALUES @@ -42,6 +47,8 @@ information. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, +L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, +L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_set_session.pod b/crypto/openssl/doc/ssl/SSL_set_session.pod index c4f7878..5f54714 100644 --- a/crypto/openssl/doc/ssl/SSL_set_session.pod +++ b/crypto/openssl/doc/ssl/SSL_set_session.pod @@ -16,12 +16,21 @@ SSL_set_session() sets B<session> to be used when the TLS/SSL connection is to be established. SSL_set_session() is only useful for TLS/SSL clients. When the session is set, the reference count of B<session> is incremented by 1. If the session is not reused, the reference count is decremented -again during SSL_connect(). +again during SSL_connect(). Whether the session was reused can be queried +with the L<SSL_session_reused(3)|SSL_session_reused(3)> call. If there is already a session set inside B<ssl> (because it was set with SSL_set_session() before or because the same B<ssl> was already used for a connection), SSL_SESSION_free() will be called for that session. +=head1 NOTES + +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). + =head1 RETURN VALUES The following return values can occur: @@ -41,6 +50,8 @@ The operation succeeded. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, +L<SSL_get_session(3)|SSL_get_session(3)>, +L<SSL_session_reused(3)|SSL_session_reused(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_set_shutdown.pod b/crypto/openssl/doc/ssl/SSL_set_shutdown.pod index 6b196c1..6289e63 100644 --- a/crypto/openssl/doc/ssl/SSL_set_shutdown.pod +++ b/crypto/openssl/doc/ssl/SSL_set_shutdown.pod @@ -46,7 +46,10 @@ The shutdown state of the connection is used to determine the state of the ssl session. If the session is still open, when L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called, it is considered bad and removed according to RFC2246. -The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN. +The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN +(according to the TLS RFC, it is acceptable to only send the "close notify" +alert but to not wait for the peer's answer, when the underlying connection +is closed). SSL_set_shutdown() can be used to set this state without sending a close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>). @@ -63,6 +66,7 @@ SSL_get_shutdown() returns the current setting. =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, +L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> =cut diff --git a/crypto/openssl/doc/ssl/SSL_shutdown.pod b/crypto/openssl/doc/ssl/SSL_shutdown.pod index c4ae670..6b5012b 100644 --- a/crypto/openssl/doc/ssl/SSL_shutdown.pod +++ b/crypto/openssl/doc/ssl/SSL_shutdown.pod @@ -22,10 +22,52 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. -The behaviour of SSL_shutdown() depends on the underlying BIO. +The shutdown procedure consists of 2 steps: the sending of the "close notify" +shutdown alert and the reception of the peer's "close notify" shutdown +alert. According to the TLS standard, it is acceptable for an application +to only send its shutdown alert and then close the underlying connection +without waiting for the peer's response (this way resources can be saved, +as the process can already terminate or serve another connection). +When the underlying connection shall be used for more communications, the +complete shutdown procedure (bidirectional "close notify" alerts) must be +performed, so that the peers stay synchronized. + +SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step +behaviour. + +=over 4 + +=item When the application is the first party to send the "close notify" +alert, SSL_shutdown() will only send the alert and the set the +SSL_SENT_SHUTDOWN flag (so that the session is considered good and will +be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional +shutdown is enough (the underlying connection shall be closed anyway), this +first call to SSL_shutdown() is sufficient. In order to complete the +bidirectional shutdown handshake, SSL_shutdown() must be called again. +The second call will make SSL_shutdown() wait for the peer's "close notify" +shutdown alert. On success, the second call to SSL_shutdown() will return +with 1. + +=item If the peer already sent the "close notify" alert B<and> it was +already processed implicitly inside another function +(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set. +SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN +flag and will immediately return with 1. +Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the +SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call. + +=back + +It is therefore recommended, to check the return value of SSL_shutdown() +and call SSL_shutdown() again, if the bidirectional shutdown is not yet +complete (return value of the first call is 0). As the shutdown is not +specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on +the first call. + +The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the -handshake has been finished or an error occurred. +handshake step has been finished or an error occurred. If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() @@ -38,6 +80,12 @@ nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. +SSL_shutdown() can be modified to only set the connection to "shutdown" +state but not actually send the "close notify" alert messages, +see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>. +When "quiet shutdown" is enabled, SSL_shutdown() will always succeed +and return 1. + =head1 RETURN VALUES The following return values can occur: @@ -46,19 +94,23 @@ The following return values can occur: =item 1 -The shutdown was successfully completed. +The shutdown was successfully completed. The "close notify" alert was sent +and the peer's "close notify" alert was received. =item 0 -The shutdown was not successful. Call SSL_get_error() with the return -value B<ret> to find out the reason. +The shutdown is not yet finished. Call SSL_shutdown() for a second time, +if a bidirectional shutdown shall be performed. +The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an +erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. =item -1 The shutdown was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. It can also occur of +at the protocol level or a connection failure occurred. It can also occur if action is need to continue the operation for non-blocking BIOs. -Call SSL_get_error() with the return value B<ret> to find out the reason. +Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret> +to find out the reason. =back @@ -66,6 +118,7 @@ Call SSL_get_error() with the return value B<ret> to find out the reason. L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, +L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> diff --git a/crypto/openssl/doc/ssl/SSL_state_string.pod b/crypto/openssl/doc/ssl/SSL_state_string.pod new file mode 100644 index 0000000..4404595 --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_state_string.pod @@ -0,0 +1,45 @@ +=pod + +=head1 NAME + +SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + char *SSL_state_string(SSL *ssl); + char *SSL_state_string_long(SSL *ssl); + +=head1 DESCRIPTION + +SSL_state_string() returns a 6 letter string indicating the current state +of the SSL object B<ssl>. + +SSL_state_string_long() returns a string indicating the current state of +the SSL object B<ssl>. + +=head1 NOTES + +During its use, an SSL objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. + +When using non-blocking sockets, the function call performing the handshake +may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, +so that SSL_state_string[_long]() may be called. + +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +SSL_set_info_callback() call. + +=head1 RETURN VALUES + +Detailed description of possible states to be included later. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_want.pod b/crypto/openssl/doc/ssl/SSL_want.pod new file mode 100644 index 0000000..50cc89d --- /dev/null +++ b/crypto/openssl/doc/ssl/SSL_want.pod @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_want(SSL *ssl); + int SSL_want_nothing(SSL *ssl); + int SSL_want_read(SSL *ssl); + int SSL_want_write(SSL *ssl); + int SSL_want_x509_lookup(SSL *ssl); + +=head1 DESCRIPTION + +SSL_want() returns state information for the SSL object B<ssl>. + +The other SSL_want_*() calls are shortcuts for the possible states returned +by SSL_want(). + +=head1 NOTES + +SSL_want() examines the internal state information of the SSL object. Its +return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>. +Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using L<SSL_get_error(3)|SSL_get_error(3)>. + +The result returned by SSL_want() should always be consistent with +the result of L<SSL_get_error(3)|SSL_get_error(3)>. + +=head1 RETURN VALUES + +The following return values can currently occur for SSL_want(): + +=over 4 + +=item SSL_NOTHING + +There is no data to be written or to be read. + +=item SSL_WRITING + +There are data in the SSL buffer that must be written to the underlying +B<BIO> layer in order to complete the actual SSL_*() operation. +A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +SSL_ERROR_WANT_WRITE. + +=item SSL_READING + +More data must be read from the underlying B<BIO> layer in order to +complete the actual SSL_*() operation. +A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +SSL_ERROR_WANT_READ. + +=item SSL_X509_LOOKUP + +The operation did not complete because an application callback set by +SSL_CTX_set_client_cert_cb() has asked to be called again. +A call to L<SSL_get_error(3)|SSL_get_error(3)> should return +SSL_ERROR_WANT_X509_LOOKUP. + +=back + +SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup() +return 1, when the corresponding condition is true or 0 otherwise. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> + +=cut diff --git a/crypto/openssl/doc/ssl/SSL_write.pod b/crypto/openssl/doc/ssl/SSL_write.pod index b0dfefa..dfa42e9 100644 --- a/crypto/openssl/doc/ssl/SSL_write.pod +++ b/crypto/openssl/doc/ssl/SSL_write.pod @@ -25,11 +25,9 @@ the SSL_write() operation. The behaviour of SSL_write() depends on the underlying BIO. For the transparent negotiation to succeed, the B<ssl> must have been -initialized to client or server mode. This is not the case if a generic -method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that +initialized to client or server mode. This is being done by calling L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() -must be used before the first call to an L<SSL_read(3)|SSL_read(3)> -or SSL_write() function. +before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function. If the underlying BIO is B<blocking>, SSL_write() will only return, once the write operation has been finished or an error occurred, except when a @@ -80,8 +78,14 @@ bytes actually written to the TLS/SSL connection. =item 0 -The write operation was not successful. Call SSL_get_error() with the return -value B<ret> to find out, whether an error occurred. +The write operation was not successful. Probably the underlying connection +was closed. Call SSL_get_error() with the return value B<ret> to find out, +whether an error occurred or the connection was shut down cleanly +(SSL_ERROR_ZERO_RETURN). + +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, why the closure happened. =item E<lt>0 diff --git a/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod b/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod index 9a1ba6c..0321a5a 100644 --- a/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod +++ b/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod @@ -30,7 +30,17 @@ session data on disk or into a database, it must be transformed into a binary ASN1 representation. When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically -allocated. +allocated. The reference count is 1, so that the session must be +explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, +unless the SSL_SESSION object is completely taken over, when being called +inside the get_session_cb() (see +L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>). + +SSL_SESSION objects keep internal link information about the session cache +list, when being inserted into one SSL_CTX object's session cache. +One SSL_SESSION object, regardless of its reference count, must therefore +only be used with one SSL_CTX object (and the SSL objects created +from this SSL_CTX object). When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be large enough to hold the binary representation of the session. There is no @@ -50,7 +60,7 @@ When the session is not valid, B<0> is returned and no operation is performed. =head1 SEE ALSO -L<ssl(3)|ssl(3)>, +L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)> =cut diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod index e521245..a1ff455 100644 --- a/crypto/openssl/doc/ssl/ssl.pod +++ b/crypto/openssl/doc/ssl/ssl.pod @@ -299,7 +299,7 @@ protocol context defined in the B<SSL_CTX> structure. =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs); -=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg) +=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg) =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str); @@ -650,8 +650,10 @@ L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>, L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>, L<SSL_connect(3)|SSL_connect(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>, +L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>, L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>, L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, +L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>, L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>, L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>, L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>, @@ -661,18 +663,28 @@ L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>, +L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>, +L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>, +L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>, +L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, +L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>, L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>, L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>, L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, +L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>, +L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, +L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>, +L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, +L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>, L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>, L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>, @@ -685,12 +697,19 @@ L<SSL_get_version(3)|SSL_get_version(3)>, L<SSL_library_init(3)|SSL_library_init(3)>, L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>, L<SSL_new(3)|SSL_new(3)>, -L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>, +L<SSL_pending(3)|SSL_pending(3)>, +L<SSL_read(3)|SSL_read(3)>, +L<SSL_rstate_string(3)|SSL_rstate_string(3)>, +L<SSL_session_reused(3)|SSL_session_reused(3)>, +L<SSL_set_bio(3)|SSL_set_bio(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, -L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>, +L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, -L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>, +L<SSL_shutdown(3)|SSL_shutdown(3)>, +L<SSL_state_string(3)|SSL_state_string(3)>, +L<SSL_want(3)|SSL_want(3)>, +L<SSL_write(3)|SSL_write(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>, L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>, diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt index fab8d42..c6049d5 100644 --- a/crypto/openssl/doc/ssleay.txt +++ b/crypto/openssl/doc/ssleay.txt @@ -1,6 +1,22 @@ Bundle of old SSLeay documentation files [OBSOLETE!] +*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** + +OBSOLETE means that nothing in this document should be trusted. This +document is provided mostly for historical purposes (it wasn't even up +to date at the time SSLeay 0.8.1 was released) and as inspiration. If +you copy some snippet of code from this document, please _check_ that +it really is correct from all points of view. For example, you can +check with the other documents in this directory tree, or by comparing +with relevant parts of the include files. + +People have done the mistake of trusting what's written here. Please +don't do that. + +*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** + + ==== readme ======================================================== This is the old 0.6.6 docuementation. Most of the cipher stuff is still diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h index 8a99609..ec06afb 100644 --- a/crypto/openssl/e_os.h +++ b/crypto/openssl/e_os.h @@ -413,13 +413,10 @@ extern HINSTANCE _hInstance; # endif #endif -#if defined(THREADS) || defined(sun) -#ifndef _REENTRANT -#define _REENTRANT -#endif -#endif - #if defined(sun) && !defined(__svr4__) && !defined(__SVR4) + /* include headers first, so our defines don't break it */ +#include <stdlib.h> +#include <string.h> /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */ # define memmove(s1,s2,n) bcopy((s2),(s1),(n)) # define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec index d7be413..1f12328 100644 --- a/crypto/openssl/openssl.spec +++ b/crypto/openssl/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 6 -%define librev a +%define librev c Release: 1 %define openssldir /var/ssl @@ -114,7 +114,7 @@ install -m644 rsaref/rsaref.h $RPM_BUILD_ROOT/usr/include/openssl install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib # Make backwards-compatibility symlink to ssleay -ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay +ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay %clean rm -rf $RPM_BUILD_ROOT @@ -135,14 +135,15 @@ rm -rf $RPM_BUILD_ROOT %dir %attr(0750,root,root) %{openssldir}/private %files devel +%defattr(0644,root,root,0755) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README -%defattr(0644,root,root,0755) %attr(0644,root,root) /usr/lib/*.a %attr(0644,root,root) /usr/include/openssl/* %attr(0644,root,root) /usr/man/man[3]/* %files doc +%defattr(0644,root,root,0755) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %doc doc diff --git a/crypto/openssl/rsaref/rsaref.h b/crypto/openssl/rsaref/rsaref.h index 498449f..4e99bda 100644 --- a/crypto/openssl/rsaref/rsaref.h +++ b/crypto/openssl/rsaref/rsaref.h @@ -131,7 +131,6 @@ int R_GetRandomBytesNeeded(unsigned int *,RSARandomState *rnd); int R_RandomUpdate(RSARandomState *rnd, unsigned char *data, unsigned int n); int R_RandomFinal(RSARandomState *rnd); -void ERR_load_RSAREF_strings(void ); RSA_METHOD *RSA_PKCS1_RSAref(void ); #ifdef __cplusplus @@ -139,10 +138,15 @@ RSA_METHOD *RSA_PKCS1_RSAref(void ); #endif #endif +#ifdef __cplusplus +extern "C" { +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_RSAREF_strings(void); /* Error codes for the RSAREF functions. */ @@ -177,4 +181,8 @@ RSA_METHOD *RSA_PKCS1_RSAref(void ); #define RSAREF_R_SIGNATURE 0x040b #define RSAREF_R_SIGNATURE_ENCODING 0x040c +#ifdef __cplusplus +} #endif +#endif + diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index 5050a13..2d0eb4a 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -113,8 +113,8 @@ int ssl23_connect(SSL *s) else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { diff --git a/crypto/openssl/ssl/s23_pkt.c b/crypto/openssl/ssl/s23_pkt.c index f45e1ce..a62599c 100644 --- a/crypto/openssl/ssl/s23_pkt.c +++ b/crypto/openssl/ssl/s23_pkt.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <errno.h> diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index 0506182..b40bb01 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include <stdio.h> #include <openssl/buffer.h> @@ -112,8 +165,8 @@ int ssl23_accept(SSL *s) else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { @@ -179,9 +232,9 @@ int ssl23_accept(SSL *s) } } end: + s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); - s->in_handshake--; return(ret); } @@ -352,17 +405,22 @@ int ssl23_get_client_hello(SSL *s) /* We must look at client_version inside the Client Hello message * to get the correct minor version. * However if we have only a pathologically small fragment of the - * Client Hello message, this would be difficult, we'd have - * to read at least one additional record to find out. - * This doesn't usually happen in real life, so we just complain - * for now. - */ + * Client Hello message, this would be difficult, and we'd have + * to read more records to find out. + * No known SSL 3.0 client fragments ClientHello like this, + * so we simply assume TLS 1.0 to avoid protocol version downgrade + * attacks. */ if (p[3] == 0 && p[4] < 6) { +#if 0 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); goto err; +#else + v[1] = TLS1_VERSION_MINOR; +#endif } - v[1]=p[10]; /* minor version according to client_version */ + else + v[1]=p[10]; /* minor version according to client_version */ if (v[1] >= TLS1_VERSION_MINOR) { if (!(s->options & SSL_OP_NO_TLSv1)) @@ -376,10 +434,21 @@ int ssl23_get_client_hello(SSL *s) type=3; } } - else if (!(s->options & SSL_OP_NO_SSLv3)) + else { - s->version=SSL3_VERSION; - type=3; + /* client requests SSL 3.0 */ + if (!(s->options & SSL_OP_NO_SSLv3)) + { + s->version=SSL3_VERSION; + type=3; + } + else if (!(s->options & SSL_OP_NO_TLSv1)) + { + /* we won't be able to use TLS of course, + * but this will send an appropriate alert */ + s->version=TLS1_VERSION; + type=3; + } } } else if ((strncmp("GET ", (char *)p,4) == 0) || diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 28d6d65..615e425 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include "ssl_locl.h" #ifndef NO_SSL2 @@ -118,8 +171,8 @@ int ssl2_connect(SSL *s) cb=s->ctx->info_callback; /* init things to blank */ - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { @@ -287,6 +340,7 @@ static int get_server_hello(SSL *s) unsigned char *buf; unsigned char *p; int i,j; + unsigned long len; STACK_OF(SSL_CIPHER) *sk=NULL,*cl; buf=(unsigned char *)s->init_buf->data; @@ -296,6 +350,7 @@ static int get_server_hello(SSL *s) i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num); if (i < (11-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); + s->init_num = 11; if (*(p++) != SSL2_MT_SERVER_HELLO) { @@ -324,18 +379,22 @@ static int get_server_hello(SSL *s) n2s(p,i); s->s2->tmp.csl=i; n2s(p,i); s->s2->tmp.conn_id_length=i; s->state=SSL2_ST_GET_SERVER_HELLO_B; - s->init_num=0; } /* SSL2_ST_GET_SERVER_HELLO_B */ - j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length - - s->init_num; - i=ssl2_read(s,(char *)&(buf[s->init_num]),j); + len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length; + if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + { + SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG); + return -1; + } + j = (int)len - s->init_num; + i = ssl2_read(s,(char *)&(buf[s->init_num]),j); if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); /* things are looking good */ - p=buf; + p = buf + 11; if (s->hit) { if (s->s2->tmp.cert_length != 0) @@ -645,11 +704,10 @@ static int client_certificate(SSL *s) unsigned char *p,*d; int i; unsigned int n; - int cert_ch_len=0; + int cert_ch_len; unsigned char *cert_ch; buf=(unsigned char *)s->init_buf->data; - cert_ch= &(buf[2]); /* We have a cert associated with the SSL, so attach it to * the session if it does not have one */ @@ -660,6 +718,7 @@ static int client_certificate(SSL *s) SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); + s->init_num += i; /* type=buf[0]; */ /* type eq x509 */ @@ -669,7 +728,6 @@ static int client_certificate(SSL *s) SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE); return(-1); } - cert_ch_len=i-1; if ((s->cert == NULL) || (s->cert->key->x509 == NULL) || @@ -681,6 +739,9 @@ static int client_certificate(SSL *s) s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C; } + cert_ch = buf + 2; + cert_ch_len = s->init_num - 2; + if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) { X509 *x509=NULL; @@ -786,7 +847,7 @@ static int client_certificate(SSL *s) static int get_server_verify(SSL *s) { unsigned char *p; - int i; + int i, n, len; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) @@ -794,9 +855,9 @@ static int get_server_verify(SSL *s) i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); if (i < (1-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); + s->init_num += i; s->state= SSL2_ST_GET_SERVER_VERIFY_B; - s->init_num=0; if (*p != SSL2_MT_SERVER_VERIFY) { if (p[0] != SSL2_MT_ERROR) @@ -813,10 +874,13 @@ static int get_server_verify(SSL *s) } p=(unsigned char *)s->init_buf->data; - i=ssl2_read(s,(char *)&(p[s->init_num]), - (unsigned int)s->s2->challenge_length-s->init_num); - if (i < ((int)s->s2->challenge_length-s->init_num)) + len = 1 + s->s2->challenge_length; + n = len - s->init_num; + i = ssl2_read(s,(char *)&(p[s->init_num]),n); + if (i < n) return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); + p += 1; + if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -830,7 +894,7 @@ static int get_server_finished(SSL *s) { unsigned char *buf; unsigned char *p; - int i; + int i, n, len; buf=(unsigned char *)s->init_buf->data; p=buf; @@ -839,7 +903,8 @@ static int get_server_finished(SSL *s) i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num); if (i < (1-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); - s->init_num=i; + s->init_num += i; + if (*p == SSL2_MT_REQUEST_CERTIFICATE) { s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A; @@ -856,14 +921,15 @@ static int get_server_finished(SSL *s) SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); return(-1); } - s->state=SSL_ST_OK; - s->init_num=0; + s->state=SSL2_ST_GET_SERVER_FINISHED_B; } - i=ssl2_read(s,(char *)&(buf[s->init_num]), - SSL2_SSL_SESSION_ID_LENGTH-s->init_num); - if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num)) + len = 1 + SSL2_SSL_SESSION_ID_LENGTH; + n = len - s->init_num; + i = ssl2_read(s,(char *)&(buf[s->init_num]), n); + if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */ return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); + s->init_num += i; if (!s->hit) /* new session */ { @@ -887,6 +953,7 @@ static int get_server_finished(SSL *s) } } } + s->state = SSL_ST_OK; return(1); } diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c index 35acdf8..fa2ab8d 100644 --- a/crypto/openssl/ssl/s2_enc.c +++ b/crypto/openssl/ssl/s2_enc.c @@ -111,8 +111,8 @@ err: } /* read/writes from s->s2->mac_data using length for encrypt and - * decrypt. It sets the s->s2->padding, s->[rw]length and - * s->s2->pad_data ptr if we are encrypting */ + * decrypt. It sets s->s2->padding and s->[rw]length + * if we are encrypting */ void ssl2_enc(SSL *s, int send) { EVP_CIPHER_CTX *ds; diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c index f2f46ff..3cd7597 100644 --- a/crypto/openssl/ssl/s2_pkt.c +++ b/crypto/openssl/ssl/s2_pkt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -130,7 +130,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) unsigned char mac[MAX_MAC_SIZE]; unsigned char *p; int i; - unsigned int mac_size=0; + unsigned int mac_size; ssl2_read_again: if (SSL_in_init(s) && !s->in_handshake) @@ -235,17 +235,25 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) /* Data portion */ if (s->s2->clear_text) { + mac_size = 0; s->s2->mac_data=p; s->s2->ract_data=p; - s->s2->pad_data=NULL; + if (s->s2->padding) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); + return(-1); + } } else { mac_size=EVP_MD_size(s->read_hash); s->s2->mac_data=p; s->s2->ract_data= &p[mac_size]; - s->s2->pad_data= &p[mac_size+ - s->s2->rlength-s->s2->padding]; + if (s->s2->padding + mac_size > s->s2->rlength) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); + return(-1); + } } s->s2->ract_data_length=s->s2->rlength; @@ -593,10 +601,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); /* we copy the data into s->s2->wbuf */ memcpy(s->s2->wact_data,buf,len); -#ifdef PURIFY if (p) - memset(&(s->s2->wact_data[len]),0,p); -#endif + memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */ if (!s->s2->clear_text) { @@ -645,27 +651,36 @@ int ssl2_part_read(SSL *s, unsigned long f, int i) unsigned char *p; int j; - /* check for error */ - if ((s->init_num == 0) && (i >= 3)) - { - p=(unsigned char *)s->init_buf->data; - if (p[0] == SSL2_MT_ERROR) - { - j=(p[1]<<8)|p[2]; - SSLerr((int)f,ssl_mt_error(j)); - } - } - if (i < 0) { /* ssl2_return_error(s); */ /* for non-blocking io, - * this is not fatal */ + * this is not necessarily fatal */ return(i); } else { s->init_num+=i; + + /* Check for error. While there are recoverable errors, + * this function is not called when those must be expected; + * any error detected here is fatal. */ + if (s->init_num >= 3) + { + p=(unsigned char *)s->init_buf->data; + if (p[0] == SSL2_MT_ERROR) + { + j=(p[1]<<8)|p[2]; + SSLerr((int)f,ssl_mt_error(j)); + s->init_num -= 3; + if (s->init_num > 0) + memmove(p, p+3, s->init_num); + } + } + + /* If it's not an error message, we have some error anyway -- + * the message was shorter than expected. This too is treated + * as fatal (at least if SSL_get_error is asked for its opinion). */ return(0); } } @@ -676,7 +691,9 @@ int ssl2_do_write(SSL *s) ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); if (ret == s->init_num) + { return(1); + } if (ret < 0) return(-1); s->init_off+=ret; diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 2fa2f31..af58b25 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include "ssl_locl.h" #ifndef NO_SSL2 @@ -119,8 +172,8 @@ int ssl2_accept(SSL *s) cb=s->ctx->info_callback; /* init things to blank */ - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); if (s->cert == NULL) { @@ -322,6 +375,7 @@ end: static int get_client_master_key(SSL *s) { int is_export,i,n,keya,ek; + unsigned long len; unsigned char *p; SSL_CIPHER *cp; const EVP_CIPHER *c; @@ -334,6 +388,8 @@ static int get_client_master_key(SSL *s) if (i < (10-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); + s->init_num = 10; + if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) { if (p[-1] != SSL2_MT_ERROR) @@ -362,15 +418,21 @@ static int get_client_master_key(SSL *s) n2s(p,i); s->s2->tmp.enc=i; n2s(p,i); s->session->key_arg_length=i; s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B; - s->init_num=0; } /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */ p=(unsigned char *)s->init_buf->data; keya=s->session->key_arg_length; - n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num; - i=ssl2_read(s,(char *)&(p[s->init_num]),n); + len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya; + if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); + return -1; + } + n = (int)len - s->init_num; + i = ssl2_read(s,(char *)&(p[s->init_num]),n); if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); + p += 10; memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), (unsigned int)keya); @@ -408,8 +470,8 @@ static int get_client_master_key(SSL *s) * random master secret (Bleichenbacher attack) */ if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear+i != - EVP_CIPHER_key_length(c)))))) + || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i != + (unsigned int)EVP_CIPHER_key_length(c)))))) { ERR_clear_error(); if (is_export) @@ -448,6 +510,7 @@ static int get_client_master_key(SSL *s) static int get_client_hello(SSL *s) { int i,n; + unsigned long len; unsigned char *p; STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */ STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */ @@ -467,6 +530,7 @@ static int get_client_hello(SSL *s) i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num); if (i < (9-s->init_num)) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); + s->init_num = 9; if (*(p++) != SSL2_MT_CLIENT_HELLO) { @@ -491,15 +555,20 @@ static int get_client_hello(SSL *s) return(-1); } s->state=SSL2_ST_GET_CLIENT_HELLO_C; - s->init_num=0; } /* SSL2_ST_GET_CLIENT_HELLO_C */ p=(unsigned char *)s->init_buf->data; - n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+ - s->s2->tmp.session_id_length-s->init_num; - i=ssl2_read(s,(char *)&(p[s->init_num]),n); + len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length; + if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + { + SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG); + return -1; + } + n = (int)len - s->init_num; + i = ssl2_read(s,(char *)&(p[s->init_num]),n); if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); + p += 9; /* get session-id before cipher stuff so we can get out session * structure if it is cached */ @@ -705,7 +774,8 @@ static int server_hello(SSL *s) static int get_client_finished(SSL *s) { unsigned char *p; - int i; + int i, n; + unsigned long len; p=(unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) @@ -713,6 +783,7 @@ static int get_client_finished(SSL *s) i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num); if (i < 1-s->init_num) return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); + s->init_num += i; if (*p != SSL2_MT_CLIENT_FINISHED) { @@ -725,16 +796,18 @@ static int get_client_finished(SSL *s) SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); return(-1); } - s->init_num=0; s->state=SSL2_ST_GET_CLIENT_FINISHED_B; } /* SSL2_ST_GET_CLIENT_FINISHED_B */ - i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num); - if (i < (int)s->s2->conn_id_length-s->init_num) + len = 1 + (unsigned long)s->s2->conn_id_length; + n = (int)len - s->init_num; + i = ssl2_read(s,(char *)&(p[s->init_num]),n); + if (i < n) { return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); } + p += 1; if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); @@ -790,6 +863,7 @@ static int request_certificate(SSL *s) unsigned char *p,*p2,*buf2; unsigned char *ccd; int i,j,ctype,ret= -1; + unsigned long len; X509 *x509=NULL; STACK_OF(X509) *sk=NULL; @@ -823,16 +897,28 @@ static int request_certificate(SSL *s) if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) { p=(unsigned char *)s->init_buf->data; - i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); - if (i < 3) + i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */ + if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3 + * (probably NO-CERTIFICATE-ERROR) */ { ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); goto end; } + s->init_num += i; - if ((*p == SSL2_MT_ERROR) && (i >= 3)) + if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) { n2s(p,i); + if (i != SSL2_PE_NO_CERTIFICATE) + { + /* not the error message we expected -- let ssl2_part_read handle it */ + s->init_num -= 3; + ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3); + goto end; + } + + /* this is the one place where we can recover from an SSL 2.0 error */ + if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE); @@ -842,12 +928,18 @@ static int request_certificate(SSL *s) ret=1; goto end; } - if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6)) + if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ); goto end; } + if (s->init_num != 6) + { + SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR); + goto end; + } + /* ok we have a response */ /* certificate type, there is only one right now. */ ctype= *(p++); @@ -860,18 +952,24 @@ static int request_certificate(SSL *s) n2s(p,i); s->s2->tmp.clen=i; n2s(p,i); s->s2->tmp.rlen=i; s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D; - s->init_num=0; } /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */ p=(unsigned char *)s->init_buf->data; - j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num; - i=ssl2_read(s,(char *)&(p[s->init_num]),j); + len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; + if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) + { + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); + goto end; + } + j = (int)len - s->init_num; + i = ssl2_read(s,(char *)&(p[s->init_num]),j); if (i < j) { ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); goto end; } + p += 6; x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); if (x509 == NULL) diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c index 10d8d3b..3f09b8b 100644 --- a/crypto/openssl/ssl/s3_both.c +++ b/crypto/openssl/ssl/s3_both.c @@ -383,7 +383,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) * if their format is correct. Does not count for * 'Finished' MAC. */ if (p[1] == 0 && p[2] == 0 &&p[3] == 0) + { + s->init_num = 0; skip_message = 1; + } + } while (skip_message); @@ -432,6 +436,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) /* next state (stn) */ p=(unsigned char *)s->init_buf->data; n=s->s3->tmp.message_size; + n -= s->init_num; while (n > 0) { i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index eec45cf..4d6da27 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -119,8 +119,8 @@ int ssl3_connect(SSL *s) else if (s->ctx->info_callback != NULL) cb=s->ctx->info_callback; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); for (;;) { @@ -441,9 +441,9 @@ int ssl3_connect(SSL *s) skip=0; } end: + s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); - s->in_handshake--; return(ret); } @@ -849,11 +849,17 @@ static int ssl3_get_key_exchange(SSL *s) DH *dh=NULL; #endif + /* use same message size as in ssl3_get_certificate_request() + * as ServerKeyExchange message may be skipped */ n=ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A, SSL3_ST_CR_KEY_EXCH_B, -1, - 1024*8, /* ?? */ +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n); diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index 8709da9..af7075e 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -381,8 +381,8 @@ int ssl3_enc(SSL *s, int send) if (l == 0 || l%bs != 0) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; } } @@ -395,9 +395,11 @@ int ssl3_enc(SSL *s, int send) * padding bytes (except that last) are arbitrary */ if (i > bs) { - SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + return -1; } rec->length-=i; } diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 9ab7660..fbe9de9 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -231,7 +231,7 @@ static int ssl3_read_n(SSL *s, int n, int max, int extend) static int ssl3_get_record(SSL *s) { int ssl_major,ssl_minor,al; - int n,i,ret= -1; + int enc_err,n,i,ret= -1; SSL3_RECORD *rr; SSL_SESSION *sess; unsigned char *p; @@ -342,16 +342,23 @@ again: /* decrypt in place in 'rr->input' */ rr->data=rr->input; - if (!s->method->ssl3_enc->enc(s,0)) + enc_err = s->method->ssl3_enc->enc(s,0); + if (enc_err <= 0) { - al=SSL_AD_DECRYPT_ERROR; - goto f_err; + if (enc_err == 0) + /* SSLerr() and ssl3_send_alert() have been called */ + goto err; + + /* otherwise enc_err == -1 */ + goto decryption_failed_or_bad_record_mac; } + #ifdef TLS_DEBUG printf("dec %d\n",rr->length); { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } printf("\n"); #endif + /* r->length is now the compressed data plus mac */ if ( (sess == NULL) || (s->enc_read_ctx == NULL) || @@ -364,25 +371,30 @@ printf("\n"); if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) { +#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ al=SSL_AD_RECORD_OVERFLOW; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; +#else + goto decryption_failed_or_bad_record_mac; +#endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ if (rr->length < mac_size) { +#if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; +#else + goto decryption_failed_or_bad_record_mac; +#endif } rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) { - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); - ret= -1; - goto f_err; + goto decryption_failed_or_bad_record_mac; } } @@ -427,6 +439,15 @@ printf("\n"); if (rr->length == 0) goto again; return(1); + +decryption_failed_or_bad_record_mac: + /* Separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: @@ -1156,6 +1177,8 @@ void ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ desc=s->method->ssl3_enc->alert_value(desc); + if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) + desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ if (desc < 0) return; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) @@ -1164,7 +1187,7 @@ void ssl3_send_alert(SSL *s, int level, int desc) s->s3->alert_dispatch=1; s->s3->send_alert[0]=level; s->s3->send_alert[1]=desc; - if (s->s3->wbuf.left == 0) /* data still being written out */ + if (s->s3->wbuf.left == 0) /* data still being written out? */ ssl3_dispatch_alert(s); /* else data is still being written out, we will get written * some time in the future */ @@ -1183,9 +1206,9 @@ int ssl3_dispatch_alert(SSL *s) } else { - /* If it is important, send it now. If the message - * does not get sent due to non-blocking IO, we will - * not worry too much. */ + /* Alert sent to BIO. If it is important, flush it now. + * If the message does not get sent due to non-blocking IO, + * we will not worry too much. */ if (s->s3->send_alert[0] == SSL3_AL_FATAL) (void)BIO_flush(s->wbio); diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index 258af84..0280bb9 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #define REUSE_CIPHER_BUG #define NETSCAPE_HANG_BUG @@ -114,6 +167,7 @@ int ssl3_accept(SSL *s) long num1; int ret= -1; int new_state,state,skip=0; + int got_new_session=0; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); @@ -125,8 +179,8 @@ int ssl3_accept(SSL *s) cb=s->ctx->info_callback; /* init things to blank */ - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); if (s->cert == NULL) { @@ -180,21 +234,23 @@ int ssl3_accept(SSL *s) goto end; } - /* Ok, we now need to push on a buffering BIO so that - * the output is sent in a way that TCP likes :-) - */ - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } - s->init_num=0; if (s->state != SSL_ST_RENEGOTIATE) { + /* Ok, we now need to push on a buffering BIO so that + * the output is sent in a way that TCP likes :-) + */ + if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } + ssl3_init_finished_mac(s); s->state=SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else { + /* s->state == SSL_ST_RENEGOTIATE, + * we will just send a HelloRequest */ s->ctx->stats.sess_accept_renegotiate++; s->state=SSL3_ST_SW_HELLO_REQ_A; } @@ -215,9 +271,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_HELLO_REQ_C: s->state=SSL_ST_OK; - ret=1; - goto end; - /* break; */ + break; case SSL3_ST_SR_CLNT_HELLO_A: case SSL3_ST_SR_CLNT_HELLO_B: @@ -226,6 +280,7 @@ int ssl3_accept(SSL *s) s->shutdown=0; ret=ssl3_get_client_hello(s); if (ret <= 0) goto end; + got_new_session=1; s->state=SSL3_ST_SW_SRVR_HELLO_A; s->init_num=0; break; @@ -456,18 +511,24 @@ int ssl3_accept(SSL *s) /* remove buffering on output */ ssl_free_wbio_buffer(s); - s->new_session=0; s->init_num=0; - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - s->handshake_func=ssl3_accept; - ret=1; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - + if (got_new_session) /* skipped if we just sent a HelloRequest */ + { + /* actually not necessarily a 'new' session */ + + s->new_session=0; + + ssl_update_cache(s,SSL_SESS_CACHE_SERVER); + + s->ctx->stats.sess_accept_good++; + /* s->server=1; */ + s->handshake_func=ssl3_accept; + + if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); + } + + ret = 1; goto end; /* break; */ @@ -500,9 +561,9 @@ int ssl3_accept(SSL *s) end: /* BIO_flush(s->wbio); */ + s->in_handshake--; if (cb != NULL) cb(s,SSL_CB_ACCEPT_EXIT,ret); - s->in_handshake--; return(ret); } @@ -533,11 +594,17 @@ static int ssl3_check_client_hello(SSL *s) int ok; long n; + /* this function is called when we really expect a Certificate message, + * so permit appropriate message length */ n=ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B, -1, - SSL3_RT_MAX_PLAIN_LENGTH, +#if defined(MSDOS) && !defined(WIN32) + 1024*30, /* 30k max cert list :-) */ +#else + 1024*100, /* 100k max cert list :-) */ +#endif &ok); if (!ok) return((int)n); s->s3->tmp.reuse_message = 1; @@ -595,6 +662,18 @@ static int ssl3_get_client_hello(SSL *s) s->client_version=(((int)p[0])<<8)|(int)p[1]; p+=2; + if (s->client_version < s->version) + { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); + if ((s->client_version>>8) == SSL3_VERSION_MAJOR) + { + /* similar to ssl3_get_record, send alert using remote version number */ + s->version = s->client_version; + } + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + /* load the client random */ memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); p+=SSL3_RANDOM_SIZE; @@ -1262,7 +1341,7 @@ static int ssl3_get_client_key_exchange(SSL *s) SSL3_ST_SR_KEY_EXCH_A, SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, - 400, /* ???? */ + 2048, /* ???? */ &ok); if (!ok) return((int)n); diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index 9de9e61..1b8fce8 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -583,7 +583,9 @@ struct ssl_st int server; /* are we the server side? - mostly used by SSL_clear*/ - int new_session;/* 1 if we are to use a new session */ + int new_session;/* 1 if we are to use a new session. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session */ int quiet_shutdown;/* don't send shutdown packets */ int shutdown; /* we have shut things down, 0x01 sent, 0x02 * for received */ @@ -939,6 +941,8 @@ char * SSL_CIPHER_get_version(SSL_CIPHER *c); const char * SSL_CIPHER_get_name(SSL_CIPHER *c); int SSL_get_fd(SSL *s); +int SSL_get_rfd(SSL *s); +int SSL_get_wfd(SSL *s); const char * SSL_get_cipher_list(SSL *s,int n); char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); int SSL_get_read_ahead(SSL * s); @@ -985,7 +989,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif -void ERR_load_SSL_strings(void ); void SSL_load_error_strings(void ); char * SSL_state_string(SSL *s); char * SSL_rstate_string(SSL *s); @@ -1403,6 +1406,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 @@ -1413,6 +1417,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 +#define SSL_R_ILLEGAL_PADDING 1110 #define SSL_R_INTERNAL_ERROR 157 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -1422,6 +1427,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274 #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MESSAGE_TOO_LONG 1111 #define SSL_R_MISSING_DH_DSA_CERT 162 #define SSL_R_MISSING_DH_KEY 163 #define SSL_R_MISSING_DH_RSA_CERT 164 diff --git a/crypto/openssl/ssl/ssl2.h b/crypto/openssl/ssl/ssl2.h index f8b56af..70aae1e 100644 --- a/crypto/openssl/ssl/ssl2.h +++ b/crypto/openssl/ssl/ssl2.h @@ -189,7 +189,7 @@ typedef struct ssl2_state_st unsigned char *ract_data; unsigned char *wact_data; unsigned char *mac_data; - unsigned char *pad_data; + unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */ unsigned char *read_key; unsigned char *write_key; @@ -209,11 +209,11 @@ typedef struct ssl2_state_st unsigned int conn_id_length; unsigned int cert_type; unsigned int cert_length; - int csl; - int clear; + unsigned int csl; + unsigned int clear; unsigned int enc; unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; - int cipher_spec_length; + unsigned int cipher_spec_length; unsigned int session_id_length; unsigned int clen; unsigned int rlen; diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index 27e7fcc..be3acab 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -461,6 +461,9 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); + if (s->verify_callback) + X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); + if (s->ctx->app_verify_callback != NULL) i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ else diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index 1ae3333..87a13db 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -258,6 +258,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, {SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, {SSL_R_DECRYPTION_FAILED ,"decryption failed"}, +{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, @@ -268,6 +269,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, {SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, {SSL_R_HTTP_REQUEST ,"http request"}, +{SSL_R_ILLEGAL_PADDING ,"illegal padding"}, {SSL_R_INTERNAL_ERROR ,"internal error"}, {SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, {SSL_R_INVALID_COMMAND ,"invalid command"}, @@ -277,6 +279,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, {SSL_R_LIBRARY_BUG ,"library bug"}, {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, +{SSL_R_MESSAGE_TOO_LONG ,"message too long"}, {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, {SSL_R_MISSING_DH_KEY ,"missing dh key"}, {SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 1fe85b6..afcc18b 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -142,7 +142,7 @@ int SSL_clear(SSL *s) #if 1 /* Check to see if we were changed into a different method, if * so, revert back if we are not doing session-id reuse. */ - if ((s->session == NULL) && (s->method != s->ctx->method)) + if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) { s->method->ssl_free(s); s->method=s->ctx->method; @@ -411,6 +411,11 @@ BIO *SSL_get_wbio(SSL *s) int SSL_get_fd(SSL *s) { + return(SSL_get_rfd(s)); + } + +int SSL_get_rfd(SSL *s) + { int ret= -1; BIO *b,*r; @@ -421,6 +426,18 @@ int SSL_get_fd(SSL *s) return(ret); } +int SSL_get_wfd(SSL *s) + { + int ret= -1; + BIO *b,*r; + + b=SSL_get_wbio(s); + r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); + if (r != NULL) + BIO_get_fd(r,&ret); + return(ret); + } + #ifndef NO_SOCK int SSL_set_fd(SSL *s,int fd) { @@ -1276,8 +1293,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) { ctx->verify_mode=mode; ctx->default_verify_callback=cb; - /* This needs cleaning up EAY EAY EAY */ - X509_STORE_set_verify_cb_func(ctx->cert_store,cb); } void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c index 8e12461..893c98e 100644 --- a/crypto/openssl/ssl/ssl_stat.c +++ b/crypto/openssl/ssl/ssl_stat.c @@ -136,7 +136,7 @@ case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; -case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break; +case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; case SSL3_ST_CW_CHANGE_A: case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; @@ -145,7 +145,7 @@ case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; case SSL3_ST_CW_FINISHED_A: case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; case SSL3_ST_CW_FINISHED_B: -case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break; +case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; case SSL3_ST_CR_CHANGE_A: case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; case SSL3_ST_CR_CHANGE_B: @@ -387,6 +387,18 @@ char *SSL_alert_desc_string(int value) case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; + case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; + case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; + case TLS1_AD_UNKNOWN_CA: str="CA"; break; + case TLS1_AD_ACCESS_DENIED: str="AD"; break; + case TLS1_AD_DECODE_ERROR: str="DE"; break; + case TLS1_AD_DECRYPT_ERROR: str="CY"; break; + case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; + case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; + case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; + case TLS1_AD_INTERNAL_ERROR: str="IE"; break; + case TLS1_AD_USER_CANCELLED: str="US"; break; + case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; default: str="UK"; break; } return(str); @@ -434,6 +446,42 @@ char *SSL_alert_desc_string_long(int value) case SSL3_AD_ILLEGAL_PARAMETER: str="illegal parameter"; break; + case TLS1_AD_DECRYPTION_FAILED: + str="decryption failed"; + break; + case TLS1_AD_RECORD_OVERFLOW: + str="record overflow"; + break; + case TLS1_AD_UNKNOWN_CA: + str="unknown CA"; + break; + case TLS1_AD_ACCESS_DENIED: + str="access denied"; + break; + case TLS1_AD_DECODE_ERROR: + str="decode error"; + break; + case TLS1_AD_DECRYPT_ERROR: + str="decrypt error"; + break; + case TLS1_AD_EXPORT_RESTRICTION: + str="export restriction"; + break; + case TLS1_AD_PROTOCOL_VERSION: + str="protocol version"; + break; + case TLS1_AD_INSUFFICIENT_SECURITY: + str="insufficient security"; + break; + case TLS1_AD_INTERNAL_ERROR: + str="internal error"; + break; + case TLS1_AD_USER_CANCELLED: + str="user canceled"; + break; + case TLS1_AD_NO_RENEGOTIATION: + str="no renegotiation"; + break; default: str="unknown"; break; } return(str); diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index a0758e9..ff4f0c8 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -452,8 +452,8 @@ int tls1_enc(SSL *s, int send) if (l == 0 || l%bs != 0) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); - return(0); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); + return 0; } } @@ -476,17 +476,18 @@ int tls1_enc(SSL *s, int send) * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { - SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return(0); + /* Incorrect padding. SSLerr() and ssl3_alert are done + * by caller: we don't want to reveal whether this is + * a decryption error or a MAC verification failure + * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ + return -1; } for (j=(int)(l-i); j<(int)l; j++) { if (rec->data[j] != ii) { - SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED); - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); - return(0); + /* Incorrect padding */ + return -1; } } rec->length-=i; diff --git a/crypto/openssl/test/testss b/crypto/openssl/test/testss index 2f600f0..8d3557f 100644 --- a/crypto/openssl/test/testss +++ b/crypto/openssl/test/testss @@ -20,6 +20,8 @@ Ucert="certU.ss" echo echo "make a certificate request using 'req'" +echo "string to make the random number generator think it has entropy" >> ./.rnd + if ../apps/openssl no-rsa; then req_new='-newkey dsa:../apps/dsa512.pem' else diff --git a/crypto/openssl/tools/c89.sh b/crypto/openssl/tools/c89.sh new file mode 100755 index 0000000..b25c9fd --- /dev/null +++ b/crypto/openssl/tools/c89.sh @@ -0,0 +1,15 @@ +#!/bin/sh -k +# +# Re-order arguments so that -L comes first +# +opts="" +lopts="" + +for arg in $* ; do + case $arg in + -L*) lopts="$lopts $arg" ;; + *) opts="$opts $arg" ;; + esac +done + +c89 $lopts $opts diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num index 18b70c2..26e69dd 100755 --- a/crypto/openssl/util/libeay.num +++ b/crypto/openssl/util/libeay.num @@ -197,7 +197,7 @@ DH_generate_parameters 204 EXIST::FUNCTION:DH DH_new 205 EXIST::FUNCTION:DH DH_size 206 EXIST::FUNCTION:DH DHparams_print 207 EXIST::FUNCTION:DH -DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API +DHparams_print_fp 208 EXIST::FUNCTION:FP_API,DH DSA_free 209 EXIST::FUNCTION:DSA DSA_generate_key 210 EXIST::FUNCTION:DSA DSA_generate_parameters 211 EXIST::FUNCTION:DSA @@ -301,8 +301,8 @@ EVP_des_ede_cfb 308 EXIST::FUNCTION:DES EVP_des_ede_ofb 309 EXIST::FUNCTION:DES EVP_des_ofb 310 EXIST::FUNCTION:DES EVP_desx_cbc 311 EXIST::FUNCTION:DES -EVP_dss 312 EXIST::FUNCTION:DSA,SHA -EVP_dss1 313 EXIST::FUNCTION:DSA,SHA +EVP_dss 312 EXIST::FUNCTION:SHA,DSA +EVP_dss1 313 EXIST::FUNCTION:SHA,DSA EVP_enc_null 314 EXIST::FUNCTION: EVP_get_cipherbyname 315 EXIST::FUNCTION: EVP_get_digestbyname 316 EXIST::FUNCTION: @@ -478,7 +478,7 @@ RSA_generate_key 485 EXIST::FUNCTION:RSA RSA_new 486 EXIST::FUNCTION:RSA RSA_new_method 487 EXIST::FUNCTION:RSA RSA_print 488 EXIST::FUNCTION:RSA -RSA_print_fp 489 EXIST::FUNCTION:RSA,FP_API +RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA RSA_private_decrypt 490 EXIST::FUNCTION:RSA RSA_private_encrypt 491 EXIST::FUNCTION:RSA RSA_public_decrypt 492 EXIST::FUNCTION:RSA @@ -742,7 +742,7 @@ d2i_PrivateKey 748 EXIST::FUNCTION: d2i_PublicKey 749 EXIST::FUNCTION: d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:RSA -d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:RSA,FP_API +d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA d2i_X509 754 EXIST::FUNCTION: d2i_X509_ALGOR 755 EXIST::FUNCTION: @@ -844,7 +844,7 @@ i2d_PrivateKey 851 EXIST::FUNCTION: i2d_PublicKey 852 EXIST::FUNCTION: i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:RSA -i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:RSA,FP_API +i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA i2d_X509 857 EXIST::FUNCTION: i2d_X509_ALGOR 858 EXIST::FUNCTION: @@ -933,8 +933,8 @@ d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:RSA PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA -d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:RSA,FP_API -i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:RSA,FP_API +d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA +i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA BIO_copy_next_retry 955 EXIST::FUNCTION: RSA_flags 956 EXIST::FUNCTION:RSA X509_STORE_add_crl 957 EXIST::FUNCTION: @@ -1212,7 +1212,7 @@ name_cmp 1239 EXIST::FUNCTION: str_dup 1240 NOEXIST::FUNCTION: i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: -BIO_s_log 1243 EXIST:!WIN32,!WIN16,!macintosh:FUNCTION: +BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION: BIO_f_reliable 1244 EXIST::FUNCTION: PKCS7_dataFinal 1245 EXIST::FUNCTION: PKCS7_dataDecode 1246 EXIST::FUNCTION: @@ -1535,7 +1535,7 @@ ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION: ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION: PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA ASN1_INTEGER_cmp 1963 EXIST::FUNCTION: -d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:RSA,FP_API +d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION: PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION: X509_STORE_CTX_free 1969 EXIST::FUNCTION: @@ -1638,7 +1638,7 @@ ASN1_BIT_STRING_set 2109 EXIST::FUNCTION: X509_TRUST_get_count 2110 EXIST::FUNCTION: ASN1_INTEGER_free 2111 EXIST::FUNCTION: OTHERNAME_free 2112 EXIST::FUNCTION: -i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:RSA,FP_API +i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA ASN1_INTEGER_dup 2114 EXIST::FUNCTION: d2i_X509_CERT_AUX 2115 EXIST::FUNCTION: PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION: @@ -1873,3 +1873,6 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: +BN_pseudo_rand_range 2523 EXIST::FUNCTION: +X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: +ERR_load_COMP_strings 2525 EXIST::FUNCTION: diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl index 8ec1d07..d7b5e6f 100755 --- a/crypto/openssl/util/mkdef.pl +++ b/crypto/openssl/util/mkdef.pl @@ -293,8 +293,10 @@ sub do_defs TRUE => 1, ); my $symhacking = $file eq $symhacksfile; + my $begin_error_codes = 0; while(<IN>) { - last if (/BEGIN ERROR CODES/); + $begin_error_codes = 1 if (/BEGIN ERROR CODES/); + last if ($begin_error_codes && /Error codes for /); if ($line ne '') { $_ = $line . $_; $line = ''; diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl index 7d98b52..f833bfe 100644 --- a/crypto/openssl/util/mkerr.pl +++ b/crypto/openssl/util/mkerr.pl @@ -53,6 +53,7 @@ while(<IN>) { if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) { $hinc{$1} = $2; + $libinc{$2} = $1; $cskip{$3} = $1; if($3 ne "NONE") { $csrc{$1} = $3; @@ -74,7 +75,7 @@ close IN; # Scan each header file in turn and make a list of error codes # and function names -while (($lib, $hdr) = each %hinc) +while (($hdr, $lib) = each %libinc) { next if($hdr eq "NONE"); print STDERR "Scanning header file $hdr\n" if $debug; @@ -257,6 +258,7 @@ foreach $lib (keys %csrc) /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ +void ERR_load_${lib}_strings(void); /* Error codes for the $lib functions. */ @@ -288,7 +290,6 @@ EOF } #endif #endif - EOF close OUT; diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num index 561bac2..6883733 100755 --- a/crypto/openssl/util/ssleay.num +++ b/crypto/openssl/util/ssleay.num @@ -193,3 +193,5 @@ SSL_get1_session 242 EXIST::FUNCTION: SSL_CTX_callback_ctrl 243 EXIST::FUNCTION: SSL_callback_ctrl 244 EXIST::FUNCTION: SSL_CTX_sessions 245 EXIST::FUNCTION: +SSL_get_rfd 246 EXIST::FUNCTION: +SSL_get_wfd 247 EXIST::FUNCTION: |
