diff options
| author | markm <markm@FreeBSD.org> | 2003-01-28 22:34:21 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2003-01-28 22:34:21 +0000 |
| commit | 3f245d6325bc967e32ea631b54fb87569ded160b (patch) | |
| tree | a8ee3102ea01b359830fb8c094c644e39ce479ba /crypto | |
| parent | ad7148cc98d85da1fe9f1dde3e946c8c62e2df65 (diff) | |
| download | FreeBSD-src-3f245d6325bc967e32ea631b54fb87569ded160b.zip FreeBSD-src-3f245d6325bc967e32ea631b54fb87569ded160b.tar.gz | |
Merge conflicts.
This is cunning doublespeak for "use vendor code".
Diffstat (limited to 'crypto')
29 files changed, 1762 insertions, 1117 deletions
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf index 2ba3b2a..eca51c3 100644 --- a/crypto/openssl/apps/openssl.cnf +++ b/crypto/openssl/apps/openssl.cnf @@ -2,7 +2,6 @@ # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # -# $FreeBSD$ # This definition stops the following lines choking if HOME isn't # defined. @@ -49,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext @@ -133,7 +140,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address -emailAddress_max = 40 +emailAddress_max = 64 # SET-ex3 = SET extension number 3 @@ -181,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index ad3ebad..7f42b52 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -1,4 +1,4 @@ -/* apps/speed.c */ +/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ /* most of this code has been pilfered from my libdes speed.c program */ @@ -77,19 +75,24 @@ #include <string.h> #include <math.h> #include "apps.h" -#ifdef NO_STDIO +#ifdef OPENSSL_NO_STDIO #define APPS_WIN16 #endif #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/objects.h> +#if !defined(OPENSSL_SYS_MSDOS) +#include OPENSSL_UNISTD +#endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) # define USE_TOD -#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) +#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) # define TIMES #endif -#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS) +#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */ # define TIMEB #endif @@ -109,7 +112,7 @@ The __TMS macro will show if it was. If it wasn't defined, we should undefine TIMES, since that tells the rest of the program how things should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) #undef TIMES #endif @@ -117,7 +120,7 @@ #include <sys/timeb.h> #endif -#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS) +#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) #error "It seems neither struct tms nor struct timeb is supported in this platform!" #endif @@ -127,78 +130,113 @@ #include <sys/param.h> #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES #include <openssl/des.h> #endif -#ifndef NO_MD2 +#ifndef OPENSSL_NO_AES +#include <openssl/aes.h> +#endif +#ifndef OPENSSL_NO_MD2 #include <openssl/md2.h> #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 #include <openssl/mdc2.h> #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 #include <openssl/md4.h> #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 #include <openssl/md5.h> #endif -#ifndef NO_HMAC +#ifndef OPENSSL_NO_HMAC #include <openssl/hmac.h> #endif #include <openssl/evp.h> -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA #include <openssl/sha.h> #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD #include <openssl/ripemd.h> #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 #include <openssl/rc4.h> #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 #include <openssl/rc5.h> #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 #include <openssl/rc2.h> #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA #include <openssl/idea.h> #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF #include <openssl/blowfish.h> #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST #include <openssl/cast.h> #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #include "./testrsa.h" #endif #include <openssl/x509.h> -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include "./testdsa.h" #endif /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) +# if defined(_SC_CLK_TCK) \ + && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) +# define HZ ((double)sysconf(_SC_CLK_TCK)) +# else +# ifndef CLK_TCK +# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ +# define HZ 100.0 +# else /* _BSD_CLK_TCK_ */ +# define HZ ((double)_BSD_CLK_TCK_) +# endif +# else /* CLK_TCK */ +# define HZ ((double)CLK_TCK) # endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) # endif #endif +#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) +# define HAVE_FORK 1 +#endif + #undef BUFSIZE #define BUFSIZE ((long)1024*8+1) int run=0; -static double Time_F(int s, int usertime); -static void print_message(char *s,long num,int length); +static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0; +static int mr=0; +static int usertime=1; + +static double Time_F(int s); +static void print_message(const char *s,long num,int length); static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +static void print_result(int alg,int run_no,int count,double time_used); +#ifdef HAVE_FORK +static int do_multi(int multi); +#endif + +#define ALGOR_NUM 19 +#define SIZE_NUM 5 +#define RSA_NUM 4 +#define DSA_NUM 3 +static const char *names[ALGOR_NUM]={ + "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", + "des cbc","des ede3","idea cbc", + "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", + "aes-128 cbc","aes-192 cbc","aes-256 cbc"}; +static double results[ALGOR_NUM][SIZE_NUM]; +static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; +static double rsa_results[RSA_NUM][2]; +static double dsa_results[DSA_NUM][2]; + #ifdef SIGALRM #if defined(__STDC__) || defined(sgi) || defined(_AIX) #define SIGRETTYPE void @@ -220,15 +258,16 @@ static SIGRETTYPE sig_done(int sig) #define START 0 #define STOP 1 -static double Time_F(int s, int usertime) +static double Time_F(int s) { double ret; #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; + getrusage_used = 1; if (s == START) { getrusage(RUSAGE_SELF,&tstart); @@ -250,6 +289,7 @@ static double Time_F(int s, int usertime) static struct timeval tstart,tend; long i; + gettimeofday_used = 1; if (s == START) { gettimeofday(&tstart,NULL); @@ -270,6 +310,7 @@ static double Time_F(int s, int usertime) { static struct tms tstart,tend; + times_used = 1; if (s == START) { times(&tstart); @@ -286,8 +327,8 @@ static double Time_F(int s, int usertime) # if defined(TIMES) && defined(TIMEB) else # endif -# ifdef VXWORKS - { +# ifdef OPENSSL_SYS_VXWORKS + { static unsigned long tick_start, tick_end; if( s == START ) @@ -307,6 +348,7 @@ static double Time_F(int s, int usertime) static struct timeb tstart,tend; long i; + ftime_used = 1; if (s == START) { ftime(&tstart); @@ -321,7 +363,6 @@ static double Time_F(int s, int usertime) } } # endif - #endif } @@ -329,64 +370,85 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { + ENGINE *e = NULL; unsigned char *buf=NULL,*buf2=NULL; int mret=1; -#define ALGOR_NUM 15 -#define SIZE_NUM 5 -#define RSA_NUM 4 -#define DSA_NUM 3 - long count,rsa_count; + long count=0,save_count=0; int i,j,k; -#ifndef NO_RSA +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) + long rsa_count; +#endif +#ifndef OPENSSL_NO_RSA unsigned rsa_num; #endif -#ifndef NO_MD2 + unsigned char md[EVP_MAX_MD_SIZE]; +#ifndef OPENSSL_NO_MD2 unsigned char md2[MD2_DIGEST_LENGTH]; #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 unsigned char mdc2[MDC2_DIGEST_LENGTH]; #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 unsigned char md4[MD4_DIGEST_LENGTH]; #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 RC4_KEY rc4_ks; #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 RC5_32_KEY rc5_ks; #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 RC2_KEY rc2_ks; #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA IDEA_KEY_SCHEDULE idea_ks; #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BF_KEY bf_ks; #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST CAST_KEY cast_ks; #endif - static unsigned char key16[16]= + static const unsigned char key16[16]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - unsigned char iv[8]; -#ifndef NO_DES - des_cblock *buf_as_des_cblock = NULL; - static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - des_key_schedule sch,sch2,sch3; + static const unsigned char key24[24]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + static const unsigned char key32[32]= + {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, + 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, + 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, + 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#ifndef OPENSSL_NO_AES +#define MAX_BLOCK_SIZE 128 +#else +#define MAX_BLOCK_SIZE 64 +#endif + unsigned char DES_iv[8]; + unsigned char iv[MAX_BLOCK_SIZE/8]; +#ifndef OPENSSL_NO_DES + DES_cblock *buf_as_des_cblock = NULL; + static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; + static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; + static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; + DES_key_schedule sch; + DES_key_schedule sch2; + DES_key_schedule sch3; +#endif +#ifndef OPENSSL_NO_AES + AES_KEY aes_ks1, aes_ks2, aes_ks3; #endif #define D_MD2 0 #define D_MDC2 1 @@ -403,13 +465,12 @@ int MAIN(int argc, char **argv) #define D_CBC_RC5 12 #define D_CBC_BF 13 #define D_CBC_CAST 14 - double d,results[ALGOR_NUM][SIZE_NUM]; - static int lengths[SIZE_NUM]={8,64,256,1024,8*1024}; +#define D_CBC_128_AES 15 +#define D_CBC_192_AES 16 +#define D_CBC_256_AES 17 +#define D_EVP 18 + double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; - static char *names[ALGOR_NUM]={ - "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", - "des cbc","des ede3","idea cbc", - "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"}; #define R_DSA_512 0 #define R_DSA_1024 1 #define R_DSA_2048 2 @@ -417,10 +478,9 @@ int MAIN(int argc, char **argv) #define R_RSA_1024 1 #define R_RSA_2048 2 #define R_RSA_4096 3 -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; long rsa_c[RSA_NUM][2]; - double rsa_results[RSA_NUM][2]; static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096}; static unsigned char *rsa_data[RSA_NUM]= {test512,test1024,test2048,test4096}; @@ -428,17 +488,21 @@ int MAIN(int argc, char **argv) sizeof(test512),sizeof(test1024), sizeof(test2048),sizeof(test4096)}; #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA DSA *dsa_key[DSA_NUM]; long dsa_c[DSA_NUM][2]; - double dsa_results[DSA_NUM][2]; static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; #endif int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; int doit[ALGOR_NUM]; int pr_header=0; - int usertime=1; + const EVP_CIPHER *evp_cipher=NULL; + const EVP_MD *evp_md=NULL; + int decrypt=0; +#ifdef HAVE_FORK + int multi=0; +#endif #ifndef TIMES usertime=-1; @@ -446,7 +510,7 @@ int MAIN(int argc, char **argv) apps_startup(); memset(results, 0, sizeof(results)); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA memset(dsa_key,0,sizeof(dsa_key)); #endif @@ -454,7 +518,10 @@ int MAIN(int argc, char **argv) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); -#ifndef NO_RSA + if (!load_config(bio_err, NULL)) + goto end; + +#ifndef OPENSSL_NO_RSA memset(rsa_key,0,sizeof(rsa_key)); for (i=0; i<RSA_NUM; i++) rsa_key[i]=NULL; @@ -465,8 +532,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"out of memory\n"); goto end; } -#ifndef NO_DES - buf_as_des_cblock = (des_cblock *)buf; +#ifndef OPENSSL_NO_DES + buf_as_des_cblock = (DES_cblock *)buf; #endif if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) { @@ -475,6 +542,7 @@ int MAIN(int argc, char **argv) } memset(c,0,sizeof(c)); + memset(DES_iv,0,sizeof(DES_iv)); memset(iv,0,sizeof(iv)); for (i=0; i<ALGOR_NUM; i++) @@ -490,34 +558,108 @@ int MAIN(int argc, char **argv) while (argc) { if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0)) + { usertime = 0; -#ifndef NO_MD2 + j--; /* Otherwise, -elapsed gets confused with + an algorithm. */ + } + else if ((argc > 0) && (strcmp(*argv,"-evp") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no EVP given\n"); + goto end; + } + evp_cipher=EVP_get_cipherbyname(*argv); + if(!evp_cipher) + { + evp_md=EVP_get_digestbyname(*argv); + } + if(!evp_cipher && !evp_md) + { + BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv); + goto end; + } + doit[D_EVP]=1; + } + else if (argc > 0 && !strcmp(*argv,"-decrypt")) + { + decrypt=1; + j--; /* Otherwise, -elapsed gets confused with + an algorithm. */ + } + else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no engine given\n"); + goto end; + } + e = setup_engine(bio_err, *argv, 0); + /* j will be increased again further down. We just + don't want speed to confuse an engine with an + algorithm, especially when none is given (which + means all of them should be run) */ + j--; + } +#ifdef HAVE_FORK + else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) + { + argc--; + argv++; + if(argc == 0) + { + BIO_printf(bio_err,"no multi count given\n"); + goto end; + } + multi=atoi(argv[0]); + if(multi <= 0) + { + BIO_printf(bio_err,"bad multi count\n"); + goto end; + } + j--; /* Otherwise, -mr gets confused with + an algorithm. */ + } +#endif + else if (argc > 0 && !strcmp(*argv,"-mr")) + { + mr=1; + j--; /* Otherwise, -mr gets confused with + an algorithm. */ + } + else +#ifndef OPENSSL_NO_MD2 if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1; else #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1; else #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1; else #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1; else #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1; else #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1; else if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1; else #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1; @@ -525,20 +667,26 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1; else #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1; else #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1; else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1; else #endif -#ifndef NO_RSA -#ifdef RSAref +#ifndef OPENSSL_NO_AES + if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; + else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; + else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; + else +#endif +#ifndef OPENSSL_NO_RSA +#if 0 /* was: #ifdef RSAref */ if (strcmp(*argv,"rsaref") == 0) { - RSA_set_default_method(RSA_PKCS1_RSAref()); + RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); j--; } else @@ -551,7 +699,7 @@ int MAIN(int argc, char **argv) } else #endif -#endif /* !NO_RSA */ +#endif /* !OPENSSL_NO_RSA */ if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2; else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2; else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2; @@ -560,34 +708,34 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2; else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2; else -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1; else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1; else #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1; else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1; else #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1; else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1; else #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1; else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1; else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1; else #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1; else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1; else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1; else #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (strcmp(*argv,"des") == 0) { doit[D_CBC_DES]=1; @@ -595,7 +743,16 @@ int MAIN(int argc, char **argv) } else #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_AES + if (strcmp(*argv,"aes") == 0) + { + doit[D_CBC_128_AES]=1; + doit[D_CBC_192_AES]=1; + doit[D_CBC_256_AES]=1; + } + else +#endif +#ifndef OPENSSL_NO_RSA if (strcmp(*argv,"rsa") == 0) { rsa_doit[R_RSA_512]=1; @@ -605,7 +762,7 @@ int MAIN(int argc, char **argv) } else #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (strcmp(*argv,"dsa") == 0) { dsa_doit[R_DSA_512]=1; @@ -617,85 +774,104 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"Error: bad option or value\n"); BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available values:\n"); -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 BIO_printf(bio_err,"md2 "); #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 BIO_printf(bio_err,"mdc2 "); #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 BIO_printf(bio_err,"md4 "); #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 BIO_printf(bio_err,"md5 "); -#ifndef NO_HMAC +#ifndef OPENSSL_NO_HMAC BIO_printf(bio_err,"hmac "); #endif #endif -#ifndef NO_SHA1 +#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err,"sha1 "); #endif -#ifndef NO_RIPEMD160 +#ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); #endif -#if !defined(NO_MD2) || !defined(NO_MDC2) || !defined(NO_MD4) || !defined(NO_MD5) || !defined(NO_SHA1) || !defined(NO_RIPEMD160) +#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ + !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ + !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) BIO_printf(bio_err,"\n"); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea-cbc "); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2-cbc "); #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 BIO_printf(bio_err,"rc5-cbc "); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BIO_printf(bio_err,"bf-cbc"); #endif -#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_BF) || !defined(NO_RC5) +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) BIO_printf(bio_err,"\n"); #endif - +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"des-cbc des-ede3 "); -#ifndef NO_RC4 +#endif +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); +#endif +#ifndef OPENSSL_NO_RC4 BIO_printf(bio_err,"rc4"); #endif BIO_printf(bio_err,"\n"); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n"); #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err,"idea "); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err,"rc2 "); #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"des "); #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_AES + BIO_printf(bio_err,"aes "); +#endif +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err,"rsa "); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BIO_printf(bio_err,"blowfish"); #endif -#if !defined(NO_IDEA) || !defined(NO_RC2) || !defined(NO_DES) || !defined(NO_RSA) || !defined(NO_BF) +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \ + !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \ + !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) BIO_printf(bio_err,"\n"); #endif -#ifdef TIMES BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); +#if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif + BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); + BIO_printf(bio_err,"-evp e use EVP e.\n"); + BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); + BIO_printf(bio_err,"-mr produce machine readable output.\n"); +#ifdef HAVE_FORK + BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n"); +#endif goto end; } argc--; @@ -703,10 +879,18 @@ int MAIN(int argc, char **argv) j++; } +#ifdef HAVE_FORK + if(multi && do_multi(multi)) + goto show_res; +#endif + if (j == 0) { for (i=0; i<ALGOR_NUM; i++) - doit[i]=1; + { + if (i != D_EVP) + doit[i]=1; + } for (i=0; i<RSA_NUM; i++) rsa_doit[i]=1; for (i=0; i<DSA_NUM; i++) @@ -715,18 +899,18 @@ int MAIN(int argc, char **argv) for (i=0; i<ALGOR_NUM; i++) if (doit[i]) pr_header++; - if (usertime == 0) + if (usertime == 0 && !mr) BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n"); - if (usertime <= 0) + if (usertime <= 0 && !mr) { BIO_printf(bio_err,"To get the most accurate results, try to run this\n"); BIO_printf(bio_err,"program when this computer is idle.\n"); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (i=0; i<RSA_NUM; i++) { - unsigned char *p; + const unsigned char *p; p=rsa_data[i]; rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]); @@ -738,7 +922,9 @@ int MAIN(int argc, char **argv) #if 0 else { - BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n)); + BIO_printf(bio_err,mr ? "+RK:%d:" + : "Loaded RSA key, %d bit modulus and e= 0x", + BN_num_bits(rsa_key[i]->n)); BN_print(bio_err,rsa_key[i]->e); BIO_printf(bio_err,"\n"); } @@ -746,51 +932,57 @@ int MAIN(int argc, char **argv) } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA dsa_key[0]=get_dsa512(); dsa_key[1]=get_dsa1024(); dsa_key[2]=get_dsa2048(); #endif -#ifndef NO_DES - des_set_key_unchecked(&key,sch); - des_set_key_unchecked(&key2,sch2); - des_set_key_unchecked(&key3,sch3); +#ifndef OPENSSL_NO_DES + DES_set_key_unchecked(&key,&sch); + DES_set_key_unchecked(&key2,&sch2); + DES_set_key_unchecked(&key3,&sch3); +#endif +#ifndef OPENSSL_NO_AES + AES_set_encrypt_key(key16,128,&aes_ks1); + AES_set_encrypt_key(key24,192,&aes_ks2); + AES_set_encrypt_key(key32,256,&aes_ks3); #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16,&idea_ks); #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 RC4_set_key(&rc4_ks,16,key16); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 RC2_set_key(&rc2_ks,16,key16,128); #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 RC5_32_set_key(&rc5_ks,16,key16,12); #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF BF_set_key(&bf_ks,16,key16); #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST CAST_set_key(&cast_ks,16,key16); #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA memset(rsa_c,0,sizeof(rsa_c)); #endif #ifndef SIGALRM -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); count=10; do { long i; count*=2; - Time_F(START,usertime); + Time_F(START); for (i=count; i; i--) - des_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, - &(sch[0]),DES_ENCRYPT); - d=Time_F(STOP,usertime); + DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, + &sch,DES_ENCRYPT); + d=Time_F(STOP); } while (d <3); + save_count=count; c[D_MD2][0]=count/10; c[D_MDC2][0]=count/10; c[D_MD4][0]=count; @@ -832,7 +1024,7 @@ int MAIN(int argc, char **argv) c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1; c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1; } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0]=count/2000; rsa_c[R_RSA_512][1]=count/400; for (i=1; i<RSA_NUM; i++) @@ -852,7 +1044,7 @@ int MAIN(int argc, char **argv) } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA dsa_c[R_DSA_512][0]=count/1000; dsa_c[R_DSA_512][1]=count/1000/2; for (i=1; i<DSA_NUM; i++) @@ -877,167 +1069,152 @@ int MAIN(int argc, char **argv) #else /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." -#endif /* NO_DES */ +#endif /* OPENSSL_NO_DES */ #else #define COND(c) (run) #define COUNT(d) (count) signal(SIGALRM,sig_done); #endif /* SIGALRM */ -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 if (doit[D_MD2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD2],c[D_MD2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD2][j]); count++) - MD2(buf,(unsigned long)lengths[j],&(md2[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD2],d); - results[D_MD2][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL); + d=Time_F(STOP); + print_result(D_MD2,j,count,d); } } #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 if (doit[D_MDC2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MDC2][j]); count++) - MDC2(buf,(unsigned long)lengths[j],&(mdc2[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MDC2],d); - results[D_MDC2][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL); + d=Time_F(STOP); + print_result(D_MDC2,j,count,d); } } #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 if (doit[D_MD4]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD4],c[D_MD4][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD4][j]); count++) - MD4(&(buf[0]),(unsigned long)lengths[j],&(md4[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD4],d); - results[D_MD4][j]=((double)count)/d*lengths[j]; + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL); + d=Time_F(STOP); + print_result(D_MD4,j,count,d); } } #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 if (doit[D_MD5]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_MD5],c[D_MD5][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_MD5][j]); count++) - MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_MD5],d); - results[D_MD5][j]=((double)count)/d*lengths[j]; + EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL); + d=Time_F(STOP); + print_result(D_MD5,j,count,d); } } #endif -#if !defined(NO_MD5) && !defined(NO_HMAC) +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) if (doit[D_HMAC]) { HMAC_CTX hctx; - HMAC_Init(&hctx,(unsigned char *)"This is a key...", - 16,EVP_md5()); + + HMAC_CTX_init(&hctx); + HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...", + 16,EVP_md5(), NULL); for (j=0; j<SIZE_NUM; j++) { print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_HMAC][j]); count++) { - HMAC_Init(&hctx,NULL,0,NULL); - HMAC_Update(&hctx,buf,lengths[j]); - HMAC_Final(&hctx,&(hmac[0]),NULL); + HMAC_Init_ex(&hctx,NULL,0,NULL,NULL); + HMAC_Update(&hctx,buf,lengths[j]); + HMAC_Final(&hctx,&(hmac[0]),NULL); } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_HMAC],d); - results[D_HMAC][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_HMAC,j,count,d); } + HMAC_CTX_cleanup(&hctx); } #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_SHA1][j]); count++) - SHA1(buf,(unsigned long)lengths[j],&(sha[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_SHA1],d); - results[D_SHA1][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL); + d=Time_F(STOP); + print_result(D_SHA1,j,count,d); } } #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD if (doit[D_RMD160]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_RMD160][j]); count++) - RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0])); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_RMD160],d); - results[D_RMD160][j]=((double)count)/d*lengths[j]; + EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL); + d=Time_F(STOP); + print_result(D_RMD160,j,count,d); } } #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 if (doit[D_RC4]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_RC4],c[D_RC4][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_RC4][j]); count++) RC4(&rc4_ks,(unsigned int)lengths[j], buf,buf); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_RC4],d); - results[D_RC4][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_RC4,j,count,d); } } #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES if (doit[D_CBC_DES]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_DES][j]); count++) - des_ncbc_encrypt(buf,buf,lengths[j],sch, - &iv,DES_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_DES],d); - results[D_CBC_DES][j]=((double)count)/d*lengths[j]; + DES_ncbc_encrypt(buf,buf,lengths[j],&sch, + &DES_iv,DES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_DES,j,count,d); } } @@ -1046,111 +1223,195 @@ int MAIN(int argc, char **argv) for (j=0; j<SIZE_NUM; j++) { print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++) - des_ede3_cbc_encrypt(buf,buf,lengths[j], - sch,sch2,sch3, - &iv,DES_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_EDE3_DES],d); - results[D_EDE3_DES][j]=((double)count)/d*lengths[j]; + DES_ede3_cbc_encrypt(buf,buf,lengths[j], + &sch,&sch2,&sch3, + &DES_iv,DES_ENCRYPT); + d=Time_F(STOP); + print_result(D_EDE3_DES,j,count,d); } } #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_AES + if (doit[D_CBC_128_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks1, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_128_AES,j,count,d); + } + } + if (doit[D_CBC_192_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks2, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_192_AES,j,count,d); + } + } + if (doit[D_CBC_256_AES]) + { + for (j=0; j<SIZE_NUM; j++) + { + print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]); + Time_F(START); + for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++) + AES_cbc_encrypt(buf,buf, + (unsigned long)lengths[j],&aes_ks3, + iv,AES_ENCRYPT); + d=Time_F(STOP); + print_result(D_CBC_256_AES,j,count,d); + } + } + +#endif +#ifndef OPENSSL_NO_IDEA if (doit[D_CBC_IDEA]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++) idea_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&idea_ks, iv,IDEA_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_IDEA],d); - results[D_CBC_IDEA][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_IDEA,j,count,d); } } #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 if (doit[D_CBC_RC2]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++) RC2_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&rc2_ks, iv,RC2_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_RC2],d); - results[D_CBC_RC2][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_RC2,j,count,d); } } #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 if (doit[D_CBC_RC5]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++) RC5_32_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&rc5_ks, iv,RC5_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_RC5],d); - results[D_CBC_RC5][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_RC5,j,count,d); } } #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF if (doit[D_CBC_BF]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_BF][j]); count++) BF_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&bf_ks, iv,BF_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_BF],d); - results[D_CBC_BF][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_BF,j,count,d); } } #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST if (doit[D_CBC_CAST]) { for (j=0; j<SIZE_NUM; j++) { print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++) CAST_cbc_encrypt(buf,buf, (unsigned long)lengths[j],&cast_ks, iv,CAST_ENCRYPT); - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %s's in %.2fs\n", - count,names[D_CBC_CAST],d); - results[D_CBC_CAST][j]=((double)count)/d*lengths[j]; + d=Time_F(STOP); + print_result(D_CBC_CAST,j,count,d); } } #endif + if (doit[D_EVP]) + { + for (j=0; j<SIZE_NUM; j++) + { + if (evp_cipher) + { + EVP_CIPHER_CTX ctx; + int outl; + + names[D_EVP]=OBJ_nid2ln(evp_cipher->nid); + /* -O3 -fschedule-insns messes up an + * optimization here! names[D_EVP] + * somehow becomes NULL */ + print_message(names[D_EVP],save_count, + lengths[j]); + + EVP_CIPHER_CTX_init(&ctx); + if(decrypt) + EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); + else + EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv); + + Time_F(START); + if(decrypt) + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]); + else + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]); + if(decrypt) + EVP_DecryptFinal_ex(&ctx,buf,&outl); + else + EVP_EncryptFinal_ex(&ctx,buf,&outl); + d=Time_F(STOP); + } + if (evp_md) + { + names[D_EVP]=OBJ_nid2ln(evp_md->type); + print_message(names[D_EVP],save_count, + lengths[j]); + + Time_F(START); + for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++) + EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL); + + d=Time_F(STOP); + } + print_result(D_EVP,j,count,d); + } + } + RAND_pseudo_bytes(buf,36); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (j=0; j<RSA_NUM; j++) { int ret; @@ -1168,7 +1429,7 @@ int MAIN(int argc, char **argv) rsa_c[j][0],rsa_bits[j], RSA_SECONDS); /* RSA_blinding_on(rsa_key[j],NULL); */ - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(rsa_c[j][0]); count++) { ret=RSA_sign(NID_md5_sha1, buf,36, buf2, @@ -1182,10 +1443,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err, - "%ld %d bit private RSA's in %.2fs\n", - count,rsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n" + : "%ld %d bit private RSA's in %.2fs\n", + count,rsa_bits[j],d); rsa_results[j][0]=d/(double)count; rsa_count=count; } @@ -1203,7 +1464,7 @@ int MAIN(int argc, char **argv) pkey_print_message("public","rsa", rsa_c[j][1],rsa_bits[j], RSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(rsa_c[j][1]); count++) { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, @@ -1217,10 +1478,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err, - "%ld %d bit public RSA's in %.2fs\n", - count,rsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n" + : "%ld %d bit public RSA's in %.2fs\n", + count,rsa_bits[j],d); rsa_results[j][1]=d/(double)count; } #endif @@ -1235,7 +1496,7 @@ int MAIN(int argc, char **argv) #endif RAND_pseudo_bytes(buf,20); -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); @@ -1247,7 +1508,7 @@ int MAIN(int argc, char **argv) int ret; if (!dsa_doit[j]) continue; - DSA_generate_key(dsa_key[j]); +/* DSA_generate_key(dsa_key[j]); */ /* DSA_sign_setup(dsa_key[j],NULL); */ ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, &kk,dsa_key[j]); @@ -1262,7 +1523,7 @@ int MAIN(int argc, char **argv) pkey_print_message("sign","dsa", dsa_c[j][0],dsa_bits[j], DSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(dsa_c[j][0]); count++) { ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2, @@ -1276,9 +1537,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n", - count,dsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n" + : "%ld %d bit DSA signs in %.2fs\n", + count,dsa_bits[j],d); dsa_results[j][0]=d/(double)count; rsa_count=count; } @@ -1296,7 +1558,7 @@ int MAIN(int argc, char **argv) pkey_print_message("verify","dsa", dsa_c[j][1],dsa_bits[j], DSA_SECONDS); - Time_F(START,usertime); + Time_F(START); for (count=0,run=1; COND(dsa_c[j][1]); count++) { ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2, @@ -1310,9 +1572,10 @@ int MAIN(int argc, char **argv) break; } } - d=Time_F(STOP,usertime); - BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n", - count,dsa_bits[j],d); + d=Time_F(STOP); + BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n" + : "%ld %d bit DSA verify in %.2fs\n", + count,dsa_bits[j],d); dsa_results[j][1]=d/(double)count; } @@ -1325,106 +1588,160 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); #endif - - fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); +#ifdef HAVE_FORK +show_res: +#endif + if(!mr) + { + fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION)); fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON)); - printf("options:"); - printf("%s ",BN_options()); -#ifndef NO_MD2 - printf("%s ",MD2_options()); + printf("options:"); + printf("%s ",BN_options()); +#ifndef OPENSSL_NO_MD2 + printf("%s ",MD2_options()); #endif -#ifndef NO_RC4 - printf("%s ",RC4_options()); +#ifndef OPENSSL_NO_RC4 + printf("%s ",RC4_options()); #endif -#ifndef NO_DES - printf("%s ",des_options()); +#ifndef OPENSSL_NO_DES + printf("%s ",DES_options()); #endif -#ifndef NO_IDEA - printf("%s ",idea_options()); +#ifndef OPENSSL_NO_AES + printf("%s ",AES_options()); #endif -#ifndef NO_BF - printf("%s ",BF_options()); +#ifndef OPENSSL_NO_IDEA + printf("%s ",idea_options()); #endif - fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); +#ifndef OPENSSL_NO_BF + printf("%s ",BF_options()); +#endif + fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS)); + printf("available timing options: "); +#ifdef TIMES + printf("TIMES "); +#endif +#ifdef TIMEB + printf("TIMEB "); +#endif +#ifdef USE_TOD + printf("USE_TOD "); +#endif +#ifdef HZ +#define as_string(s) (#s) + printf("HZ=%g", (double)HZ); +# ifdef _SC_CLK_TCK + printf(" [sysconf value]"); +# endif +#endif + printf("\n"); + printf("timing function used: %s%s%s%s%s%s%s\n", + (ftime_used ? "ftime" : ""), + (ftime_used + times_used > 1 ? "," : ""), + (times_used ? "times" : ""), + (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""), + (gettimeofday_used ? "gettimeofday" : ""), + (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""), + (getrusage_used ? "getrusage" : "")); + } if (pr_header) { - fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); - fprintf(stdout,"type "); + if(mr) + fprintf(stdout,"+H"); + else + { + fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); + fprintf(stdout,"type "); + } for (j=0; j<SIZE_NUM; j++) - fprintf(stdout,"%7d bytes",lengths[j]); + fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]); fprintf(stdout,"\n"); } for (k=0; k<ALGOR_NUM; k++) { if (!doit[k]) continue; - fprintf(stdout,"%-13s",names[k]); + if(mr) + fprintf(stdout,"+F:%d:%s",k,names[k]); + else + fprintf(stdout,"%-13s",names[k]); for (j=0; j<SIZE_NUM; j++) { - if (results[k][j] > 10000) + if (results[k][j] > 10000 && !mr) fprintf(stdout," %11.2fk",results[k][j]/1e3); else - fprintf(stdout," %11.2f ",results[k][j]); + fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]); } fprintf(stdout,"\n"); } -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA j=1; for (k=0; k<RSA_NUM; k++) { if (!rsa_doit[k]) continue; - if (j) + if (j && !mr) { printf("%18ssign verify sign/s verify/s\n"," "); j=0; } - fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", - rsa_bits[k],rsa_results[k][0],rsa_results[k][1], - 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); - fprintf(stdout,"\n"); + if(mr) + fprintf(stdout,"+F2:%u:%u:%f:%f\n", + k,rsa_bits[k],rsa_results[k][0], + rsa_results[k][1]); + else + fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + rsa_bits[k],rsa_results[k][0],rsa_results[k][1], + 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); } #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA j=1; for (k=0; k<DSA_NUM; k++) { if (!dsa_doit[k]) continue; - if (j) { + if (j && !mr) + { printf("%18ssign verify sign/s verify/s\n"," "); j=0; } - fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f", - dsa_bits[k],dsa_results[k][0],dsa_results[k][1], - 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); - fprintf(stdout,"\n"); + if(mr) + fprintf(stdout,"+F3:%u:%u:%f:%f\n", + k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]); + else + fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + dsa_bits[k],dsa_results[k][0],dsa_results[k][1], + 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); } #endif mret=0; end: + ERR_print_errors(bio_err); if (buf != NULL) OPENSSL_free(buf); if (buf2 != NULL) OPENSSL_free(buf2); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA for (i=0; i<RSA_NUM; i++) if (rsa_key[i] != NULL) RSA_free(rsa_key[i]); #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA for (i=0; i<DSA_NUM; i++) if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); #endif - EXIT(mret); + apps_shutdown(); + OPENSSL_EXIT(mret); } -static void print_message(char *s, long num, int length) +static void print_message(const char *s, long num, int length) { #ifdef SIGALRM - BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length); + BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n" + : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length); (void)BIO_flush(bio_err); alarm(SECONDS); #else - BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length); + BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n" + : "Doing %s %ld times on %d size blocks: ",s,num,length); (void)BIO_flush(bio_err); #endif #ifdef LINT @@ -1436,11 +1753,13 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, int tm) { #ifdef SIGALRM - BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); + BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n" + : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm); (void)BIO_flush(bio_err); alarm(RSA_SECONDS); #else - BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2); + BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n" + : "Doing %ld %d bit %s %s's: ",num,bits,str,str2); (void)BIO_flush(bio_err); #endif #ifdef LINT @@ -1448,3 +1767,175 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, #endif } +static void print_result(int alg,int run_no,int count,double time_used) + { + BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" + : "%ld %s's in %.2fs\n",count,names[alg],time_used); + results[alg][run_no]=((double)count)/time_used*lengths[run_no]; + } + +static char *sstrsep(char **string, const char *delim) + { + char isdelim[256]; + char *token = *string; + + if (**string == 0) + return NULL; + + memset(isdelim, 0, sizeof isdelim); + isdelim[0] = 1; + + while (*delim) + { + isdelim[(unsigned char)(*delim)] = 1; + delim++; + } + + while (!isdelim[(unsigned char)(**string)]) + { + (*string)++; + } + + if (**string) + { + **string = 0; + (*string)++; + } + + return token; + } + +#ifdef HAVE_FORK +static int do_multi(int multi) + { + int n; + int fd[2]; + int *fds; + static char sep[]=":"; + + fds=malloc(multi*sizeof *fds); + for(n=0 ; n < multi ; ++n) + { + pipe(fd); + if(fork()) + { + close(fd[1]); + fds[n]=fd[0]; + } + else + { + close(fd[0]); + close(1); + dup(fd[1]); + close(fd[1]); + mr=1; + usertime=0; + return 0; + } + printf("Forked child %d\n",n); + } + + /* for now, assume the pipe is long enough to take all the output */ + for(n=0 ; n < multi ; ++n) + { + FILE *f; + char buf[1024]; + char *p; + + f=fdopen(fds[n],"r"); + while(fgets(buf,sizeof buf,f)) + { + p=strchr(buf,'\n'); + if(p) + *p='\0'; + if(buf[0] != '+') + { + fprintf(stderr,"Don't understand line '%s' from child %d\n", + buf,n); + continue; + } + printf("Got: %s from %d\n",buf,n); + if(!strncmp(buf,"+F:",3)) + { + int alg; + int j; + + p=buf+3; + alg=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + for(j=0 ; j < SIZE_NUM ; ++j) + results[alg][j]+=atof(sstrsep(&p,sep)); + } + else if(!strncmp(buf,"+F2:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); + else + rsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); + else + rsa_results[k][1]=d; + } + else if(!strncmp(buf,"+F2:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d); + else + rsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d); + else + rsa_results[k][1]=d; + } + else if(!strncmp(buf,"+F3:",4)) + { + int k; + double d; + + p=buf+4; + k=atoi(sstrsep(&p,sep)); + sstrsep(&p,sep); + + d=atof(sstrsep(&p,sep)); + if(n) + dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d); + else + dsa_results[k][0]=d; + + d=atof(sstrsep(&p,sep)); + if(n) + dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d); + else + dsa_results[k][1]=d; + } + else if(!strncmp(buf,"+H:",3)) + { + } + else + fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n); + } + } + return 1; + } +#endif diff --git a/crypto/openssl/crypto/des/des.h b/crypto/openssl/crypto/des/des.h index e254c2a..daaf239 100644 --- a/crypto/openssl/crypto/des/des.h +++ b/crypto/openssl/crypto/des/des.h @@ -54,45 +54,55 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ -#ifndef HEADER_DES_H -#define HEADER_DES_H +#ifndef HEADER_NEW_DES_H +#define HEADER_NEW_DES_H -#ifdef NO_DES +#ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#ifdef _KERBEROS_DES_H -#error <openssl/des.h> replaces <kerberos/des.h>. -#endif - #include <openssl/opensslconf.h> /* DES_LONG */ #include <openssl/e_os2.h> /* OPENSSL_EXTERN */ +#ifdef OPENSSL_BUILD_SHLIBCRYPTO +# undef OPENSSL_EXTERN +# define OPENSSL_EXTERN OPENSSL_EXPORT +#endif + #ifdef __cplusplus extern "C" { #endif -typedef unsigned char des_cblock[8]; -typedef /* const */ unsigned char const_des_cblock[8]; -/* With "const", gcc 2.8.1 on Solaris thinks that des_cblock * - * and const_des_cblock * are incompatible pointer types. */ +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * + * and const_DES_cblock * are incompatible pointer types. */ -typedef struct des_ks_struct +typedef struct DES_ks + { + union { - union { - des_cblock cblock; - /* make sure things are correct size on machines with - * 8 byte longs */ - DES_LONG deslong[2]; - } ks; - int weak_key; - } des_key_schedule[16]; + DES_cblock cblock; + /* make sure things are correct size on machines with + * 8 byte longs */ + DES_LONG deslong[2]; + } ks[16]; + } DES_key_schedule; + +#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT +# define OPENSSL_ENABLE_OLD_DES_SUPPORT +# endif +#endif -#define DES_KEY_SZ (sizeof(des_cblock)) -#define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) +#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT +# include <openssl/des_old.h> +#endif + +#define DES_KEY_SZ (sizeof(DES_cblock)) +#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) #define DES_ENCRYPT 1 #define DES_DECRYPT 0 @@ -100,44 +110,45 @@ typedef struct des_ks_struct #define DES_CBC_MODE 0 #define DES_PCBC_MODE 1 -#define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -OPENSSL_EXTERN int des_check_key; /* defaults to false */ -OPENSSL_EXTERN int des_rw_mode; /* defaults to DES_PCBC_MODE */ -OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */ - -const char *des_options(void); -void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3, int enc); -DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output, - long length,des_key_schedule schedule, - const_des_cblock *ivec); -/* des_cbc_encrypt does not update the IV! Use des_ncbc_encrypt instead. */ -void des_cbc_encrypt(const unsigned char *input,unsigned char *output, - long length,des_key_schedule schedule,des_cblock *ivec, +#define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ +#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) +OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ +#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) + +const char *DES_options(void); +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, + long length,DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, int enc); -void des_ncbc_encrypt(const unsigned char *input,unsigned char *output, - long length,des_key_schedule schedule,des_cblock *ivec, +void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, int enc); -void des_xcbc_encrypt(const unsigned char *input,unsigned char *output, - long length,des_key_schedule schedule,des_cblock *ivec, - const_des_cblock *inw,const_des_cblock *outw,int enc); -void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,des_cblock *ivec, +void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, + const_DES_cblock *inw,const_DES_cblock *outw,int enc); +void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, + long length,DES_key_schedule *schedule,DES_cblock *ivec, int enc); -void des_ecb_encrypt(const_des_cblock *input,des_cblock *output, - des_key_schedule ks,int enc); +void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output, + DES_key_schedule *ks,int enc); /* This is the DES encryption function that gets called by just about every other DES routine in the library. You should not use this @@ -146,122 +157,81 @@ void des_ecb_encrypt(const_des_cblock *input,des_cblock *output, long, and this needs to be done to make sure 'non-aligned' memory access do not occur. The characters are loaded 'little endian'. Data is a pointer to 2 unsigned long's and ks is the - des_key_schedule to use. enc, is non zero specifies encryption, + DES_key_schedule to use. enc, is non zero specifies encryption, zero if decryption. */ -void des_encrypt1(DES_LONG *data,des_key_schedule ks, int enc); +void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc); -/* This functions is the same as des_encrypt1() except that the DES +/* This functions is the same as DES_encrypt1() except that the DES initial permutation (IP) and final permutation (FP) have been left - out. As for des_encrypt1(), you should not use this function. + out. As for DES_encrypt1(), you should not use this function. It is used by the routines in the library that implement triple DES. - IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same - as des_encrypt1() des_encrypt1() des_encrypt1() except faster :-). */ -void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); - -void des_encrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void des_decrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3); -void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, + IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same + as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ +void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, long length, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3,des_cblock *ivec,int enc); -void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3,DES_cblock *ivec,int enc); +void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, long length, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3, - des_cblock *ivec1,des_cblock *ivec2, + DES_key_schedule *ks1,DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec1,DES_cblock *ivec2, int enc); -void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, - long length,des_key_schedule ks1, - des_key_schedule ks2,des_key_schedule ks3, - des_cblock *ivec,int *num,int enc); -void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, - long length,des_key_schedule ks1, - des_key_schedule ks2,des_key_schedule ks3, - des_cblock *ivec,int *num); - -void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white, - des_cblock *out_white); - -int des_enc_read(int fd,void *buf,int len,des_key_schedule sched, - des_cblock *iv); -int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched, - des_cblock *iv); -char *des_fcrypt(const char *buf,const char *salt, char *ret); -char *des_crypt(const char *buf,const char *salt); -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN) -char *crypt(const char *buf,const char *salt); -#endif -void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,des_cblock *ivec); -void des_pcbc_encrypt(const unsigned char *input,unsigned char *output, - long length,des_key_schedule schedule,des_cblock *ivec, +void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, + long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int *num,int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, + long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int *num); + +void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, + DES_cblock *out_white); + +int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, + DES_cblock *iv); +int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, + DES_cblock *iv); +char *DES_fcrypt(const char *buf,const char *salt, char *ret); +char *DES_crypt(const char *buf,const char *salt); +void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, + long length,DES_key_schedule *schedule,DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output, + long length,DES_key_schedule *schedule,DES_cblock *ivec, int enc); -DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[], - long length,int out_count,des_cblock *seed); -void des_random_seed(des_cblock *key); -int des_new_random_key(des_cblock *key); -void des_init_random_number_generator(des_cblock *seed); -void des_rand_data(unsigned char *data, int size); -int des_random_key(des_cblock *ret); -int des_read_password(des_cblock *key,const char *_prompt,int verify); -int des_read_2passwords(des_cblock *key1,des_cblock *key2, - const char *_prompt,int verify); -int des_read_pw_string(char *buf,int length,const char *_prompt,int verify); -void des_set_odd_parity(des_cblock *key); -int des_check_key_parity(const_des_cblock *key); -int des_is_weak_key(const_des_cblock *key); -/* des_set_key (= set_key = des_key_sched = key_sched) calls - * des_set_key_checked if global variable des_check_key is set, - * des_set_key_unchecked otherwise. */ -int des_set_key(const_des_cblock *key,des_key_schedule schedule); -int des_key_sched(const_des_cblock *key,des_key_schedule schedule); -int des_set_key_checked(const_des_cblock *key,des_key_schedule schedule); -void des_set_key_unchecked(const_des_cblock *key,des_key_schedule schedule); -void des_string_to_key(const char *str,des_cblock *key); -void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2); -void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, - des_key_schedule schedule,des_cblock *ivec,int *num, +DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[], + long length,int out_count,DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. */ +int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); +void DES_string_to_key(const char *str,DES_cblock *key); +void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, + DES_key_schedule *schedule,DES_cblock *ivec,int *num, int enc); -void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, - des_key_schedule schedule,des_cblock *ivec,int *num); -int des_read_pw(char *buf,char *buff,int size,const char *_prompt,int verify); - -/* The following definitions provide compatibility with the MIT Kerberos - * library. The des_key_schedule structure is not binary compatible. */ +void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, + DES_key_schedule *schedule,DES_cblock *ivec,int *num); -#define _KERBEROS_DES_H - -#define KRBDES_ENCRYPT DES_ENCRYPT -#define KRBDES_DECRYPT DES_DECRYPT - -#ifdef KERBEROS -# define ENCRYPT DES_ENCRYPT -# define DECRYPT DES_DECRYPT -#endif - -#ifndef NCOMPAT -# define C_Block des_cblock -# define Key_schedule des_key_schedule -# define KEY_SZ DES_KEY_SZ -# define string_to_key des_string_to_key -# define read_pw_string des_read_pw_string -# define random_key des_random_key -# define pcbc_encrypt des_pcbc_encrypt -# define set_key des_set_key -# define key_sched des_key_sched -# define ecb_encrypt des_ecb_encrypt -# define cbc_encrypt des_cbc_encrypt -# define ncbc_encrypt des_ncbc_encrypt -# define xcbc_encrypt des_xcbc_encrypt -# define cbc_cksum des_cbc_cksum -# define quad_cksum des_quad_cksum -# define check_parity des_check_key_parity -#endif +int DES_read_password(DES_cblock *key, const char *prompt, int verify); +int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, + int verify); -typedef des_key_schedule bit_64; -#define des_fixup_key_parity des_set_odd_parity +#define DES_fixup_key_parity DES_set_odd_parity #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c index 5449a31..90029fd 100644 --- a/crypto/openssl/crypto/err/err_all.c +++ b/crypto/openssl/crypto/err/err_all.c @@ -1,5 +1,4 @@ /* crypto/err/err_all.c */ -/* $FreeBSD$ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,18 +59,18 @@ #include <stdio.h> #include <openssl/asn1.h> #include <openssl/bn.h> +#ifndef OPENSSL_NO_EC +#include <openssl/ec.h> +#endif #include <openssl/buffer.h> #include <openssl/bio.h> -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #endif -#ifdef RSAref -#include <openssl/rsaref.h> -#endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> #endif #include <openssl/evp.h> @@ -82,8 +81,10 @@ #include <openssl/conf.h> #include <openssl/pkcs12.h> #include <openssl/rand.h> -#include <openssl/err.h> #include <openssl/dso.h> +#include <openssl/engine.h> +#include <openssl/ocsp.h> +#include <openssl/err.h> void ERR_load_crypto_strings(void) { @@ -91,35 +92,38 @@ void ERR_load_crypto_strings(void) if (done) return; done=1; -#ifndef NO_ERR - ERR_load_ASN1_strings(); +#ifndef OPENSSL_NO_ERR + ERR_load_ERR_strings(); /* include error strings for SYSerr */ ERR_load_BN_strings(); - ERR_load_BUF_strings(); - ERR_load_BIO_strings(); - ERR_load_CONF_strings(); -#ifndef NO_RSA -#ifdef RSAref - ERR_load_RSAREF_strings(); -#else +#ifndef OPENSSL_NO_RSA ERR_load_RSA_strings(); #endif -#endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH ERR_load_DH_strings(); #endif -#ifndef NO_DSA - ERR_load_DSA_strings(); -#endif - ERR_load_ERR_strings(); ERR_load_EVP_strings(); + ERR_load_BUF_strings(); ERR_load_OBJ_strings(); ERR_load_PEM_strings(); +#ifndef OPENSSL_NO_DSA + ERR_load_DSA_strings(); +#endif ERR_load_X509_strings(); - ERR_load_X509V3_strings(); + ERR_load_ASN1_strings(); + ERR_load_CONF_strings(); ERR_load_CRYPTO_strings(); - ERR_load_PKCS7_strings(); +#ifndef OPENSSL_NO_EC + ERR_load_EC_strings(); +#endif + /* skip ERR_load_SSL_strings() because it is not in this library */ + ERR_load_BIO_strings(); + ERR_load_PKCS7_strings(); + ERR_load_X509V3_strings(); ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); + ERR_load_ENGINE_strings(); + ERR_load_OCSP_strings(); + ERR_load_UI_strings(); #endif } diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index e22089a..45a25f9 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #ifndef HEADER_ENVELOPE_H @@ -69,71 +67,81 @@ # undef OPENSSL_ALGORITHM_DEFINES #endif -#ifndef NO_BIO +#include <openssl/ossl_typ.h> + +#include <openssl/symhacks.h> + +#ifndef OPENSSL_NO_BIO #include <openssl/bio.h> #endif -#ifndef NO_MD2 +#ifndef OPENSSL_NO_MD2 #include <openssl/md2.h> #endif -#ifndef NO_MD4 +#ifndef OPENSSL_NO_MD4 #include <openssl/md4.h> #endif -#ifndef NO_MD5 +#ifndef OPENSSL_NO_MD5 #include <openssl/md5.h> #endif -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA #include <openssl/sha.h> #endif -#ifndef NO_RIPEMD +#ifndef OPENSSL_NO_RIPEMD #include <openssl/ripemd.h> #endif -#ifndef NO_DES +#ifndef OPENSSL_NO_DES #include <openssl/des.h> #endif -#ifndef NO_RC4 +#ifndef OPENSSL_NO_RC4 #include <openssl/rc4.h> #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 #include <openssl/rc2.h> #endif -#ifndef NO_RC5 +#ifndef OPENSSL_NO_RC5 #include <openssl/rc5.h> #endif -#ifndef NO_BF +#ifndef OPENSSL_NO_BF #include <openssl/blowfish.h> #endif -#ifndef NO_CAST +#ifndef OPENSSL_NO_CAST #include <openssl/cast.h> #endif -#ifndef NO_IDEA +#ifndef OPENSSL_NO_IDEA #include <openssl/idea.h> #endif -#ifndef NO_MDC2 +#ifndef OPENSSL_NO_MDC2 #include <openssl/mdc2.h> #endif +#ifndef OPENSSL_NO_AES +#include <openssl/aes.h> +#endif +/* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 #define EVP_BLOWFISH_KEY_SIZE 16 #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 +*/ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ -#define EVP_MAX_KEY_LENGTH 24 -#define EVP_MAX_IV_LENGTH 8 +#define EVP_MAX_KEY_LENGTH 32 +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 #define PKCS5_SALT_LEN 8 /* Default PKCS#5 iteration count */ #define PKCS5_DEFAULT_ITER 2048 -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #include <openssl/rsa.h> #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #include <openssl/dsa.h> #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif @@ -166,26 +174,26 @@ extern "C" { /* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do * arbitrary encryption.... */ -typedef struct evp_pkey_st +struct evp_pkey_st { int type; int save_type; int references; union { char *ptr; -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA struct rsa_st *rsa; /* RSA */ #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA struct dsa_st *dsa; /* DSA */ #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ #endif } pkey; int save_parameters; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - } EVP_PKEY; + } /* EVP_PKEY */; #define EVP_PKEY_MO_SIGN 0x0001 #define EVP_PKEY_MO_VERIFY 0x0002 @@ -246,7 +254,6 @@ typedef struct evp_pkey_method_st int (*sign)(); int (*verify)(); struct { - int int (*set)(); /* get and/or set the underlying type */ int (*get)(); int (*encrypt)(); @@ -261,27 +268,32 @@ typedef struct evp_pkey_method_st #endif #ifndef EVP_MD -typedef struct env_md_st +struct env_md_st { int type; int pkey_type; int md_size; - void (*init)(); - void (*update)(); - void (*final)(); - + unsigned long flags; + int (*init)(EVP_MD_CTX *ctx); + int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); + int (*final)(EVP_MD_CTX *ctx,unsigned char *md); + int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); + int (*cleanup)(EVP_MD_CTX *ctx); + + /* FIXME: prototype these some day */ int (*sign)(); int (*verify)(); int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; - int ctx_size; /* how big does the ctx need to be */ - } EVP_MD; - + int ctx_size; /* how big does the ctx->md_data need to be */ + } /* EVP_MD */; +#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single + * block */ #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} @@ -289,7 +301,7 @@ typedef struct env_md_st #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ @@ -303,34 +315,20 @@ typedef struct env_md_st #endif /* !EVP_MD */ -typedef struct env_md_ctx_st +struct env_md_ctx_st { const EVP_MD *digest; - union { - unsigned char base[4]; -#ifndef NO_MD2 - MD2_CTX md2; -#endif -#ifndef NO_MD5 - MD5_CTX md5; -#endif -#ifndef NO_MD4 - MD4_CTX md4; -#endif -#ifndef NO_RIPEMD - RIPEMD160_CTX ripemd160; -#endif -#ifndef NO_SHA - SHA_CTX sha; -#endif -#ifndef NO_MDC2 - MDC2_CTX mdc2; -#endif - } md; - } EVP_MD_CTX; + ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ + unsigned long flags; + void *md_data; + } /* EVP_MD_CTX */; + +/* values for EVP_MD_CTX flags */ -typedef struct evp_cipher_st EVP_CIPHER; -typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called + * once only */ +#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been + * cleaned */ struct evp_cipher_st { @@ -344,12 +342,12 @@ struct evp_cipher_st int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ - int ctx_size; /* how big the ctx needs to be */ + int ctx_size; /* how big ctx->cipher_data needs to be */ int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ void *app_data; /* Application data */ - }; + } /* EVP_CIPHER */; /* Values for cipher flags */ @@ -371,6 +369,8 @@ struct evp_cipher_st #define EVP_CIPH_CTRL_INIT 0x40 /* Don't use standard key length function */ #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 +/* Don't use standard block padding */ +#define EVP_CIPH_NO_PADDING 0x100 /* ctrl() values */ @@ -390,62 +390,23 @@ typedef struct evp_cipher_info_st struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; + ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ int encrypt; /* encrypt or decrypt */ int buf_len; /* number we have left */ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ + unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ int num; /* used by cfb/ofb mode */ void *app_data; /* application stuff */ int key_len; /* May change for variable length cipher */ - union { -#ifndef NO_RC4 - struct - { - unsigned char key[EVP_RC4_KEY_SIZE]; - RC4_KEY ks; /* working key */ - } rc4; -#endif -#ifndef NO_DES - des_key_schedule des_ks;/* key schedule */ - struct - { - des_key_schedule ks;/* key schedule */ - des_cblock inw; - des_cblock outw; - } desx_cbc; - struct - { - des_key_schedule ks1;/* key schedule */ - des_key_schedule ks2;/* key schedule (for ede) */ - des_key_schedule ks3;/* key schedule (for ede3) */ - } des_ede; -#endif -#ifndef NO_IDEA - IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ -#endif -#ifndef NO_RC2 - struct { - int key_bits; /* effective key bits */ - RC2_KEY ks;/* key schedule */ - } rc2; -#endif -#ifndef NO_RC5 - struct { - int rounds; /* number of rounds */ - RC5_32_KEY ks;/* key schedule */ - } rc5; -#endif -#ifndef NO_BF - BF_KEY bf_ks;/* key schedule */ -#endif -#ifndef NO_CAST - CAST_KEY cast_ks;/* key schedule */ -#endif - } c; - }; + unsigned long flags; /* Various flags */ + void *cipher_data; /* per EVP data */ + int final_used; + int block_mask; + unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ + } /* EVP_CIPHER_CTX */; typedef struct evp_Encode_Ctx_st { @@ -462,20 +423,20 @@ typedef struct evp_Encode_Ctx_st /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, - EVP_MD *md, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ (char *)(rsa)) #endif -#ifndef NO_DSA +#ifndef OPENSSL_NO_DSA #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ (char *)(dsa)) #endif -#ifndef NO_DH +#ifndef OPENSSL_NO_DH #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ (char *)(dh)) #endif @@ -487,6 +448,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) #define EVP_MD_type(e) ((e)->type) +#define EVP_MD_nid(e) EVP_MD_type(e) +#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) #define EVP_MD_pkey_type(e) ((e)->pkey_type) #define EVP_MD_size(e) ((e)->md_size) #define EVP_MD_block_size(e) ((e)->block_size) @@ -497,6 +460,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) #define EVP_CIPHER_nid(e) ((e)->nid) +#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) #define EVP_CIPHER_block_size(e) ((e)->block_size) #define EVP_CIPHER_key_length(e) ((e)->key_len) #define EVP_CIPHER_iv_length(e) ((e)->iv_len) @@ -517,8 +481,10 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_SignInit(a,b) EVP_DigestInit(a,b) #define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) @@ -545,38 +511,61 @@ void BIO_set_md(BIO *,const EVP_MD *md); #define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - -int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); -void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, unsigned int cnt); -void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +int EVP_Digest(void *data, unsigned int count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, - int count, unsigned char *key, unsigned char *iv); +int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, + int datal, int count, unsigned char *key,unsigned char *iv); -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, - unsigned char *key,unsigned char *iv,int enc); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, + const unsigned char *key,const unsigned char *iv, + int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key,const unsigned char *iv, + int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, EVP_PKEY *pkey); @@ -584,13 +573,13 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, +int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, int ekl,unsigned char *iv,EVP_PKEY *priv); int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, @@ -608,9 +597,10 @@ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -#ifndef NO_BIO +#ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); @@ -619,89 +609,134 @@ void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, unsigned char *i, int enc); #endif -EVP_MD *EVP_md_null(void); -#ifndef NO_MD2 -EVP_MD *EVP_md2(void); -#endif -#ifndef NO_MD4 -EVP_MD *EVP_md4(void); -#endif -#ifndef NO_MD5 -EVP_MD *EVP_md5(void); -#endif -#ifndef NO_SHA -EVP_MD *EVP_sha(void); -EVP_MD *EVP_sha1(void); -EVP_MD *EVP_dss(void); -EVP_MD *EVP_dss1(void); -#endif -#ifndef NO_MDC2 -EVP_MD *EVP_mdc2(void); -#endif -#ifndef NO_RIPEMD -EVP_MD *EVP_ripemd160(void); -#endif -EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ -#ifndef NO_DES -EVP_CIPHER *EVP_des_ecb(void); -EVP_CIPHER *EVP_des_ede(void); -EVP_CIPHER *EVP_des_ede3(void); -EVP_CIPHER *EVP_des_cfb(void); -EVP_CIPHER *EVP_des_ede_cfb(void); -EVP_CIPHER *EVP_des_ede3_cfb(void); -EVP_CIPHER *EVP_des_ofb(void); -EVP_CIPHER *EVP_des_ede_ofb(void); -EVP_CIPHER *EVP_des_ede3_ofb(void); -EVP_CIPHER *EVP_des_cbc(void); -EVP_CIPHER *EVP_des_ede_cbc(void); -EVP_CIPHER *EVP_des_ede3_cbc(void); -EVP_CIPHER *EVP_desx_cbc(void); -#endif -#ifndef NO_RC4 -EVP_CIPHER *EVP_rc4(void); -EVP_CIPHER *EVP_rc4_40(void); -#endif -#ifndef NO_IDEA -EVP_CIPHER *EVP_idea_ecb(void); -EVP_CIPHER *EVP_idea_cfb(void); -EVP_CIPHER *EVP_idea_ofb(void); -EVP_CIPHER *EVP_idea_cbc(void); -#endif -#ifndef NO_RC2 -EVP_CIPHER *EVP_rc2_ecb(void); -EVP_CIPHER *EVP_rc2_cbc(void); -EVP_CIPHER *EVP_rc2_40_cbc(void); -EVP_CIPHER *EVP_rc2_64_cbc(void); -EVP_CIPHER *EVP_rc2_cfb(void); -EVP_CIPHER *EVP_rc2_ofb(void); -#endif -#ifndef NO_BF -EVP_CIPHER *EVP_bf_ecb(void); -EVP_CIPHER *EVP_bf_cbc(void); -EVP_CIPHER *EVP_bf_cfb(void); -EVP_CIPHER *EVP_bf_ofb(void); -#endif -#ifndef NO_CAST -EVP_CIPHER *EVP_cast5_ecb(void); -EVP_CIPHER *EVP_cast5_cbc(void); -EVP_CIPHER *EVP_cast5_cfb(void); -EVP_CIPHER *EVP_cast5_ofb(void); -#endif -#ifndef NO_RC5 -EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); -#endif -void OpenSSL_add_all_algorithms(void); +const EVP_MD *EVP_md_null(void); +#ifndef OPENSSL_NO_MD2 +const EVP_MD *EVP_md2(void); +#endif +#ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +#endif +#ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +#endif +#ifndef OPENSSL_NO_SHA +const EVP_MD *EVP_sha(void); +const EVP_MD *EVP_sha1(void); +const EVP_MD *EVP_dss(void); +const EVP_MD *EVP_dss1(void); +#endif +#ifndef OPENSSL_NO_MDC2 +const EVP_MD *EVP_mdc2(void); +#endif +#ifndef OPENSSL_NO_RIPEMD +const EVP_MD *EVP_ripemd160(void); +#endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb(void); +const EVP_CIPHER *EVP_des_ede_cfb(void); +const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +/* This should now be supported through the dev_crypto ENGINE. But also, why are + * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ +#if 0 +# ifdef OPENSSL_OPENBSD_DEV_CRYPTO +const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); +const EVP_CIPHER *EVP_dev_crypto_rc4(void); +const EVP_MD *EVP_dev_crypto_md5(void); +# endif +#endif +#endif +#ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +#endif +#ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef OPENSSL_NO_RC5 +const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +#endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_128_ctr(void); +#endif +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_192_ctr(void); +#endif +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_ofb(void); +#if 0 +const EVP_CIPHER *EVP_aes_256_ctr(void); +#endif +#endif + +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +#endif + void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() #define SSLeay_add_all_digests() OpenSSL_add_all_digests() -int EVP_add_cipher(EVP_CIPHER *cipher); -int EVP_add_digest(EVP_MD *digest); +int EVP_add_cipher(const EVP_CIPHER *cipher); +int EVP_add_digest(const EVP_MD *digest); const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); @@ -715,18 +750,24 @@ int EVP_PKEY_type(int type); int EVP_PKEY_bits(EVP_PKEY *pkey); int EVP_PKEY_size(EVP_PKEY *pkey); int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); -#ifndef NO_RSA -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); -RSA * EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + +#ifndef OPENSSL_NO_RSA +struct rsa_st; +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); #endif -#ifndef NO_DSA -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); -DSA * EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +#ifndef OPENSSL_NO_DSA +struct dsa_st; +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); #endif -#ifndef NO_DH -int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); -DH * EVP_PKEY_get1_DH(EVP_PKEY *pkey); +#ifndef OPENSSL_NO_DH +struct dh_st; +int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); #endif + + EVP_PKEY * EVP_PKEY_new(void); void EVP_PKEY_free(EVP_PKEY *pkey); EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, @@ -756,20 +797,20 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); /* PKCS5 password based encryption */ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); void PKCS5_PBE_add(void); int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); -int EVP_PBE_alg_add(int nid, EVP_CIPHER *cipher, EVP_MD *md, +int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); void EVP_PBE_cleanup(void); @@ -787,6 +828,8 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL 101 +#define EVP_F_EVP_DIGESTINIT 128 +#define EVP_F_EVP_ENCRYPTFINAL 127 #define EVP_F_EVP_MD_CTX_COPY 110 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 @@ -801,6 +844,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_PKEY_GET1_DSA 120 #define EVP_F_EVP_PKEY_GET1_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_RIJNDAEL 126 #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 @@ -809,12 +853,15 @@ void ERR_load_EVP_strings(void); #define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 #define EVP_R_CIPHER_PARAMETER_ERROR 122 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 #define EVP_R_ENCODE_ERROR 115 @@ -829,6 +876,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_KEYGEN_FAILURE 120 #define EVP_R_MISSING_PARAMETERS 103 #define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DIGEST_SET 139 #define EVP_R_NO_DSA_PARAMETERS 116 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 diff --git a/crypto/openssl/crypto/idea/Makefile.ssl b/crypto/openssl/crypto/idea/Makefile.ssl index 8923d7d..ca4b76f 100644 --- a/crypto/openssl/crypto/idea/Makefile.ssl +++ b/crypto/openssl/crypto/idea/Makefile.ssl @@ -1,6 +1,5 @@ # # SSLeay/crypto/idea/Makefile -# $FreeBSD$ # DIR= idea @@ -12,7 +11,8 @@ INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl INSTALLTOP=/usr/local/ssl MAKE= make -f Makefile.ssl -MAKEDEPEND= $(TOP)/util/domd $(TOP) +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile.ssl AR= ar r @@ -40,8 +40,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - @echo You may get an error following this line. Please ignore. - - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: @@ -69,7 +68,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -81,12 +80,12 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_cbc.o: idea_lcl.h +i_cbc.o: i_cbc.c idea_lcl.h i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_cfb64.o: idea_lcl.h +i_cfb64.o: i_cfb64.c idea_lcl.h i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h +i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_ofb64.o: idea_lcl.h +i_ofb64.o: i_ofb64.c idea_lcl.h i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_skey.o: idea_lcl.h +i_skey.o: i_skey.c idea_lcl.h diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/openssl/crypto/idea/i_cbc.c index d141cc2..ecb9cb8 100644 --- a/crypto/openssl/crypto/idea/i_cbc.c +++ b/crypto/openssl/crypto/idea/i_cbc.c @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <openssl/idea.h> diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/openssl/crypto/idea/i_cfb64.c index 6f7e364..66d49d5 100644 --- a/crypto/openssl/crypto/idea/i_cfb64.c +++ b/crypto/openssl/crypto/idea/i_cfb64.c @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <openssl/idea.h> diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/openssl/crypto/idea/i_ecb.c index 3789cb5..fb613db 100644 --- a/crypto/openssl/crypto/idea/i_ecb.c +++ b/crypto/openssl/crypto/idea/i_ecb.c @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <openssl/idea.h> diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/openssl/crypto/idea/i_ofb64.c index b3397f9..e749e88 100644 --- a/crypto/openssl/crypto/idea/i_ofb64.c +++ b/crypto/openssl/crypto/idea/i_ofb64.c @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <openssl/idea.h> diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c index 5fea5cc..1c95bc9 100644 --- a/crypto/openssl/crypto/idea/i_skey.c +++ b/crypto/openssl/crypto/idea/i_skey.c @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <openssl/idea.h> diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/openssl/crypto/idea/idea.h index 31d3c89..6713241 100644 --- a/crypto/openssl/crypto/idea/idea.h +++ b/crypto/openssl/crypto/idea/idea.h @@ -54,13 +54,12 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H -#ifdef NO_IDEA +#ifdef OPENSSL_NO_IDEA #error IDEA is disabled. #endif diff --git a/crypto/openssl/crypto/idea/idea_lcl.h b/crypto/openssl/crypto/idea/idea_lcl.h index 0190599..463aa36 100644 --- a/crypto/openssl/crypto/idea/idea_lcl.h +++ b/crypto/openssl/crypto/idea/idea_lcl.h @@ -54,7 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ /* The new form of this macro (check if the a*b == 0) was suggested by diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/openssl/crypto/idea/idea_spd.c index aefe178..48ffaff 100644 --- a/crypto/openssl/crypto/idea/idea_spd.c +++ b/crypto/openssl/crypto/idea/idea_spd.c @@ -54,13 +54,12 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ -#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) +#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) #define TIMES #endif @@ -83,7 +82,7 @@ OPENSSL_DECLARE_EXIT The __TMS macro will show if it was. If it wasn't defined, we should undefine TIMES, since that tells the rest of the program how things should be handled. -- Richard Levitte */ -#if defined(VMS) && defined(__DECC) && !defined(__TMS) +#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) #undef TIMES #endif @@ -290,7 +289,7 @@ int main(int argc, char **argv) printf("IDEA raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); printf("IDEA cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); exit(0); -#if defined(LINT) || defined(MSDOS) +#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) return(0); #endif } diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/openssl/crypto/idea/ideatest.c index 810f351..98f805d 100644 --- a/crypto/openssl/crypto/idea/ideatest.c +++ b/crypto/openssl/crypto/idea/ideatest.c @@ -54,14 +54,15 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * $FreeBSD$ */ #include <stdio.h> #include <string.h> #include <stdlib.h> -#ifdef NO_IDEA +#include "../e_os.h" + +#ifdef OPENSSL_NO_IDEA int main(int argc, char *argv[]) { printf("No IDEA support\n"); @@ -168,7 +169,7 @@ int main(int argc, char *argv[]) else printf("ok\n"); - exit(err); + EXIT(err); return(err); } diff --git a/crypto/openssl/crypto/idea/version b/crypto/openssl/crypto/idea/version index c269d85..3f22293 100644 --- a/crypto/openssl/crypto/idea/version +++ b/crypto/openssl/crypto/idea/version @@ -1,4 +1,3 @@ -# $FreeBSD$ 1.1 07/12/95 - eay Many thanks to Rhys Weatherley <rweather@us.oracle.com> for pointing out that I was assuming little endian byte diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index 179706a..b2e25e4 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -1,5 +1,4 @@ /* crypto/rsa/rsa.h */ -/* $FreeBSD$ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,13 +59,16 @@ #ifndef HEADER_RSA_H #define HEADER_RSA_H -#ifndef NO_BIO +#include <openssl/asn1.h> + +#ifndef OPENSSL_NO_BIO #include <openssl/bio.h> #endif #include <openssl/bn.h> #include <openssl/crypto.h> +#include <openssl/ossl_typ.h> -#ifdef NO_RSA +#ifdef OPENSSL_NO_RSA #error RSA is disabled. #endif @@ -79,16 +81,20 @@ typedef struct rsa_st RSA; typedef struct rsa_meth_st { const char *name; - int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_pub_enc)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_pub_dec)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_priv_enc)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, + int (*rsa_priv_dec)(int flen,const unsigned char *from, + unsigned char *to, RSA *rsa,int padding); - int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ int (*init)(RSA *rsa); /* called at new */ @@ -102,15 +108,12 @@ typedef struct rsa_meth_st * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER * option is set in 'flags'. */ - -/* changed m_len to m_length to avoid a conflict with a #define in - vxworks for m_len for the mbuf code. This only shows up in apps - that have USE_SOCKETS defined */ - - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_sign)(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, + const unsigned char *m, unsigned int m_length, + unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); } RSA_METHOD; @@ -119,8 +122,10 @@ struct rsa_st /* The first parameter is used to pickup errors where * this is passed instead of aEVP_PKEY, it is set to 0 */ int pad; - int version; - RSA_METHOD *meth; + long version; + const RSA_METHOD *meth; + /* functional reference if 'meth' is ENGINE-provided */ + ENGINE *engine; BIGNUM *n; BIGNUM *e; BIGNUM *d; @@ -170,110 +175,111 @@ struct rsa_st #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_PKCS1_PADDING_SIZE 11 + #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) RSA * RSA_new(void); -RSA * RSA_new_method(RSA_METHOD *method); -int RSA_size(RSA *); +RSA * RSA_new_method(ENGINE *engine); +int RSA_size(const RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); -int RSA_check_key(RSA *); +int RSA_check_key(const RSA *); /* next 4 return -1 on error */ -int RSA_public_encrypt(int flen, unsigned char *from, +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_private_encrypt(int flen, unsigned char *from, +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_public_decrypt(int flen, unsigned char *from, +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -int RSA_private_decrypt(int flen, unsigned char *from, +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); void RSA_free (RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); -int RSA_flags(RSA *r); +int RSA_flags(const RSA *r); -void RSA_set_default_method(RSA_METHOD *meth); -RSA_METHOD *RSA_get_default_method(void); -RSA_METHOD *RSA_get_method(RSA *rsa); -RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); /* This function needs the memory locking malloc callbacks to be installed */ int RSA_memory_lock(RSA *r); -/* If you have RSAref compiled in. */ -RSA_METHOD *RSA_PKCS1_RSAref(void); - /* these are the actual SSLeay RSA functions */ -RSA_METHOD *RSA_PKCS1_SSLeay(void); +const RSA_METHOD *RSA_PKCS1_SSLeay(void); + +const RSA_METHOD *RSA_null_method(void); -RSA_METHOD *RSA_null_method(void); +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) -RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPublicKey(RSA *a, unsigned char **pp); -RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); -int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); -#ifndef NO_FP_API -int RSA_print_fp(FILE *fp, RSA *r,int offset); +#ifndef OPENSSL_NO_FP_API +int RSA_print_fp(FILE *fp, const RSA *r,int offset); #endif -#ifndef NO_BIO -int RSA_print(BIO *bp, RSA *r,int offset); +#ifndef OPENSSL_NO_BIO +int RSA_print(BIO *bp, const RSA *r,int offset); #endif -int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey); -RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); -RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); +int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); -/* Naughty internal function required elsewhere, to handle a MS structure - * that is the same as the netscape one :-) */ -RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ -int RSA_sign(int type, unsigned char *m, unsigned int m_length, +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify(int type, unsigned char *m, unsigned int m_length, +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ -int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length, +int RSA_sign_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length, +int RSA_verify_ASN1_OCTET_STRING(int type, + const unsigned char *m, unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,unsigned char *p, - int pl); + const unsigned char *f,int fl, + const unsigned char *p,int pl); int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len, - unsigned char *p,int pl); + const unsigned char *f,int fl,int rsa_len, + const unsigned char *p,int pl); int RSA_padding_add_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_padding_add_none(unsigned char *to,int tlen, - unsigned char *f,int fl); + const unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, - unsigned char *f,int fl,int rsa_len); + const unsigned char *f,int fl,int rsa_len); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int RSA_set_ex_data(RSA *r,int idx,void *arg); -void *RSA_get_ex_data(RSA *r, int idx); +void *RSA_get_ex_data(const RSA *r, int idx); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c index e861a49..ce93c40 100644 --- a/crypto/openssl/crypto/rsa/rsa_eay.c +++ b/crypto/openssl/crypto/rsa/rsa_eay.c @@ -1,5 +1,4 @@ /* crypto/rsa/rsa_eay.c */ -/* $FreeBSD$ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,18 +61,19 @@ #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/rand.h> +#include <openssl/engine.h> #ifndef RSA_NULL -static int RSA_eay_public_encrypt(int flen, unsigned char *from, +static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_encrypt(int flen, unsigned char *from, +static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_public_decrypt(int flen, unsigned char *from, +static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_private_decrypt(int flen, unsigned char *from, +static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); static int RSA_eay_init(RSA *rsa); static int RSA_eay_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_eay_meth={ @@ -83,19 +83,21 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ RSA_eay_private_encrypt, /* signing */ RSA_eay_private_decrypt, RSA_eay_mod_exp, - BN_mod_exp_mont, + BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ RSA_eay_init, RSA_eay_finish, - 0, + 0, /* flags */ NULL, + 0, /* rsa_sign */ + 0 /* rsa_verify */ }; -RSA_METHOD *RSA_PKCS1_SSLeay(void) +const RSA_METHOD *RSA_PKCS1_SSLeay(void) { return(&rsa_pkcs1_eay_meth); } -static int RSA_eay_public_encrypt(int flen, unsigned char *from, +static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; @@ -118,7 +120,7 @@ static int RSA_eay_public_encrypt(int flen, unsigned char *from, case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); break; -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); break; @@ -185,14 +187,14 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); } /* signing */ -static int RSA_eay_private_encrypt(int flen, unsigned char *from, +static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; @@ -269,13 +271,13 @@ err: BN_clear_free(&f); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); } -static int RSA_eay_private_decrypt(int flen, unsigned char *from, +static int RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; @@ -344,7 +346,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, case RSA_PKCS1_PADDING: r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); break; -#ifndef NO_SHA +#ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); break; @@ -368,14 +370,14 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); } /* signature verification */ -static int RSA_eay_public_decrypt(int flen, unsigned char *from, +static int RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; @@ -465,13 +467,13 @@ err: BN_clear_free(&ret); if (buf != NULL) { - memset(buf,0,num); + OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); } -static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { BIGNUM r1,m1,vrfy; int ret=0; @@ -564,10 +566,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) if (rsa->e && rsa->n) { if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; - if (BN_cmp(I, &vrfy) != 0) - { + /* If 'I' was greater than (or equal to) rsa->n, the operation + * will be equivalent to using 'I mod n'. However, the result of + * the verify will *always* be less than 'n' so we don't check + * for absolute equality, just congruency. */ + if (!BN_sub(&vrfy, &vrfy, I)) goto err; + if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err; + if (vrfy.neg) + if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; + if (!BN_is_zero(&vrfy)) + /* 'I' and 'vrfy' aren't congruent mod n. Don't leak + * miscalculated CRT output, just do a raw (slower) + * mod_exp and return that instead. */ if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; - } } ret=1; err: diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index 5220f5f..9323574 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -1,5 +1,4 @@ /* crypto/rsa/rsa_lib.c */ -/* $FreeBSD$ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,31 +62,30 @@ #include <openssl/lhash.h> #include <openssl/bn.h> #include <openssl/rsa.h> +#include <openssl/engine.h> const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; -static RSA_METHOD *default_RSA_meth=NULL; -static int rsa_meth_num=0; -static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL; +static const RSA_METHOD *default_RSA_meth=NULL; RSA *RSA_new(void) { return(RSA_new_method(NULL)); } -void RSA_set_default_method(RSA_METHOD *meth) +void RSA_set_default_method(const RSA_METHOD *meth) { - default_RSA_meth=meth; + default_RSA_meth = meth; } -RSA_METHOD *RSA_get_default_method(void) -{ +const RSA_METHOD *RSA_get_default_method(void) + { if (default_RSA_meth == NULL) { #ifdef RSA_NULL default_RSA_meth=RSA_null_method(); #else -#ifdef RSAref +#if 0 /* was: #ifdef RSAref */ default_RSA_meth=RSA_PKCS1_RSAref(); #else default_RSA_meth=RSA_PKCS1_SSLeay(); @@ -96,24 +94,31 @@ RSA_METHOD *RSA_get_default_method(void) } return default_RSA_meth; -} + } -RSA_METHOD *RSA_get_method(RSA *rsa) -{ +const RSA_METHOD *RSA_get_method(const RSA *rsa) + { return rsa->meth; -} + } -RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) -{ - RSA_METHOD *mtmp; +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + { + /* NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. */ + const RSA_METHOD *mtmp; mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); + if (rsa->engine) + { + ENGINE_finish(rsa->engine); + rsa->engine = NULL; + } rsa->meth = meth; if (meth->init) meth->init(rsa); - return mtmp; -} + return 1; + } -RSA *RSA_new_method(RSA_METHOD *meth) +RSA *RSA_new_method(ENGINE *engine) { RSA *ret; @@ -121,13 +126,34 @@ RSA *RSA_new_method(RSA_METHOD *meth) if (ret == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); + return NULL; } - if (meth == NULL) - ret->meth=RSA_get_default_method(); + ret->meth = RSA_get_default_method(); + if (engine) + { + if (!ENGINE_init(engine)) + { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); + OPENSSL_free(ret); + return NULL; + } + ret->engine = engine; + } else - ret->meth=meth; + ret->engine = ENGINE_get_default_RSA(); + if(ret->engine) + { + ret->meth = ENGINE_get_RSA(ret->engine); + if(!ret->meth) + { + RSAerr(RSA_F_RSA_NEW_METHOD, + ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } ret->pad=0; ret->version=0; @@ -146,10 +172,12 @@ RSA *RSA_new_method(RSA_METHOD *meth) ret->blinding=NULL; ret->bignum_data=NULL; ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data); + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - CRYPTO_free_ex_data(rsa_meth,ret,&ret->ex_data); + if (ret->engine) + ENGINE_finish(ret->engine); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } @@ -175,10 +203,12 @@ void RSA_free(RSA *r) } #endif - if (r->meth->finish != NULL) + if (r->meth->finish) r->meth->finish(r); + if (r->engine) + ENGINE_finish(r->engine); - CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); @@ -193,12 +223,27 @@ void RSA_free(RSA *r) OPENSSL_free(r); } +int RSA_up_ref(RSA *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); +#ifdef REF_PRINT + REF_PRINT("RSA",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "RSA_up_ref, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { - rsa_meth_num++; - return(CRYPTO_get_ex_new_index(rsa_meth_num-1, - &rsa_meth,argl,argp,new_func,dup_func,free_func)); + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, + new_func, dup_func, free_func); } int RSA_set_ex_data(RSA *r, int idx, void *arg) @@ -206,41 +251,41 @@ int RSA_set_ex_data(RSA *r, int idx, void *arg) return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); } -void *RSA_get_ex_data(RSA *r, int idx) +void *RSA_get_ex_data(const RSA *r, int idx) { return(CRYPTO_get_ex_data(&r->ex_data,idx)); } -int RSA_size(RSA *r) +int RSA_size(const RSA *r) { return(BN_num_bytes(r->n)); } -int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); } -int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } -int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); } -int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, +int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_flags(RSA *r) +int RSA_flags(const RSA *r) { return((r == NULL)?0:r->meth->flags); } @@ -332,4 +377,3 @@ int RSA_memory_lock(RSA *r) r->bignum_data=p; return(1); } - diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c index 4a7aff5..64ee426 100644 --- a/crypto/openssl/ssl/s23_clnt.c +++ b/crypto/openssl/ssl/s23_clnt.c @@ -54,23 +54,21 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include <stdio.h> +#include "ssl_locl.h" #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include "ssl_locl.h" static SSL_METHOD *ssl23_get_client_method(int ver); static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); static SSL_METHOD *ssl23_get_client_method(int ver) { -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif @@ -89,20 +87,27 @@ SSL_METHOD *SSLv23_client_method(void) if (init) { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_client_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_client_data.ssl_connect=ssl23_connect; + SSLv23_client_data.get_ssl_method=ssl23_get_client_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_client_data); } int ssl23_connect(SSL *s) { - BUF_MEM *buf; + BUF_MEM *buf=NULL; unsigned long Time=time(NULL); - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; @@ -154,6 +159,7 @@ int ssl23_connect(SSL *s) goto end; } s->init_buf=buf; + buf=NULL; } if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } @@ -202,6 +208,8 @@ int ssl23_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); @@ -213,6 +221,7 @@ static int ssl23_client_hello(SSL *s) unsigned char *buf; unsigned char *p,*d; int i,ch_len; + int ret; buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) @@ -304,7 +313,11 @@ static int ssl23_client_hello(SSL *s) } /* SSL3_ST_CW_CLNT_HELLO_B */ - return(ssl23_write_bytes(s)); + ret = ssl23_write_bytes(s); + if (ret >= 2) + if (s->msg_callback) + s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ + return ret; } static int ssl23_get_server_hello(SSL *s) @@ -324,7 +337,7 @@ static int ssl23_get_server_hello(SSL *s) if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && (p[5] == 0x00) && (p[6] == 0x02)) { -#ifdef NO_SSL2 +#ifdef OPENSSL_NO_SSL2 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else @@ -360,7 +373,7 @@ static int ssl23_get_server_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); @@ -437,7 +450,7 @@ static int ssl23_get_server_hello(SSL *s) (p[3] == 0) && (p[4] == 2)) { - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int j; /* An alert */ diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c index fe7e2d1..b70002a 100644 --- a/crypto/openssl/ssl/s23_lib.c +++ b/crypto/openssl/ssl/s23_lib.c @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include <stdio.h> @@ -113,7 +111,7 @@ SSL_METHOD *sslv23_base_method(void) static int ssl23_num_ciphers(void) { return(ssl3_num_ciphers() -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 + ssl2_num_ciphers() #endif ); @@ -126,7 +124,7 @@ static SSL_CIPHER *ssl23_get_cipher(unsigned int u) if (u < uu) return(ssl3_get_cipher(u)); else -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 return(ssl2_get_cipher(u-uu)); #else return(NULL); @@ -146,7 +144,7 @@ static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; c.id=id; cp=ssl3_get_cipher_by_char(p); -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 if (cp == NULL) cp=ssl2_get_cipher_by_char(p); #endif diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c index b93f315..c5404ca 100644 --- a/crypto/openssl/ssl/s23_srvr.c +++ b/crypto/openssl/ssl/s23_srvr.c @@ -54,8 +54,6 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. @@ -112,17 +110,17 @@ */ #include <stdio.h> +#include "ssl_locl.h" #include <openssl/buffer.h> #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/evp.h> -#include "ssl_locl.h" static SSL_METHOD *ssl23_get_server_method(int ver); int ssl23_get_client_hello(SSL *s); static SSL_METHOD *ssl23_get_server_method(int ver) { -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif @@ -141,11 +139,18 @@ SSL_METHOD *SSLv23_server_method(void) if (init) { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_server_data, + (char *)sslv23_base_method(),sizeof(SSL_METHOD)); + SSLv23_server_data.ssl_accept=ssl23_accept; + SSLv23_server_data.get_ssl_method=ssl23_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_server_data); } @@ -154,7 +159,7 @@ int ssl23_accept(SSL *s) { BUF_MEM *buf; unsigned long Time=time(NULL); - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; int new_state,state; @@ -257,13 +262,13 @@ int ssl23_get_client_hello(SSL *s) * 9/10 client_version / */ char *buf= &(buf_space[0]); - unsigned char *p,*d,*dd; + unsigned char *p,*d,*d_len,*dd; unsigned int i; unsigned int csl,sil,cl; int n=0,j; int type=0; int v[2]; -#ifndef NO_RSA +#ifndef OPENSSL_NO_RSA int use_sslv2_strong=0; #endif @@ -325,72 +330,6 @@ int ssl23_get_client_hello(SSL *s) else if (!(s->options & SSL_OP_NO_SSLv2)) type=1; - if (s->options & SSL_OP_NON_EXPORT_FIRST) - /* Not only utterly confusing, but broken - * ('fractured programming'?) -- the details - * of this block nearly make it work - * as intended in this environment, but on one - * of the fine points (w.r.t. restarts) it fails. - * The obvious fix would be even more devastating - * to program structure; if you want the functionality, - * throw this away and implement it in a way - * that makes sense */ - { -#if 0 - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int ne2,ne3; - - j=((p[0]&0x7f)<<8)|p[1]; - if (j > (1024*4)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); - goto err; - } - - n=ssl23_read_bytes(s,j+2); - if (n <= 0) return(n); - p=s->packet; - - if ((buf=OPENSSL_malloc(n)) == NULL) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(buf,p,n); - - p+=5; - n2s(p,csl); - p+=4; - - sk=ssl_bytes_to_cipher_list( - s,p,csl,NULL); - if (sk != NULL) - { - ne2=ne3=0; - for (j=0; j<sk_SSL_CIPHER_num(sk); j++) - { - c=sk_SSL_CIPHER_value(sk,j); - if (!SSL_C_IS_EXPORT(c)) - { - if ((c->id>>24L) == 2L) - ne2=1; - else - ne3=1; - } - } - if (ne2 && !ne3) - { - type=1; - use_sslv2_strong=1; - goto next_bit; - } - } -#else - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_OPTION); - goto err; -#endif - } } } else if ((p[0] == SSL3_RT_HANDSHAKE) && @@ -488,7 +427,9 @@ int ssl23_get_client_hello(SSL *s) j=ssl23_read_bytes(s,n+2); if (j <= 0) return(j); - ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); + ssl3_finish_mac(s, s->packet+2, s->packet_length-2); + if (s->msg_callback) + s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ p=s->packet; p+=5; @@ -502,6 +443,13 @@ int ssl23_get_client_hello(SSL *s) goto err; } + /* record header: msg_type ... */ + *(d++) = SSL3_MT_CLIENT_HELLO; + /* ... and length (actual value will be written later) */ + d_len = d; + d += 3; + + /* client_version */ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ *(d++) = v[1]; @@ -532,7 +480,8 @@ int ssl23_get_client_hello(SSL *s) *(d++)=1; *(d++)=0; - i=(d-(unsigned char *)s->init_buf->data); + i = (d-(unsigned char *)s->init_buf->data) - 4; + l2n3((long)i, d_len); /* get the data reused from the init_buf */ s->s3->tmp.reuse_message=1; @@ -545,7 +494,7 @@ int ssl23_get_client_hello(SSL *s) if (type == 1) { -#ifdef NO_SSL2 +#ifdef OPENSSL_NO_SSL2 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); goto err; #else @@ -563,7 +512,7 @@ int ssl23_get_client_hello(SSL *s) if (s->s3 != NULL) ssl3_free(s); - if (!BUF_MEM_grow(s->init_buf, + if (!BUF_MEM_grow_clean(s->init_buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { goto err; diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c index 82b70c7..c6319bb 100644 --- a/crypto/openssl/ssl/s2_clnt.c +++ b/crypto/openssl/ssl/s2_clnt.c @@ -107,11 +107,10 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/rand.h> #include <openssl/buffer.h> @@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_client_method(void) if (init) { - memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_client_data.ssl_connect=ssl2_connect; - SSLv2_client_data.get_ssl_method=ssl2_get_client_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_client_data.ssl_connect=ssl2_connect; + SSLv2_client_data.get_ssl_method=ssl2_get_client_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_client_data); } @@ -160,7 +166,7 @@ int ssl2_connect(SSL *s) unsigned long l=time(NULL); BUF_MEM *buf=NULL; int ret= -1; - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int new_state,state; RAND_add(&l,sizeof(l),0); @@ -202,10 +208,13 @@ int ssl2_connect(SSL *s) if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) { + if (buf == s->init_buf) + buf=NULL; ret= -1; goto end; } s->init_buf=buf; + buf=NULL; s->init_num=0; s->state=SSL2_ST_SEND_CLIENT_HELLO_A; s->ctx->stats.sess_connect++; @@ -332,6 +341,8 @@ int ssl2_connect(SSL *s) } end: s->in_handshake--; + if (buf != NULL) + BUF_MEM_free(buf); if (cb != NULL) cb(s,SSL_CB_CONNECT_EXIT,ret); return(ret); @@ -343,7 +354,7 @@ static int get_server_hello(SSL *s) unsigned char *p; int i,j; unsigned long len; - STACK_OF(SSL_CIPHER) *sk=NULL,*cl; + STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow; buf=(unsigned char *)s->init_buf->data; p=buf; @@ -393,6 +404,8 @@ static int get_server_hello(SSL *s) j = (int)len - s->init_num; i = ssl2_read(s,(char *)&(buf[s->init_num]),j); if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i)); + if (s->msg_callback) + s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */ /* things are looking good */ @@ -475,33 +488,49 @@ static int get_server_hello(SSL *s) sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp); /* get the array of ciphers we will accept */ - cl=ssl_get_ciphers_by_id(s); - + cl=SSL_get_ciphers(s); + sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp); + + /* + * If server preference flag set, choose the first + * (highest priority) cipher the server sends, otherwise + * client preference has priority. + */ + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) + { + prio = sk; + allow = cl; + } + else + { + prio = cl; + allow = sk; + } /* In theory we could have ciphers sent back that we * don't want to use but that does not matter since we * will check against the list we originally sent and * for performance reasons we should not bother to match * the two lists up just to check. */ - for (i=0; i<sk_SSL_CIPHER_num(cl); i++) + for (i=0; i<sk_SSL_CIPHER_num(prio); i++) { - if (sk_SSL_CIPHER_find(sk, - sk_SSL_CIPHER_value(cl,i)) >= 0) + if (sk_SSL_CIPHER_find(allow, + sk_SSL_CIPHER_value(prio,i)) >= 0) break; } - if (i >= sk_SSL_CIPHER_num(cl)) + if (i >= sk_SSL_CIPHER_num(prio)) { ssl2_return_error(s,SSL2_PE_NO_CIPHER); SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH); return(-1); } - s->session->cipher=sk_SSL_CIPHER_value(cl,i); + s->session->cipher=sk_SSL_CIPHER_value(prio,i); if (s->session->peer != NULL) /* can't happen*/ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return(-1); } @@ -514,7 +543,7 @@ static int get_server_hello(SSL *s) /* can't happen */ { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); return(-1); } @@ -629,7 +658,7 @@ static int client_master_key(SSL *s) if (i > SSL_MAX_KEY_ARG_LENGTH) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (i > 0) RAND_pseudo_bytes(sess->key_arg,i); @@ -642,7 +671,7 @@ static int client_master_key(SSL *s) if (i > sizeof sess->master_key) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } if (RAND_bytes(sess->master_key,i) <= 0) @@ -691,7 +720,7 @@ static int client_master_key(SSL *s) if (karg > sizeof sess->key_arg) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } memcpy(d,sess->key_arg,(unsigned int)karg); @@ -716,7 +745,7 @@ static int client_finished(SSL *s) *(p++)=SSL2_MT_CLIENT_FINISHED; if (s->s2->conn_id_length > sizeof s->s2->conn_id) { - SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length); @@ -746,10 +775,12 @@ static int client_certificate(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) { i=ssl2_read(s,(char *)&(buf[s->init_num]), - SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num); - if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num)) + SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num); + if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num)) return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i)); s->init_num += i; + if (s->msg_callback) + s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */ /* type=buf[0]; */ /* type eq x509 */ @@ -842,9 +873,10 @@ static int client_certificate(SSL *s) /* ok, now we calculate the checksum * do it first so we can reuse buf :-) */ p=buf; - EVP_SignInit(&ctx,s->ctx->rsa_md5); + EVP_MD_CTX_init(&ctx); + EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_SignUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len); n=i2d_X509(s->session->sess_cert->peer_key->x509,&p); EVP_SignUpdate(&ctx,buf,(unsigned int)n); @@ -863,7 +895,7 @@ static int client_certificate(SSL *s) * We will continue with a 0 length signature */ } - memset(&ctx,0,sizeof(ctx)); + EVP_MD_CTX_cleanup(&ctx); s2n(n,p); d+=n; @@ -898,8 +930,12 @@ static int get_server_verify(SSL *s) SSL_R_READ_WRONG_PACKET_TYPE); } else - SSLerr(SSL_F_GET_SERVER_VERIFY, - SSL_R_PEER_ERROR); + { + SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } } @@ -910,9 +946,11 @@ static int get_server_verify(SSL *s) i = ssl2_read(s,(char *)&(p[s->init_num]),n); if (i < n) return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i)); + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */ p += 1; - if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0) + if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT); @@ -949,7 +987,12 @@ static int get_server_finished(SSL *s) SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); } else + { SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } s->state=SSL2_ST_GET_SERVER_FINISHED_B; @@ -961,6 +1004,8 @@ static int get_server_finished(SSL *s) if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */ return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i)); s->init_num += i; + if (s->msg_callback) + s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */ if (!s->hit) /* new session */ { @@ -969,7 +1014,7 @@ static int get_server_finished(SSL *s) * or bad things can happen */ /* ZZZZZZZZZZZZZ */ s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; - memcpy(s->session->session_id,p,SSL2_SSL_SESSION_ID_LENGTH); + memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH); } else { @@ -1084,7 +1129,7 @@ end: EVP_PKEY_free(pkey); return(i); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c index 3917efb..d3b144f 100644 --- a/crypto/openssl/ssl/s2_enc.c +++ b/crypto/openssl/ssl/s2_enc.c @@ -54,13 +54,12 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> +#include "cryptlib.h" int ssl2_enc_init(SSL *s, int client) { @@ -97,13 +96,15 @@ int ssl2_enc_init(SSL *s, int client) num=c->key_len; s->s2->key_material_length=num*2; + OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); if (ssl2_generate_key_material(s) <= 0) return 0; - EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]), + OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg); + EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]), s->session->key_arg); - EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]), + EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]), s->session->key_arg); s->s2->read_key= &(s->s2->key_material[(client)?0:num]); s->s2->write_key= &(s->s2->key_material[(client)?num:0]); @@ -172,16 +173,17 @@ void ssl2_mac(SSL *s, unsigned char *md, int send) l2n(seq,p); /* There has to be a MAC algorithm. */ - EVP_DigestInit(&c,s->read_hash); + EVP_MD_CTX_init(&c); + EVP_DigestInit_ex(&c, s->read_hash, NULL); EVP_DigestUpdate(&c,sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx)); EVP_DigestUpdate(&c,act,len); /* the above line also does the pad data */ EVP_DigestUpdate(&c,sequence,4); - EVP_DigestFinal(&c,md,NULL); - /* some would say I should zero the md context */ + EVP_DigestFinal_ex(&c,md,NULL); + EVP_MD_CTX_cleanup(&c); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c index 64c6575..910b9fe 100644 --- a/crypto/openssl/ssl/s2_lib.c +++ b/crypto/openssl/ssl/s2_lib.c @@ -54,15 +54,14 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/rsa.h> #include <openssl/objects.h> +#include <openssl/evp.h> #include <openssl/md5.h> #include "cryptlib.h" @@ -309,7 +308,7 @@ void ssl2_free(SSL *s) s2=s->s2; if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - memset(s2,0,sizeof *s2); + OPENSSL_cleanse(s2,sizeof *s2); OPENSSL_free(s2); s->s2=NULL; } @@ -334,7 +333,7 @@ void ssl2_clear(SSL *s) s->packet_length=0; } -long ssl2_ctrl(SSL *s, int cmd, long larg, char *parg) +long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret=0; @@ -354,7 +353,7 @@ long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)()) return(0); } -long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg) +long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return(0); } @@ -378,15 +377,19 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p) { CRYPTO_w_lock(CRYPTO_LOCK_SSL); - for (i=0; i<SSL2_NUM_CIPHERS; i++) - sorted[i]= &(ssl2_ciphers[i]); + if (init) + { + for (i=0; i<SSL2_NUM_CIPHERS; i++) + sorted[i]= &(ssl2_ciphers[i]); - qsort( (char *)sorted, - SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), - FP_ICC ssl_cipher_ptr_id_cmp); + qsort((char *)sorted, + SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *), + FP_ICC ssl_cipher_ptr_id_cmp); + init=0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); - init=0; } id=0x02000000L|((unsigned long)p[0]<<16L)| @@ -420,43 +423,50 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) int ssl2_generate_key_material(SSL *s) { unsigned int i; - MD5_CTX ctx; + EVP_MD_CTX ctx; unsigned char *km; unsigned char c='0'; + const EVP_MD *md5; + + md5 = EVP_md5(); #ifdef CHARSET_EBCDIC c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see SSLv2 docu */ #endif - + EVP_MD_CTX_init(&ctx); km=s->s2->key_material; - if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) - { - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); - return 0; - } + if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key) + { + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); + return 0; + } - for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH) + for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5)) { - if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material) + if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material) { - /* MD5_Final() below would write beyond buffer */ - SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR); + /* EVP_DigestFinal_ex() below would write beyond buffer */ + SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR); return 0; } - MD5_Init(&ctx); + EVP_DigestInit_ex(&ctx, md5, NULL); - MD5_Update(&ctx,s->session->master_key,s->session->master_key_length); - MD5_Update(&ctx,&c,1); + OPENSSL_assert(s->session->master_key_length >= 0 + && s->session->master_key_length + < sizeof s->session->master_key); + EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length); + EVP_DigestUpdate(&ctx,&c,1); c++; - MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length); - MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length); - MD5_Final(km,&ctx); - km+=MD5_DIGEST_LENGTH; + EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length); + EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length); + EVP_DigestFinal_ex(&ctx,km,NULL); + km += EVP_MD_size(md5); } + EVP_MD_CTX_cleanup(&ctx); return 1; } @@ -485,17 +495,21 @@ void ssl2_write_error(SSL *s) error=s->error; /* number of bytes left to write */ s->error=0; - if (error < 0 || error > sizeof buf) /* can't happen */ - return; - + OPENSSL_assert(error >= 0 && error <= sizeof buf); i=ssl2_write(s,&(buf[3-error]),error); /* if (i == error) s->rwstate=state; */ if (i < 0) s->error=error; - else if (i != s->error) + else + { s->error=error-i; + + if (s->error == 0) + if (s->msg_callback) + s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */ + } } int ssl2_shutdown(SSL *s) @@ -503,7 +517,7 @@ int ssl2_shutdown(SSL *s) s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); return(1); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c index 01cc05f..8b6cbd0 100644 --- a/crypto/openssl/ssl/s2_meth.c +++ b/crypto/openssl/ssl/s2_meth.c @@ -54,12 +54,10 @@ * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] - * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/objects.h> @@ -79,16 +77,23 @@ SSL_METHOD *SSLv2_method(void) if (init) { - memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_data.ssl_connect=ssl2_connect; - SSLv2_data.ssl_accept=ssl2_accept; - SSLv2_data.get_ssl_method=ssl2_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_data.ssl_connect=ssl2_connect; + SSLv2_data.ssl_accept=ssl2_accept; + SSLv2_data.get_ssl_method=ssl2_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_data); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c index 067d9df..d82f137 100644 --- a/crypto/openssl/ssl/s2_pkt.c +++ b/crypto/openssl/ssl/s2_pkt.c @@ -107,13 +107,13 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <errno.h> +#include "cryptlib.h" #define USE_SOCKETS static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend); @@ -248,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) else { mac_size=EVP_MD_size(s->read_hash); + OPENSSL_assert(mac_size <= MAX_MAC_SIZE); s->s2->mac_data=p; s->s2->ract_data= &p[mac_size]; if (s->s2->padding + mac_size > s->s2->rlength) @@ -693,6 +694,8 @@ int ssl2_do_write(SSL *s) ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num); if (ret == s->init_num) { + if (s->msg_callback) + s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); return(1); } if (ret < 0) @@ -726,7 +729,7 @@ static int ssl_mt_error(int n) } return(ret); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 32519a7c..62859a2 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -107,11 +107,10 @@ * (eay@cryptsoft.com). This product includes software written by Tim * Hudson (tjh@cryptsoft.com). * - * $FreeBSD$ */ #include "ssl_locl.h" -#ifndef NO_SSL2 +#ifndef OPENSSL_NO_SSL2 #include <stdio.h> #include <openssl/bio.h> #include <openssl/rand.h> @@ -146,11 +145,18 @@ SSL_METHOD *SSLv2_server_method(void) if (init) { - memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_server_data.ssl_accept=ssl2_accept; - SSLv2_server_data.get_ssl_method=ssl2_get_server_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_server_data.ssl_accept=ssl2_accept; + SSLv2_server_data.get_ssl_method=ssl2_get_server_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_server_data); } @@ -161,7 +167,7 @@ int ssl2_accept(SSL *s) BUF_MEM *buf=NULL; int ret= -1; long num1; - void (*cb)()=NULL; + void (*cb)(const SSL *ssl,int type,int val)=NULL; int new_state,state; RAND_add(&l,sizeof(l),0); @@ -431,7 +437,7 @@ static int get_client_master_key(SSL *s) if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } keya=s->session->key_arg_length; @@ -445,6 +451,8 @@ static int get_client_master_key(SSL *s) n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i)); + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */ p += 10; memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]), @@ -519,7 +527,7 @@ static int get_client_master_key(SSL *s) if (i > SSL_MAX_MASTER_KEY_LENGTH) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); return -1; } s->session->master_key_length=i; @@ -534,6 +542,7 @@ static int get_client_hello(SSL *s) unsigned char *p; STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */ STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */ + STACK_OF(SSL_CIPHER) *prio, *allow; int z; /* This is a bit of a hack to check for the correct packet @@ -590,6 +599,8 @@ static int get_client_hello(SSL *s) n = (int)len - s->init_num; i = ssl2_read(s,(char *)&(p[s->init_num]),n); if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i)); + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */ p += 9; /* get session-id before cipher stuff so we can get out session @@ -647,21 +658,37 @@ static int get_client_hello(SSL *s) &s->session->ciphers); if (cs == NULL) goto mem_err; - cl=ssl_get_ciphers_by_id(s); + cl=SSL_get_ciphers(s); - for (z=0; z<sk_SSL_CIPHER_num(cs); z++) + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) + { + prio=sk_SSL_CIPHER_dup(cl); + if (prio == NULL) goto mem_err; + allow = cs; + } + else + { + prio = cs; + allow = cl; + } + for (z=0; z<sk_SSL_CIPHER_num(prio); z++) { - if (sk_SSL_CIPHER_find(cl,sk_SSL_CIPHER_value(cs,z)) < 0) + if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0) { - sk_SSL_CIPHER_delete(cs,z); + sk_SSL_CIPHER_delete(prio,z); z--; } } - + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) + { + sk_SSL_CIPHER_free(s->session->ciphers); + s->session->ciphers = prio; + } /* s->session->ciphers should now have a list of * ciphers that are on both the client and server. * This list is ordered by the order the client sent - * the ciphers. + * the ciphers or in the order of the server's preference + * if SSL_OP_CIPHER_SERVER_PREFERENCE was set. */ } p+=s->s2->tmp.cipher_spec_length; @@ -674,7 +701,7 @@ static int get_client_hello(SSL *s) if (s->s2->challenge_length > sizeof s->s2->challenge) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return -1; } memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length); @@ -821,7 +848,12 @@ static int get_client_finished(SSL *s) SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE); } else + { SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR); + /* try to read the error message */ + i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num); + return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i); + } return(-1); } s->state=SSL2_ST_GET_CLIENT_FINISHED_B; @@ -831,7 +863,7 @@ static int get_client_finished(SSL *s) if (s->s2->conn_id_length > sizeof s->s2->conn_id) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } len = 1 + (unsigned long)s->s2->conn_id_length; @@ -841,8 +873,10 @@ static int get_client_finished(SSL *s) { return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i)); } + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */ p += 1; - if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0) + if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT); @@ -861,7 +895,7 @@ static int server_verify(SSL *s) *(p++)=SSL2_MT_SERVER_VERIFY; if (s->s2->challenge_length > sizeof s->s2->challenge) { - SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); return -1; } memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length); @@ -885,7 +919,7 @@ static int server_finish(SSL *s) if (s->session->session_id_length > sizeof s->session->session_id) { - SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); return -1; } memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length); @@ -960,6 +994,9 @@ static int request_certificate(SSL *s) goto end; } + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */ + /* this is the one place where we can recover from an SSL 2.0 error */ if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) @@ -979,7 +1016,7 @@ static int request_certificate(SSL *s) } if (s->init_num != 6) { - SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR); + SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR); goto end; } @@ -1002,7 +1039,7 @@ static int request_certificate(SSL *s) len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen; if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) { - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG); + SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG); goto end; } j = (int)len - s->init_num; @@ -1012,6 +1049,8 @@ static int request_certificate(SSL *s) ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i); goto end; } + if (s->msg_callback) + s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */ p += 6; x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen); @@ -1034,9 +1073,10 @@ static int request_certificate(SSL *s) EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; - EVP_VerifyInit(&ctx,s->ctx->rsa_md5); + EVP_MD_CTX_init(&ctx); + EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); EVP_VerifyUpdate(&ctx,s->s2->key_material, - (unsigned int)s->s2->key_material_length); + s->s2->key_material_length); EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); @@ -1055,7 +1095,7 @@ static int request_certificate(SSL *s) if (pkey == NULL) goto end; i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey); EVP_PKEY_free(pkey); - memset(&ctx,0,sizeof(ctx)); + EVP_MD_CTX_cleanup(&ctx); if (i) { @@ -1108,7 +1148,7 @@ static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from, SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB); return(i); } -#else /* !NO_SSL2 */ +#else /* !OPENSSL_NO_SSL2 */ # if PEDANTIC static void *dummy=&dummy; diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl index 02a5086..45ab685 100644 --- a/crypto/openssl/util/pl/Mingw32.pl +++ b/crypto/openssl/util/pl/Mingw32.pl @@ -1,7 +1,6 @@ #!/usr/local/bin/perl # # Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) -# $FreeBSD$ # $o='/'; @@ -26,6 +25,8 @@ if ($gaswin and !$no_asm) { $bn_asm_obj='$(OBJ_D)/bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; + $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_src='crypto/bn/asm/co-win32.s'; $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; $bf_enc_obj='$(OBJ_D)/b-win32.o'; @@ -67,12 +68,12 @@ $lfile=''; $asm='as'; $afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; +#$bn_asm_obj=""; +#$bn_asm_src=""; +#$des_enc_obj=""; +#$des_enc_src=""; +#$bf_enc_obj=""; +#$bf_enc_src=""; sub do_lib_rule { |
